Windows
Analysis Report
Purchase Order_PO-1075094.pdf
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 5348 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\P urchase Or der_PO-107 5094.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 3304 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 6524 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 12 --field -trial-han dle=1580,i ,153237312 3715900008 6,10191843 1912793490 48,131072 --disable- features=B ackForward Cache,Calc ulateNativ eWinOcclus ion,WinUse BrowserSpe llChecker /prefetch: 8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- chrome.exe (PID: 6572 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t http:/// MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 7060 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =1200 --fi eld-trial- handle=209 2,i,178624 5295439323 9142,16234 0413364102 96844,2621 44 --disab le-feature s=Optimiza tionGuideM odelDownlo ading,Opti mizationHi nts,Optimi zationHint sFetching, Optimizati onTargetPr ediction / prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 1 Spearphishing Link | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.google.com | 142.250.217.196 | true | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.94.108.142 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
142.250.217.196 | www.google.com | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
52.5.13.197 | unknown | United States | 14618 | AMAZON-AESUS | false |
IP |
---|
192.168.2.4 |
192.168.2.5 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1432226 |
Start date and time: | 2024-04-26 17:55:13 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 21s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 12 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Purchase Order_PO-1075094.pdf |
Detection: | CLEAN |
Classification: | clean1.winPDF@28/50@2/6 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.204.76.141, 172.64.41.3, 162.159.61.3, 34.193.227.236, 54.144.73.197, 18.207.85.246, 107.22.247.231, 23.221.212.219, 23.221.212.204, 199.232.210.172, 192.229.211.108, 142.250.64.195, 142.250.217.238, 172.253.123.84, 34.104.35.123, 142.250.217.195, 192.178.50.46
- Excluded domains from analysis (whitelisted): clients1.google.com, e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, clientservices.googleapis.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, clients.l.google.com, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
239.255.255.250 | Get hash | malicious | Captcha Phish | Browse | ||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Mars Stealer, PureLog Stealer, RedLine, SectopRAT, Stealc, Vidar, zgRAT | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Captcha Phish | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Xmrig | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
52.5.13.197 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
104.94.108.142 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | NetSupport RAT | Browse | |||
Get hash | malicious | NetSupport RAT | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | ScreenConnect Tool | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
AMAZON-AESUS | Get hash | malicious | Captcha Phish | Browse |
| |
Get hash | malicious | Captcha Phish | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
28a2c9bd18a11de089ef85a160da29e4 | Get hash | malicious | Captcha Phish | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Mars Stealer, PureLog Stealer, RedLine, SectopRAT, Stealc, Vidar, zgRAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Captcha Phish | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Xmrig | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.203654917240285 |
Encrypted: | false |
SSDEEP: | 6:ETN4q2P92nKuAl9OmbnIFUt8lCJZmw+lCDkwO92nKuAl9OmbjLJ:ETOv4HAahFUt8lc/+lc5LHAaSJ |
MD5: | 2B0688ABA69D2BD01F7A79596BD5E738 |
SHA1: | 4E8DEA8EA068A1BEC34CEB0ADE52D791AC4A3E43 |
SHA-256: | B6DE6BE345F7B375754FBF7BBF93AAF68BDE2A99AF37242831B89B152C097505 |
SHA-512: | EA7D3CB4831D997F553FB0BF84CD4BAFEAA7C434429FEBE6C33213D10083F76697848D06063C065CEFD597C093540B4F614F26E3F074CD7F0FA60B7858A02628 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.203654917240285 |
Encrypted: | false |
SSDEEP: | 6:ETN4q2P92nKuAl9OmbnIFUt8lCJZmw+lCDkwO92nKuAl9OmbjLJ:ETOv4HAahFUt8lc/+lc5LHAaSJ |
MD5: | 2B0688ABA69D2BD01F7A79596BD5E738 |
SHA1: | 4E8DEA8EA068A1BEC34CEB0ADE52D791AC4A3E43 |
SHA-256: | B6DE6BE345F7B375754FBF7BBF93AAF68BDE2A99AF37242831B89B152C097505 |
SHA-512: | EA7D3CB4831D997F553FB0BF84CD4BAFEAA7C434429FEBE6C33213D10083F76697848D06063C065CEFD597C093540B4F614F26E3F074CD7F0FA60B7858A02628 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.19346700045622 |
Encrypted: | false |
SSDEEP: | 6:EhlzFlyq2P92nKuAl9Ombzo2jMGIFUt8lhZz1Zmw+lh6RkwO92nKuAl9Ombzo2jz:ED6v4HAa8uFUt8lX1/+l45LHAa8RJ |
MD5: | CAAAFA9C6434E9377A91D63A5C9566DA |
SHA1: | E6956F1F1F54F1833CE87E27EA02F0AD789F185F |
SHA-256: | 16A4629384F34A2A5260F3B39A43979CB94098A9695737F31F49610DE7011599 |
SHA-512: | 0A4469D3792752F39DDA60EAD61C21C217DE9A7F2D51187144E45F78A970B6ACB52DA49BDF1097ED49A0AD8A03C4F94390D85A0DBF6E800E7C6C7FC375B06BC7 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.19346700045622 |
Encrypted: | false |
SSDEEP: | 6:EhlzFlyq2P92nKuAl9Ombzo2jMGIFUt8lhZz1Zmw+lh6RkwO92nKuAl9Ombzo2jz:ED6v4HAa8uFUt8lX1/+l45LHAa8RJ |
MD5: | CAAAFA9C6434E9377A91D63A5C9566DA |
SHA1: | E6956F1F1F54F1833CE87E27EA02F0AD789F185F |
SHA-256: | 16A4629384F34A2A5260F3B39A43979CB94098A9695737F31F49610DE7011599 |
SHA-512: | 0A4469D3792752F39DDA60EAD61C21C217DE9A7F2D51187144E45F78A970B6ACB52DA49BDF1097ED49A0AD8A03C4F94390D85A0DBF6E800E7C6C7FC375B06BC7 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\0a043f48-eb71-4873-873d-df40170e5673.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 508 |
Entropy (8bit): | 5.066587247063736 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZQCesBdOg2HtkAcaq3QYiubxnP7E4T3OF+:Y2sRdsrgdMHyr3QYhbxP7nbI+ |
MD5: | 8F44B66CDBDB8B76F77306DF50972643 |
SHA1: | 61EF612C5D66C854E5C44FBA7E1CB0FCB5283C9F |
SHA-256: | 96E3C1E18EA7423CEA7ADDFDA77D2169C4E6F5A828986EDC8CB84AEF398900CE |
SHA-512: | CD020DB01EB325383DFB8AD385764E0D9E40451A19706319BB82DCB22A825EC0B5ED8C596210E4933CF248FBD9B1C671527C9A2BC92F503FA30730084810CDC7 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.066587247063736 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZQCesBdOg2HtkAcaq3QYiubxnP7E4T3OF+:Y2sRdsrgdMHyr3QYhbxP7nbI+ |
MD5: | 8F44B66CDBDB8B76F77306DF50972643 |
SHA1: | 61EF612C5D66C854E5C44FBA7E1CB0FCB5283C9F |
SHA-256: | 96E3C1E18EA7423CEA7ADDFDA77D2169C4E6F5A828986EDC8CB84AEF398900CE |
SHA-512: | CD020DB01EB325383DFB8AD385764E0D9E40451A19706319BB82DCB22A825EC0B5ED8C596210E4933CF248FBD9B1C671527C9A2BC92F503FA30730084810CDC7 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4509 |
Entropy (8bit): | 5.235200205022063 |
Encrypted: | false |
SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLU3cF0X2/Z:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNL5 |
MD5: | 526C8B6C4E9184668D876E87B549614B |
SHA1: | A6BC92F88233D18874535B9512A5F0A3FECB30A1 |
SHA-256: | 401EEE7DB3BD6787662BEFB795BC2413199C798C9F4B136A916FC63B460E844E |
SHA-512: | 143D23A95F9D200A14C5EC787718156EBAB604B86950D97E4835AA0DAA08D6915E10DFE1B67E5FAE475F61D12853AB95357233ED62CBEC451C65C2C31284F189 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.184453305923054 |
Encrypted: | false |
SSDEEP: | 6:Eugyq2P92nKuAl9OmbzNMxIFUt8lu21Zmw+l4RkwO92nKuAl9OmbzNMFLJ:Eyv4HAa8jFUt8lx1/+lA5LHAa84J |
MD5: | C6419D39E170F9A5B37E84B40BBCB941 |
SHA1: | 17632E3AE1674C1EEDD43004151663F0E136262E |
SHA-256: | 6D7FC5B6D1F7811D57B16EF84E77C7781C44872CAB52C0B792CCA7600872F94F |
SHA-512: | 08C9ED5503EAF4CCF97598AE19263C25BB094651BD32F333519B5B97D393B173C1330D62BC01380A06DEE7EDBF2FB8BF409935B314424E37CE1A78CD6F9F49E6 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.184453305923054 |
Encrypted: | false |
SSDEEP: | 6:Eugyq2P92nKuAl9OmbzNMxIFUt8lu21Zmw+l4RkwO92nKuAl9OmbzNMFLJ:Eyv4HAa8jFUt8lx1/+lA5LHAa84J |
MD5: | C6419D39E170F9A5B37E84B40BBCB941 |
SHA1: | 17632E3AE1674C1EEDD43004151663F0E136262E |
SHA-256: | 6D7FC5B6D1F7811D57B16EF84E77C7781C44872CAB52C0B792CCA7600872F94F |
SHA-512: | 08C9ED5503EAF4CCF97598AE19263C25BB094651BD32F333519B5B97D393B173C1330D62BC01380A06DEE7EDBF2FB8BF409935B314424E37CE1A78CD6F9F49E6 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240426155606Z-184.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 1.244774720168901 |
Encrypted: | false |
SSDEEP: | 96:n24XH0ISDSnCZVCU0gbZ1d0VKhE0nJ0kPGwSZHEMffP81N9F7WIHXZkJcFMPnfPc:fX2VBNzlvWLSePmR |
MD5: | 8B9921057B9CDE422C3D3FE2B864DDD4 |
SHA1: | EBE79D7BD561B0B675C3BA720C18EE08CF2FE97C |
SHA-256: | B2A1BD36991973AE83D007D61BC33335C39C631881397FB3982E3B70D12446FC |
SHA-512: | 36BF96480F86A5D70967E02AFDDC05E1C655164C8EF995594D2D9D75828DAF7E69CEADCDDABE3FE724DE174047D23AD03439E31CB1BD06A52D715C779A1017CE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 227002 |
Entropy (8bit): | 3.392780893644728 |
Encrypted: | false |
SSDEEP: | 1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn |
MD5: | 87EDBEE38F56C20298F25D5D3D4D1B5C |
SHA1: | 7F904E9615AC3186A87472EF366DD8202855B0B7 |
SHA-256: | A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6 |
SHA-512: | BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.327061130979899 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXF5Ib7+FIbRI6XVW7+0YofDieoAvJM3g98kUwPeUkwRe9:YvXKXFBYpW7TfWVGMbLUkee9 |
MD5: | B2C463264F9326709F55E467A763D5D1 |
SHA1: | E942574427C7048633B716205DBFE7CDBE3A79E7 |
SHA-256: | 8E3979742D1F1E43EB01A334F00E025CE409D9E747864C2AFE23B2DCD450B94B |
SHA-512: | 42DB8433DA5E80F5FE8114A86373678BA4CC12921062AE62E96F2615F8D3202CE54CE3042B876ED3FE9F0CA003D662058DE299557EA5905E1D1AD81E5242F0CC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.265825953966516 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXF5Ib7+FIbRI6XVW7+0YofDieoAvJfBoTfXpnrPeUkwRe9:YvXKXFBYpW7TfWVGWTfXcUkee9 |
MD5: | 1B50D8F0393368AF891FE4EC3B939860 |
SHA1: | CCC3A6BF2380E73B6921D0AFF020C852373DF1C6 |
SHA-256: | 1AB9CFEF9FC5587C73C613D1140CE36C9DE53E2103D378A27CFAD5302B6E89AE |
SHA-512: | A53C699B24CED8744F03CD64590E46C244327055B6B27B0CCC349AAF1146E4525BAE2D6B66A5B328621085A7B97958FC5281BDDB48F8921DDA8A11B784CBAA44 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.244820989361592 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXF5Ib7+FIbRI6XVW7+0YofDieoAvJfBD2G6UpnrPeUkwRe9:YvXKXFBYpW7TfWVGR22cUkee9 |
MD5: | 105D3D8DDC495EB7FCA4DB764F5AC76E |
SHA1: | 7D23F98BF4A033F9C19B7636DA18D14CA0D5BDC0 |
SHA-256: | ED505E51DFB435BE04037632B2A3DEE6C98162F577329A81A1141F5650EF999F |
SHA-512: | 8197806F8C75CC6825515710A1A3D1650929FD7775E40ED1B188F42A4CDB9BE34342FBE160ADC00946195F6921112E7EC3A3A301946A1E25B0FD4879331FCA67 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.304680245288667 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXF5Ib7+FIbRI6XVW7+0YofDieoAvJfPmwrPeUkwRe9:YvXKXFBYpW7TfWVGH56Ukee9 |
MD5: | 3B5CC13082D14333B77EFACEBE669D2C |
SHA1: | 56D8E25CB50B66B1CC8946F270174F696E3F3D76 |
SHA-256: | 6BA2B47899947A6F5D2F1DCFFA30556C9409F1F2AD5DFBEBF7F51ACA35959E92 |
SHA-512: | 1EB684F2DB78D7FB0BA6CA87A50A40BA18AB24A3DDAFFDC55ADA5E088BCAD430AEF4EA9266F74A4B4ADBE25F429210C105CDB0DE54D645CC587E88BE49B0587D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.262860505738741 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXF5Ib7+FIbRI6XVW7+0YofDieoAvJfJWCtMdPeUkwRe9:YvXKXFBYpW7TfWVGBS8Ukee9 |
MD5: | EE9CF515FAE1F4E813C8070E93164EAD |
SHA1: | A153EAC3EFC58BEFD65C641349E7D39CA66344B6 |
SHA-256: | 3567E157DE18DA7308CDD983809DAB479C2E79A3A9E8B0F110954E0EB1EE0ACA |
SHA-512: | B125309CDEF4087A17C2A1AFAD5AB1CD928D17BEAF2F44A0AD37F5EF4E680E04E1F0BD9311A6B75F7A7ECE361FD34C880586A0F306EFB6C1DD4FED31D09A94AF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.249081307825629 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXF5Ib7+FIbRI6XVW7+0YofDieoAvJf8dPeUkwRe9:YvXKXFBYpW7TfWVGU8Ukee9 |
MD5: | 6B37ABC98B90EC5C7D76FDFD4A8007F9 |
SHA1: | 3A0B7C3F0DA135EA5F64DA3DBF5271795DC78C8C |
SHA-256: | 3303437917D62B3FD9D1DAD27DF428C8A3370C7864FD0BA367E09776093B5196 |
SHA-512: | 6725FDB1A9DDEBD845F4032C59088B78AD5530B1F83418C91A4E6E7BA669ADB8F82A5ECD2FB352DF1CD2971950F0783484D0B19AA3643985CE423AA6EBA6603A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.2508686438872925 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXF5Ib7+FIbRI6XVW7+0YofDieoAvJfQ1rPeUkwRe9:YvXKXFBYpW7TfWVGY16Ukee9 |
MD5: | FB2942E563133C4EB4332280D7BCA867 |
SHA1: | A38992FEC1A73531D36D70E213A32DF4AE4EF489 |
SHA-256: | 579519B993448FD4440A3C7D0096B36E1976B4A4CF04CC2FEA53E32D5C07DA9C |
SHA-512: | 8808BC29322FEDDC17FDF18859960195AE5F034BB6BCABDA270F4BBD189EF7596697B96FFE51C745069E4D548166ACF280B31336657AC3AE9FE2C8D269A8FE44 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.26909832922719 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXF5Ib7+FIbRI6XVW7+0YofDieoAvJfFldPeUkwRe9:YvXKXFBYpW7TfWVGz8Ukee9 |
MD5: | 6BD7EDB22A04E420605F3CE62675A7C8 |
SHA1: | 5A375CC98ADC9C72DBD2DAD0FBCB67B5C4F74974 |
SHA-256: | D8DC913D0280CA6FF93AEAC0501BB55D38EC9FA88E7FD88B5B34B5B83A427882 |
SHA-512: | BA54264DCCDB7D26B464B71347FE073DE5AD1FD2A02857EA13F3FA35C836C87C0AEFDAF793263B1463EDC7A7C8BE1AD8583BFD25C3372BE6BB35FA162D767F2A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.736377129053569 |
Encrypted: | false |
SSDEEP: | 24:Yv6XAiTfWBKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNnL:Yv4bWEgigrNt0wSJn+ns8cvFJd |
MD5: | B8318C12492446A30596E100A9D5350E |
SHA1: | 08FDF12195ADB8DFEF3E923DBD8DCC70D4F54B13 |
SHA-256: | F2ED67A248172838BDC80F6FF0B2B041216D242F770C278BC6C3EC4FAA9ED66E |
SHA-512: | 3BD3F4DB0ABC01260EAF9E278D1F527278D719D9F9275EBAA512DBF56868139424AD8EB03902509E7076011DAACE5726FE10BFE9AB501C8502B1E292D3B4EEA7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.256553443337202 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXF5Ib7+FIbRI6XVW7+0YofDieoAvJfYdPeUkwRe9:YvXKXFBYpW7TfWVGg8Ukee9 |
MD5: | 523EEDA39B8F177B0DC3002854747412 |
SHA1: | ECE91118CDC04DEE8E084C9EF68E78D799A0BA8C |
SHA-256: | 246D1D49294698EA4C0934FC48A003774BFEEE85098A18F281E64E9032A33CFF |
SHA-512: | AC861756C67975F66D15D09E64DBCF0AC9736AF1F3EA284EDBF34ECC80B3986D0AA5D332FE54EB91645FB06F8A663E8BAA4C040FF7E4C8A8DFD1D6FEB006CEDE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.7710842724175855 |
Encrypted: | false |
SSDEEP: | 24:Yv6XAiTfWMrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNPL:Yv4bdHgDv3W2aYQfgB5OUupHrQ9FJp |
MD5: | DA5B490DB1A6F247A0BCA179D6C7D80A |
SHA1: | 5841322EC102B53A7A3FA80D54698C46300A0669 |
SHA-256: | 269CE325022F91B4290EFF4A5F7C7599AC979BD7A81888DB110889FCA4FA591B |
SHA-512: | E9E280CC868B521ECF8224ECD1BD44D01011705F30CDD855E1A39054713FA2585061B1F39DD130046CFD68E292E79EEFB5456F5355018F11E2FBA17E93F7010D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.24039914277507 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXF5Ib7+FIbRI6XVW7+0YofDieoAvJfbPtdPeUkwRe9:YvXKXFBYpW7TfWVGDV8Ukee9 |
MD5: | 879FE18F9D100D5D8130BF82F8A63C57 |
SHA1: | DDBF059D225832320E55697EE62FE46F6C5D94DA |
SHA-256: | 8C031372E3A73458E62678EDF572A3875537DB7798A52B4D6094299C721C4FA3 |
SHA-512: | 556CD163C3DDCD989BCBD6980A4D8A97123335014EAD8A7EE40A62EC0D7F12A7905EC535583EA03EFCEB873B0E7511CAAAC234476D3E55EFD00B5CCAF2B2C546 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.241766862420291 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXF5Ib7+FIbRI6XVW7+0YofDieoAvJf21rPeUkwRe9:YvXKXFBYpW7TfWVG+16Ukee9 |
MD5: | C082FEA34B989CD838EF9EEC45E79AAC |
SHA1: | FC955C44BB124EB9B2861C710FE8D680AB5AAA26 |
SHA-256: | 8EBD62798228FAD2554B261B1F6DD2B5BB7E62B8F1E9BCBBF4E27421F3073829 |
SHA-512: | 4A08C22B082804974D71B236DD9BD54D4C6E3E403461204BE57D6C8D13C7D64CE9AAAA4A7553684C790931E58E29BD0238BF87B5740EE672A7A642C3211B798C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.263388572095349 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXF5Ib7+FIbRI6XVW7+0YofDieoAvJfbpatdPeUkwRe9:YvXKXFBYpW7TfWVGVat8Ukee9 |
MD5: | 7223C9C7A54438FE5AEB50B7943E108C |
SHA1: | 379220222206E82C3E57A4624046CEC576FFB618 |
SHA-256: | 5FA17AC6B1B9A31DAB68B066CBEA2B1C3415571456E6D17B925B1A01928D661A |
SHA-512: | 6525B0562590692BD944A0DAC45223A80A5C4EEBA830E0665DD3156DB2B7C12776B7774A8BE247F3497701F1651B96F7551177E52BE6D3900BD05D9C518E1D4B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.215933246279161 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXF5Ib7+FIbRI6XVW7+0YofDieoAvJfshHHrPeUkwRe9:YvXKXFBYpW7TfWVGUUUkee9 |
MD5: | 0A69F716B8B9C41EC127F0DB4CAF6F3E |
SHA1: | EFC7CA15610E170658A9E1BBA41F750DC60F0E6E |
SHA-256: | 4308D3D42328CB2CAF3BFADCF0EB105C9E8557C5B0809AB5EFBF9044E38A2465 |
SHA-512: | 4A63DAD04DDA87A88D528D9F727CD55E724B2ADD8C1571B3D0A4BBB95AECC1786562F9D9EAA9D80B14B758524E054550718DB1740DC82EE2E58C27ECE6115643 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.35820514370257 |
Encrypted: | false |
SSDEEP: | 12:YvXKXFBYpW7TfWVGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWvTL:Yv6XAiTfWx168CgEXX5kcIfANh6L |
MD5: | 684FD561F4C8F0AB9E98DB0753C053C2 |
SHA1: | 28D1C784685CE6BB64798EB4B2D372591EA8371E |
SHA-256: | 78398D0971498580243886CE7448853BFA93AAA70E49B6C040FF27473F15C6A4 |
SHA-512: | 2418906C544C61618941834F4B6D661717F8029D701AD79866FE991EBD56FA8ADB3B0E677FBD954DDCC00970852328E32F4AAC34F6A1FEE1D04B3B743B75A4B2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.129942703344279 |
Encrypted: | false |
SSDEEP: | 24:Yc1klH5KAlRCCKgxXlVbflJw5lVklGa9taykleoqnkqoxqHjw6j0S3qHfgqa2/2D:Y/5likbnwi3JhDf21aKkBIiMK9aOB |
MD5: | 6342BA820FCDC19405C423F70BFF1C6F |
SHA1: | 5EEEE4CC8E126E1323828DBE7CDADEA95E14FFED |
SHA-256: | 93605CA0D4FD80FB8EF2E664C24071AF98D4C03E921E54980B9B65183E29BF06 |
SHA-512: | 7249717344B9E9449804954FA83E50583F4704A32161C0486CDBD9BB7B4E59192E7D934BA2496F713FCC086ADE3B312CBB240EA5A50472E8F3FF66DFEB6DECF8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9845958991588438 |
Encrypted: | false |
SSDEEP: | 24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/Sph4zJwtNBwtNbRZ6bRZ4EF:TVl2GL7ms6ggOVpizutYtp6PR |
MD5: | C97CA4390BD6FD905ADB8D05CB315549 |
SHA1: | B85C0BB964FAC0DBD77EA75D3F9DD20730A30E53 |
SHA-256: | 3D2C64FE3980565664C2E50D7C810C972B567B526AB6D393B0CE45DE5AC48494 |
SHA-512: | 88C970B72CDA4DA3C0CDBA5DCFF34F36BFA41708DDE7F979F1C06689C1D68F173AB11A3ACEA9AD08A79CEC288ADDA07D23517DC32AEB1EB66ECD59B684502EAC |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3396220271711252 |
Encrypted: | false |
SSDEEP: | 24:7+tR/AD1RZKHs/Ds/SphPzJwtNBwtNbRZ6bRZWf1RZK2qLBx/XYKQvGJF7ursK:7MR/GgOVp5zutYtp6PM3qll2GL7msK |
MD5: | 7DAA55526DB5E03CC57E0A1B9A38662E |
SHA1: | 21AFC022A4D657A6A1A3C950868D551F263616A3 |
SHA-256: | 9E52B58B123A0A00E43C6A2F688270A1FABB340AC7010CCE778EA91C4BB8E342 |
SHA-512: | 1770E8ED8E21AC0B766062530C688178DEB8AA6D9870D509974B0115C468A77B05537FA579954C2B09A1DE12EF6E93C0962330F077EF21892EB698A4F1932CC9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.536003181970279 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8mdWaGww:Qw946cPbiOxDlbYnuRKvK |
MD5: | DF371384F6FC0655674DE42E584E3516 |
SHA1: | 188075304FD2356C2E0148E1DFDF60326FF81103 |
SHA-256: | 908F458646876D5AB85ED6F69B0E22B8A6B180F3FBE6FBB62AE5F460964D1DF1 |
SHA-512: | 8B417F76AC3ADD747AA5A82F17C5D508FCF868E0FAC80D0FD53D359AC87E4EDE41BA2E83DDE77E995780C1066EFEBB2D20439711E4F4121CC050861396A48F50 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.075137862630284 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOOsiQR8tsiQR86bMTCSyAAO:IngVMre9T0HQIDmy9g06JXhz/zmTlX |
MD5: | E5FB716ED2C91447666424975318449B |
SHA1: | D4D69B9B83FF8FE5A21B1A997DB7A53C55312677 |
SHA-256: | 1B567DF1C73E614D7CBF6AA9DE688823D541BAB0072B4B89860AF8686DC679B5 |
SHA-512: | 7E6BE9BC3DEDB38CFE80958B6B72E819D28B38D27E530308959E5FC1B0B9358E15083775E167542A6C1E66D3B0953E7241CD581625B5F9310F84353AB47FB3CC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-26 17-56-04-062.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.376360055978702 |
Encrypted: | false |
SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
MD5: | 1336667A75083BF81E2632FABAA88B67 |
SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.329734348190203 |
Encrypted: | false |
SSDEEP: | 384:U79OlTfgXGAvh1YgVaNZsAZFSTJFO2tc/EYiKtT2Cy2EJ5iktOQ5U5kx3Zt9M8Ed:ZNN |
MD5: | 769EEE4B2D5FFBFE61FBC633F85AB829 |
SHA1: | 7A2C2C999DB01977BE3565DD7F9A9A06639E944B |
SHA-256: | 6018DD33E05C4A74AACD07045F54458BA3340E4D639270103A507449A679305C |
SHA-512: | D3D59B449D4259BF090082D64457AE6FC1EB5665EBC1EC64636A668044FFD2347CFD16E6FE7CE444CE62C4EAA5598C192A7C85F322D45BAC9AB7D54E56A2B32D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.398909253144245 |
Encrypted: | false |
SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbQ:c |
MD5: | 45E84B86CBB6A3752ADEC19C6A2F3B03 |
SHA1: | A533D0CDF4460AE0B5B578B0A866DBE878EE3DAD |
SHA-256: | 37107EDAA9892EB8FE8EAB2343AE2C64BF82D6EA5EB663F79315F66A072D331E |
SHA-512: | E6F0A207C25C1A8105650FDFD6CF6B3DCF53C555F05625E6BF6C61B7BB225683074E72EE426939A19B1F0AE9C97418A2B725489E07B390F44DDF8B0A3A013477 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.981095528500733 |
Encrypted: | false |
SSDEEP: | 48:83d2TyuqHmidAKZdA19ehwiZUklqehBy+3:8Avf2y |
MD5: | BFEB6013722138437E3B3F434B5ACEFD |
SHA1: | 5AD0A4CB6F384A953038D2A0692BA59F0A218AAD |
SHA-256: | FEA76B41F07C2D745D8FCAD58F0D4CFB5583C3D3D32FB1DAFFC832CBD04E042B |
SHA-512: | B023844BF6F0257DF96F3A56648CF4A40B9D2A30788CD272C9426C99A4A9B09C304A3824AFFC3431B28DA55F778301899DD26B0BCB80A90158E59592D538EC30 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.9937093261346663 |
Encrypted: | false |
SSDEEP: | 48:84d2TyuqHmidAKZdA1weh/iZUkAQkqehmy+2:8pvl9QLy |
MD5: | 4E24586EA96B51D3510328243B89C64C |
SHA1: | 4684A2E244D32B7214A872A14F3EA65F709516CB |
SHA-256: | 27DC195202C05354F1EB6149974F71FD301049A85975A48521513C615BB40F04 |
SHA-512: | 80396139F8F40A2BF646972B6457A2E468115BC7B4A29EA06C49A3C9207F3D7A6D874D7FF1782E63E3C20CBACBF9446C58CAE1F69CAF0173C644C253DD8A960D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 4.005669638765949 |
Encrypted: | false |
SSDEEP: | 48:8x+d2TyusHmidAKZdA14tseh7sFiZUkmgqeh7s4y+BX:8xPvvnyy |
MD5: | ACC8DC9175D01373287F2EAC5E93AA3E |
SHA1: | 3E52B7089E31D6C35A4AFA8D33DA6FC3FCE4743C |
SHA-256: | 3D9F7CC014F5CDE34F38A6B9BE9D6C2ED324FB5A7ADA4AD713B82E1DE0F8CE0A |
SHA-512: | FAA38A539863539E65A917C01C6F51A2A29FB5AB2F5D25789688096A53845E4C722E9CDDAA5FB61E46B3751C03D7AE526C0C3ADA17B667E620DD2D06A546F121 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.9923212903590617 |
Encrypted: | false |
SSDEEP: | 48:8Hd2TyuqHmidAKZdA1vehDiZUkwqehKy+R:8QvmQy |
MD5: | 81970B95404D935E5AAB98992A363505 |
SHA1: | EE96BAD7BE722C476E60784E4517E3E8BF3F23FB |
SHA-256: | 243389F13667EF54E124F5C3D5890CAAE05D8BA39B665F5985386DDACA2FFF49 |
SHA-512: | 720F2F3E048BCD52E133F5C01BC4E8E132131937B9625E97D0C8C7ECAC7AA03ECA17EC84AF63E787FB147BE2C1AC32B1B8933CD8FCF5BB9CF51A0DC0C5DE7236 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.9829976508275404 |
Encrypted: | false |
SSDEEP: | 48:8Vd2TyuqHmidAKZdA1hehBiZUk1W1qehEy+C:8+vm9ky |
MD5: | 35F4E9CE2E1B4E8F7E14A0DD1DD23ABE |
SHA1: | 11A80FC0D8A9AA68C02ECC1CF70622E515340CD0 |
SHA-256: | 9E438BE20D5E398BB3AD50C0B0E1BA3EE08E8A5125E810092913F8773DB92CAA |
SHA-512: | A77377A49A6689CB55908D66974B6ABF2B73CC593F4E9650B7DAFDD74C2C15609A53FFEC2ED24C1246D8BD363300868DF12CF5538F07F5730671982A6D205FBB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2683 |
Entropy (8bit): | 3.9925135020824127 |
Encrypted: | false |
SSDEEP: | 48:8Rd2TyuqHmidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbyy+yT+:8yv4T/TbxWOvTbyy7T |
MD5: | 19F7FF4C9972FD84FDDAC7184881A245 |
SHA1: | 154AC192038326609D59345593CFC83AE211883F |
SHA-256: | 2C4FBD367597917A1EAC298571AC8759C52903D1FE6A4427FE062D58AF118A9E |
SHA-512: | 86B78158DC227713CB0EC761B5B0B2030261627A5066D8092A2E6D60364422F7197A10613B24A0CB4C2E91F7865A27BD024777C6295BBD03DA073010DD5EED09 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 3030 |
Entropy (8bit): | 5.837406216650395 |
Encrypted: | false |
SSDEEP: | 48:HHhtR0ExAKlgZ01LFoacH6666/5Lf3kYyHyduiVbz7qVd1LYNRa3cM5z77bJ7pL+:nhtR0AliFH6666d5yS5NChFzXbJBvfnO |
MD5: | 7326118E9D3DF10FCAEEBF9647027FDA |
SHA1: | 24003B09E0A7C6446D6C70F0FC4B08888FC5441C |
SHA-256: | E56396C4FE9CF79152749BCAA5050ABCD14ACA367B8AB2BDCFF758DB2547B617 |
SHA-512: | 197AD35BE1D7613E04715CBC820E416C74631AEFA09AE43C9E1205CC60E479C2E689C422E81DE6A0232F5DC38A5E9CE448CB27905179AC9D975700AA8A19397B |
Malicious: | false |
URL: | https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw |
Preview: |
File type: | |
Entropy (8bit): | 7.968821645529483 |
TrID: |
|
File name: | Purchase Order_PO-1075094.pdf |
File size: | 275'065 bytes |
MD5: | 88e1bfe4497640b4aead0b90247fbe4b |
SHA1: | 5c8b680d6ca138c44f62e7708b58b695bf3eeef3 |
SHA256: | e7cec96c94be3fc83e692b6265acb6563fc24ecb0add03780cb9ef2d54213d02 |
SHA512: | 5ac2ce78c67974a6927d94749cc473a424159dcff665652404a3560b581c21f632ce33ee4ca7db9bd14df054517fef2164b6da4081af4b7e4d4a17e685b278bb |
SSDEEP: | 6144:Dgezwfyi4Dnj++YPcxUOYt9j7gd6HdnbyeAF2mSNyB8NLE:DgKi4Dnj++YkxUxj728bye+2zNyB8NA |
TLSH: | 7F440269DD1A44CCCEA2F782911D708D870CF3A5B0C9A992257D8FC72580FE8E6736D6 |
File Content Preview: | %PDF-1.3.%.....1 0 obj.<</Type/Catalog/Pages 3 0 R/Lang(en-US)/Names 4 0 R/Metadata 5 0 R>>.endobj.2 0 obj.<</Producer(http://bfo.com/products/report?version=work-20200610T1518-r36819M)/CreationDate(D:20240426075710-07'00')/ModDate(D:20240426075710-07'00' |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.3 |
Total Entropy: | 7.968822 |
Total Bytes: | 275065 |
Stream Entropy: | 7.998470 |
Stream Bytes: | 254402 |
Entropy outside Streams: | 5.226168 |
Bytes outside Streams: | 20663 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 113 |
endobj | 113 |
stream | 29 |
endstream | 29 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 6 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 6 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
23 | 3a9e4f0c08a4b61b | 82f5fe1054b04b135c7337df66876d78 | |
33 | 88c06c4e4f43494c | cff6f0cdc3a694eb8a56f05eae89b8e3 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 26, 2024 17:55:56.708074093 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 17:55:56.801798105 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 17:55:57.004937887 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 17:56:06.373260021 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 17:56:06.452634096 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 17:56:06.675614119 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 17:56:07.984199047 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 26, 2024 17:56:07.984334946 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 17:56:08.718463898 CEST | 49711 | 443 | 192.168.2.5 | 52.5.13.197 |
Apr 26, 2024 17:56:08.718497038 CEST | 443 | 49711 | 52.5.13.197 | 192.168.2.5 |
Apr 26, 2024 17:56:08.718569040 CEST | 49711 | 443 | 192.168.2.5 | 52.5.13.197 |
Apr 26, 2024 17:56:08.718961000 CEST | 49711 | 443 | 192.168.2.5 | 52.5.13.197 |
Apr 26, 2024 17:56:08.718972921 CEST | 443 | 49711 | 52.5.13.197 | 192.168.2.5 |
Apr 26, 2024 17:56:09.032607079 CEST | 443 | 49711 | 52.5.13.197 | 192.168.2.5 |
Apr 26, 2024 17:56:09.032958031 CEST | 49711 | 443 | 192.168.2.5 | 52.5.13.197 |
Apr 26, 2024 17:56:09.033015966 CEST | 443 | 49711 | 52.5.13.197 | 192.168.2.5 |
Apr 26, 2024 17:56:09.034512043 CEST | 443 | 49711 | 52.5.13.197 | 192.168.2.5 |
Apr 26, 2024 17:56:09.034629107 CEST | 49711 | 443 | 192.168.2.5 | 52.5.13.197 |
Apr 26, 2024 17:56:09.034650087 CEST | 443 | 49711 | 52.5.13.197 | 192.168.2.5 |
Apr 26, 2024 17:56:09.034709930 CEST | 49711 | 443 | 192.168.2.5 | 52.5.13.197 |
Apr 26, 2024 17:56:09.034889936 CEST | 49711 | 443 | 192.168.2.5 | 52.5.13.197 |
Apr 26, 2024 17:56:09.034981966 CEST | 443 | 49711 | 52.5.13.197 | 192.168.2.5 |
Apr 26, 2024 17:56:09.035185099 CEST | 49711 | 443 | 192.168.2.5 | 52.5.13.197 |
Apr 26, 2024 17:56:09.035206079 CEST | 443 | 49711 | 52.5.13.197 | 192.168.2.5 |
Apr 26, 2024 17:56:09.085475922 CEST | 49711 | 443 | 192.168.2.5 | 52.5.13.197 |
Apr 26, 2024 17:56:09.390175104 CEST | 443 | 49711 | 52.5.13.197 | 192.168.2.5 |
Apr 26, 2024 17:56:09.390198946 CEST | 443 | 49711 | 52.5.13.197 | 192.168.2.5 |
Apr 26, 2024 17:56:09.390260935 CEST | 49711 | 443 | 192.168.2.5 | 52.5.13.197 |
Apr 26, 2024 17:56:09.390268087 CEST | 443 | 49711 | 52.5.13.197 | 192.168.2.5 |
Apr 26, 2024 17:56:09.390307903 CEST | 49711 | 443 | 192.168.2.5 | 52.5.13.197 |
Apr 26, 2024 17:56:09.428205967 CEST | 49711 | 443 | 192.168.2.5 | 52.5.13.197 |
Apr 26, 2024 17:56:09.428226948 CEST | 443 | 49711 | 52.5.13.197 | 192.168.2.5 |
Apr 26, 2024 17:56:10.004316092 CEST | 49712 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 17:56:10.004364967 CEST | 443 | 49712 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 17:56:10.004440069 CEST | 49712 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 17:56:10.006225109 CEST | 49712 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 17:56:10.006247044 CEST | 443 | 49712 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 17:56:10.265909910 CEST | 443 | 49712 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 17:56:10.266094923 CEST | 49712 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 17:56:10.268213034 CEST | 49712 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 17:56:10.268222094 CEST | 443 | 49712 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 17:56:10.268534899 CEST | 443 | 49712 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 17:56:10.303535938 CEST | 49712 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 17:56:10.348114967 CEST | 443 | 49712 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 17:56:10.510812998 CEST | 443 | 49712 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 17:56:10.510895014 CEST | 443 | 49712 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 17:56:10.511352062 CEST | 49712 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 17:56:10.511442900 CEST | 443 | 49712 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 17:56:10.511488914 CEST | 49712 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 17:56:10.511507988 CEST | 443 | 49712 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 17:56:10.559041023 CEST | 49713 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 17:56:10.559128046 CEST | 443 | 49713 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 17:56:10.559324980 CEST | 49713 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 17:56:10.559540033 CEST | 49713 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 17:56:10.559576035 CEST | 443 | 49713 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 17:56:10.813263893 CEST | 443 | 49713 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 17:56:10.813611031 CEST | 49713 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 17:56:10.975409985 CEST | 49713 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 17:56:10.975444078 CEST | 443 | 49713 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 17:56:10.975765944 CEST | 443 | 49713 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 17:56:11.026195049 CEST | 49713 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 17:56:11.248492002 CEST | 49713 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 17:56:11.292165995 CEST | 443 | 49713 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 17:56:11.374305964 CEST | 443 | 49713 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 17:56:11.374380112 CEST | 443 | 49713 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 17:56:11.374449015 CEST | 49713 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 17:56:11.981719017 CEST | 49713 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 17:56:11.981719971 CEST | 49713 | 443 | 192.168.2.5 | 23.204.76.112 |
Apr 26, 2024 17:56:11.981796980 CEST | 443 | 49713 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 17:56:11.981827974 CEST | 443 | 49713 | 23.204.76.112 | 192.168.2.5 |
Apr 26, 2024 17:56:13.631756067 CEST | 49714 | 443 | 192.168.2.5 | 104.94.108.142 |
Apr 26, 2024 17:56:13.631798029 CEST | 443 | 49714 | 104.94.108.142 | 192.168.2.5 |
Apr 26, 2024 17:56:13.631870985 CEST | 49714 | 443 | 192.168.2.5 | 104.94.108.142 |
Apr 26, 2024 17:56:13.632107973 CEST | 49714 | 443 | 192.168.2.5 | 104.94.108.142 |
Apr 26, 2024 17:56:13.632119894 CEST | 443 | 49714 | 104.94.108.142 | 192.168.2.5 |
Apr 26, 2024 17:56:14.015954971 CEST | 443 | 49714 | 104.94.108.142 | 192.168.2.5 |
Apr 26, 2024 17:56:14.016236067 CEST | 49714 | 443 | 192.168.2.5 | 104.94.108.142 |
Apr 26, 2024 17:56:14.016262054 CEST | 443 | 49714 | 104.94.108.142 | 192.168.2.5 |
Apr 26, 2024 17:56:14.017265081 CEST | 443 | 49714 | 104.94.108.142 | 192.168.2.5 |
Apr 26, 2024 17:56:14.017343044 CEST | 49714 | 443 | 192.168.2.5 | 104.94.108.142 |
Apr 26, 2024 17:56:14.023361921 CEST | 49714 | 443 | 192.168.2.5 | 104.94.108.142 |
Apr 26, 2024 17:56:14.023426056 CEST | 443 | 49714 | 104.94.108.142 | 192.168.2.5 |
Apr 26, 2024 17:56:14.023581028 CEST | 49714 | 443 | 192.168.2.5 | 104.94.108.142 |
Apr 26, 2024 17:56:14.023587942 CEST | 443 | 49714 | 104.94.108.142 | 192.168.2.5 |
Apr 26, 2024 17:56:14.063334942 CEST | 49714 | 443 | 192.168.2.5 | 104.94.108.142 |
Apr 26, 2024 17:56:14.155153036 CEST | 443 | 49714 | 104.94.108.142 | 192.168.2.5 |
Apr 26, 2024 17:56:14.155230999 CEST | 443 | 49714 | 104.94.108.142 | 192.168.2.5 |
Apr 26, 2024 17:56:14.155282974 CEST | 49714 | 443 | 192.168.2.5 | 104.94.108.142 |
Apr 26, 2024 17:56:14.155658007 CEST | 49714 | 443 | 192.168.2.5 | 104.94.108.142 |
Apr 26, 2024 17:56:14.155677080 CEST | 443 | 49714 | 104.94.108.142 | 192.168.2.5 |
Apr 26, 2024 17:56:19.054378033 CEST | 49716 | 443 | 192.168.2.5 | 40.127.169.103 |
Apr 26, 2024 17:56:19.054429054 CEST | 443 | 49716 | 40.127.169.103 | 192.168.2.5 |
Apr 26, 2024 17:56:19.054497004 CEST | 49716 | 443 | 192.168.2.5 | 40.127.169.103 |
Apr 26, 2024 17:56:19.055675983 CEST | 49716 | 443 | 192.168.2.5 | 40.127.169.103 |
Apr 26, 2024 17:56:19.055697918 CEST | 443 | 49716 | 40.127.169.103 | 192.168.2.5 |
Apr 26, 2024 17:56:19.752563000 CEST | 443 | 49716 | 40.127.169.103 | 192.168.2.5 |
Apr 26, 2024 17:56:19.752634048 CEST | 49716 | 443 | 192.168.2.5 | 40.127.169.103 |
Apr 26, 2024 17:56:19.755364895 CEST | 49716 | 443 | 192.168.2.5 | 40.127.169.103 |
Apr 26, 2024 17:56:19.755387068 CEST | 443 | 49716 | 40.127.169.103 | 192.168.2.5 |
Apr 26, 2024 17:56:19.755646944 CEST | 443 | 49716 | 40.127.169.103 | 192.168.2.5 |
Apr 26, 2024 17:56:19.797712088 CEST | 49716 | 443 | 192.168.2.5 | 40.127.169.103 |
Apr 26, 2024 17:56:20.229933977 CEST | 49716 | 443 | 192.168.2.5 | 40.127.169.103 |
Apr 26, 2024 17:56:20.276122093 CEST | 443 | 49716 | 40.127.169.103 | 192.168.2.5 |
Apr 26, 2024 17:56:20.686464071 CEST | 443 | 49716 | 40.127.169.103 | 192.168.2.5 |
Apr 26, 2024 17:56:20.686487913 CEST | 443 | 49716 | 40.127.169.103 | 192.168.2.5 |
Apr 26, 2024 17:56:20.686495066 CEST | 443 | 49716 | 40.127.169.103 | 192.168.2.5 |
Apr 26, 2024 17:56:20.686505079 CEST | 443 | 49716 | 40.127.169.103 | 192.168.2.5 |
Apr 26, 2024 17:56:20.686533928 CEST | 443 | 49716 | 40.127.169.103 | 192.168.2.5 |
Apr 26, 2024 17:56:20.686567068 CEST | 49716 | 443 | 192.168.2.5 | 40.127.169.103 |
Apr 26, 2024 17:56:20.686588049 CEST | 443 | 49716 | 40.127.169.103 | 192.168.2.5 |
Apr 26, 2024 17:56:20.686597109 CEST | 443 | 49716 | 40.127.169.103 | 192.168.2.5 |
Apr 26, 2024 17:56:20.686625957 CEST | 49716 | 443 | 192.168.2.5 | 40.127.169.103 |
Apr 26, 2024 17:56:20.686651945 CEST | 49716 | 443 | 192.168.2.5 | 40.127.169.103 |
Apr 26, 2024 17:56:20.686656952 CEST | 443 | 49716 | 40.127.169.103 | 192.168.2.5 |
Apr 26, 2024 17:56:20.686676979 CEST | 443 | 49716 | 40.127.169.103 | 192.168.2.5 |
Apr 26, 2024 17:56:20.686731100 CEST | 49716 | 443 | 192.168.2.5 | 40.127.169.103 |
Apr 26, 2024 17:56:20.978852034 CEST | 49716 | 443 | 192.168.2.5 | 40.127.169.103 |
Apr 26, 2024 17:56:20.978893995 CEST | 443 | 49716 | 40.127.169.103 | 192.168.2.5 |
Apr 26, 2024 17:56:20.978909969 CEST | 49716 | 443 | 192.168.2.5 | 40.127.169.103 |
Apr 26, 2024 17:56:20.978916883 CEST | 443 | 49716 | 40.127.169.103 | 192.168.2.5 |
Apr 26, 2024 17:56:32.986798048 CEST | 49724 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:32.986845016 CEST | 443 | 49724 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:32.986922979 CEST | 49725 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:32.986954927 CEST | 49724 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:32.986960888 CEST | 443 | 49725 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:32.987009048 CEST | 49725 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:32.987045050 CEST | 49726 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:32.987087965 CEST | 443 | 49726 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:32.987143993 CEST | 49727 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:32.987163067 CEST | 49726 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:32.987181902 CEST | 443 | 49727 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:32.987231970 CEST | 49727 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:32.987452984 CEST | 49724 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:32.987462044 CEST | 443 | 49724 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:32.987600088 CEST | 49725 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:32.987607956 CEST | 443 | 49725 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:32.987788916 CEST | 49726 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:32.987797976 CEST | 443 | 49726 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:32.987965107 CEST | 49727 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:32.987973928 CEST | 443 | 49727 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:33.341203928 CEST | 443 | 49726 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:33.341461897 CEST | 49726 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:33.341497898 CEST | 443 | 49726 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:33.342987061 CEST | 443 | 49726 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:33.343066931 CEST | 49726 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:33.344266891 CEST | 443 | 49725 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:33.344738007 CEST | 49726 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:33.344858885 CEST | 443 | 49726 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:33.344921112 CEST | 49725 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:33.344949961 CEST | 443 | 49725 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:33.345184088 CEST | 49726 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:33.345197916 CEST | 443 | 49726 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:33.346432924 CEST | 443 | 49725 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:33.346493959 CEST | 49725 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:33.347616911 CEST | 49725 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:33.347682953 CEST | 443 | 49725 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:33.347800970 CEST | 49725 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:33.347807884 CEST | 443 | 49725 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:33.400425911 CEST | 49725 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:33.400429964 CEST | 49726 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:33.686770916 CEST | 443 | 49726 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:33.686830997 CEST | 443 | 49726 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:33.686872959 CEST | 443 | 49726 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:33.686885118 CEST | 49726 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:33.686918974 CEST | 443 | 49726 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:33.686961889 CEST | 49726 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:33.690049887 CEST | 443 | 49726 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:33.690165997 CEST | 443 | 49726 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:33.690212965 CEST | 49726 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:33.700454950 CEST | 49725 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:33.700558901 CEST | 443 | 49725 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:33.700614929 CEST | 49725 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:33.704562902 CEST | 49726 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:33.704590082 CEST | 443 | 49726 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:34.140583038 CEST | 443 | 49724 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:34.204071045 CEST | 49724 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:34.323113918 CEST | 443 | 49727 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:34.399302006 CEST | 49727 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:35.147934914 CEST | 49724 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:35.147980928 CEST | 443 | 49724 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:35.148284912 CEST | 49727 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:35.148355007 CEST | 443 | 49727 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:35.149678946 CEST | 443 | 49724 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:35.149697065 CEST | 443 | 49724 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:35.149739981 CEST | 49724 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:35.150235891 CEST | 49724 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:35.150351048 CEST | 443 | 49724 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:35.150588989 CEST | 49724 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:35.150605917 CEST | 443 | 49724 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:35.151942015 CEST | 443 | 49727 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:35.151956081 CEST | 443 | 49727 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:35.151990891 CEST | 49727 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:35.199201107 CEST | 49724 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:35.202971935 CEST | 49727 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:35.203109026 CEST | 49727 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:35.203156948 CEST | 443 | 49727 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:35.293178082 CEST | 49727 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:35.293235064 CEST | 443 | 49727 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:35.403424025 CEST | 49727 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:35.727796078 CEST | 443 | 49727 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:35.727890968 CEST | 49727 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:35.728051901 CEST | 443 | 49727 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:35.728286982 CEST | 443 | 49727 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:35.728347063 CEST | 49727 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:35.792783022 CEST | 49727 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:35.792845964 CEST | 443 | 49727 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:35.799559116 CEST | 49728 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:35.799638033 CEST | 443 | 49728 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:35.799895048 CEST | 49728 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:35.800144911 CEST | 49728 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:35.800199986 CEST | 443 | 49728 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:35.852751970 CEST | 443 | 49724 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:35.852844000 CEST | 49724 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:35.852905989 CEST | 443 | 49724 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:35.852940083 CEST | 443 | 49724 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:35.852992058 CEST | 49724 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:35.855930090 CEST | 49724 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:35.855968952 CEST | 443 | 49724 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:35.855993986 CEST | 49724 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:35.856019974 CEST | 49724 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:36.182543039 CEST | 49730 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:36.182636976 CEST | 443 | 49730 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:36.182728052 CEST | 49730 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:36.183244944 CEST | 49730 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:36.183279037 CEST | 443 | 49730 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:36.279176950 CEST | 443 | 49728 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:36.279836893 CEST | 49728 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:36.279875994 CEST | 443 | 49728 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:36.280392885 CEST | 443 | 49728 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:36.280893087 CEST | 49728 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:36.280982018 CEST | 443 | 49728 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:36.281421900 CEST | 49728 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:36.324155092 CEST | 443 | 49728 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:36.640561104 CEST | 443 | 49730 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:36.641207933 CEST | 49730 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:36.641233921 CEST | 443 | 49730 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:36.641721964 CEST | 443 | 49730 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:36.642733097 CEST | 49730 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:36.642822981 CEST | 443 | 49730 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:36.643505096 CEST | 49730 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:36.684125900 CEST | 443 | 49730 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:36.762685061 CEST | 443 | 49728 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:36.762754917 CEST | 443 | 49728 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:36.762809038 CEST | 443 | 49728 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:36.762856960 CEST | 49728 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:36.762891054 CEST | 443 | 49728 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:36.762913942 CEST | 443 | 49728 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:36.762940884 CEST | 49728 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:36.762969971 CEST | 49728 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:36.763825893 CEST | 49728 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:36.763844013 CEST | 443 | 49728 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:37.093255997 CEST | 443 | 49730 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:37.093302011 CEST | 443 | 49730 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:37.093349934 CEST | 443 | 49730 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:37.093358994 CEST | 49730 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:37.093383074 CEST | 443 | 49730 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:37.093446970 CEST | 443 | 49730 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:37.093502045 CEST | 49730 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:37.094048977 CEST | 49730 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:37.094063997 CEST | 443 | 49730 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:37.262311935 CEST | 49731 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:37.262361050 CEST | 443 | 49731 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:37.262464046 CEST | 49731 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:37.264739990 CEST | 49731 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:37.264758110 CEST | 443 | 49731 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:37.592763901 CEST | 443 | 49731 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:37.593324900 CEST | 49731 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:37.593346119 CEST | 443 | 49731 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:37.593786001 CEST | 443 | 49731 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:37.601365089 CEST | 49731 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:37.601454020 CEST | 443 | 49731 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:37.799966097 CEST | 49731 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:47.586951017 CEST | 443 | 49731 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:47.587024927 CEST | 443 | 49731 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:56:47.587196112 CEST | 49731 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:47.595508099 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 17:56:47.825095892 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 26, 2024 17:56:49.849858999 CEST | 49731 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:56:49.849893093 CEST | 443 | 49731 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:57:01.687714100 CEST | 49732 | 443 | 192.168.2.5 | 40.127.169.103 |
Apr 26, 2024 17:57:01.687767029 CEST | 443 | 49732 | 40.127.169.103 | 192.168.2.5 |
Apr 26, 2024 17:57:01.687829018 CEST | 49732 | 443 | 192.168.2.5 | 40.127.169.103 |
Apr 26, 2024 17:57:01.688257933 CEST | 49732 | 443 | 192.168.2.5 | 40.127.169.103 |
Apr 26, 2024 17:57:01.688272953 CEST | 443 | 49732 | 40.127.169.103 | 192.168.2.5 |
Apr 26, 2024 17:57:02.380911112 CEST | 443 | 49732 | 40.127.169.103 | 192.168.2.5 |
Apr 26, 2024 17:57:02.381077051 CEST | 49732 | 443 | 192.168.2.5 | 40.127.169.103 |
Apr 26, 2024 17:57:03.416260004 CEST | 49732 | 443 | 192.168.2.5 | 40.127.169.103 |
Apr 26, 2024 17:57:03.416332960 CEST | 443 | 49732 | 40.127.169.103 | 192.168.2.5 |
Apr 26, 2024 17:57:03.416723013 CEST | 443 | 49732 | 40.127.169.103 | 192.168.2.5 |
Apr 26, 2024 17:57:03.431206942 CEST | 49732 | 443 | 192.168.2.5 | 40.127.169.103 |
Apr 26, 2024 17:57:03.472137928 CEST | 443 | 49732 | 40.127.169.103 | 192.168.2.5 |
Apr 26, 2024 17:57:03.889408112 CEST | 443 | 49732 | 40.127.169.103 | 192.168.2.5 |
Apr 26, 2024 17:57:03.889472008 CEST | 443 | 49732 | 40.127.169.103 | 192.168.2.5 |
Apr 26, 2024 17:57:03.889517069 CEST | 443 | 49732 | 40.127.169.103 | 192.168.2.5 |
Apr 26, 2024 17:57:03.889554977 CEST | 49732 | 443 | 192.168.2.5 | 40.127.169.103 |
Apr 26, 2024 17:57:03.889585972 CEST | 443 | 49732 | 40.127.169.103 | 192.168.2.5 |
Apr 26, 2024 17:57:03.889612913 CEST | 49732 | 443 | 192.168.2.5 | 40.127.169.103 |
Apr 26, 2024 17:57:03.889632940 CEST | 49732 | 443 | 192.168.2.5 | 40.127.169.103 |
Apr 26, 2024 17:57:03.889687061 CEST | 443 | 49732 | 40.127.169.103 | 192.168.2.5 |
Apr 26, 2024 17:57:03.889765024 CEST | 49732 | 443 | 192.168.2.5 | 40.127.169.103 |
Apr 26, 2024 17:57:03.889765978 CEST | 443 | 49732 | 40.127.169.103 | 192.168.2.5 |
Apr 26, 2024 17:57:03.889825106 CEST | 443 | 49732 | 40.127.169.103 | 192.168.2.5 |
Apr 26, 2024 17:57:03.889862061 CEST | 49732 | 443 | 192.168.2.5 | 40.127.169.103 |
Apr 26, 2024 17:57:03.889874935 CEST | 443 | 49732 | 40.127.169.103 | 192.168.2.5 |
Apr 26, 2024 17:57:03.889966965 CEST | 443 | 49732 | 40.127.169.103 | 192.168.2.5 |
Apr 26, 2024 17:57:03.890033960 CEST | 49732 | 443 | 192.168.2.5 | 40.127.169.103 |
Apr 26, 2024 17:57:04.445607901 CEST | 49732 | 443 | 192.168.2.5 | 40.127.169.103 |
Apr 26, 2024 17:57:04.445633888 CEST | 443 | 49732 | 40.127.169.103 | 192.168.2.5 |
Apr 26, 2024 17:57:37.307210922 CEST | 49734 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:57:37.307244062 CEST | 443 | 49734 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:57:37.307324886 CEST | 49734 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:57:37.307545900 CEST | 49734 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:57:37.307559967 CEST | 443 | 49734 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:57:37.786403894 CEST | 443 | 49734 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:57:37.786714077 CEST | 49734 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:57:37.786736965 CEST | 443 | 49734 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:57:37.787863016 CEST | 443 | 49734 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:57:37.788239956 CEST | 49734 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:57:37.788414955 CEST | 443 | 49734 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:57:37.835036993 CEST | 49734 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:57:47.775913000 CEST | 443 | 49734 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:57:47.775983095 CEST | 443 | 49734 | 142.250.217.196 | 192.168.2.5 |
Apr 26, 2024 17:57:47.776093006 CEST | 49734 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:57:49.105421066 CEST | 49734 | 443 | 192.168.2.5 | 142.250.217.196 |
Apr 26, 2024 17:57:49.105458975 CEST | 443 | 49734 | 142.250.217.196 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 26, 2024 17:56:32.851680040 CEST | 58075 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 26, 2024 17:56:32.851857901 CEST | 50695 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 26, 2024 17:56:32.882714033 CEST | 53 | 55025 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 17:56:32.896811962 CEST | 53 | 50055 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 17:56:32.982954979 CEST | 53 | 50695 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 17:56:32.986326933 CEST | 53 | 58075 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 17:56:35.657360077 CEST | 53 | 58383 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 17:56:53.266964912 CEST | 53 | 61850 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 17:57:12.417279005 CEST | 53 | 49396 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 17:57:32.497539997 CEST | 53 | 57506 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 17:57:36.247711897 CEST | 53 | 50690 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 17:58:03.897500038 CEST | 53 | 60340 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 26, 2024 17:56:32.851680040 CEST | 192.168.2.5 | 1.1.1.1 | 0x2683 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 26, 2024 17:56:32.851857901 CEST | 192.168.2.5 | 1.1.1.1 | 0xbb52 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 26, 2024 17:56:32.982954979 CEST | 1.1.1.1 | 192.168.2.5 | 0xbb52 | No error (0) | 65 | IN (0x0001) | false | |||
Apr 26, 2024 17:56:32.986326933 CEST | 1.1.1.1 | 192.168.2.5 | 0x2683 | No error (0) | 142.250.217.196 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49711 | 52.5.13.197 | 443 | 6524 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 15:56:09 UTC | 1473 | OUT | |
2024-04-26 15:56:09 UTC | 544 | IN | |
2024-04-26 15:56:09 UTC | 3120 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49712 | 23.204.76.112 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 15:56:10 UTC | 161 | OUT | |
2024-04-26 15:56:10 UTC | 466 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49713 | 23.204.76.112 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 15:56:11 UTC | 239 | OUT | |
2024-04-26 15:56:11 UTC | 530 | IN | |
2024-04-26 15:56:11 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49714 | 104.94.108.142 | 443 | 6524 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 15:56:14 UTC | 475 | OUT | |
2024-04-26 15:56:14 UTC | 198 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.5 | 49716 | 40.127.169.103 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 15:56:20 UTC | 306 | OUT | |
2024-04-26 15:56:20 UTC | 560 | IN | |
2024-04-26 15:56:20 UTC | 15824 | IN | |
2024-04-26 15:56:20 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.5 | 49726 | 142.250.217.196 | 443 | 7060 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 15:56:33 UTC | 615 | OUT | |
2024-04-26 15:56:33 UTC | 1703 | IN | |
2024-04-26 15:56:33 UTC | 1703 | IN | |
2024-04-26 15:56:33 UTC | 1120 | IN | |
2024-04-26 15:56:33 UTC | 220 | IN | |
2024-04-26 15:56:33 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.5 | 49725 | 142.250.217.196 | 443 | 7060 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 15:56:33 UTC | 353 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.5 | 49724 | 142.250.217.196 | 443 | 7060 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 15:56:35 UTC | 518 | OUT | |
2024-04-26 15:56:35 UTC | 1843 | IN | |
2024-04-26 15:56:35 UTC | 458 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.5 | 49727 | 142.250.217.196 | 443 | 7060 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 15:56:35 UTC | 353 | OUT | |
2024-04-26 15:56:35 UTC | 1761 | IN | |
2024-04-26 15:56:35 UTC | 417 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.5 | 49728 | 142.250.217.196 | 443 | 7060 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 15:56:36 UTC | 738 | OUT | |
2024-04-26 15:56:36 UTC | 356 | IN | |
2024-04-26 15:56:36 UTC | 899 | IN | |
2024-04-26 15:56:36 UTC | 1255 | IN | |
2024-04-26 15:56:36 UTC | 960 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
10 | 192.168.2.5 | 49730 | 142.250.217.196 | 443 | 7060 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 15:56:36 UTC | 920 | OUT | |
2024-04-26 15:56:37 UTC | 356 | IN | |
2024-04-26 15:56:37 UTC | 899 | IN | |
2024-04-26 15:56:37 UTC | 1255 | IN | |
2024-04-26 15:56:37 UTC | 1032 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
11 | 192.168.2.5 | 49732 | 40.127.169.103 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 15:57:03 UTC | 306 | OUT | |
2024-04-26 15:57:03 UTC | 560 | IN | |
2024-04-26 15:57:03 UTC | 15824 | IN | |
2024-04-26 15:57:03 UTC | 9633 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 17:56:00 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff686a00000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 2 |
Start time: | 17:56:00 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 4 |
Start time: | 17:56:01 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 8 |
Start time: | 17:56:31 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 9 |
Start time: | 17:56:31 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |