Windows
Analysis Report
ReInvest Capital .pdf
Overview
General Information
Detection
Score: | 64 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 7128 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\R eInvest Ca pital .pdf " MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 2520 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 5908 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 12 --field -trial-han dle=1636,i ,604840052 5593136051 ,163662845 1961536667 9,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- chrome.exe (PID: 8136 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "https ://btweb.t op" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 6204 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2032 --fi eld-trial- handle=199 2,i,858929 8334556741 863,199651 6174095378 037,262144 /prefetch :8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | ReversingLabs: |
Source: | ML Model on OCR Text: |
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | Static PDF information: | ||
Source: | Static PDF information: | ||
Source: | Static PDF information: |
Source: | Classification label: |
Source: | Initial sample: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 1 Spearphishing Link | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
42% | ReversingLabs | Document-PDF.Trojan.Heuristic | ||
100% | Avira | TR/AVI.PhishingX.rdoxl |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
google.com | 142.250.80.46 | true | false | high | |
www.google.com | 142.250.80.36 | true | false | high | |
btweb.top | unknown | unknown | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| low |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.80.36 | www.google.com | United States | 15169 | GOOGLEUS | false | |
23.47.168.24 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false |
IP |
---|
192.168.2.16 |
192.168.2.5 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1432391 |
Start date and time: | 2024-04-27 00:21:44 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 36s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 13 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | ReInvest Capital .pdf |
Detection: | MAL |
Classification: | mal64.winPDF@45/48@23/5 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 69.192.108.223, 52.5.13.197, 23.22.254.206, 54.227.187.23, 52.202.204.11, 162.159.61.3, 172.64.41.3, 23.40.179.35, 23.40.179.19, 23.206.121.20, 72.21.81.240, 192.229.211.108, 142.250.81.227, 142.250.31.84, 142.250.80.78, 23.44.133.32, 23.44.133.36, 34.104.35.123, 142.251.40.170, 142.250.81.234, 142.250.80.42, 142.251.41.10, 142.250.176.202, 142.250.80.74, 142.251.32.106, 142.250.80.10, 142.250.64.74, 142.251.40.138, 142.251.40.106, 142.250.65.234, 142.250.64.106, 142.250.80.106, 142.250.72.106, 142.251.35.170, 142.250.80.67, 142.251.40.174
- Excluded domains from analysis (whitelisted): clients1.google.com, e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, clientservices.googleapis.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, clients.l.google.com, geo2.adobe.com, optimizationguide-pa.googleapis.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: ReInvest Capital .pdf
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.47.168.24 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | RHADAMANTHYS | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
239.255.255.250 | Get hash | malicious | TechSupportScam | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | TechSupportScam | Browse | |||
Get hash | malicious | TechSupportScam | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Chaos, Conti, LockBit ransomware, TrojanRansom | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Latrodectus | Browse | |||
Get hash | malicious | HTMLPhisher | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
google.com | Get hash | malicious | TechSupportScam | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Chaos, Conti, LockBit ransomware, TrojanRansom | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Latrodectus | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | Vidar | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
1138de370e523e824bbca92d049a3777 | Get hash | malicious | Latrodectus | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Latrodectus | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Captcha Phish | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Mars Stealer, PureLog Stealer, RedLine, SectopRAT, Stealc, Vidar, zgRAT | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
28a2c9bd18a11de089ef85a160da29e4 | Get hash | malicious | TechSupportScam | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Chaos, Conti, LockBit ransomware, TrojanRansom | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Latrodectus | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.149216021009419 |
Encrypted: | false |
SSDEEP: | 6:5Xap09+q2P92nKuAl9OmbnIFUt86XapN5BZmw+6XapN5VVkwO92nKuAl9OmbjLJ:5IS+v4HAahFUt86IN5B/+6IN5VV5LHAR |
MD5: | 6B0D5C93DB92EC2ABE316E95EB223E48 |
SHA1: | A693EDCC1B8A2EDACAEFBCF31186EA6EDDEDBBCC |
SHA-256: | 0CDA83C17637863FBD734B1C4C0353377DB69B4293CDE5E8520133AEB4C224D8 |
SHA-512: | 05526E017AEFAF9E67F48C64F7E38AE2D20A902E9340570A638B77F8314067F532E14398DB5795E6C2D5B7891A3974284EBC3549F726468FFB1AC609D9C7DBA2 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.149216021009419 |
Encrypted: | false |
SSDEEP: | 6:5Xap09+q2P92nKuAl9OmbnIFUt86XapN5BZmw+6XapN5VVkwO92nKuAl9OmbjLJ:5IS+v4HAahFUt86IN5B/+6IN5VV5LHAR |
MD5: | 6B0D5C93DB92EC2ABE316E95EB223E48 |
SHA1: | A693EDCC1B8A2EDACAEFBCF31186EA6EDDEDBBCC |
SHA-256: | 0CDA83C17637863FBD734B1C4C0353377DB69B4293CDE5E8520133AEB4C224D8 |
SHA-512: | 05526E017AEFAF9E67F48C64F7E38AE2D20A902E9340570A638B77F8314067F532E14398DB5795E6C2D5B7891A3974284EBC3549F726468FFB1AC609D9C7DBA2 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.197975848195973 |
Encrypted: | false |
SSDEEP: | 6:5XaQuN+q2P92nKuAl9Ombzo2jMGIFUt86XaS2Zmw+6XaSyVkwO92nKuAl9Ombzos:5wIv4HAa8uFUt8672/+67K5LHAa8RJ |
MD5: | 88C36372029A3DEF971BD307B9D5DAE1 |
SHA1: | E6FA9C28D1536AC62551F7688389A3D8832853FD |
SHA-256: | FB87C4A71F52F01D311ED02947DC39405A01B33C49B8F3C6379B01CF5DDB7793 |
SHA-512: | 541F11F122B62D641C241C1991DD2CF7DFDA02C2869A1FD3C459C6118F4D89CC2C999E583D93461542A8E219A5E911D87A37C15680E9B70E11BC3B9FB9D61AA3 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.197975848195973 |
Encrypted: | false |
SSDEEP: | 6:5XaQuN+q2P92nKuAl9Ombzo2jMGIFUt86XaS2Zmw+6XaSyVkwO92nKuAl9Ombzos:5wIv4HAa8uFUt8672/+67K5LHAa8RJ |
MD5: | 88C36372029A3DEF971BD307B9D5DAE1 |
SHA1: | E6FA9C28D1536AC62551F7688389A3D8832853FD |
SHA-256: | FB87C4A71F52F01D311ED02947DC39405A01B33C49B8F3C6379B01CF5DDB7793 |
SHA-512: | 541F11F122B62D641C241C1991DD2CF7DFDA02C2869A1FD3C459C6118F4D89CC2C999E583D93461542A8E219A5E911D87A37C15680E9B70E11BC3B9FB9D61AA3 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\62a7fbb7-19da-43f1-8cc7-7ff90d965ff8.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 507 |
Entropy (8bit): | 5.05878949156416 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZQbUsBdOg2H6Zcaq3QYiubxnP7E4T3OF+:Y2sRdsr9dMH6g3QYhbxP7nbI+ |
MD5: | 866D1027DC4D247C3026B13CF71CAA18 |
SHA1: | C07CFA0FB4FABA404A54BF4A94C9A3232713B601 |
SHA-256: | A5C5696BF46EAEFF753C1D8F3E24856703C40A8A147A673BD990663B78C36019 |
SHA-512: | 3CEC01E59CBBDBD489C55DC19D912F80ACCF8F228AD98FF0DC7D4EA98353C1CCE63C424C9A79669AE64781A3BF21E019A8448772750DA945EB7F1A59D248BA63 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 507 |
Entropy (8bit): | 5.05878949156416 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZQbUsBdOg2H6Zcaq3QYiubxnP7E4T3OF+:Y2sRdsr9dMH6g3QYhbxP7nbI+ |
MD5: | 866D1027DC4D247C3026B13CF71CAA18 |
SHA1: | C07CFA0FB4FABA404A54BF4A94C9A3232713B601 |
SHA-256: | A5C5696BF46EAEFF753C1D8F3E24856703C40A8A147A673BD990663B78C36019 |
SHA-512: | 3CEC01E59CBBDBD489C55DC19D912F80ACCF8F228AD98FF0DC7D4EA98353C1CCE63C424C9A79669AE64781A3BF21E019A8448772750DA945EB7F1A59D248BA63 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4509 |
Entropy (8bit): | 5.238180647859435 |
Encrypted: | false |
SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUmHXWaM67WaZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLX |
MD5: | 168664EB0667995750BD4D46F5CF7233 |
SHA1: | EACE8FBD06B250961D29E7EFE70F3A69B35D3D0B |
SHA-256: | 3BC4E7F6A0272F459CBFC29EA761984F11B25941D7083B54574BD2968CD4A955 |
SHA-512: | 5419E2775C36173B5A04E3CE22E5B73AC1F7777FC61B07EB2CF8A97EB886EBDE517DA8B2C397A05C1261B55A8692311AD9E8EEA162860F954BB1D200EBDA2F1C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.196781840757621 |
Encrypted: | false |
SSDEEP: | 6:5XYMH3+q2P92nKuAl9OmbzNMxIFUt86XYMNZmw+6XYMpKNVkwO92nKuAl9OmbzNq:5IMHOv4HAa8jFUt86IMN/+6IMpKz5LHP |
MD5: | C93D889FAEF05BC6BEF42EB352FA8EAC |
SHA1: | 3ED81E11AC9DDDCE9101446B578424928F0E02C9 |
SHA-256: | C970119790FEAFF6AB9FFBA38EB1A9FC29228F007EA9D8876C2183A3B5B0C80F |
SHA-512: | FBFA7DA3FF03635B26D9F6F5C14D8CC819DBF70BD06C6F5B7204A743F2906DD7159DFF3C341ECF9368D63C38F79689194BA10ADDA632131F02A70DFAC070F9C7 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.196781840757621 |
Encrypted: | false |
SSDEEP: | 6:5XYMH3+q2P92nKuAl9OmbzNMxIFUt86XYMNZmw+6XYMpKNVkwO92nKuAl9OmbzNq:5IMHOv4HAa8jFUt86IMN/+6IMpKz5LHP |
MD5: | C93D889FAEF05BC6BEF42EB352FA8EAC |
SHA1: | 3ED81E11AC9DDDCE9101446B578424928F0E02C9 |
SHA-256: | C970119790FEAFF6AB9FFBA38EB1A9FC29228F007EA9D8876C2183A3B5B0C80F |
SHA-512: | FBFA7DA3FF03635B26D9F6F5C14D8CC819DBF70BD06C6F5B7204A743F2906DD7159DFF3C341ECF9368D63C38F79689194BA10ADDA632131F02A70DFAC070F9C7 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240426222235Z-173.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 92470 |
Entropy (8bit): | 2.7265653582021634 |
Encrypted: | false |
SSDEEP: | 192:E52kCwRS+C0IwutbGpdFmABY2AHPe18bWJ7l9fhGdVj77taN89:EMZwRS+C+uIpdFm/PHPjbAlRhwNtae |
MD5: | 4FF8C9650186AC77D3BF46BCAE9AD622 |
SHA1: | 72E7D20141BB02C44960DA7F468969758ED99184 |
SHA-256: | 0AEA7A2765CD7E714D43E814BB4511AE64BC4181A7FB5D3D3181C47385D000CD |
SHA-512: | D56172DE497B6C2FC3D571852EEDDC415F7C576298921EF9D159BFD6DBB686BB426A0C66E21273F027C781DBEFA197109C2F412CF052E8F30755B8FA5941D300 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 228346 |
Entropy (8bit): | 3.3890581331110528 |
Encrypted: | false |
SSDEEP: | 1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgf/rRoL+sn:DPCaJ/3AYvYwgXFoL+sn |
MD5: | BAE090D23B1C0D4F6DC247F0080D349E |
SHA1: | 8A7AAD52A54F9A3CCEF3CE323F6BBD5B2B530461 |
SHA-256: | D7D3096317CF32DBEDF75D85390FE89A96170D44C09B2F6D164036064F506AE3 |
SHA-512: | 208136EBA10544EA5EADA1C32EADFD8066047A9D851FF95BADF9938D40AFA1771003C2725DB8C78991E700C73FA2FC3C9F3CC3712B3332E4CF6F8DDE0E539130 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.334356168588472 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFY8Pc7Zzx+FIbRI6XVW7+0Yum8NqoAvJM3g98kUwPeUkwRe9:YvXKXFYuc7ZzUYpW7/ZGMbLUkee9 |
MD5: | DEEEFDDAFA8ACE47B2FE921B568FB1C0 |
SHA1: | 950454DCC675A7655113445483CDB8C4CA4411AB |
SHA-256: | 2418A1BD2D4BBB679F25C6AE00681F438924015C60A85A804548C05F437D532F |
SHA-512: | 291CF0C3DCA223E12932FB08648449C0287C6314E88CED88364D408EA733E4FFC3070EFC533241DC64AE39CE868FF6246381AAC4FC5038981FCCD839EF35DD3A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.273706338765527 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFY8Pc7Zzx+FIbRI6XVW7+0Yum8NqoAvJfBoTfXpnrPeUkwRe9:YvXKXFYuc7ZzUYpW7/ZGWTfXcUkee9 |
MD5: | DF9F73F69C073F53EC8E551962EA952F |
SHA1: | 8372E1E251CD24140196A56A41A539AB29202CAB |
SHA-256: | 479B09F603552E361C6196ACB59029F7D05216FE6F1552912A488459FA9B94D1 |
SHA-512: | 00A309E09582DC5A5345F811367893E519350DDF29FF70F950C1569ADAFEBBD34AF292352CCB8B1E7731E82EC8161D8AD8EC86BFDA90C9409F489C5F81015429 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.2511785879691555 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFY8Pc7Zzx+FIbRI6XVW7+0Yum8NqoAvJfBD2G6UpnrPeUkwRe9:YvXKXFYuc7ZzUYpW7/ZGR22cUkee9 |
MD5: | 956566294C31C53FE509C5D3453E3C58 |
SHA1: | B2575C4FCEADD9EFD9104A832EF6281C07807C7B |
SHA-256: | C6A9BEDF16FD2588CB0FFEFD2EAF16A63439C442BBE1B062689EF890E923199C |
SHA-512: | E2D78E6E0049D93247B1F9E3EE7B19F2CDCECE71C67AFF7ECB367FEE012B568FBB73C3C433A232B0A3CFEAA4480FDBE3C4633EE1E5AD79E698609D89E53176B4 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.31223124912912 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFY8Pc7Zzx+FIbRI6XVW7+0Yum8NqoAvJfPmwrPeUkwRe9:YvXKXFYuc7ZzUYpW7/ZGH56Ukee9 |
MD5: | 9B4D6C36DEB249B3A35BF984C4DFCFD4 |
SHA1: | 83CF95526062C6C4D3DB56594882172E9A42B658 |
SHA-256: | 75882280C9628ADFEFF2E5E5EA62FAE4DB36B8F0A1A612ED038E3D101632FF83 |
SHA-512: | 0869C77CB8A00C3B3980C081D4856C338EACAA13B6825DE4D29E44FC29C0A734EFF4F1BAC87CFA5CDE660FB80DDAFFA93A852062F1A562CF893C8F5A48019C6E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.2727515474546 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFY8Pc7Zzx+FIbRI6XVW7+0Yum8NqoAvJfJWCtMdPeUkwRe9:YvXKXFYuc7ZzUYpW7/ZGBS8Ukee9 |
MD5: | E6ECDAE16651AA04F322E237CEA6749C |
SHA1: | EDDE98FC62EB401316512F366825346B2F05602C |
SHA-256: | 645FCF8F9D26CCFC74FF2EBEC04AB893AF61E513171001759CF5D569CE8723E4 |
SHA-512: | 020DC8C3129D5EABCD97B3C8871563A5AF3DD3D74803680BDAB1CC748AB8BD8482668C1AB69C0A1569D3AA6B145F998896988D154FB383BB5E668EAA3CF7705F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.257410236428719 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFY8Pc7Zzx+FIbRI6XVW7+0Yum8NqoAvJf8dPeUkwRe9:YvXKXFYuc7ZzUYpW7/ZGU8Ukee9 |
MD5: | 8398E2F2E91AB61B20A9566E18283C06 |
SHA1: | 164E2348A25ADA39AA1AB8EC0FD7EB3D5F5AF1F1 |
SHA-256: | A6C677CCCC769ED536D9B218F44AA156B5273F067B96C06EC42B9A79E63F6BBC |
SHA-512: | 6B6F6E645B1796C8DB2499D13201A4ED1973BB7F1571C290B868DCF34B3310DC4D6CAEEF6E96FAAA13A087A39CC7A1F519884EF375F78C6B5136096CC3C75E99 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.258803003924655 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFY8Pc7Zzx+FIbRI6XVW7+0Yum8NqoAvJfQ1rPeUkwRe9:YvXKXFYuc7ZzUYpW7/ZGY16Ukee9 |
MD5: | CBDF31FE33BB9CFA8C66D3A86840E85B |
SHA1: | 5D50BBB0BE3976480D8D9DF41F0C9D32490BFD57 |
SHA-256: | C16FAD212DC499E711769799E77D4D1DD43510030A8479760DFEFF234D728AF7 |
SHA-512: | DDE0FE60E64517CD091BD0021F4FD8B6BB68874B4AEC9644743FEAC2D1D0A358DAF2E9A9C471583EBAF4B7214F117F7FA8EAD8191617569C8076F5765332EE40 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.278798228042348 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFY8Pc7Zzx+FIbRI6XVW7+0Yum8NqoAvJfFldPeUkwRe9:YvXKXFYuc7ZzUYpW7/ZGz8Ukee9 |
MD5: | 1907D504C4E07B76D682349D70B566EC |
SHA1: | 4DE36E78DD9F144C8010B26C522AE279D166121F |
SHA-256: | 83F7368236453BD288F441C86A8E78B64E169F5500EC8381C4E8BDCD14C2032F |
SHA-512: | AE1FD4FC1BAD0542C2884A111963B207A8ED2A443B20655D6746072930C5FB6DC3A8BE3354FA6466D3900FFA7B794984A29482FAA3A1D74DADC3D769D7AC10A5 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.737218214636835 |
Encrypted: | false |
SSDEEP: | 24:Yv6XausBi/FKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNL:Yvzu5NEgigrNt0wSJn+ns8cvFJR |
MD5: | 94D0CA37B91547FDB5CC25A62A727D75 |
SHA1: | BBD2AC7D8FA1D19AAD072C52A8D843EDB2ED60E0 |
SHA-256: | FF6F8EC746D0DE60A84AAC0727A484DA82A264F9DA15F874BB1211C293327C47 |
SHA-512: | A9CDD7943B9FF779C7D532529F2E48E5991A12FF5D93313EB42ED2A93FC681AFA308C6840E408A33D97E2DCA3B63FCBFD55A5C3FE80B08271920868CEE9A4A8B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.2665471602265805 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFY8Pc7Zzx+FIbRI6XVW7+0Yum8NqoAvJfYdPeUkwRe9:YvXKXFYuc7ZzUYpW7/ZGg8Ukee9 |
MD5: | 58DA08642E6F537E14B7C30F8D705780 |
SHA1: | 38C1871394B89A86A83573B82DE3EB66FF943447 |
SHA-256: | 40DD51AC363FE79A3AC960CBD252844003F3B06A349FD03FF6538CA13C5AF494 |
SHA-512: | 79BA6B84E62AAD9431DEA16A2D2A97F5928BE3AA1648A4938D3378AC1E596FEC7C285141413C3AEE837B4B28155B0BBD57847986B993ACACBC522532E3A226D6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.772852032548889 |
Encrypted: | false |
SSDEEP: | 24:Yv6XausBi/4rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNz:Yvzu5QHgDv3W2aYQfgB5OUupHrQ9FJN |
MD5: | D2AB93F63C07F04E8348A7BA6ECAAF5D |
SHA1: | E6A22206DDCBC698941F7A63040A5838B2C66270 |
SHA-256: | 884501328DDC69B1CC4BB0BE9C18F8A2CCEF28E37C1FA1A8A6916FA852BC97E0 |
SHA-512: | 4CF3D164AD84BC9EB9CA09D88CA2DD580193B017E394D72A78D7D0717A326F4FE18CA9FC6DA7FBA7310E931B0EE0EA14A9A7F8D15ADC4F27F41029D1D1FA3913 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.250324174325004 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFY8Pc7Zzx+FIbRI6XVW7+0Yum8NqoAvJfbPtdPeUkwRe9:YvXKXFYuc7ZzUYpW7/ZGDV8Ukee9 |
MD5: | E9F735D3AF17E49A8DCE9712DFC1BFA2 |
SHA1: | 0BE6CACE3075007EB0CB05C6431ED55D3F9031B1 |
SHA-256: | 6285EB88B9EEEBFDA6925987AF68B960DF089A7B11C0CC9D3F477862182606E9 |
SHA-512: | 62B1B6643FBD63CECB9A4BC3249A9B4A9196B39F33FF98E18DC087963DBAE0FEE81621D7833A2411717CF80C77C009814E9381DC25B304C151D287897B67DF26 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.25121997573805 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFY8Pc7Zzx+FIbRI6XVW7+0Yum8NqoAvJf21rPeUkwRe9:YvXKXFYuc7ZzUYpW7/ZG+16Ukee9 |
MD5: | 7A2048303018B80A39F94F6E51ACFFFA |
SHA1: | 2393D340DFC247665DF8E163963E10E6DD16D4EC |
SHA-256: | B567FEB21000096C215DCDD2743A7EE05E16B7C5AC86B8E531DD5A81CBFE29FF |
SHA-512: | FCF4B1E72F40F738577D0BD9A393E2B8401F872CD35F653EFD68D35A6ED40B3AC4243BF4C45604C99F7CDECDE268DFB65840DE6D76C0E14EC61C3A18EF4AAD47 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.273088470910507 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFY8Pc7Zzx+FIbRI6XVW7+0Yum8NqoAvJfbpatdPeUkwRe9:YvXKXFYuc7ZzUYpW7/ZGVat8Ukee9 |
MD5: | 6747CB6C7915C950A925E483FD07B8F0 |
SHA1: | 932974A1EEC368F4E88E6C38B57BF203405082DB |
SHA-256: | 98955C55E985A17E6427B221866BEAF0E35F48071D3242CD58048FEB934ED2F2 |
SHA-512: | AB4A766A6ADB7F6E739A3E6DE742292BF50E3B38E5910DB0F8498E459C386018AD2C647407B3D9CBA1BD2CB1C18A16EE8487AD83759C988468094568F99B12E2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.225734892284688 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFY8Pc7Zzx+FIbRI6XVW7+0Yum8NqoAvJfshHHrPeUkwRe9:YvXKXFYuc7ZzUYpW7/ZGUUUkee9 |
MD5: | 58F99A586203248394A05545E7850317 |
SHA1: | A3A19438279308C26E8B9AA13F85FC7BF0A6520F |
SHA-256: | D9987E9EA010F759A3793E5B30D217EDC0744F882B2E4F4F0704D384A602FDBE |
SHA-512: | 0B6E866861F3A8C24A53BA98CB7228805472E7C7AC378D7090B0D4F9E9FFC244CC614A1688966C24CB3A2A9484E627B5F2617708DDF6A070FE9CC840527EFB94 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.35988110888098 |
Encrypted: | false |
SSDEEP: | 12:YvXKXFYuc7ZzUYpW7/ZGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWX:Yv6XausBi/1168CgEXX5kcIfANhq |
MD5: | F63AB33FB959BD6568AF465F4DFE255D |
SHA1: | 77F682920C4FCCB0BFF1720DCBE53B49CB183995 |
SHA-256: | FB6F3EB55E26AED1DCD39214B78CBFB15E4889CC2D05BD1EA1762A20E411D033 |
SHA-512: | F815C43B367EA8B3E56FB580E3F1612ACA1A1A8607C85BA99673152996B0E4F9A7C9556521BBEF2889B53C75B289F41D53B643B6B1704D9C7DB59660CC606580 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.120751497654895 |
Encrypted: | false |
SSDEEP: | 24:YbKoCtT6JcCAgRsXaNayn/G5b4yQ8G234Njsqj0SXYE72zgI2LSxgRqBM05i9RBL:YzGTMxAKLuKp23mfsSogIrgMM0k9R39 |
MD5: | 17CD50F80779006EDC5C608AADD46AB9 |
SHA1: | 104B381DA8DBECBEEA7F6C987258B6884ECB85E1 |
SHA-256: | 3C45166E5CC71FD954105632A45186186A577164755AFA4CF1F98F13A88AE7EE |
SHA-512: | F97CACD589EEDB02CFDF9CE3C7A83200B1B4A49794F4746103A1784DAD8FFB53F09EB70DF2F131DED6731F68DBA9C09D6A6ACBEBA45CB1A638DCBE093F78A772 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9845716907603422 |
Encrypted: | false |
SSDEEP: | 24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/Sps4zJwtNBwtNbRZ6bRZ4hF:TVl2GL7ms6ggOVpXzutYtp6PO |
MD5: | 757E0E4C423EA349D2CA5A73D22632C3 |
SHA1: | 5EA541802C7D291E963FA641FECA94CE14211D1D |
SHA-256: | DAF35D7E0E041D133356B73500E3D5920F5007AE61028AFB5887C61FF6EA111C |
SHA-512: | D5B45DC63B79B9AD0F843E4C1C7B19E5A3C6FE33A4F52AA5E047E9D4035492D88F1D87FAF81AC0A26D22D91FF3F001D6ADDA33734ABA9290B20581BCFEF4F45D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3380630964440772 |
Encrypted: | false |
SSDEEP: | 24:7+tSAD1RZKHs/Ds/SpsPzJwtNBwtNbRZ6bRZWf1RZKvqLBx/XYKQvGJF7ursh:7MSGgOVpQzutYtp6PM6qll2GL7msh |
MD5: | 7F075DDC0518BB7824B2B3934A10622B |
SHA1: | FB5D7DD93549CC42EC13E043E5A4197B16A5283A |
SHA-256: | 4B7683D0D82BE180C397747480C4704871B0B258403973B374879D797EB6B369 |
SHA-512: | 20D7C0EBED89975BCC2BA87FFE75150C6ED2DB594B1CB3934FFC01F2E48D50474741A536535D296C780AAD77C8CA672B7902D45629EB196D3D3B17BDE43CB9CA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.4892154787006566 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K88uH:Qw946cPbiOxDlbYnuRKC |
MD5: | BD49DA8D2F8BA654BE48E63728AADE2D |
SHA1: | 97DB14C25C7CB03042F4309583CFD42FE1703BFF |
SHA-256: | 9F3C0BD39146B3E9255A13828DC2C51A49971C5230A3568F9B345A4FDC2D248C |
SHA-512: | DF6177FA7ED9F7B02D9EB5E6D71EF889E56F2E9C92B92B2DD2E8CCB3AE140C69D0E3B87BDCA6CC8ADD46364625B0ABA5B6040CD215AFFF23F6573E0CFD137173 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.003290810262823 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOuIbroWn/fIbroWnJCSyAAO:IngVMre9T0HQIDmy9g06JXNoWnooWnJR |
MD5: | 77F4FFA084D91123E4A8382CD6E5109E |
SHA1: | 70734528A6369D48158A95D6E6A7E5271C5841B9 |
SHA-256: | D31CCD613FA5806683FC6FEACBA26DD968ADDEABB29C874C04CAABD5798B8423 |
SHA-512: | 6E939A817048F6D060171597BCD74E825B577F2C6C1749CF49DE3180B7B88556DE9E69465EB84164F3DEE80312C94F6C373F9F296BB446F8AC111F9B3B51D8AA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-27 00-22-33-788.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.376360055978702 |
Encrypted: | false |
SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
MD5: | 1336667A75083BF81E2632FABAA88B67 |
SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.329345304805409 |
Encrypted: | false |
SSDEEP: | 384:ySmXu6Lmfw453Hsl8bz1bYVduBaWTfxAneyE4EYxmtC4+3tXaeb/G/W3i4RjOeCN:k+7 |
MD5: | 79C29D185B7620EEFBFE182EC286AC55 |
SHA1: | 245FA06F1E74269BF39B8A51B7FC13000901FDFB |
SHA-256: | FAE3EC8798D89E0929E4FE0427691FCFE12CAB5AF4E8AFEE59472EEEDF2C1081 |
SHA-512: | 1FE70482E61968DF8E663253FE95D3A2579D758E9778011BE61249AF0DD1E485D10686B872D54757325F1598B8F39AC411EB7B58AD4D1A4AF9F0EA07DA632CBD |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.39271667083634 |
Encrypted: | false |
SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbD:/ |
MD5: | 798F7B2E7516FD237EAE4C0A64FCFC35 |
SHA1: | 40BBDC8B3C56951008456FBC83CE463D83288387 |
SHA-256: | DA1B8DA75CF4E43FA8431960B404056B47CDCE556C18F2E19E8BD9A1C3C07556 |
SHA-512: | 1BA895DDCC24E3DE97F5B23F20473CE223CE7B89FA44D7A4B593FC372E4483139D185EF0FA88E074709C375A2ABEF63BA1652FE163518C81E4DCC576045EC9A1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/6ZwYIGNPtdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07teWL57oXGZd:CZwZGD3mlind9i4ufFXpAXkrfUs0MWL7 |
MD5: | 5479309A01A2001CFBA6670F53851702 |
SHA1: | 76359B101B22948AD695A0BFE125DE2A02A832C0 |
SHA-256: | 4F096FBC695DADDC9769A9676179D1EA12FF58D2AB748D516EEAAF3C3AF62771 |
SHA-512: | C8FA6B574BB28B16BB8211BF0C4EF42368E4FFC8C68BBDF94F6A482EB2440AD8ABD94A53350EF5631D151941BB7A54176D4C73FD99EF21D3DCE89B580795D5E2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9823094882817327 |
Encrypted: | false |
SSDEEP: | 48:8ZdzjTPTqfHuidAKZdA19ehwiZUklqehDy+3:8/j3qMMy |
MD5: | A8419B7C4154CCB22E08BE038F064998 |
SHA1: | 84DE1B1D10FC0964CC85C69B7C16A881EC60B8A9 |
SHA-256: | 8EF0C3011036EFEE1F2C57065CB13667FA68BFF86784959A777BEEE608D90543 |
SHA-512: | 57E2E6DB3ED929755312E45AFDC6A414FD43DE8509A885D41E6D30B115438C8986CE1035FF4AD3D15294544892556C10BFC96C23EBBDC9F42E3CDBCE1458582E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.995321899714384 |
Encrypted: | false |
SSDEEP: | 48:8ddzjTPTqfHuidAKZdA1weh/iZUkAQkqeh8y+2:8jj3q+9QRy |
MD5: | ACB801166871C86B3BD35754134082BC |
SHA1: | 77D902142D7B36F411EC2731A1DAB8A9D55D54BE |
SHA-256: | C6A34E7B0C1F9438F943B750B1A44C2EEF9ECDC74DCAB4E6ED3D18E2246CB317 |
SHA-512: | 9447CBA482E495010EC1134ADB387174F2B9D02603DC1C152DB11AB3E8B1D36B37BD6A7E3622A4095FAE989DB32B399FF13881421F7075638A766A36B243C64E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 4.00797674649414 |
Encrypted: | false |
SSDEEP: | 48:8xfdzjTPTsHuidAKZdA14tseh7sFiZUkmgqeh7sCy+BX:8xhj3fn4y |
MD5: | 7A54823705A0063B37814C889A28F80A |
SHA1: | EE5224C52670166B7A2DA38845CF46C5F6CBA4B0 |
SHA-256: | A97C8D1AC6AEB7209D7582574347FFE6170A7009F1F3D593E3EBD517A033A89A |
SHA-512: | 07EAD8A7871CDFD61A59F4FE6C4F8F23A330D748EC581E411901A024F654BF268DBE0A9C47C61E596EFB26EC5FF852928A8EEA35618C23FC32C8620CD05F4B4F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.994502169118787 |
Encrypted: | false |
SSDEEP: | 48:8QdzjTPTqfHuidAKZdA1vehDiZUkwqehAy+R:80j3qlKy |
MD5: | 9062D2870CF7012F3586613814EDE9BF |
SHA1: | 99A04DBA7F28F88DB746E4E2604C17D56004A1D7 |
SHA-256: | 2690B17ABE2AB753E73B17CA1A6A75C3752F8D467E1D74865F3DBC654DE68A89 |
SHA-512: | 81AEACD4483D4EC284E8A6F59C03CFEF470B136B04CEF9AE5C8D1269A5EA1E96CA813A2DD30A029570E59A878FD3CA697C962B2FD105B2508507BEE1EE2AB02C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.9835521143054153 |
Encrypted: | false |
SSDEEP: | 48:8XldzjTPTqfHuidAKZdA1hehBiZUk1W1qeh+y+C:8bj3q19ey |
MD5: | 2AA57869BF3843F0821D58BD9D4A285B |
SHA1: | 3C57F840E2212FDB7BF3565DDB58EE945A3A24B4 |
SHA-256: | 1D144D8FF104017AA59F3C8930089F84498C94FB41AF46168D3FCC1AC234EF23 |
SHA-512: | 663DD7F1564941104F4A6E08BB75A80D789DC50B297706D12BC689F70982E3513D421BBCF77D06D940FCC66CF544A2573737C914D0D7DDF13A2EC70EEC1C6AD8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2683 |
Entropy (8bit): | 3.9941282371414863 |
Encrypted: | false |
SSDEEP: | 48:8+dzjTPTqfHuidAKZdA1duT+ehOuTbbiZUk5OjqehOuTb4y+yT+:8Wj3qJT/TbxWOvTb4y7T |
MD5: | BE76B272759FB65C94D79F5E0382E089 |
SHA1: | 1062EBA2BB1F649E689A447169D176705633CA99 |
SHA-256: | 9AD6E9A2722639BFEFC845A2DA06FDB911927F5BBBF9FDA7965A63B8578A881C |
SHA-512: | 6449D2F2819850441325A1EB11895E1253F304D5AC0E1763BDBE40146F7B41BA5D6DB96AD73295B55BBAC5BC4294D4CB9BE36045DCB815282FC9F760469E2F94 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.956001669519529 |
TrID: |
|
File name: | ReInvest Capital .pdf |
File size: | 128'407 bytes |
MD5: | fb82e75bc86557f800a9b6a6683cf6b1 |
SHA1: | 936a5f0e4eae6e87e68f4eda75d51e3be8bbe526 |
SHA256: | 8ae6974611a7ce7d03e22d5d6fc5e6840e1c19e4cfb8b7158ebb748e9ef389df |
SHA512: | f6261b9f61fac350f409e194a704a207b9e638963a5dd4396e543ce1c1f386a8e3e954b90f4afe83e54b1401d0ad9ca656b31af062fa90cb896b7340faaf88da |
SSDEEP: | 3072:8Z585pIikLQ8jlil3DWQY2sDLJjYrcrt8ojcmj:8Z585peLQ8sl3y5fJjYrItjck |
TLSH: | 31C3021CC1E5BCDEE11126B79E0BB9AF673A3163A0C0805435FC23934B51AB52D57A6B |
File Content Preview: | %PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 18 0 R/MarkInfo<</Marked true>>/Metadata 49 0 R/ViewerPreferences 50 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 1/Kids[ 3 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/R |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.956002 |
Total Bytes: | 128407 |
Stream Entropy: | 7.970591 |
Stream Bytes: | 123384 |
Entropy outside Streams: | 5.259223 |
Bytes outside Streams: | 5023 |
Number of EOF found: | 2 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 23 |
endobj | 23 |
stream | 10 |
endstream | 10 |
xref | 2 |
trailer | 2 |
startxref | 2 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 1 |
/URI | 6 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
10 | c994948accc8cace | 92f9ae82b1cc16d32c503fe11a6bb0db | |
11 | c994948accc8cace | c042abf7c34e8133b1b8f2a5c07a8743 | |
13 | 8023c86923370080 | edc5164163bd5d574bafed1f89aadeee | |
14 | 8000000000000080 | 780a9bd91a9a3ec8085a0c4c490ad83e | |
16 | d4919ccad5ddd4d2 | 1395dfa68087127d156010d691a7e1c2 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 27, 2024 00:22:29.358407021 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 00:22:29.358515978 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 00:22:29.467793941 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 00:22:38.970958948 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 00:22:38.970959902 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 00:22:39.080312967 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 00:22:40.534140110 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 27, 2024 00:22:40.534219027 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 00:22:41.606653929 CEST | 49715 | 443 | 192.168.2.5 | 23.51.58.94 |
Apr 27, 2024 00:22:41.606688976 CEST | 443 | 49715 | 23.51.58.94 | 192.168.2.5 |
Apr 27, 2024 00:22:41.606760025 CEST | 49715 | 443 | 192.168.2.5 | 23.51.58.94 |
Apr 27, 2024 00:22:41.608175993 CEST | 49715 | 443 | 192.168.2.5 | 23.51.58.94 |
Apr 27, 2024 00:22:41.608191013 CEST | 443 | 49715 | 23.51.58.94 | 192.168.2.5 |
Apr 27, 2024 00:22:41.795476913 CEST | 443 | 49715 | 23.51.58.94 | 192.168.2.5 |
Apr 27, 2024 00:22:41.795553923 CEST | 49715 | 443 | 192.168.2.5 | 23.51.58.94 |
Apr 27, 2024 00:22:41.797617912 CEST | 49715 | 443 | 192.168.2.5 | 23.51.58.94 |
Apr 27, 2024 00:22:41.797626972 CEST | 443 | 49715 | 23.51.58.94 | 192.168.2.5 |
Apr 27, 2024 00:22:41.797869921 CEST | 443 | 49715 | 23.51.58.94 | 192.168.2.5 |
Apr 27, 2024 00:22:41.832078934 CEST | 49715 | 443 | 192.168.2.5 | 23.51.58.94 |
Apr 27, 2024 00:22:41.876116037 CEST | 443 | 49715 | 23.51.58.94 | 192.168.2.5 |
Apr 27, 2024 00:22:42.084994078 CEST | 443 | 49715 | 23.51.58.94 | 192.168.2.5 |
Apr 27, 2024 00:22:42.085068941 CEST | 443 | 49715 | 23.51.58.94 | 192.168.2.5 |
Apr 27, 2024 00:22:42.085143089 CEST | 49715 | 443 | 192.168.2.5 | 23.51.58.94 |
Apr 27, 2024 00:22:42.085261106 CEST | 49715 | 443 | 192.168.2.5 | 23.51.58.94 |
Apr 27, 2024 00:22:42.085287094 CEST | 443 | 49715 | 23.51.58.94 | 192.168.2.5 |
Apr 27, 2024 00:22:42.085305929 CEST | 49715 | 443 | 192.168.2.5 | 23.51.58.94 |
Apr 27, 2024 00:22:42.085311890 CEST | 443 | 49715 | 23.51.58.94 | 192.168.2.5 |
Apr 27, 2024 00:22:42.232526064 CEST | 49716 | 443 | 192.168.2.5 | 23.51.58.94 |
Apr 27, 2024 00:22:42.232552052 CEST | 443 | 49716 | 23.51.58.94 | 192.168.2.5 |
Apr 27, 2024 00:22:42.232639074 CEST | 49716 | 443 | 192.168.2.5 | 23.51.58.94 |
Apr 27, 2024 00:22:42.233143091 CEST | 49716 | 443 | 192.168.2.5 | 23.51.58.94 |
Apr 27, 2024 00:22:42.233154058 CEST | 443 | 49716 | 23.51.58.94 | 192.168.2.5 |
Apr 27, 2024 00:22:42.419080973 CEST | 443 | 49716 | 23.51.58.94 | 192.168.2.5 |
Apr 27, 2024 00:22:42.419161081 CEST | 49716 | 443 | 192.168.2.5 | 23.51.58.94 |
Apr 27, 2024 00:22:42.420186996 CEST | 49716 | 443 | 192.168.2.5 | 23.51.58.94 |
Apr 27, 2024 00:22:42.420192003 CEST | 443 | 49716 | 23.51.58.94 | 192.168.2.5 |
Apr 27, 2024 00:22:42.420506954 CEST | 443 | 49716 | 23.51.58.94 | 192.168.2.5 |
Apr 27, 2024 00:22:42.421521902 CEST | 49716 | 443 | 192.168.2.5 | 23.51.58.94 |
Apr 27, 2024 00:22:42.468126059 CEST | 443 | 49716 | 23.51.58.94 | 192.168.2.5 |
Apr 27, 2024 00:22:42.598140955 CEST | 443 | 49716 | 23.51.58.94 | 192.168.2.5 |
Apr 27, 2024 00:22:42.598340988 CEST | 443 | 49716 | 23.51.58.94 | 192.168.2.5 |
Apr 27, 2024 00:22:42.598445892 CEST | 49716 | 443 | 192.168.2.5 | 23.51.58.94 |
Apr 27, 2024 00:22:42.598845005 CEST | 49716 | 443 | 192.168.2.5 | 23.51.58.94 |
Apr 27, 2024 00:22:42.598855972 CEST | 443 | 49716 | 23.51.58.94 | 192.168.2.5 |
Apr 27, 2024 00:22:42.598870039 CEST | 49716 | 443 | 192.168.2.5 | 23.51.58.94 |
Apr 27, 2024 00:22:42.598875046 CEST | 443 | 49716 | 23.51.58.94 | 192.168.2.5 |
Apr 27, 2024 00:22:43.742248058 CEST | 49717 | 443 | 192.168.2.5 | 23.47.168.24 |
Apr 27, 2024 00:22:43.742290974 CEST | 443 | 49717 | 23.47.168.24 | 192.168.2.5 |
Apr 27, 2024 00:22:43.742364883 CEST | 49717 | 443 | 192.168.2.5 | 23.47.168.24 |
Apr 27, 2024 00:22:43.742521048 CEST | 49717 | 443 | 192.168.2.5 | 23.47.168.24 |
Apr 27, 2024 00:22:43.742543936 CEST | 443 | 49717 | 23.47.168.24 | 192.168.2.5 |
Apr 27, 2024 00:22:44.015667915 CEST | 443 | 49717 | 23.47.168.24 | 192.168.2.5 |
Apr 27, 2024 00:22:44.015892029 CEST | 49717 | 443 | 192.168.2.5 | 23.47.168.24 |
Apr 27, 2024 00:22:44.015918970 CEST | 443 | 49717 | 23.47.168.24 | 192.168.2.5 |
Apr 27, 2024 00:22:44.017395020 CEST | 443 | 49717 | 23.47.168.24 | 192.168.2.5 |
Apr 27, 2024 00:22:44.017455101 CEST | 49717 | 443 | 192.168.2.5 | 23.47.168.24 |
Apr 27, 2024 00:22:44.019201994 CEST | 49717 | 443 | 192.168.2.5 | 23.47.168.24 |
Apr 27, 2024 00:22:44.019284964 CEST | 443 | 49717 | 23.47.168.24 | 192.168.2.5 |
Apr 27, 2024 00:22:44.019484997 CEST | 49717 | 443 | 192.168.2.5 | 23.47.168.24 |
Apr 27, 2024 00:22:44.019494057 CEST | 443 | 49717 | 23.47.168.24 | 192.168.2.5 |
Apr 27, 2024 00:22:44.070341110 CEST | 49717 | 443 | 192.168.2.5 | 23.47.168.24 |
Apr 27, 2024 00:22:44.109832048 CEST | 443 | 49717 | 23.47.168.24 | 192.168.2.5 |
Apr 27, 2024 00:22:44.110007048 CEST | 443 | 49717 | 23.47.168.24 | 192.168.2.5 |
Apr 27, 2024 00:22:44.110078096 CEST | 49717 | 443 | 192.168.2.5 | 23.47.168.24 |
Apr 27, 2024 00:22:44.110316992 CEST | 49717 | 443 | 192.168.2.5 | 23.47.168.24 |
Apr 27, 2024 00:22:44.110335112 CEST | 443 | 49717 | 23.47.168.24 | 192.168.2.5 |
Apr 27, 2024 00:22:44.110348940 CEST | 49717 | 443 | 192.168.2.5 | 23.47.168.24 |
Apr 27, 2024 00:22:44.110527992 CEST | 49717 | 443 | 192.168.2.5 | 23.47.168.24 |
Apr 27, 2024 00:22:49.419701099 CEST | 49718 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 27, 2024 00:22:49.419790030 CEST | 443 | 49718 | 13.85.23.86 | 192.168.2.5 |
Apr 27, 2024 00:22:49.419893026 CEST | 49718 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 27, 2024 00:22:49.420845985 CEST | 49718 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 27, 2024 00:22:49.420861959 CEST | 443 | 49718 | 13.85.23.86 | 192.168.2.5 |
Apr 27, 2024 00:22:49.833317041 CEST | 443 | 49718 | 13.85.23.86 | 192.168.2.5 |
Apr 27, 2024 00:22:49.833409071 CEST | 49718 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 27, 2024 00:22:49.836071968 CEST | 49718 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 27, 2024 00:22:49.836093903 CEST | 443 | 49718 | 13.85.23.86 | 192.168.2.5 |
Apr 27, 2024 00:22:49.836510897 CEST | 443 | 49718 | 13.85.23.86 | 192.168.2.5 |
Apr 27, 2024 00:22:49.882817984 CEST | 49718 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 27, 2024 00:22:50.201678038 CEST | 49718 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 27, 2024 00:22:50.248125076 CEST | 443 | 49718 | 13.85.23.86 | 192.168.2.5 |
Apr 27, 2024 00:22:50.464545965 CEST | 443 | 49718 | 13.85.23.86 | 192.168.2.5 |
Apr 27, 2024 00:22:50.464608908 CEST | 443 | 49718 | 13.85.23.86 | 192.168.2.5 |
Apr 27, 2024 00:22:50.464629889 CEST | 443 | 49718 | 13.85.23.86 | 192.168.2.5 |
Apr 27, 2024 00:22:50.464670897 CEST | 443 | 49718 | 13.85.23.86 | 192.168.2.5 |
Apr 27, 2024 00:22:50.464687109 CEST | 49718 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 27, 2024 00:22:50.464719057 CEST | 443 | 49718 | 13.85.23.86 | 192.168.2.5 |
Apr 27, 2024 00:22:50.464740038 CEST | 443 | 49718 | 13.85.23.86 | 192.168.2.5 |
Apr 27, 2024 00:22:50.464755058 CEST | 49718 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 27, 2024 00:22:50.464766979 CEST | 49718 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 27, 2024 00:22:50.464797974 CEST | 49718 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 27, 2024 00:22:50.465003014 CEST | 443 | 49718 | 13.85.23.86 | 192.168.2.5 |
Apr 27, 2024 00:22:50.465075970 CEST | 49718 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 27, 2024 00:22:50.465081930 CEST | 443 | 49718 | 13.85.23.86 | 192.168.2.5 |
Apr 27, 2024 00:22:50.465260029 CEST | 443 | 49718 | 13.85.23.86 | 192.168.2.5 |
Apr 27, 2024 00:22:50.465313911 CEST | 49718 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 27, 2024 00:22:50.673194885 CEST | 49718 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 27, 2024 00:22:50.673264980 CEST | 443 | 49718 | 13.85.23.86 | 192.168.2.5 |
Apr 27, 2024 00:22:50.673295021 CEST | 49718 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 27, 2024 00:22:50.673310995 CEST | 443 | 49718 | 13.85.23.86 | 192.168.2.5 |
Apr 27, 2024 00:23:03.967811108 CEST | 49728 | 443 | 192.168.2.5 | 142.250.80.36 |
Apr 27, 2024 00:23:03.967840910 CEST | 443 | 49728 | 142.250.80.36 | 192.168.2.5 |
Apr 27, 2024 00:23:03.967899084 CEST | 49728 | 443 | 192.168.2.5 | 142.250.80.36 |
Apr 27, 2024 00:23:03.968319893 CEST | 49728 | 443 | 192.168.2.5 | 142.250.80.36 |
Apr 27, 2024 00:23:03.968333006 CEST | 443 | 49728 | 142.250.80.36 | 192.168.2.5 |
Apr 27, 2024 00:23:04.551054955 CEST | 443 | 49728 | 142.250.80.36 | 192.168.2.5 |
Apr 27, 2024 00:23:04.551331997 CEST | 49728 | 443 | 192.168.2.5 | 142.250.80.36 |
Apr 27, 2024 00:23:04.551362038 CEST | 443 | 49728 | 142.250.80.36 | 192.168.2.5 |
Apr 27, 2024 00:23:04.553037882 CEST | 443 | 49728 | 142.250.80.36 | 192.168.2.5 |
Apr 27, 2024 00:23:04.553114891 CEST | 49728 | 443 | 192.168.2.5 | 142.250.80.36 |
Apr 27, 2024 00:23:04.554208994 CEST | 49728 | 443 | 192.168.2.5 | 142.250.80.36 |
Apr 27, 2024 00:23:04.554290056 CEST | 443 | 49728 | 142.250.80.36 | 192.168.2.5 |
Apr 27, 2024 00:23:04.603458881 CEST | 49728 | 443 | 192.168.2.5 | 142.250.80.36 |
Apr 27, 2024 00:23:04.603485107 CEST | 443 | 49728 | 142.250.80.36 | 192.168.2.5 |
Apr 27, 2024 00:23:04.650310040 CEST | 49728 | 443 | 192.168.2.5 | 142.250.80.36 |
Apr 27, 2024 00:23:14.529325008 CEST | 443 | 49728 | 142.250.80.36 | 192.168.2.5 |
Apr 27, 2024 00:23:14.529464960 CEST | 443 | 49728 | 142.250.80.36 | 192.168.2.5 |
Apr 27, 2024 00:23:14.529542923 CEST | 49728 | 443 | 192.168.2.5 | 142.250.80.36 |
Apr 27, 2024 00:23:14.591238976 CEST | 49728 | 443 | 192.168.2.5 | 142.250.80.36 |
Apr 27, 2024 00:23:14.591259956 CEST | 443 | 49728 | 142.250.80.36 | 192.168.2.5 |
Apr 27, 2024 00:23:20.147258997 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 00:23:20.147471905 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 00:23:20.147959948 CEST | 49737 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 00:23:20.148046970 CEST | 443 | 49737 | 23.1.237.91 | 192.168.2.5 |
Apr 27, 2024 00:23:20.148145914 CEST | 49737 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 00:23:20.149313927 CEST | 49737 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 00:23:20.149363041 CEST | 443 | 49737 | 23.1.237.91 | 192.168.2.5 |
Apr 27, 2024 00:23:20.302792072 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 27, 2024 00:23:20.302951097 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 27, 2024 00:23:20.526118994 CEST | 443 | 49737 | 23.1.237.91 | 192.168.2.5 |
Apr 27, 2024 00:23:20.526206970 CEST | 49737 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 00:23:20.558583975 CEST | 49737 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 00:23:20.558624983 CEST | 443 | 49737 | 23.1.237.91 | 192.168.2.5 |
Apr 27, 2024 00:23:20.559672117 CEST | 443 | 49737 | 23.1.237.91 | 192.168.2.5 |
Apr 27, 2024 00:23:20.559751034 CEST | 49737 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 00:23:20.560229063 CEST | 49737 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 00:23:20.560287952 CEST | 443 | 49737 | 23.1.237.91 | 192.168.2.5 |
Apr 27, 2024 00:23:20.560648918 CEST | 49737 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 00:23:20.560657978 CEST | 443 | 49737 | 23.1.237.91 | 192.168.2.5 |
Apr 27, 2024 00:23:20.945996046 CEST | 443 | 49737 | 23.1.237.91 | 192.168.2.5 |
Apr 27, 2024 00:23:20.946177959 CEST | 49737 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 00:23:20.946468115 CEST | 49737 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 00:23:20.946578026 CEST | 443 | 49737 | 23.1.237.91 | 192.168.2.5 |
Apr 27, 2024 00:23:20.946651936 CEST | 49737 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 00:23:28.030034065 CEST | 49738 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 27, 2024 00:23:28.030086994 CEST | 443 | 49738 | 13.85.23.86 | 192.168.2.5 |
Apr 27, 2024 00:23:28.030184984 CEST | 49738 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 27, 2024 00:23:28.030602932 CEST | 49738 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 27, 2024 00:23:28.030621052 CEST | 443 | 49738 | 13.85.23.86 | 192.168.2.5 |
Apr 27, 2024 00:23:28.441028118 CEST | 443 | 49738 | 13.85.23.86 | 192.168.2.5 |
Apr 27, 2024 00:23:28.441148996 CEST | 49738 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 27, 2024 00:23:28.442931890 CEST | 49738 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 27, 2024 00:23:28.442944050 CEST | 443 | 49738 | 13.85.23.86 | 192.168.2.5 |
Apr 27, 2024 00:23:28.443340063 CEST | 443 | 49738 | 13.85.23.86 | 192.168.2.5 |
Apr 27, 2024 00:23:28.452245951 CEST | 49738 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 27, 2024 00:23:28.500113010 CEST | 443 | 49738 | 13.85.23.86 | 192.168.2.5 |
Apr 27, 2024 00:23:28.827775002 CEST | 443 | 49738 | 13.85.23.86 | 192.168.2.5 |
Apr 27, 2024 00:23:28.827837944 CEST | 443 | 49738 | 13.85.23.86 | 192.168.2.5 |
Apr 27, 2024 00:23:28.827897072 CEST | 443 | 49738 | 13.85.23.86 | 192.168.2.5 |
Apr 27, 2024 00:23:28.828037024 CEST | 49738 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 27, 2024 00:23:28.828037024 CEST | 49738 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 27, 2024 00:23:28.828062057 CEST | 443 | 49738 | 13.85.23.86 | 192.168.2.5 |
Apr 27, 2024 00:23:28.828097105 CEST | 443 | 49738 | 13.85.23.86 | 192.168.2.5 |
Apr 27, 2024 00:23:28.828110933 CEST | 49738 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 27, 2024 00:23:28.828140020 CEST | 443 | 49738 | 13.85.23.86 | 192.168.2.5 |
Apr 27, 2024 00:23:28.828171015 CEST | 49738 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 27, 2024 00:23:28.828171968 CEST | 443 | 49738 | 13.85.23.86 | 192.168.2.5 |
Apr 27, 2024 00:23:28.828202009 CEST | 49738 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 27, 2024 00:23:28.828207016 CEST | 443 | 49738 | 13.85.23.86 | 192.168.2.5 |
Apr 27, 2024 00:23:28.828250885 CEST | 49738 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 27, 2024 00:23:28.828255892 CEST | 443 | 49738 | 13.85.23.86 | 192.168.2.5 |
Apr 27, 2024 00:23:28.828349113 CEST | 443 | 49738 | 13.85.23.86 | 192.168.2.5 |
Apr 27, 2024 00:23:28.828392029 CEST | 49738 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 27, 2024 00:23:28.833219051 CEST | 49738 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 27, 2024 00:23:28.833237886 CEST | 443 | 49738 | 13.85.23.86 | 192.168.2.5 |
Apr 27, 2024 00:23:28.833255053 CEST | 49738 | 443 | 192.168.2.5 | 13.85.23.86 |
Apr 27, 2024 00:23:28.833261013 CEST | 443 | 49738 | 13.85.23.86 | 192.168.2.5 |
Apr 27, 2024 00:24:02.434396982 CEST | 49740 | 443 | 192.168.2.5 | 142.250.80.36 |
Apr 27, 2024 00:24:02.434479952 CEST | 443 | 49740 | 142.250.80.36 | 192.168.2.5 |
Apr 27, 2024 00:24:02.434643030 CEST | 49740 | 443 | 192.168.2.5 | 142.250.80.36 |
Apr 27, 2024 00:24:02.434990883 CEST | 49740 | 443 | 192.168.2.5 | 142.250.80.36 |
Apr 27, 2024 00:24:02.435028076 CEST | 443 | 49740 | 142.250.80.36 | 192.168.2.5 |
Apr 27, 2024 00:24:02.694947004 CEST | 443 | 49740 | 142.250.80.36 | 192.168.2.5 |
Apr 27, 2024 00:24:02.695563078 CEST | 49740 | 443 | 192.168.2.5 | 142.250.80.36 |
Apr 27, 2024 00:24:02.695621967 CEST | 443 | 49740 | 142.250.80.36 | 192.168.2.5 |
Apr 27, 2024 00:24:02.695974112 CEST | 443 | 49740 | 142.250.80.36 | 192.168.2.5 |
Apr 27, 2024 00:24:02.696388960 CEST | 49740 | 443 | 192.168.2.5 | 142.250.80.36 |
Apr 27, 2024 00:24:02.696480036 CEST | 443 | 49740 | 142.250.80.36 | 192.168.2.5 |
Apr 27, 2024 00:24:02.744582891 CEST | 49740 | 443 | 192.168.2.5 | 142.250.80.36 |
Apr 27, 2024 00:24:12.705112934 CEST | 443 | 49740 | 142.250.80.36 | 192.168.2.5 |
Apr 27, 2024 00:24:12.705185890 CEST | 443 | 49740 | 142.250.80.36 | 192.168.2.5 |
Apr 27, 2024 00:24:12.705271006 CEST | 49740 | 443 | 192.168.2.5 | 142.250.80.36 |
Apr 27, 2024 00:24:14.592149019 CEST | 49740 | 443 | 192.168.2.5 | 142.250.80.36 |
Apr 27, 2024 00:24:14.592217922 CEST | 443 | 49740 | 142.250.80.36 | 192.168.2.5 |
Apr 27, 2024 00:25:02.498070955 CEST | 49742 | 443 | 192.168.2.5 | 142.250.80.36 |
Apr 27, 2024 00:25:02.498138905 CEST | 443 | 49742 | 142.250.80.36 | 192.168.2.5 |
Apr 27, 2024 00:25:02.498362064 CEST | 49742 | 443 | 192.168.2.5 | 142.250.80.36 |
Apr 27, 2024 00:25:02.499068022 CEST | 49742 | 443 | 192.168.2.5 | 142.250.80.36 |
Apr 27, 2024 00:25:02.499102116 CEST | 443 | 49742 | 142.250.80.36 | 192.168.2.5 |
Apr 27, 2024 00:25:02.763825893 CEST | 443 | 49742 | 142.250.80.36 | 192.168.2.5 |
Apr 27, 2024 00:25:02.764543056 CEST | 49742 | 443 | 192.168.2.5 | 142.250.80.36 |
Apr 27, 2024 00:25:02.764576912 CEST | 443 | 49742 | 142.250.80.36 | 192.168.2.5 |
Apr 27, 2024 00:25:02.764940977 CEST | 443 | 49742 | 142.250.80.36 | 192.168.2.5 |
Apr 27, 2024 00:25:02.765824080 CEST | 49742 | 443 | 192.168.2.5 | 142.250.80.36 |
Apr 27, 2024 00:25:02.765904903 CEST | 443 | 49742 | 142.250.80.36 | 192.168.2.5 |
Apr 27, 2024 00:25:02.806984901 CEST | 49742 | 443 | 192.168.2.5 | 142.250.80.36 |
Apr 27, 2024 00:25:12.767656088 CEST | 443 | 49742 | 142.250.80.36 | 192.168.2.5 |
Apr 27, 2024 00:25:12.767812014 CEST | 443 | 49742 | 142.250.80.36 | 192.168.2.5 |
Apr 27, 2024 00:25:12.767884016 CEST | 49742 | 443 | 192.168.2.5 | 142.250.80.36 |
Apr 27, 2024 00:25:14.355036974 CEST | 49742 | 443 | 192.168.2.5 | 142.250.80.36 |
Apr 27, 2024 00:25:14.355062962 CEST | 443 | 49742 | 142.250.80.36 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 27, 2024 00:23:00.120579004 CEST | 53 | 50427 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 00:23:00.234497070 CEST | 52478 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 27, 2024 00:23:00.234641075 CEST | 53957 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 27, 2024 00:23:00.322910070 CEST | 53 | 61971 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 00:23:00.324565887 CEST | 53 | 53957 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 00:23:00.325809002 CEST | 53 | 52478 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 00:23:00.326494932 CEST | 56239 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 27, 2024 00:23:00.417361975 CEST | 53 | 56239 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 00:23:00.472013950 CEST | 63013 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 27, 2024 00:23:00.472440958 CEST | 63001 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 27, 2024 00:23:00.560609102 CEST | 53 | 63001 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 00:23:00.571613073 CEST | 53 | 63013 | 8.8.8.8 | 192.168.2.5 |
Apr 27, 2024 00:23:01.025789022 CEST | 53 | 53221 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 00:23:01.486215115 CEST | 59621 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 27, 2024 00:23:01.486963034 CEST | 63590 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 27, 2024 00:23:01.577368975 CEST | 53 | 59621 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 00:23:01.579629898 CEST | 53 | 63590 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 00:23:03.861740112 CEST | 51079 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 27, 2024 00:23:03.862185001 CEST | 60719 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 27, 2024 00:23:03.951802015 CEST | 53 | 51079 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 00:23:03.952521086 CEST | 53 | 60719 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 00:23:04.420332909 CEST | 53 | 63600 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 00:23:06.597225904 CEST | 62638 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 27, 2024 00:23:06.597465038 CEST | 53605 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 27, 2024 00:23:06.686712027 CEST | 53 | 62638 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 00:23:06.686956882 CEST | 53 | 53605 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 00:23:06.688550949 CEST | 58051 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 27, 2024 00:23:06.780628920 CEST | 53 | 58051 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 00:23:18.072659969 CEST | 53 | 58202 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 00:23:33.058851957 CEST | 54757 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 27, 2024 00:23:33.230986118 CEST | 53 | 54757 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 00:23:36.804850101 CEST | 50841 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 27, 2024 00:23:36.805067062 CEST | 62490 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 27, 2024 00:23:36.855567932 CEST | 53 | 52654 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 00:23:36.899630070 CEST | 53 | 62490 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 00:23:37.134198904 CEST | 53 | 50841 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 00:23:37.135410070 CEST | 54849 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 27, 2024 00:23:37.305118084 CEST | 53 | 54849 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 00:23:53.464845896 CEST | 56653 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 27, 2024 00:23:53.558691025 CEST | 53 | 56653 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 00:23:59.327374935 CEST | 53 | 54405 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 00:24:01.165611029 CEST | 53 | 52969 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 00:24:11.996272087 CEST | 59363 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 27, 2024 00:24:12.087721109 CEST | 53 | 59363 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 00:24:27.930052996 CEST | 53 | 56902 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 00:24:37.358407021 CEST | 60481 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 27, 2024 00:24:37.358613968 CEST | 63710 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 27, 2024 00:24:37.451714039 CEST | 53 | 60481 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 00:24:37.453264952 CEST | 53 | 63710 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 00:24:37.454189062 CEST | 57078 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 27, 2024 00:24:37.545886993 CEST | 53 | 57078 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 00:25:14.446913004 CEST | 53 | 63531 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 00:25:29.402000904 CEST | 64524 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 27, 2024 00:25:29.494379997 CEST | 53 | 64524 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 00:25:53.981163979 CEST | 51417 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 27, 2024 00:25:54.076594114 CEST | 53 | 51417 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 27, 2024 00:23:00.234497070 CEST | 192.168.2.5 | 1.1.1.1 | 0xe606 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 00:23:00.234641075 CEST | 192.168.2.5 | 1.1.1.1 | 0xf153 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 27, 2024 00:23:00.326494932 CEST | 192.168.2.5 | 1.1.1.1 | 0xcc5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 00:23:00.472013950 CEST | 192.168.2.5 | 8.8.8.8 | 0x5828 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 00:23:00.472440958 CEST | 192.168.2.5 | 1.1.1.1 | 0xa55b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 00:23:01.486215115 CEST | 192.168.2.5 | 1.1.1.1 | 0x3a6b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 00:23:01.486963034 CEST | 192.168.2.5 | 1.1.1.1 | 0xdf96 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 27, 2024 00:23:03.861740112 CEST | 192.168.2.5 | 1.1.1.1 | 0x91d7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 00:23:03.862185001 CEST | 192.168.2.5 | 1.1.1.1 | 0x8df9 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 27, 2024 00:23:06.597225904 CEST | 192.168.2.5 | 1.1.1.1 | 0x3365 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 00:23:06.597465038 CEST | 192.168.2.5 | 1.1.1.1 | 0x9c38 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 27, 2024 00:23:06.688550949 CEST | 192.168.2.5 | 1.1.1.1 | 0x2964 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 00:23:33.058851957 CEST | 192.168.2.5 | 1.1.1.1 | 0xb426 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 00:23:36.804850101 CEST | 192.168.2.5 | 1.1.1.1 | 0x5c1a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 00:23:36.805067062 CEST | 192.168.2.5 | 1.1.1.1 | 0x2aab | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 27, 2024 00:23:37.135410070 CEST | 192.168.2.5 | 1.1.1.1 | 0xa4b9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 00:23:53.464845896 CEST | 192.168.2.5 | 1.1.1.1 | 0x4eea | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 00:24:11.996272087 CEST | 192.168.2.5 | 1.1.1.1 | 0x6280 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 00:24:37.358407021 CEST | 192.168.2.5 | 1.1.1.1 | 0x6cb2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 00:24:37.358613968 CEST | 192.168.2.5 | 1.1.1.1 | 0x6e9c | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 27, 2024 00:24:37.454189062 CEST | 192.168.2.5 | 1.1.1.1 | 0xb827 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 00:25:29.402000904 CEST | 192.168.2.5 | 1.1.1.1 | 0x5f1b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 00:25:53.981163979 CEST | 192.168.2.5 | 1.1.1.1 | 0xdf3d | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 27, 2024 00:23:00.324565887 CEST | 1.1.1.1 | 192.168.2.5 | 0xf153 | Name error (3) | none | none | 65 | IN (0x0001) | false | |
Apr 27, 2024 00:23:00.325809002 CEST | 1.1.1.1 | 192.168.2.5 | 0xe606 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 00:23:00.417361975 CEST | 1.1.1.1 | 192.168.2.5 | 0xcc5 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 00:23:00.560609102 CEST | 1.1.1.1 | 192.168.2.5 | 0xa55b | No error (0) | 142.250.80.46 | A (IP address) | IN (0x0001) | false | ||
Apr 27, 2024 00:23:00.571613073 CEST | 8.8.8.8 | 192.168.2.5 | 0x5828 | No error (0) | 142.251.40.142 | A (IP address) | IN (0x0001) | false | ||
Apr 27, 2024 00:23:01.577368975 CEST | 1.1.1.1 | 192.168.2.5 | 0x3a6b | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 00:23:01.579629898 CEST | 1.1.1.1 | 192.168.2.5 | 0xdf96 | Name error (3) | none | none | 65 | IN (0x0001) | false | |
Apr 27, 2024 00:23:03.951802015 CEST | 1.1.1.1 | 192.168.2.5 | 0x91d7 | No error (0) | 142.250.80.36 | A (IP address) | IN (0x0001) | false | ||
Apr 27, 2024 00:23:03.952521086 CEST | 1.1.1.1 | 192.168.2.5 | 0x8df9 | No error (0) | 65 | IN (0x0001) | false | |||
Apr 27, 2024 00:23:06.686712027 CEST | 1.1.1.1 | 192.168.2.5 | 0x3365 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 00:23:06.686956882 CEST | 1.1.1.1 | 192.168.2.5 | 0x9c38 | Name error (3) | none | none | 65 | IN (0x0001) | false | |
Apr 27, 2024 00:23:06.780628920 CEST | 1.1.1.1 | 192.168.2.5 | 0x2964 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 00:23:33.230986118 CEST | 1.1.1.1 | 192.168.2.5 | 0xb426 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 00:23:36.899630070 CEST | 1.1.1.1 | 192.168.2.5 | 0x2aab | Name error (3) | none | none | 65 | IN (0x0001) | false | |
Apr 27, 2024 00:23:37.134198904 CEST | 1.1.1.1 | 192.168.2.5 | 0x5c1a | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 00:23:37.305118084 CEST | 1.1.1.1 | 192.168.2.5 | 0xa4b9 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 00:23:53.558691025 CEST | 1.1.1.1 | 192.168.2.5 | 0x4eea | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 00:24:12.087721109 CEST | 1.1.1.1 | 192.168.2.5 | 0x6280 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 00:24:37.451714039 CEST | 1.1.1.1 | 192.168.2.5 | 0x6cb2 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 00:24:37.453264952 CEST | 1.1.1.1 | 192.168.2.5 | 0x6e9c | Name error (3) | none | none | 65 | IN (0x0001) | false | |
Apr 27, 2024 00:24:37.545886993 CEST | 1.1.1.1 | 192.168.2.5 | 0xb827 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 00:25:29.494379997 CEST | 1.1.1.1 | 192.168.2.5 | 0x5f1b | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 00:25:54.076594114 CEST | 1.1.1.1 | 192.168.2.5 | 0xdf3d | Name error (3) | none | none | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49715 | 23.51.58.94 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 22:22:41 UTC | 161 | OUT | |
2024-04-26 22:22:42 UTC | 466 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49716 | 23.51.58.94 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 22:22:42 UTC | 239 | OUT | |
2024-04-26 22:22:42 UTC | 455 | IN | |
2024-04-26 22:22:42 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49717 | 23.47.168.24 | 443 | 5908 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 22:22:44 UTC | 475 | OUT | |
2024-04-26 22:22:44 UTC | 198 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49718 | 13.85.23.86 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 22:22:50 UTC | 306 | OUT | |
2024-04-26 22:22:50 UTC | 560 | IN | |
2024-04-26 22:22:50 UTC | 15824 | IN | |
2024-04-26 22:22:50 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
4 | 192.168.2.5 | 49737 | 23.1.237.91 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 22:23:20 UTC | 2148 | OUT | |
2024-04-26 22:23:20 UTC | 1 | OUT | |
2024-04-26 22:23:20 UTC | 2483 | OUT | |
2024-04-26 22:23:20 UTC | 480 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.5 | 49738 | 13.85.23.86 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 22:23:28 UTC | 306 | OUT | |
2024-04-26 22:23:28 UTC | 560 | IN | |
2024-04-26 22:23:28 UTC | 15824 | IN | |
2024-04-26 22:23:28 UTC | 9633 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 00:22:29 |
Start date: | 27/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff686a00000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 2 |
Start time: | 00:22:30 |
Start date: | 27/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 4 |
Start time: | 00:22:30 |
Start date: | 27/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 8 |
Start time: | 00:22:55 |
Start date: | 27/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 9 |
Start time: | 00:22:56 |
Start date: | 27/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |