Windows
Analysis Report
may-document_71837433.pdf
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 1892 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\m ay-documen t_71837433 .pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 2716 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 5316 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 04 --field -trial-han dle=1580,i ,714534818 3962323435 ,630532940 0522768354 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- chrome.exe (PID: 6768 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "https ://afarm.n et/uxz1b" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 8008 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2056 --fi eld-trial- handle=198 8,i,154173 7901249918 9400,26255 2804834256 5880,26214 4 /prefetc h:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Phisher_1 | Yara detected Phisher | Joe Security | ||
JoeSecurity_Phisher_1 | Yara detected Phisher | Joe Security |
Click to jump to signature section
Phishing |
---|
Source: | File source: | ||
Source: | File source: |
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | IP Address: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | Initial sample: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 1 Spearphishing Link | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 4 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 5 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 3 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
afarm.net | 193.3.19.64 | true | false | unknown | |
www.google.com | 142.250.69.196 | true | false | high | |
moarhofhechtl.at | 192.36.38.142 | true | false | unknown | |
wercosliuhqgheirn.com | 45.61.138.43 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false |
| unknown | |
false |
| unknown | |
false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
193.3.19.64 | afarm.net | Denmark | 2107 | ARNES-NETAcademicandResearchNetworkofSloveniaSI | false | |
45.61.138.43 | wercosliuhqgheirn.com | United States | 40676 | AS40676US | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
173.222.196.143 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
142.250.69.196 | www.google.com | United States | 15169 | GOOGLEUS | false | |
192.36.38.142 | moarhofhechtl.at | Sweden | 57169 | EDIS-AS-EUAT | false |
IP |
---|
192.168.2.4 |
192.168.2.5 |
192.168.2.13 |
192.168.2.23 |
192.168.2.15 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1438533 |
Start date and time: | 2024-05-08 20:18:31 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 32s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 13 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | may-document_71837433.pdf |
Detection: | MAL |
Classification: | mal48.phis.winPDF@42/54@8/11 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 104.125.88.137, 54.227.187.23, 23.22.254.206, 52.202.204.11, 52.5.13.197, 172.64.41.3, 162.159.61.3, 23.41.4.201, 23.41.4.213, 23.32.75.27, 199.232.214.172, 192.229.211.108, 142.251.211.227, 142.251.211.238, 142.250.99.84, 34.104.35.123, 104.98.118.169, 142.251.211.234, 142.250.69.202, 142.251.33.106, 172.217.14.234, 142.251.215.234, 142.251.33.74, 142.250.217.106, 142.250.217.74, 172.217.14.202, 142.250.217.67, 142.250.69.206
- Excluded domains from analysis (whitelisted): clients1.google.com, e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, clientservices.googleapis.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, clients.l.google.com, geo2.adobe.com, optimizationguide-pa.googleapis.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: may-document_71837433.pdf
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
239.255.255.250 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
173.222.196.143 | Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ARNES-NETAcademicandResearchNetworkofSloveniaSI | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
EDIS-AS-EUAT | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | LummaC, Eternity Stealer, LummaC Stealer, SmokeLoader, Stealc, zgRAT | Browse |
| ||
Get hash | malicious | Glupteba, RedLine, SmokeLoader, Stealc | Browse |
| ||
Get hash | malicious | Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Socks5Systemz | Browse |
| ||
Get hash | malicious | RedLine, SmokeLoader | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | IcedID | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
AS40676US | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Gafgyt | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Gafgyt | Browse |
| ||
Get hash | malicious | Gafgyt | Browse |
| ||
Get hash | malicious | Mirai, Gafgyt | Browse |
| ||
Get hash | malicious | Gafgyt | Browse |
| ||
Get hash | malicious | Gafgyt | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
AKAMAI-ASUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | DarkGate, MailPassView | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | PrivateLoader, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | PrivateLoader, PureLog Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos, PrivateLoader, PureLog Stealer | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Vidar | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
1138de370e523e824bbca92d049a3777 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
28a2c9bd18a11de089ef85a160da29e4 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.196792844934604 |
Encrypted: | false |
SSDEEP: | 6:DXIQ+q2P92nKuAl9OmbnIFUt86XIdWZmw+6XIQVkwO92nKuAl9OmbjLJ:DV+v4HAahFUt86+W/+6VV5LHAaSJ |
MD5: | 4CA354FB1C35514E8DC98B71B321B90E |
SHA1: | B30E1BB47360374B4341BC22A3C16F9DC3815DCE |
SHA-256: | 3D1EFDBB65F151A9ED7EDF0CC3BEE17F59BA87F8BFE1404C1BED990032E6F66F |
SHA-512: | 983447FF1C4E53207C5C3087F78CFEFD56A4750AC28D33E0CB3260DB132479D272061E7F550D130D87672E8485D9EC71B5936715CB05E1A8080E89D8646C5813 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.196792844934604 |
Encrypted: | false |
SSDEEP: | 6:DXIQ+q2P92nKuAl9OmbnIFUt86XIdWZmw+6XIQVkwO92nKuAl9OmbjLJ:DV+v4HAahFUt86+W/+6VV5LHAaSJ |
MD5: | 4CA354FB1C35514E8DC98B71B321B90E |
SHA1: | B30E1BB47360374B4341BC22A3C16F9DC3815DCE |
SHA-256: | 3D1EFDBB65F151A9ED7EDF0CC3BEE17F59BA87F8BFE1404C1BED990032E6F66F |
SHA-512: | 983447FF1C4E53207C5C3087F78CFEFD56A4750AC28D33E0CB3260DB132479D272061E7F550D130D87672E8485D9EC71B5936715CB05E1A8080E89D8646C5813 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.184115013323263 |
Encrypted: | false |
SSDEEP: | 6:DXV9+q2P92nKuAl9Ombzo2jMGIFUt86XqCH3JZmw+6XqCH39VkwO92nKuAl9OmbX:DGv4HAa8uFUt86H5/+6HT5LHAa8RJ |
MD5: | B69F39CCA0691C104890389462A45B50 |
SHA1: | A9B886511032460DAC7ADA266E823C501505DEA9 |
SHA-256: | 766FE51FD13B9473E94D040F32D5298E1C55B8F0F919235877E1DEA7B87FD90D |
SHA-512: | 46EA1074E990E5BB3178CEC493A970F813426CFE13590067274CFF526A519BA4CEC2CC9FEAF2519F14811447FAFA92F8515E694EAFBF776249F4DB9BB7B87F4F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.184115013323263 |
Encrypted: | false |
SSDEEP: | 6:DXV9+q2P92nKuAl9Ombzo2jMGIFUt86XqCH3JZmw+6XqCH39VkwO92nKuAl9OmbX:DGv4HAa8uFUt86H5/+6HT5LHAa8RJ |
MD5: | B69F39CCA0691C104890389462A45B50 |
SHA1: | A9B886511032460DAC7ADA266E823C501505DEA9 |
SHA-256: | 766FE51FD13B9473E94D040F32D5298E1C55B8F0F919235877E1DEA7B87FD90D |
SHA-512: | 46EA1074E990E5BB3178CEC493A970F813426CFE13590067274CFF526A519BA4CEC2CC9FEAF2519F14811447FAFA92F8515E694EAFBF776249F4DB9BB7B87F4F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.0533356724262175 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZcrWPsBdOg2HTAcaq3QYiubxnP7E4T3OF+:Y2sRds1vdMHX3QYhbxP7nbI+ |
MD5: | 4798608D772F97ED47C7EB31A3F08A9C |
SHA1: | 3FE85E4D3720B855EEAC5D6A5B623F0ED23D8F5C |
SHA-256: | 16A23E37DC64718455F1878CBBF4FB2A313D1F02960CD9FFB61E3B1CEC948FC4 |
SHA-512: | C6F895FF19FBDCB70EBDD3D37868A946F0DC900A459DAAEBA8D1E7CDA36498CED85659D9B55BC9135EB1EA0AB93ECEF1BF0B514923A26C023773434E3D416315 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\fe39255a-fcad-4cf6-acba-88642d2d5052.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.0533356724262175 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZcrWPsBdOg2HTAcaq3QYiubxnP7E4T3OF+:Y2sRds1vdMHX3QYhbxP7nbI+ |
MD5: | 4798608D772F97ED47C7EB31A3F08A9C |
SHA1: | 3FE85E4D3720B855EEAC5D6A5B623F0ED23D8F5C |
SHA-256: | 16A23E37DC64718455F1878CBBF4FB2A313D1F02960CD9FFB61E3B1CEC948FC4 |
SHA-512: | C6F895FF19FBDCB70EBDD3D37868A946F0DC900A459DAAEBA8D1E7CDA36498CED85659D9B55BC9135EB1EA0AB93ECEF1BF0B514923A26C023773434E3D416315 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4509 |
Entropy (8bit): | 5.234723558388541 |
Encrypted: | false |
SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUTx+xldl2xZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLA |
MD5: | A8409F69BC7372809DB8E8CD2AED296C |
SHA1: | F74054689E81754FC9CCAE0EDE6935A424F72766 |
SHA-256: | 2A335FECBD3303CC470BAAA304786A99ED5AB9864C9F42537BF7D5FA01191797 |
SHA-512: | 5B69E162C81819A18FCBA04E83669E0E2EDDF2C6C6017E380C6CFBE58C981A66AEB265FD25D12398D98DAF6E54042B6A41034E0A5F092B2206F28D64F04D5D53 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.1738082384071316 |
Encrypted: | false |
SSDEEP: | 6:DXJl39+q2P92nKuAl9OmbzNMxIFUt86XJ33NJZmw+6XJW9VkwO92nKuAl9OmbzNq:D0v4HAa8jFUt86lX/+625LHAa84J |
MD5: | 27933FD8A5A33A93403C8D1DCF89B46F |
SHA1: | 6E663EAA430BBA1C5D893C548D7F0147B3AE918A |
SHA-256: | 27B8B914BE28F537518F370660BE93C8B2A2FDFCC1AB9248FEFAD0511CCAFA6D |
SHA-512: | F72CD7A845D600E9DB2F15AE8E1D9972160BD732CEE75FD463ADFE58F9CEF5A14B2A5EC202AA3752B384C34F06EA5B44174A28CA35ADC81F3BEF527A796CB766 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.1738082384071316 |
Encrypted: | false |
SSDEEP: | 6:DXJl39+q2P92nKuAl9OmbzNMxIFUt86XJ33NJZmw+6XJW9VkwO92nKuAl9OmbzNq:D0v4HAa8jFUt86lX/+625LHAa84J |
MD5: | 27933FD8A5A33A93403C8D1DCF89B46F |
SHA1: | 6E663EAA430BBA1C5D893C548D7F0147B3AE918A |
SHA-256: | 27B8B914BE28F537518F370660BE93C8B2A2FDFCC1AB9248FEFAD0511CCAFA6D |
SHA-512: | F72CD7A845D600E9DB2F15AE8E1D9972160BD732CEE75FD463ADFE58F9CEF5A14B2A5EC202AA3752B384C34F06EA5B44174A28CA35ADC81F3BEF527A796CB766 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240508181920Z-155.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 75494 |
Entropy (8bit): | 1.1226539018605335 |
Encrypted: | false |
SSDEEP: | 96:ohtm0UAkQXGovqw0TJ6tHZQfbDFa6Rt4i:utFUAPZvqw0ItHZQfbI6DB |
MD5: | 2FAF59957062B43E1CB643C60760A0FF |
SHA1: | 1B0B91AF1FF74FC200EED9C349B50430EE94666D |
SHA-256: | 7B8606D4E5A49CA530E70BB1EC0DC5A8F308F47E7B0BB606E0205BC90116C103 |
SHA-512: | 6B664F6B230400CDA8E15F877F4117D25D703C2E3AA44A42ECE7BDD18A13A519B5810251330A0DB2A71E6D5CCE83A4AF85154C6A35742CECF5042151E87D1C2D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 228346 |
Entropy (8bit): | 3.3890581331110528 |
Encrypted: | false |
SSDEEP: | 1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgf/rRoL+sn:DPCaJ/3AYvYwgXFoL+sn |
MD5: | BAE090D23B1C0D4F6DC247F0080D349E |
SHA1: | 8A7AAD52A54F9A3CCEF3CE323F6BBD5B2B530461 |
SHA-256: | D7D3096317CF32DBEDF75D85390FE89A96170D44C09B2F6D164036064F506AE3 |
SHA-512: | 208136EBA10544EA5EADA1C32EADFD8066047A9D851FF95BADF9938D40AFA1771003C2725DB8C78991E700C73FA2FC3C9F3CC3712B3332E4CF6F8DDE0E539130 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.338082506610002 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtlFvHADEhnx+FIbRI6XVW7+0Y8nUQeoAvJM3g98kUwPeUkwRe9:YvXKXtLvHAYdUYpW7HJVGMbLUkee9 |
MD5: | E97AF4F35766686EECA51673AA1020CD |
SHA1: | 83830A30C223F98902B42BB82CCC01D2CA329548 |
SHA-256: | 3C3D66EE72D73A63B41E4ADEF83D354308AC3DA3FA9F213739A07EDFEE3D6569 |
SHA-512: | 3EA98446324B58B6F64B0CD7179A58664A7610F1834BE28996A7F1E0AF82C4EAF413A26618E1D35BE5F6B5A5B9D6DE72505EC884B29B471C168FD10C090E4083 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.274120382190146 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtlFvHADEhnx+FIbRI6XVW7+0Y8nUQeoAvJfBoTfXpnrPeUkwRe9:YvXKXtLvHAYdUYpW7HJVGWTfXcUkee9 |
MD5: | 273F9444DB9DFF5290FCA7490C536A52 |
SHA1: | 4B919236D74875EFCF63C0F8E28D893F348AA0B4 |
SHA-256: | F5350D739E63F13EFBE93966F1E888A118A481BB7612E15A31C1525BB59582A8 |
SHA-512: | 75ABA52D2ECAE60225ACEE1944C62A2F39D5107A718CA32FDA419DC8A3B5067B992301A17786D6FCC85246662AC69574CD6CC55046915832873DD9AB39A8D635 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.2541380990065045 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtlFvHADEhnx+FIbRI6XVW7+0Y8nUQeoAvJfBD2G6UpnrPeUkwRe9:YvXKXtLvHAYdUYpW7HJVGR22cUkee9 |
MD5: | 9710DB244ED0CBDACC149725C669C51A |
SHA1: | D1C16C71A50280E510332A26026EF2BA1C319AD5 |
SHA-256: | 4CBFE9BE4CB812F4730583F5694C569386795E200906C6C6B6839EFED69F7075 |
SHA-512: | 1FE1E9B4D8540D5A9B01D8F9881F84A53C7257C6AC927F6164EB8AD02895754815F6D61921FE24F144E21479B8BEA25674E9AF2D25625FF0C961D15EE75EE474 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.316088335853159 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtlFvHADEhnx+FIbRI6XVW7+0Y8nUQeoAvJfPmwrPeUkwRe9:YvXKXtLvHAYdUYpW7HJVGH56Ukee9 |
MD5: | 1EA3502B4F83F69ED1315C9F2ACDE9C3 |
SHA1: | 27B3F8FD766B15913572C080E520774EC97AA517 |
SHA-256: | 43419CA5BFE58DB6B79D88ACCEBA2E1B96ACFE1553AE41B0482FDF3CC4B78B43 |
SHA-512: | EA271BFC4DEDE8E5908C4798D170FF223D57A694AAF33F407FF9733AB247CD8281F7B577C06766E469084C4607EDA256A7B5C8E0EC70F5F708A5570AE2E02DDF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.271656481869867 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtlFvHADEhnx+FIbRI6XVW7+0Y8nUQeoAvJfJWCtMdPeUkwRe9:YvXKXtLvHAYdUYpW7HJVGBS8Ukee9 |
MD5: | 8AB6E45D880A077FC92936F34898A05B |
SHA1: | 9A54E6E3FD7AC1D19855323858221CD34260CAAB |
SHA-256: | 2F6C41967D57521A870AC744D6E0C41EC7716D4D6DA18667B936BEABDB018855 |
SHA-512: | 68FDD46A2FA77E14EF9DA0B40F2302DD1C426DF76ECBD5DEB6F01962F037358C6098DD0C77E87244468EBBFA1AA4B5C778E146BD2B4BEA4A55E9BA77BA04C73F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.259064745094881 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtlFvHADEhnx+FIbRI6XVW7+0Y8nUQeoAvJf8dPeUkwRe9:YvXKXtLvHAYdUYpW7HJVGU8Ukee9 |
MD5: | F2561E7ED05F7FB4405DD7B42EA923BD |
SHA1: | 45B22E9BEC0695371DC0A62C4218C5ED3571EFC0 |
SHA-256: | 6B25630805BBC94A79708C3026AF06C0D98F557DBEB38404EF813BDA694B7B56 |
SHA-512: | 0F290181816F527C9B0F1FDE383D2EBF2A0BEF9EC06A848CEB9E2899EAE452094DE1D85893D7B8FC1FEC5DC2ACAA11FFED20D981EB15A6271D1FE88BF13CC35B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.260214725918802 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtlFvHADEhnx+FIbRI6XVW7+0Y8nUQeoAvJfQ1rPeUkwRe9:YvXKXtLvHAYdUYpW7HJVGY16Ukee9 |
MD5: | D0FA3C048FCCAC6A130A5CFFC62C5721 |
SHA1: | 25EA54545E8CC63AC1AC5297D0244347F129BA43 |
SHA-256: | BD378310C9ADB86A10E35A1EAFA0987E722C6751BCEA8510D9F4553EE30439F7 |
SHA-512: | E32F703F0D0839AFAC64B1335E1D9F1E2C686137E6DEC1B3E892C491B554338223802DCB6103324F606BB1DD10E2287B499658588E5DE54D15A18E981EC2181F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.278525950154187 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtlFvHADEhnx+FIbRI6XVW7+0Y8nUQeoAvJfFldPeUkwRe9:YvXKXtLvHAYdUYpW7HJVGz8Ukee9 |
MD5: | E76E8A0946765B8D91AEFA3BD5ECF6F1 |
SHA1: | 017CE91276E285879391D13B9CF722FDC681355B |
SHA-256: | 6251597606115600C3A1D6C3E42BCA1EEC62E4A814B04E06B91BF50138BB5A4E |
SHA-512: | B530DFFF6B41A02FF0E4ADE0C2FCF2BBDC739E76E9AEEEEB5227B611620F69639A551A43FB3B73982798ED7FD53DFE39FBF3F3CB0C3DF27E01BE7947632335DF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.733039046974053 |
Encrypted: | false |
SSDEEP: | 24:Yv6XtLvHzvijKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNd:Yv2HzajEgigrNt0wSJn+ns8cvFJH |
MD5: | C7A6983160DDB19F7C1E32FB063A76BF |
SHA1: | 22A174061A11B37D9CBAF74A6FC8F32C4023F81C |
SHA-256: | B975106B08CA9E891779439F5B7C4BF7B13A7BC8DDCEB730042D6275F45EF1F5 |
SHA-512: | 9582598CB380FD3C77FCAAECC3B1C18CA4C2E14A4C1668CFDBD4D76550517D7930F2A14539E7F6184887779AB240E184EEF75177B542B6B9472837CFFDDB0C11 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.265440727179031 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtlFvHADEhnx+FIbRI6XVW7+0Y8nUQeoAvJfYdPeUkwRe9:YvXKXtLvHAYdUYpW7HJVGg8Ukee9 |
MD5: | EC599303201C0F9554D491040B300399 |
SHA1: | 4A6B39D03EEDF501DE1ED96399472F7BF8648B8F |
SHA-256: | 1723C1E7124F07F774D07D0F2811771A2AD81D555611C1FDAEF5BB51C70168FB |
SHA-512: | 4D3513356071A646F7C86234425645B4B38FA21F4D6BB0FBAE892ED3117E4D7BE1B046719984C72B0458204953919695DF11D61EB472FE6B83B44607A6C0FC42 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.766711213681808 |
Encrypted: | false |
SSDEEP: | 24:Yv6XtLvHzvi+rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNl:Yv2Hza+HgDv3W2aYQfgB5OUupHrQ9FJj |
MD5: | C747E9208750688CAD2FFB70E888166F |
SHA1: | 6FCF4EBFF515E6198AFBDED6A3FE9FF63C13A3B7 |
SHA-256: | 1D4EB851DE89D68516B4C9D3733E2E3B56416EE00F6A1D815C3D23BFA5B1F114 |
SHA-512: | 2CE7715CCBED0F844B6322DC9806F6F5B49F498FCF23A90D67ED29799B85C91DA80F00639CC7C32E13734E410C06085D18F9600B73E87220848520817106498B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.249225345628296 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtlFvHADEhnx+FIbRI6XVW7+0Y8nUQeoAvJfbPtdPeUkwRe9:YvXKXtLvHAYdUYpW7HJVGDV8Ukee9 |
MD5: | DB80C5BCB1622A6AAD2CB9297DBA3B43 |
SHA1: | 322A1265002BA302F24E286D20DC61AE925B9875 |
SHA-256: | A64C7305E39C7FE9C2E32FDDF0C3F436AB70BC8C83140F71611BC8147EA3429F |
SHA-512: | 33D9D952CE623CE0074705062F5D8FD9ED8513BD8CBCA794D77D873F6F4B6DCD996E3DA62A2E516D82A6AD1F58C7A3F7AC6EC1599BDAFB9A05C96C9D6CC9C63B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.250716078553701 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtlFvHADEhnx+FIbRI6XVW7+0Y8nUQeoAvJf21rPeUkwRe9:YvXKXtLvHAYdUYpW7HJVG+16Ukee9 |
MD5: | A414A2212987FF1B9D7956C1A2D6716D |
SHA1: | 81A495F6BB79D2CF914E6C6E364F0F1318BBCE9F |
SHA-256: | CED94D808EC920018ECFCAF9337139A85F98DD2CAC1681705E1EDB75116ABCF4 |
SHA-512: | 85E80740C0ADC3D3F3CDF1ECEE873B480D44BC69395D5DB80B543A104FDD583144695E61C4FDA756AD7FEF34EDF424A8EF23CEB502A26B75D94FA88197DF1E0E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.272816193022345 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtlFvHADEhnx+FIbRI6XVW7+0Y8nUQeoAvJfbpatdPeUkwRe9:YvXKXtLvHAYdUYpW7HJVGVat8Ukee9 |
MD5: | 14645BD56B11B220B34843D76F141E67 |
SHA1: | 85F85BE11BCF89F4A4F2C9E881B9BF4922407E99 |
SHA-256: | 9748AEEE44474CB87E50060F107402B39C33CA36C0B28B5D248D15050104E591 |
SHA-512: | 68A8CA28F01E2E50064F0096E064B298077AF63B94F50424153606FDDEB5ACEEC19C4020EA23135EF3BBA7B3CEF9C7416AC6D8095B8DF8E18B10F103F6E7C59D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.225459758334763 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXtlFvHADEhnx+FIbRI6XVW7+0Y8nUQeoAvJfshHHrPeUkwRe9:YvXKXtLvHAYdUYpW7HJVGUUUkee9 |
MD5: | CCCE333E291E396A10DB4FE0E2ADDF81 |
SHA1: | 6539B93470463B705439EA1165433092162028EB |
SHA-256: | 2A5547D18BD77406613B2CF07DCF22FD77846EC317ED7DF44F484078E8D09F78 |
SHA-512: | F143BDC69411BD31843033C32BE2E30B4ED8E4F72A95466F3A4AED8E82C6BD934D6B5B11CE7AB5F241D7E838F426539755AAD58789950EAB1077FAA6B6E6FA3D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.3620302959449155 |
Encrypted: | false |
SSDEEP: | 12:YvXKXtLvHAYdUYpW7HJVGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWp:Yv6XtLvHzvi7168CgEXX5kcIfANhc |
MD5: | DBC8B2CEF1DED2E7029ED6B970C5945C |
SHA1: | 6A4C3AD4A9C2AA3AD6B64B005A04A495C62CB3CA |
SHA-256: | 053690B84E50E0CA918EC963DB60528AD426D408019BD06801CE799BD659001C |
SHA-512: | 7254961C8C87A04C9387DEE33B1EAAB034D093584292C70E7145BF1C8ED3EA2B478430597AECEF73DF0658DE161ABB610BEC33639D7C3B4080F44DDE9D952D98 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.134362860941962 |
Encrypted: | false |
SSDEEP: | 24:YTwst/AUCGpkqxNeklSG2PHVZsvaDVOaysv8JPYrs73UjKXU1sj0Sta5og32prPN:Yptpk2YG2tj8JSh1+a9qrPIYteHo91J |
MD5: | A00A7BCB2A7ED229633A48C7CEDFCB99 |
SHA1: | F38F16E02C7DB27052DD9D3B53B49675676DB25F |
SHA-256: | 135FBBBA8E934ED0883A984AA99AFAADC8F710AD39E4E1125F88BA5DBAC65143 |
SHA-512: | F061C7FE80D9BCF07F2001F02002DBE17795FFA374BE012B091E73B5E80EDF1808D782B763ED67541C113F5B4596EA2BA54090573C74853EA874C822176E0458 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9856165876895621 |
Encrypted: | false |
SSDEEP: | 24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SpeJ0V4zJwtNBwtNbRZ6bRZ4/J0VF:TVl2GL7ms6ggOVpeJ0uzutYtp6P8J0/ |
MD5: | F7D66E33B07E2B4F2DCC0FC8E6B606F1 |
SHA1: | 82FF8644E71B5A2B778BC8092A56BFB98231D7DC |
SHA-256: | 6786C12A1100F4F7D19BC2F685461BFAE0F26865C60C85312786865FBE4E551D |
SHA-512: | D94937F31B5802011BA4030B451BD9904746FEAF601E4E66DEE76C1DC050744E068D824918F75B523E8978F7935F8549A3D4BC97FC5D67536278E4AB95FD7426 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3392773421406607 |
Encrypted: | false |
SSDEEP: | 48:7MtPGgOVpeJ0VzutYtp6PM6qll2GL7msN:7wOVpcLaMqVmsN |
MD5: | C8C686D29BD0ADA47635DBB020B50991 |
SHA1: | 993BADA836D346BB4B85A26CA82F50A1DCE110C1 |
SHA-256: | 46B8304F8C38AE604BCA44BA30BD27A190223C93F4715A96A5C6D22BFB4CA36C |
SHA-512: | 1E5EC61BE509F8F0F495A409EEED5882916199F252CD1F6D9A328A0AB5BBB2EACBEFDD5B010690985CE030EA87B0C4E46940093F16E623F35FD06F0FCC524266 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.524398495091119 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8eou:Qw946cPbiOxDlbYnuRKJ |
MD5: | 6447BFE78F2A1163187A7A2BAAF2B8C0 |
SHA1: | CBAF35F8983945D9815D44C2C1DBCD4BDB4F35FA |
SHA-256: | D270B8A839B31D4C0BCE3B00CC711538C56F5858B2E83EC37F581A71B01EEF45 |
SHA-512: | 05708CE6439D66AC958CE688B7B7F20933DF755A7CC455041F4770DC9D8EC61AF116F324C9921C369B9AA5B76244E6CFD0489653EF7D6DF8730C9ECF7F2FED34 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-05-08 20-19-18-626.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.376360055978702 |
Encrypted: | false |
SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
MD5: | 1336667A75083BF81E2632FABAA88B67 |
SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.3639772613039955 |
Encrypted: | false |
SSDEEP: | 384:jSOzmivWDm87gfrGd56YdLGW5C+NkIbR6eCk4vcJghvRWrOw5IugtgJ8P5kYl95z:ntZ |
MD5: | AB17AAE450DB133B91A9AB4998BA8A04 |
SHA1: | E2F56AF368F96D5F3DCC0869C78B691CC58657AA |
SHA-256: | 48BB3E7B46268672559780326ED593CF33A911BB73A9C150D338A03111186160 |
SHA-512: | 96B24E862211F8B29E85F703D35B9866B0AB83205525C9C02309B55E7847D81D2D7969DFD84E24FD86AE78081F7600A920CCA8A318192ECDB0D6E1808D1C3DA7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.402758123339304 |
Encrypted: | false |
SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbA:4QSXvVpp+YGCp |
MD5: | 726B9278929D4600AD0AA797679FF7D0 |
SHA1: | A3DFE446C3A33A9E50ADC93E88719E17AAD360DC |
SHA-256: | 8EC144446420CBC4F23C78A7A0CAE8D0F391D7ED97923ADA21D42D44AB46F7BB |
SHA-512: | 6F850FE8BEEAC84B3459D62009A937739FCA4307CBE40421039E719A707BE41C96589885EE3CE609295695B25D293CA72BAFE58B98216BDE58D7316908B4FE1A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9786563113540305 |
Encrypted: | false |
SSDEEP: | 48:8Jd6TGmhHiidAKZdA19ehwiZUklqehHMy+3:8+rSmMy |
MD5: | E877F65A5FDED3B93BBE7FF0627010DF |
SHA1: | 8636237BB9942302E975ACD54D0FEA7624369327 |
SHA-256: | 11A57AC3EFB18C0AC70C83341BF3995F792FE874E86738028DBB26BD020997D4 |
SHA-512: | 30BD4C99A0619F1B3797DD383F9D9AD4DB635CFCB41D735FB87F17A863F29BEB0576A449F456CB7D7A2851E8DD7D2BC1070940BA08F2434F314F53D0CD80CC6F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.9960437871870695 |
Encrypted: | false |
SSDEEP: | 48:8Pd6TGmhHiidAKZdA1weh/iZUkAQkqehWMy+2:8ArI9QBMy |
MD5: | C8DC52D3430A75D41CED71CB567684D2 |
SHA1: | 47CDBB5FFFE4A355F68E6ACDD177A9F7D486B4C3 |
SHA-256: | BFFFFC678D625A9CAB21459DB591C4A182E475E0950D4AC9572D24843FEBBF59 |
SHA-512: | 3BCC72FD09DD32179CB408074963A412602E89BEC70DD0398AE5850D5DA92C5FA8BA244EA9DA004A1F71008588C4277310E7BDB9A34DCD1939E4208925FFF737 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 4.005944758895585 |
Encrypted: | false |
SSDEEP: | 48:8xud6TGmsHiidAKZdA14tseh7sFiZUkmgqeh7sgMy+BX:8xTrHnqMy |
MD5: | FB7D7CD49DF896C0833A1499B6B4385C |
SHA1: | 8911E6AA5649DD79D0DF2679C7F97AA3C9607DEC |
SHA-256: | 1A0310F21C315D01A44A0873216CEB192B51242683F47049311923407DB54336 |
SHA-512: | AA97B1AD27FD17AC7BC96BB77F2EE5706FDF01D8F42A0EF9975AFD6AC0BDE7ECDBBA1F03C651B3C56608331225E69891D4964C53731BB64E2C64524D208C0328 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.9939717891510003 |
Encrypted: | false |
SSDEEP: | 48:8Hod6TGmhHiidAKZdA1vehDiZUkwqehyMy+R:8RrTIMy |
MD5: | 7B01908422B27FEB12BE6A586CF39F48 |
SHA1: | 22FD3E6C7AEB0634401EF06485DADACD22320318 |
SHA-256: | E2DB43C03D6D5DE5FAE7E7D1E0B8DEB0D6E75EFB30105343EE8B1D6E3516A7AC |
SHA-512: | 3251CB8E31D3CCFCCE0F6695715E1C8EF7167EC46D6C25139F6FFB707633B97BF48A4028A555106145CAE9829C62450EF15D9B648F8E41999A1DBE693C69150D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.9833991243235594 |
Encrypted: | false |
SSDEEP: | 48:80d6TGmhHiidAKZdA1hehBiZUk1W1qeh0My+C:81rD9UMy |
MD5: | 7FF377EC738607C2DE3EA1E118295931 |
SHA1: | 3D6949BFFB236B4B48EB8F0A1535FF30CDB8D3BE |
SHA-256: | DEDD6F2AFF3768683DDEB4780D710ED72C6B3270930A6591897291CEB9BBF752 |
SHA-512: | B65F2181C4F4CDE54083493A1BE63408068DD2742658D28C2AA02DF5DC671FFF4210B1E6862A7524AA4427814A81893F0300CF9D0270BA0E0CDCB6F7364E7D08 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2683 |
Entropy (8bit): | 3.9929720020471198 |
Encrypted: | false |
SSDEEP: | 48:8ad6TGmhHiidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbqMy+yT+:8XrzT/TbxWOvTbqMy7T |
MD5: | 27C1BF70CA45101956959C1E1930CC33 |
SHA1: | 60FD1618CE510622792F96BD8501DBB5C1796896 |
SHA-256: | 939900F4AC367DF6EF231E2DAE59E88C4F3EB7DD22893F76B06CD6DDAC441F98 |
SHA-512: | 573D58596050D583DCA3B31F07556A44C7823CA5284B11CDC635DD2AA5C24C359855FF09AB6C317661FB08DC83328289F6FD2D0AC08DF6A5A8E6A1FA49227209 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29570 |
Entropy (8bit): | 7.9846241255032915 |
Encrypted: | false |
SSDEEP: | 768:d9ze2UFUsBUaGB2tCnh2tC4Yf5enQdH2FDbb9j6:dle97BNGB2tCnhJjfcnQJ2FDbV6 |
MD5: | 815E20864D51B16F27D5C41A75DB3650 |
SHA1: | 4699CE194FD66F2FF14061AAD905034B0C356E99 |
SHA-256: | F20585B7183D6380968B8F1D75A34BB78B6224E5686EBB81430EC14E80FCE17A |
SHA-512: | 4E83FFF07FE7D0EF7950038395AB304E76E900F070C1BF0BEE058A9EC5E82922483DBBFF1D4E56B15E19949B590E61F806513977FB672F94832841C0E1F202EC |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 29570 |
Entropy (8bit): | 7.9846241255032915 |
Encrypted: | false |
SSDEEP: | 768:d9ze2UFUsBUaGB2tCnh2tC4Yf5enQdH2FDbb9j6:dle97BNGB2tCnhJjfcnQJ2FDbV6 |
MD5: | 815E20864D51B16F27D5C41A75DB3650 |
SHA1: | 4699CE194FD66F2FF14061AAD905034B0C356E99 |
SHA-256: | F20585B7183D6380968B8F1D75A34BB78B6224E5686EBB81430EC14E80FCE17A |
SHA-512: | 4E83FFF07FE7D0EF7950038395AB304E76E900F070C1BF0BEE058A9EC5E82922483DBBFF1D4E56B15E19949B590E61F806513977FB672F94832841C0E1F202EC |
Malicious: | false |
URL: | https://moarhofhechtl.at/wp-content/plugins/image-hover-effects-addon-for-elementor/download.php |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 71 |
Entropy (8bit): | 4.636480437867723 |
Encrypted: | false |
SSDEEP: | 3:nmNjJMzVJu+1p5WNCYUOPrn:GMRJVpINior |
MD5: | 44DF088D6F9005C8087800D7891ADC0B |
SHA1: | 3066ED2A6B57EE0B6D33C6309ED746A944258347 |
SHA-256: | 1E467DBE3BAAD0A6B18452BCCC65D2228E55EF3D969DB1DFB191E282A904EF6D |
SHA-512: | 0735CE887739C90473C4F517F38C074D915E85C768BC50E275964934F85E705FE844A39E25785207EA36C86390C43D907D781AE5B79727DCDF9B590749F871B2 |
Malicious: | false |
URL: | https://afarm.net/favicon.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 71 |
Entropy (8bit): | 4.636480437867723 |
Encrypted: | false |
SSDEEP: | 3:nmNjJMzVJu+1p5WNCYUOPrn:GMRJVpINior |
MD5: | 44DF088D6F9005C8087800D7891ADC0B |
SHA1: | 3066ED2A6B57EE0B6D33C6309ED746A944258347 |
SHA-256: | 1E467DBE3BAAD0A6B18452BCCC65D2228E55EF3D969DB1DFB191E282A904EF6D |
SHA-512: | 0735CE887739C90473C4F517F38C074D915E85C768BC50E275964934F85E705FE844A39E25785207EA36C86390C43D907D781AE5B79727DCDF9B590749F871B2 |
Malicious: | false |
URL: | https://afarm.net/uxz1b |
Preview: |
File type: | |
Entropy (8bit): | 7.808501042215607 |
TrID: |
|
File name: | may-document_71837433.pdf |
File size: | 38'519 bytes |
MD5: | ec973141e5b56a0dbb775f21a6c25dfc |
SHA1: | 40472c824cda807286f4cece552b3138aba30088 |
SHA256: | 0b9b240c69ba1cd5c06b160021798f3b0ddfd855aad6fd6aeda421a79341b7f4 |
SHA512: | 427a7a7a3bdf8b34ecd9eea5e1f63a135eea2ad119932fa39c5f898061ff1f4b6dc8ce9b1205b78ad08c8e727ed4db4b6a9ecc9a83db8d9b06c370f1e722105d |
SSDEEP: | 768:6qtJdTG3QYxIGdusFLTekz1QqAJRaA83sUlWWqdZcKSjm:1wRxvduCLSeCJRaoUD6ZcKGm |
TLSH: | B303F16C957984C8E0A9723EBBBD57440EFF3367E5E8539A019F6850AC495E05832DC3 |
File Content Preview: | %PDF-1.3.3 0 obj.<</Type /Page./Parent 1 0 R./MediaBox [0 0 1190.55 841.89]./Resources 2 0 R./Annots [5 0 R ]./Contents 4 0 R>>.endobj.4 0 obj.<</Filter /FlateDecode /Length 108>>.stream.x...1..1.@.>..v..ff.$.........B"A../.w.g\B.)..;g8*.$F.....Ut&...|a}z |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.3 |
Total Entropy: | 7.808501 |
Total Bytes: | 38519 |
Stream Entropy: | 7.802114 |
Stream Bytes: | 36997 |
Entropy outside Streams: | 5.070336 |
Bytes outside Streams: | 1522 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 11 |
endobj | 11 |
stream | 4 |
endstream | 4 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 2 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 8, 2024 20:19:13.736118078 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
May 8, 2024 20:19:13.736123085 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
May 8, 2024 20:19:13.845499039 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
May 8, 2024 20:19:22.976579905 CEST | 49710 | 443 | 192.168.2.5 | 104.125.88.106 |
May 8, 2024 20:19:22.976624966 CEST | 443 | 49710 | 104.125.88.106 | 192.168.2.5 |
May 8, 2024 20:19:22.976737976 CEST | 49710 | 443 | 192.168.2.5 | 104.125.88.106 |
May 8, 2024 20:19:22.978708982 CEST | 49710 | 443 | 192.168.2.5 | 104.125.88.106 |
May 8, 2024 20:19:22.978724003 CEST | 443 | 49710 | 104.125.88.106 | 192.168.2.5 |
May 8, 2024 20:19:23.314903021 CEST | 443 | 49710 | 104.125.88.106 | 192.168.2.5 |
May 8, 2024 20:19:23.315036058 CEST | 49710 | 443 | 192.168.2.5 | 104.125.88.106 |
May 8, 2024 20:19:23.319674969 CEST | 49710 | 443 | 192.168.2.5 | 104.125.88.106 |
May 8, 2024 20:19:23.319689989 CEST | 443 | 49710 | 104.125.88.106 | 192.168.2.5 |
May 8, 2024 20:19:23.319957018 CEST | 443 | 49710 | 104.125.88.106 | 192.168.2.5 |
May 8, 2024 20:19:23.340805054 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
May 8, 2024 20:19:23.340810061 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
May 8, 2024 20:19:23.372060061 CEST | 49710 | 443 | 192.168.2.5 | 104.125.88.106 |
May 8, 2024 20:19:23.410115004 CEST | 49710 | 443 | 192.168.2.5 | 104.125.88.106 |
May 8, 2024 20:19:23.450201988 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
May 8, 2024 20:19:23.456110001 CEST | 443 | 49710 | 104.125.88.106 | 192.168.2.5 |
May 8, 2024 20:19:23.640245914 CEST | 443 | 49710 | 104.125.88.106 | 192.168.2.5 |
May 8, 2024 20:19:23.640363932 CEST | 443 | 49710 | 104.125.88.106 | 192.168.2.5 |
May 8, 2024 20:19:23.640429020 CEST | 49710 | 443 | 192.168.2.5 | 104.125.88.106 |
May 8, 2024 20:19:23.640583038 CEST | 49710 | 443 | 192.168.2.5 | 104.125.88.106 |
May 8, 2024 20:19:23.640598059 CEST | 443 | 49710 | 104.125.88.106 | 192.168.2.5 |
May 8, 2024 20:19:23.640609980 CEST | 49710 | 443 | 192.168.2.5 | 104.125.88.106 |
May 8, 2024 20:19:23.640615940 CEST | 443 | 49710 | 104.125.88.106 | 192.168.2.5 |
May 8, 2024 20:19:23.877737045 CEST | 49713 | 443 | 192.168.2.5 | 104.125.88.106 |
May 8, 2024 20:19:23.877756119 CEST | 443 | 49713 | 104.125.88.106 | 192.168.2.5 |
May 8, 2024 20:19:23.877820015 CEST | 49713 | 443 | 192.168.2.5 | 104.125.88.106 |
May 8, 2024 20:19:23.878097057 CEST | 49713 | 443 | 192.168.2.5 | 104.125.88.106 |
May 8, 2024 20:19:23.878112078 CEST | 443 | 49713 | 104.125.88.106 | 192.168.2.5 |
May 8, 2024 20:19:24.207096100 CEST | 443 | 49713 | 104.125.88.106 | 192.168.2.5 |
May 8, 2024 20:19:24.207217932 CEST | 49713 | 443 | 192.168.2.5 | 104.125.88.106 |
May 8, 2024 20:19:24.391931057 CEST | 49713 | 443 | 192.168.2.5 | 104.125.88.106 |
May 8, 2024 20:19:24.391953945 CEST | 443 | 49713 | 104.125.88.106 | 192.168.2.5 |
May 8, 2024 20:19:24.392241955 CEST | 443 | 49713 | 104.125.88.106 | 192.168.2.5 |
May 8, 2024 20:19:24.393368006 CEST | 49713 | 443 | 192.168.2.5 | 104.125.88.106 |
May 8, 2024 20:19:24.436120033 CEST | 443 | 49713 | 104.125.88.106 | 192.168.2.5 |
May 8, 2024 20:19:24.559212923 CEST | 443 | 49713 | 104.125.88.106 | 192.168.2.5 |
May 8, 2024 20:19:24.559361935 CEST | 443 | 49713 | 104.125.88.106 | 192.168.2.5 |
May 8, 2024 20:19:24.559415102 CEST | 49713 | 443 | 192.168.2.5 | 104.125.88.106 |
May 8, 2024 20:19:24.560494900 CEST | 49713 | 443 | 192.168.2.5 | 104.125.88.106 |
May 8, 2024 20:19:24.560506105 CEST | 443 | 49713 | 104.125.88.106 | 192.168.2.5 |
May 8, 2024 20:19:24.898032904 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
May 8, 2024 20:19:24.898288012 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
May 8, 2024 20:19:29.386456013 CEST | 49714 | 443 | 192.168.2.5 | 173.222.196.143 |
May 8, 2024 20:19:29.386478901 CEST | 443 | 49714 | 173.222.196.143 | 192.168.2.5 |
May 8, 2024 20:19:29.386553049 CEST | 49714 | 443 | 192.168.2.5 | 173.222.196.143 |
May 8, 2024 20:19:29.386768103 CEST | 49714 | 443 | 192.168.2.5 | 173.222.196.143 |
May 8, 2024 20:19:29.386774063 CEST | 443 | 49714 | 173.222.196.143 | 192.168.2.5 |
May 8, 2024 20:19:29.883718014 CEST | 443 | 49714 | 173.222.196.143 | 192.168.2.5 |
May 8, 2024 20:19:29.884072065 CEST | 49714 | 443 | 192.168.2.5 | 173.222.196.143 |
May 8, 2024 20:19:29.884084940 CEST | 443 | 49714 | 173.222.196.143 | 192.168.2.5 |
May 8, 2024 20:19:29.885546923 CEST | 443 | 49714 | 173.222.196.143 | 192.168.2.5 |
May 8, 2024 20:19:29.885618925 CEST | 49714 | 443 | 192.168.2.5 | 173.222.196.143 |
May 8, 2024 20:19:29.887411118 CEST | 49714 | 443 | 192.168.2.5 | 173.222.196.143 |
May 8, 2024 20:19:29.887491941 CEST | 443 | 49714 | 173.222.196.143 | 192.168.2.5 |
May 8, 2024 20:19:29.887594938 CEST | 49714 | 443 | 192.168.2.5 | 173.222.196.143 |
May 8, 2024 20:19:29.887600899 CEST | 443 | 49714 | 173.222.196.143 | 192.168.2.5 |
May 8, 2024 20:19:29.932180882 CEST | 49714 | 443 | 192.168.2.5 | 173.222.196.143 |
May 8, 2024 20:19:30.052464962 CEST | 443 | 49714 | 173.222.196.143 | 192.168.2.5 |
May 8, 2024 20:19:30.052544117 CEST | 443 | 49714 | 173.222.196.143 | 192.168.2.5 |
May 8, 2024 20:19:30.052608013 CEST | 49714 | 443 | 192.168.2.5 | 173.222.196.143 |
May 8, 2024 20:19:30.052988052 CEST | 49714 | 443 | 192.168.2.5 | 173.222.196.143 |
May 8, 2024 20:19:30.053002119 CEST | 443 | 49714 | 173.222.196.143 | 192.168.2.5 |
May 8, 2024 20:19:34.548729897 CEST | 49716 | 443 | 192.168.2.5 | 52.165.165.26 |
May 8, 2024 20:19:34.548752069 CEST | 443 | 49716 | 52.165.165.26 | 192.168.2.5 |
May 8, 2024 20:19:34.548834085 CEST | 49716 | 443 | 192.168.2.5 | 52.165.165.26 |
May 8, 2024 20:19:34.549917936 CEST | 49716 | 443 | 192.168.2.5 | 52.165.165.26 |
May 8, 2024 20:19:34.549926996 CEST | 443 | 49716 | 52.165.165.26 | 192.168.2.5 |
May 8, 2024 20:19:35.217447996 CEST | 443 | 49716 | 52.165.165.26 | 192.168.2.5 |
May 8, 2024 20:19:35.217519999 CEST | 49716 | 443 | 192.168.2.5 | 52.165.165.26 |
May 8, 2024 20:19:35.220956087 CEST | 49716 | 443 | 192.168.2.5 | 52.165.165.26 |
May 8, 2024 20:19:35.220968008 CEST | 443 | 49716 | 52.165.165.26 | 192.168.2.5 |
May 8, 2024 20:19:35.221200943 CEST | 443 | 49716 | 52.165.165.26 | 192.168.2.5 |
May 8, 2024 20:19:35.275918007 CEST | 49716 | 443 | 192.168.2.5 | 52.165.165.26 |
May 8, 2024 20:19:35.826800108 CEST | 49716 | 443 | 192.168.2.5 | 52.165.165.26 |
May 8, 2024 20:19:35.872123003 CEST | 443 | 49716 | 52.165.165.26 | 192.168.2.5 |
May 8, 2024 20:19:36.263451099 CEST | 443 | 49716 | 52.165.165.26 | 192.168.2.5 |
May 8, 2024 20:19:36.263468981 CEST | 443 | 49716 | 52.165.165.26 | 192.168.2.5 |
May 8, 2024 20:19:36.263478994 CEST | 443 | 49716 | 52.165.165.26 | 192.168.2.5 |
May 8, 2024 20:19:36.263504982 CEST | 443 | 49716 | 52.165.165.26 | 192.168.2.5 |
May 8, 2024 20:19:36.263514042 CEST | 443 | 49716 | 52.165.165.26 | 192.168.2.5 |
May 8, 2024 20:19:36.263529062 CEST | 443 | 49716 | 52.165.165.26 | 192.168.2.5 |
May 8, 2024 20:19:36.263552904 CEST | 49716 | 443 | 192.168.2.5 | 52.165.165.26 |
May 8, 2024 20:19:36.263575077 CEST | 443 | 49716 | 52.165.165.26 | 192.168.2.5 |
May 8, 2024 20:19:36.263587952 CEST | 443 | 49716 | 52.165.165.26 | 192.168.2.5 |
May 8, 2024 20:19:36.263603926 CEST | 49716 | 443 | 192.168.2.5 | 52.165.165.26 |
May 8, 2024 20:19:36.263638020 CEST | 443 | 49716 | 52.165.165.26 | 192.168.2.5 |
May 8, 2024 20:19:36.263685942 CEST | 49716 | 443 | 192.168.2.5 | 52.165.165.26 |
May 8, 2024 20:19:36.263714075 CEST | 49716 | 443 | 192.168.2.5 | 52.165.165.26 |
May 8, 2024 20:19:36.625921965 CEST | 49716 | 443 | 192.168.2.5 | 52.165.165.26 |
May 8, 2024 20:19:36.625921965 CEST | 49716 | 443 | 192.168.2.5 | 52.165.165.26 |
May 8, 2024 20:19:36.625953913 CEST | 443 | 49716 | 52.165.165.26 | 192.168.2.5 |
May 8, 2024 20:19:36.625967026 CEST | 443 | 49716 | 52.165.165.26 | 192.168.2.5 |
May 8, 2024 20:19:42.697954893 CEST | 49723 | 443 | 192.168.2.5 | 193.3.19.64 |
May 8, 2024 20:19:42.697982073 CEST | 443 | 49723 | 193.3.19.64 | 192.168.2.5 |
May 8, 2024 20:19:42.698045015 CEST | 49723 | 443 | 192.168.2.5 | 193.3.19.64 |
May 8, 2024 20:19:42.698642969 CEST | 49724 | 443 | 192.168.2.5 | 193.3.19.64 |
May 8, 2024 20:19:42.698672056 CEST | 443 | 49724 | 193.3.19.64 | 192.168.2.5 |
May 8, 2024 20:19:42.698724031 CEST | 49724 | 443 | 192.168.2.5 | 193.3.19.64 |
May 8, 2024 20:19:42.698947906 CEST | 49723 | 443 | 192.168.2.5 | 193.3.19.64 |
May 8, 2024 20:19:42.698961020 CEST | 443 | 49723 | 193.3.19.64 | 192.168.2.5 |
May 8, 2024 20:19:42.699132919 CEST | 49724 | 443 | 192.168.2.5 | 193.3.19.64 |
May 8, 2024 20:19:42.699142933 CEST | 443 | 49724 | 193.3.19.64 | 192.168.2.5 |
May 8, 2024 20:19:43.734415054 CEST | 443 | 49723 | 193.3.19.64 | 192.168.2.5 |
May 8, 2024 20:19:43.734622002 CEST | 49723 | 443 | 192.168.2.5 | 193.3.19.64 |
May 8, 2024 20:19:43.734635115 CEST | 443 | 49723 | 193.3.19.64 | 192.168.2.5 |
May 8, 2024 20:19:43.735611916 CEST | 443 | 49724 | 193.3.19.64 | 192.168.2.5 |
May 8, 2024 20:19:43.735685110 CEST | 443 | 49723 | 193.3.19.64 | 192.168.2.5 |
May 8, 2024 20:19:43.735738993 CEST | 49723 | 443 | 192.168.2.5 | 193.3.19.64 |
May 8, 2024 20:19:43.735841036 CEST | 49724 | 443 | 192.168.2.5 | 193.3.19.64 |
May 8, 2024 20:19:43.735857010 CEST | 443 | 49724 | 193.3.19.64 | 192.168.2.5 |
May 8, 2024 20:19:43.736907005 CEST | 443 | 49724 | 193.3.19.64 | 192.168.2.5 |
May 8, 2024 20:19:43.736963034 CEST | 49724 | 443 | 192.168.2.5 | 193.3.19.64 |
May 8, 2024 20:19:43.737077951 CEST | 49723 | 443 | 192.168.2.5 | 193.3.19.64 |
May 8, 2024 20:19:43.737140894 CEST | 443 | 49723 | 193.3.19.64 | 192.168.2.5 |
May 8, 2024 20:19:43.737593889 CEST | 49723 | 443 | 192.168.2.5 | 193.3.19.64 |
May 8, 2024 20:19:43.737600088 CEST | 443 | 49723 | 193.3.19.64 | 192.168.2.5 |
May 8, 2024 20:19:43.737942934 CEST | 49724 | 443 | 192.168.2.5 | 193.3.19.64 |
May 8, 2024 20:19:43.738002062 CEST | 443 | 49724 | 193.3.19.64 | 192.168.2.5 |
May 8, 2024 20:19:43.789510012 CEST | 49723 | 443 | 192.168.2.5 | 193.3.19.64 |
May 8, 2024 20:19:43.789575100 CEST | 49724 | 443 | 192.168.2.5 | 193.3.19.64 |
May 8, 2024 20:19:43.789587021 CEST | 443 | 49724 | 193.3.19.64 | 192.168.2.5 |
May 8, 2024 20:19:43.837487936 CEST | 49724 | 443 | 192.168.2.5 | 193.3.19.64 |
May 8, 2024 20:19:44.080683947 CEST | 443 | 49723 | 193.3.19.64 | 192.168.2.5 |
May 8, 2024 20:19:44.080773115 CEST | 443 | 49723 | 193.3.19.64 | 192.168.2.5 |
May 8, 2024 20:19:44.080828905 CEST | 49723 | 443 | 192.168.2.5 | 193.3.19.64 |
May 8, 2024 20:19:44.081917048 CEST | 49723 | 443 | 192.168.2.5 | 193.3.19.64 |
May 8, 2024 20:19:44.081934929 CEST | 443 | 49723 | 193.3.19.64 | 192.168.2.5 |
May 8, 2024 20:19:44.124479055 CEST | 49724 | 443 | 192.168.2.5 | 193.3.19.64 |
May 8, 2024 20:19:44.172116041 CEST | 443 | 49724 | 193.3.19.64 | 192.168.2.5 |
May 8, 2024 20:19:44.467418909 CEST | 443 | 49724 | 193.3.19.64 | 192.168.2.5 |
May 8, 2024 20:19:44.467487097 CEST | 443 | 49724 | 193.3.19.64 | 192.168.2.5 |
May 8, 2024 20:19:44.467555046 CEST | 49724 | 443 | 192.168.2.5 | 193.3.19.64 |
May 8, 2024 20:19:44.481633902 CEST | 49724 | 443 | 192.168.2.5 | 193.3.19.64 |
May 8, 2024 20:19:44.481652975 CEST | 443 | 49724 | 193.3.19.64 | 192.168.2.5 |
May 8, 2024 20:19:44.697578907 CEST | 49728 | 443 | 192.168.2.5 | 45.61.138.43 |
May 8, 2024 20:19:44.697607040 CEST | 443 | 49728 | 45.61.138.43 | 192.168.2.5 |
May 8, 2024 20:19:44.697660923 CEST | 49728 | 443 | 192.168.2.5 | 45.61.138.43 |
May 8, 2024 20:19:44.698235989 CEST | 49729 | 443 | 192.168.2.5 | 45.61.138.43 |
May 8, 2024 20:19:44.698259115 CEST | 443 | 49729 | 45.61.138.43 | 192.168.2.5 |
May 8, 2024 20:19:44.698324919 CEST | 49729 | 443 | 192.168.2.5 | 45.61.138.43 |
May 8, 2024 20:19:44.698453903 CEST | 49728 | 443 | 192.168.2.5 | 45.61.138.43 |
May 8, 2024 20:19:44.698477983 CEST | 443 | 49728 | 45.61.138.43 | 192.168.2.5 |
May 8, 2024 20:19:44.698596001 CEST | 49729 | 443 | 192.168.2.5 | 45.61.138.43 |
May 8, 2024 20:19:44.698607922 CEST | 443 | 49729 | 45.61.138.43 | 192.168.2.5 |
May 8, 2024 20:19:45.304068089 CEST | 443 | 49729 | 45.61.138.43 | 192.168.2.5 |
May 8, 2024 20:19:45.304359913 CEST | 49729 | 443 | 192.168.2.5 | 45.61.138.43 |
May 8, 2024 20:19:45.304375887 CEST | 443 | 49729 | 45.61.138.43 | 192.168.2.5 |
May 8, 2024 20:19:45.305253029 CEST | 443 | 49729 | 45.61.138.43 | 192.168.2.5 |
May 8, 2024 20:19:45.305326939 CEST | 49729 | 443 | 192.168.2.5 | 45.61.138.43 |
May 8, 2024 20:19:45.305643082 CEST | 443 | 49728 | 45.61.138.43 | 192.168.2.5 |
May 8, 2024 20:19:45.305871964 CEST | 49728 | 443 | 192.168.2.5 | 45.61.138.43 |
May 8, 2024 20:19:45.305896044 CEST | 443 | 49728 | 45.61.138.43 | 192.168.2.5 |
May 8, 2024 20:19:45.306287050 CEST | 49729 | 443 | 192.168.2.5 | 45.61.138.43 |
May 8, 2024 20:19:45.306370974 CEST | 443 | 49729 | 45.61.138.43 | 192.168.2.5 |
May 8, 2024 20:19:45.306488037 CEST | 49729 | 443 | 192.168.2.5 | 45.61.138.43 |
May 8, 2024 20:19:45.306493044 CEST | 443 | 49729 | 45.61.138.43 | 192.168.2.5 |
May 8, 2024 20:19:45.306746006 CEST | 443 | 49728 | 45.61.138.43 | 192.168.2.5 |
May 8, 2024 20:19:45.306807995 CEST | 49728 | 443 | 192.168.2.5 | 45.61.138.43 |
May 8, 2024 20:19:45.307540894 CEST | 49728 | 443 | 192.168.2.5 | 45.61.138.43 |
May 8, 2024 20:19:45.307599068 CEST | 443 | 49728 | 45.61.138.43 | 192.168.2.5 |
May 8, 2024 20:19:45.351557016 CEST | 49729 | 443 | 192.168.2.5 | 45.61.138.43 |
May 8, 2024 20:19:45.353625059 CEST | 49728 | 443 | 192.168.2.5 | 45.61.138.43 |
May 8, 2024 20:19:45.353642941 CEST | 443 | 49728 | 45.61.138.43 | 192.168.2.5 |
May 8, 2024 20:19:45.397597075 CEST | 49728 | 443 | 192.168.2.5 | 45.61.138.43 |
May 8, 2024 20:19:46.084038973 CEST | 443 | 49729 | 45.61.138.43 | 192.168.2.5 |
May 8, 2024 20:19:46.084168911 CEST | 443 | 49729 | 45.61.138.43 | 192.168.2.5 |
May 8, 2024 20:19:46.084233999 CEST | 49729 | 443 | 192.168.2.5 | 45.61.138.43 |
May 8, 2024 20:19:46.090419054 CEST | 49729 | 443 | 192.168.2.5 | 45.61.138.43 |
May 8, 2024 20:19:46.090431929 CEST | 443 | 49729 | 45.61.138.43 | 192.168.2.5 |
May 8, 2024 20:19:46.090444088 CEST | 49729 | 443 | 192.168.2.5 | 45.61.138.43 |
May 8, 2024 20:19:46.090477943 CEST | 49729 | 443 | 192.168.2.5 | 45.61.138.43 |
May 8, 2024 20:19:46.381632090 CEST | 49730 | 443 | 192.168.2.5 | 192.36.38.142 |
May 8, 2024 20:19:46.381659985 CEST | 443 | 49730 | 192.36.38.142 | 192.168.2.5 |
May 8, 2024 20:19:46.381736994 CEST | 49730 | 443 | 192.168.2.5 | 192.36.38.142 |
May 8, 2024 20:19:46.381931067 CEST | 49730 | 443 | 192.168.2.5 | 192.36.38.142 |
May 8, 2024 20:19:46.381944895 CEST | 443 | 49730 | 192.36.38.142 | 192.168.2.5 |
May 8, 2024 20:19:46.999973059 CEST | 49731 | 443 | 192.168.2.5 | 142.250.69.196 |
May 8, 2024 20:19:46.999998093 CEST | 443 | 49731 | 142.250.69.196 | 192.168.2.5 |
May 8, 2024 20:19:47.000066996 CEST | 49731 | 443 | 192.168.2.5 | 142.250.69.196 |
May 8, 2024 20:19:47.000287056 CEST | 49731 | 443 | 192.168.2.5 | 142.250.69.196 |
May 8, 2024 20:19:47.000293970 CEST | 443 | 49731 | 142.250.69.196 | 192.168.2.5 |
May 8, 2024 20:19:47.340470076 CEST | 443 | 49731 | 142.250.69.196 | 192.168.2.5 |
May 8, 2024 20:19:47.340713978 CEST | 49731 | 443 | 192.168.2.5 | 142.250.69.196 |
May 8, 2024 20:19:47.340730906 CEST | 443 | 49731 | 142.250.69.196 | 192.168.2.5 |
May 8, 2024 20:19:47.341581106 CEST | 443 | 49731 | 142.250.69.196 | 192.168.2.5 |
May 8, 2024 20:19:47.341659069 CEST | 49731 | 443 | 192.168.2.5 | 142.250.69.196 |
May 8, 2024 20:19:47.342627048 CEST | 49731 | 443 | 192.168.2.5 | 142.250.69.196 |
May 8, 2024 20:19:47.342689991 CEST | 443 | 49731 | 142.250.69.196 | 192.168.2.5 |
May 8, 2024 20:19:47.385442019 CEST | 49731 | 443 | 192.168.2.5 | 142.250.69.196 |
May 8, 2024 20:19:47.385451078 CEST | 443 | 49731 | 142.250.69.196 | 192.168.2.5 |
May 8, 2024 20:19:47.430918932 CEST | 49731 | 443 | 192.168.2.5 | 142.250.69.196 |
May 8, 2024 20:19:48.170094013 CEST | 443 | 49730 | 192.36.38.142 | 192.168.2.5 |
May 8, 2024 20:19:48.179253101 CEST | 49730 | 443 | 192.168.2.5 | 192.36.38.142 |
May 8, 2024 20:19:48.179264069 CEST | 443 | 49730 | 192.36.38.142 | 192.168.2.5 |
May 8, 2024 20:19:48.180149078 CEST | 443 | 49730 | 192.36.38.142 | 192.168.2.5 |
May 8, 2024 20:19:48.180210114 CEST | 49730 | 443 | 192.168.2.5 | 192.36.38.142 |
May 8, 2024 20:19:48.200726986 CEST | 49730 | 443 | 192.168.2.5 | 192.36.38.142 |
May 8, 2024 20:19:48.200783014 CEST | 443 | 49730 | 192.36.38.142 | 192.168.2.5 |
May 8, 2024 20:19:48.201311111 CEST | 49730 | 443 | 192.168.2.5 | 192.36.38.142 |
May 8, 2024 20:19:48.201319933 CEST | 443 | 49730 | 192.36.38.142 | 192.168.2.5 |
May 8, 2024 20:19:48.243532896 CEST | 49730 | 443 | 192.168.2.5 | 192.36.38.142 |
May 8, 2024 20:19:48.543833971 CEST | 443 | 49730 | 192.36.38.142 | 192.168.2.5 |
May 8, 2024 20:19:48.543977976 CEST | 443 | 49730 | 192.36.38.142 | 192.168.2.5 |
May 8, 2024 20:19:48.543986082 CEST | 443 | 49730 | 192.36.38.142 | 192.168.2.5 |
May 8, 2024 20:19:48.544049025 CEST | 49730 | 443 | 192.168.2.5 | 192.36.38.142 |
May 8, 2024 20:19:48.544059992 CEST | 443 | 49730 | 192.36.38.142 | 192.168.2.5 |
May 8, 2024 20:19:48.587865114 CEST | 49730 | 443 | 192.168.2.5 | 192.36.38.142 |
May 8, 2024 20:19:48.862041950 CEST | 443 | 49730 | 192.36.38.142 | 192.168.2.5 |
May 8, 2024 20:19:48.862050056 CEST | 443 | 49730 | 192.36.38.142 | 192.168.2.5 |
May 8, 2024 20:19:48.862133980 CEST | 49730 | 443 | 192.168.2.5 | 192.36.38.142 |
May 8, 2024 20:19:48.862148046 CEST | 443 | 49730 | 192.36.38.142 | 192.168.2.5 |
May 8, 2024 20:19:48.862171888 CEST | 443 | 49730 | 192.36.38.142 | 192.168.2.5 |
May 8, 2024 20:19:48.862184048 CEST | 443 | 49730 | 192.36.38.142 | 192.168.2.5 |
May 8, 2024 20:19:48.862215996 CEST | 443 | 49730 | 192.36.38.142 | 192.168.2.5 |
May 8, 2024 20:19:48.862221956 CEST | 49730 | 443 | 192.168.2.5 | 192.36.38.142 |
May 8, 2024 20:19:48.862227917 CEST | 443 | 49730 | 192.36.38.142 | 192.168.2.5 |
May 8, 2024 20:19:48.862243891 CEST | 443 | 49730 | 192.36.38.142 | 192.168.2.5 |
May 8, 2024 20:19:48.862258911 CEST | 49730 | 443 | 192.168.2.5 | 192.36.38.142 |
May 8, 2024 20:19:48.862281084 CEST | 49730 | 443 | 192.168.2.5 | 192.36.38.142 |
May 8, 2024 20:19:48.862340927 CEST | 443 | 49730 | 192.36.38.142 | 192.168.2.5 |
May 8, 2024 20:19:48.862389088 CEST | 49730 | 443 | 192.168.2.5 | 192.36.38.142 |
May 8, 2024 20:19:48.937287092 CEST | 49730 | 443 | 192.168.2.5 | 192.36.38.142 |
May 8, 2024 20:19:48.937297106 CEST | 443 | 49730 | 192.36.38.142 | 192.168.2.5 |
May 8, 2024 20:19:57.374782085 CEST | 443 | 49731 | 142.250.69.196 | 192.168.2.5 |
May 8, 2024 20:19:57.374849081 CEST | 443 | 49731 | 142.250.69.196 | 192.168.2.5 |
May 8, 2024 20:19:57.374895096 CEST | 49731 | 443 | 192.168.2.5 | 142.250.69.196 |
May 8, 2024 20:19:57.651309967 CEST | 49731 | 443 | 192.168.2.5 | 142.250.69.196 |
May 8, 2024 20:19:57.651350021 CEST | 443 | 49731 | 142.250.69.196 | 192.168.2.5 |
May 8, 2024 20:20:04.603785992 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
May 8, 2024 20:20:04.603899002 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
May 8, 2024 20:20:04.604211092 CEST | 49743 | 443 | 192.168.2.5 | 23.1.237.91 |
May 8, 2024 20:20:04.604233027 CEST | 443 | 49743 | 23.1.237.91 | 192.168.2.5 |
May 8, 2024 20:20:04.604326010 CEST | 49743 | 443 | 192.168.2.5 | 23.1.237.91 |
May 8, 2024 20:20:04.604626894 CEST | 49743 | 443 | 192.168.2.5 | 23.1.237.91 |
May 8, 2024 20:20:04.604640961 CEST | 443 | 49743 | 23.1.237.91 | 192.168.2.5 |
May 8, 2024 20:20:04.796756983 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
May 8, 2024 20:20:04.796880007 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
May 8, 2024 20:20:04.996176004 CEST | 443 | 49743 | 23.1.237.91 | 192.168.2.5 |
May 8, 2024 20:20:04.996268034 CEST | 49743 | 443 | 192.168.2.5 | 23.1.237.91 |
May 8, 2024 20:20:05.015654087 CEST | 49743 | 443 | 192.168.2.5 | 23.1.237.91 |
May 8, 2024 20:20:05.015674114 CEST | 443 | 49743 | 23.1.237.91 | 192.168.2.5 |
May 8, 2024 20:20:05.015966892 CEST | 443 | 49743 | 23.1.237.91 | 192.168.2.5 |
May 8, 2024 20:20:05.016031027 CEST | 49743 | 443 | 192.168.2.5 | 23.1.237.91 |
May 8, 2024 20:20:05.016422987 CEST | 49743 | 443 | 192.168.2.5 | 23.1.237.91 |
May 8, 2024 20:20:05.016447067 CEST | 443 | 49743 | 23.1.237.91 | 192.168.2.5 |
May 8, 2024 20:20:05.016640902 CEST | 49743 | 443 | 192.168.2.5 | 23.1.237.91 |
May 8, 2024 20:20:05.016645908 CEST | 443 | 49743 | 23.1.237.91 | 192.168.2.5 |
May 8, 2024 20:20:05.448930025 CEST | 443 | 49743 | 23.1.237.91 | 192.168.2.5 |
May 8, 2024 20:20:05.448990107 CEST | 49743 | 443 | 192.168.2.5 | 23.1.237.91 |
May 8, 2024 20:20:05.449515104 CEST | 443 | 49743 | 23.1.237.91 | 192.168.2.5 |
May 8, 2024 20:20:05.449563980 CEST | 443 | 49743 | 23.1.237.91 | 192.168.2.5 |
May 8, 2024 20:20:05.449570894 CEST | 49743 | 443 | 192.168.2.5 | 23.1.237.91 |
May 8, 2024 20:20:05.449614048 CEST | 49743 | 443 | 192.168.2.5 | 23.1.237.91 |
May 8, 2024 20:20:13.099256992 CEST | 49744 | 443 | 192.168.2.5 | 52.165.165.26 |
May 8, 2024 20:20:13.099286079 CEST | 443 | 49744 | 52.165.165.26 | 192.168.2.5 |
May 8, 2024 20:20:13.099364042 CEST | 49744 | 443 | 192.168.2.5 | 52.165.165.26 |
May 8, 2024 20:20:13.099766970 CEST | 49744 | 443 | 192.168.2.5 | 52.165.165.26 |
May 8, 2024 20:20:13.099781990 CEST | 443 | 49744 | 52.165.165.26 | 192.168.2.5 |
May 8, 2024 20:20:13.754353046 CEST | 443 | 49744 | 52.165.165.26 | 192.168.2.5 |
May 8, 2024 20:20:13.754477024 CEST | 49744 | 443 | 192.168.2.5 | 52.165.165.26 |
May 8, 2024 20:20:13.756038904 CEST | 49744 | 443 | 192.168.2.5 | 52.165.165.26 |
May 8, 2024 20:20:13.756048918 CEST | 443 | 49744 | 52.165.165.26 | 192.168.2.5 |
May 8, 2024 20:20:13.756259918 CEST | 443 | 49744 | 52.165.165.26 | 192.168.2.5 |
May 8, 2024 20:20:13.764004946 CEST | 49744 | 443 | 192.168.2.5 | 52.165.165.26 |
May 8, 2024 20:20:13.808115959 CEST | 443 | 49744 | 52.165.165.26 | 192.168.2.5 |
May 8, 2024 20:20:14.401014090 CEST | 443 | 49744 | 52.165.165.26 | 192.168.2.5 |
May 8, 2024 20:20:14.401034117 CEST | 443 | 49744 | 52.165.165.26 | 192.168.2.5 |
May 8, 2024 20:20:14.401046991 CEST | 443 | 49744 | 52.165.165.26 | 192.168.2.5 |
May 8, 2024 20:20:14.401093960 CEST | 49744 | 443 | 192.168.2.5 | 52.165.165.26 |
May 8, 2024 20:20:14.401113987 CEST | 443 | 49744 | 52.165.165.26 | 192.168.2.5 |
May 8, 2024 20:20:14.401161909 CEST | 443 | 49744 | 52.165.165.26 | 192.168.2.5 |
May 8, 2024 20:20:14.401175976 CEST | 49744 | 443 | 192.168.2.5 | 52.165.165.26 |
May 8, 2024 20:20:14.401196957 CEST | 49744 | 443 | 192.168.2.5 | 52.165.165.26 |
May 8, 2024 20:20:14.405566931 CEST | 49744 | 443 | 192.168.2.5 | 52.165.165.26 |
May 8, 2024 20:20:14.405580044 CEST | 443 | 49744 | 52.165.165.26 | 192.168.2.5 |
May 8, 2024 20:20:14.405591011 CEST | 49744 | 443 | 192.168.2.5 | 52.165.165.26 |
May 8, 2024 20:20:14.405596018 CEST | 443 | 49744 | 52.165.165.26 | 192.168.2.5 |
May 8, 2024 20:20:30.364626884 CEST | 49728 | 443 | 192.168.2.5 | 45.61.138.43 |
May 8, 2024 20:20:30.364659071 CEST | 443 | 49728 | 45.61.138.43 | 192.168.2.5 |
May 8, 2024 20:20:45.298065901 CEST | 443 | 49728 | 45.61.138.43 | 192.168.2.5 |
May 8, 2024 20:20:45.298177958 CEST | 443 | 49728 | 45.61.138.43 | 192.168.2.5 |
May 8, 2024 20:20:45.298238039 CEST | 49728 | 443 | 192.168.2.5 | 45.61.138.43 |
May 8, 2024 20:20:46.694520950 CEST | 49728 | 443 | 192.168.2.5 | 45.61.138.43 |
May 8, 2024 20:20:46.694551945 CEST | 443 | 49728 | 45.61.138.43 | 192.168.2.5 |
May 8, 2024 20:20:46.896863937 CEST | 49746 | 443 | 192.168.2.5 | 142.250.69.196 |
May 8, 2024 20:20:46.896907091 CEST | 443 | 49746 | 142.250.69.196 | 192.168.2.5 |
May 8, 2024 20:20:46.897006989 CEST | 49746 | 443 | 192.168.2.5 | 142.250.69.196 |
May 8, 2024 20:20:46.897221088 CEST | 49746 | 443 | 192.168.2.5 | 142.250.69.196 |
May 8, 2024 20:20:46.897233009 CEST | 443 | 49746 | 142.250.69.196 | 192.168.2.5 |
May 8, 2024 20:20:47.234919071 CEST | 443 | 49746 | 142.250.69.196 | 192.168.2.5 |
May 8, 2024 20:20:47.235302925 CEST | 49746 | 443 | 192.168.2.5 | 142.250.69.196 |
May 8, 2024 20:20:47.235323906 CEST | 443 | 49746 | 142.250.69.196 | 192.168.2.5 |
May 8, 2024 20:20:47.235686064 CEST | 443 | 49746 | 142.250.69.196 | 192.168.2.5 |
May 8, 2024 20:20:47.236041069 CEST | 49746 | 443 | 192.168.2.5 | 142.250.69.196 |
May 8, 2024 20:20:47.236110926 CEST | 443 | 49746 | 142.250.69.196 | 192.168.2.5 |
May 8, 2024 20:20:47.286370993 CEST | 49746 | 443 | 192.168.2.5 | 142.250.69.196 |
May 8, 2024 20:20:57.273745060 CEST | 443 | 49746 | 142.250.69.196 | 192.168.2.5 |
May 8, 2024 20:20:57.273814917 CEST | 443 | 49746 | 142.250.69.196 | 192.168.2.5 |
May 8, 2024 20:20:57.273940086 CEST | 49746 | 443 | 192.168.2.5 | 142.250.69.196 |
May 8, 2024 20:20:58.682797909 CEST | 49746 | 443 | 192.168.2.5 | 142.250.69.196 |
May 8, 2024 20:20:58.682831049 CEST | 443 | 49746 | 142.250.69.196 | 192.168.2.5 |
May 8, 2024 20:21:46.963887930 CEST | 49748 | 443 | 192.168.2.5 | 142.250.69.196 |
May 8, 2024 20:21:46.963933945 CEST | 443 | 49748 | 142.250.69.196 | 192.168.2.5 |
May 8, 2024 20:21:46.964062929 CEST | 49748 | 443 | 192.168.2.5 | 142.250.69.196 |
May 8, 2024 20:21:46.964926004 CEST | 49748 | 443 | 192.168.2.5 | 142.250.69.196 |
May 8, 2024 20:21:46.964946985 CEST | 443 | 49748 | 142.250.69.196 | 192.168.2.5 |
May 8, 2024 20:21:47.299962044 CEST | 443 | 49748 | 142.250.69.196 | 192.168.2.5 |
May 8, 2024 20:21:47.300585985 CEST | 49748 | 443 | 192.168.2.5 | 142.250.69.196 |
May 8, 2024 20:21:47.300601959 CEST | 443 | 49748 | 142.250.69.196 | 192.168.2.5 |
May 8, 2024 20:21:47.300940037 CEST | 443 | 49748 | 142.250.69.196 | 192.168.2.5 |
May 8, 2024 20:21:47.301824093 CEST | 49748 | 443 | 192.168.2.5 | 142.250.69.196 |
May 8, 2024 20:21:47.301892042 CEST | 443 | 49748 | 142.250.69.196 | 192.168.2.5 |
May 8, 2024 20:21:47.351663113 CEST | 49748 | 443 | 192.168.2.5 | 142.250.69.196 |
May 8, 2024 20:21:57.308559895 CEST | 443 | 49748 | 142.250.69.196 | 192.168.2.5 |
May 8, 2024 20:21:57.308633089 CEST | 443 | 49748 | 142.250.69.196 | 192.168.2.5 |
May 8, 2024 20:21:57.308691025 CEST | 49748 | 443 | 192.168.2.5 | 142.250.69.196 |
May 8, 2024 20:21:58.683641911 CEST | 49748 | 443 | 192.168.2.5 | 142.250.69.196 |
May 8, 2024 20:21:58.683665991 CEST | 443 | 49748 | 142.250.69.196 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 8, 2024 20:19:42.487879992 CEST | 53546 | 53 | 192.168.2.5 | 1.1.1.1 |
May 8, 2024 20:19:42.488007069 CEST | 64876 | 53 | 192.168.2.5 | 1.1.1.1 |
May 8, 2024 20:19:42.650998116 CEST | 53 | 56545 | 1.1.1.1 | 192.168.2.5 |
May 8, 2024 20:19:42.656635046 CEST | 53 | 64876 | 1.1.1.1 | 192.168.2.5 |
May 8, 2024 20:19:42.697418928 CEST | 53 | 53546 | 1.1.1.1 | 192.168.2.5 |
May 8, 2024 20:19:42.706285000 CEST | 53 | 60689 | 1.1.1.1 | 192.168.2.5 |
May 8, 2024 20:19:43.605761051 CEST | 53 | 63744 | 1.1.1.1 | 192.168.2.5 |
May 8, 2024 20:19:44.121751070 CEST | 57876 | 53 | 192.168.2.5 | 1.1.1.1 |
May 8, 2024 20:19:44.121998072 CEST | 50203 | 53 | 192.168.2.5 | 1.1.1.1 |
May 8, 2024 20:19:44.581739902 CEST | 53 | 50203 | 1.1.1.1 | 192.168.2.5 |
May 8, 2024 20:19:44.696799040 CEST | 53 | 57876 | 1.1.1.1 | 192.168.2.5 |
May 8, 2024 20:19:46.091403961 CEST | 64946 | 53 | 192.168.2.5 | 1.1.1.1 |
May 8, 2024 20:19:46.091552973 CEST | 64142 | 53 | 192.168.2.5 | 1.1.1.1 |
May 8, 2024 20:19:46.340148926 CEST | 53 | 64946 | 1.1.1.1 | 192.168.2.5 |
May 8, 2024 20:19:46.381110907 CEST | 53 | 64142 | 1.1.1.1 | 192.168.2.5 |
May 8, 2024 20:19:46.836071014 CEST | 58739 | 53 | 192.168.2.5 | 1.1.1.1 |
May 8, 2024 20:19:46.836219072 CEST | 59934 | 53 | 192.168.2.5 | 1.1.1.1 |
May 8, 2024 20:19:46.999083042 CEST | 53 | 58739 | 1.1.1.1 | 192.168.2.5 |
May 8, 2024 20:19:46.999305964 CEST | 53 | 59934 | 1.1.1.1 | 192.168.2.5 |
May 8, 2024 20:19:47.139673948 CEST | 53 | 60627 | 1.1.1.1 | 192.168.2.5 |
May 8, 2024 20:20:00.655299902 CEST | 53 | 65397 | 1.1.1.1 | 192.168.2.5 |
May 8, 2024 20:20:19.685381889 CEST | 53 | 63115 | 1.1.1.1 | 192.168.2.5 |
May 8, 2024 20:20:42.225203037 CEST | 53 | 61690 | 1.1.1.1 | 192.168.2.5 |
May 8, 2024 20:20:42.624444962 CEST | 53 | 55760 | 1.1.1.1 | 192.168.2.5 |
May 8, 2024 20:21:10.781941891 CEST | 53 | 58446 | 1.1.1.1 | 192.168.2.5 |
May 8, 2024 20:21:57.033371925 CEST | 53 | 56215 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
May 8, 2024 20:19:42.487879992 CEST | 192.168.2.5 | 1.1.1.1 | 0x3eb2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 8, 2024 20:19:42.488007069 CEST | 192.168.2.5 | 1.1.1.1 | 0x125c | Standard query (0) | 65 | IN (0x0001) | false | |
May 8, 2024 20:19:44.121751070 CEST | 192.168.2.5 | 1.1.1.1 | 0x63 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 8, 2024 20:19:44.121998072 CEST | 192.168.2.5 | 1.1.1.1 | 0x2019 | Standard query (0) | 65 | IN (0x0001) | false | |
May 8, 2024 20:19:46.091403961 CEST | 192.168.2.5 | 1.1.1.1 | 0x44ed | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 8, 2024 20:19:46.091552973 CEST | 192.168.2.5 | 1.1.1.1 | 0x71f9 | Standard query (0) | 65 | IN (0x0001) | false | |
May 8, 2024 20:19:46.836071014 CEST | 192.168.2.5 | 1.1.1.1 | 0xb44b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 8, 2024 20:19:46.836219072 CEST | 192.168.2.5 | 1.1.1.1 | 0x8521 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
May 8, 2024 20:19:42.697418928 CEST | 1.1.1.1 | 192.168.2.5 | 0x3eb2 | No error (0) | 193.3.19.64 | A (IP address) | IN (0x0001) | false | ||
May 8, 2024 20:19:44.696799040 CEST | 1.1.1.1 | 192.168.2.5 | 0x63 | No error (0) | 45.61.138.43 | A (IP address) | IN (0x0001) | false | ||
May 8, 2024 20:19:46.340148926 CEST | 1.1.1.1 | 192.168.2.5 | 0x44ed | No error (0) | 192.36.38.142 | A (IP address) | IN (0x0001) | false | ||
May 8, 2024 20:19:46.999083042 CEST | 1.1.1.1 | 192.168.2.5 | 0xb44b | No error (0) | 142.250.69.196 | A (IP address) | IN (0x0001) | false | ||
May 8, 2024 20:19:46.999305964 CEST | 1.1.1.1 | 192.168.2.5 | 0x8521 | No error (0) | 65 | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49710 | 104.125.88.106 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-08 18:19:23 UTC | 161 | OUT | |
2024-05-08 18:19:23 UTC | 466 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49713 | 104.125.88.106 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-08 18:19:24 UTC | 239 | OUT | |
2024-05-08 18:19:24 UTC | 538 | IN | |
2024-05-08 18:19:24 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49714 | 173.222.196.143 | 443 | 5316 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-08 18:19:29 UTC | 475 | OUT | |
2024-05-08 18:19:30 UTC | 198 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49716 | 52.165.165.26 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-08 18:19:35 UTC | 306 | OUT | |
2024-05-08 18:19:36 UTC | 560 | IN | |
2024-05-08 18:19:36 UTC | 15824 | IN | |
2024-05-08 18:19:36 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.5 | 49723 | 193.3.19.64 | 443 | 8008 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-08 18:19:43 UTC | 657 | OUT | |
2024-05-08 18:19:44 UTC | 251 | IN | |
2024-05-08 18:19:44 UTC | 71 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.5 | 49724 | 193.3.19.64 | 443 | 8008 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-08 18:19:44 UTC | 579 | OUT | |
2024-05-08 18:19:44 UTC | 251 | IN | |
2024-05-08 18:19:44 UTC | 71 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.5 | 49729 | 45.61.138.43 | 443 | 8008 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-08 18:19:45 UTC | 679 | OUT | |
2024-05-08 18:19:46 UTC | 768 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.5 | 49730 | 192.36.38.142 | 443 | 8008 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-08 18:19:48 UTC | 745 | OUT | |
2024-05-08 18:19:48 UTC | 381 | IN | |
2024-05-08 18:19:48 UTC | 7936 | IN | |
2024-05-08 18:19:48 UTC | 8192 | IN | |
2024-05-08 18:19:48 UTC | 8192 | IN | |
2024-05-08 18:19:48 UTC | 5248 | IN | |
2024-05-08 18:19:48 UTC | 2 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
8 | 192.168.2.5 | 49743 | 23.1.237.91 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-08 18:20:05 UTC | 2148 | OUT | |
2024-05-08 18:20:05 UTC | 1 | OUT | |
2024-05-08 18:20:05 UTC | 2483 | OUT | |
2024-05-08 18:20:05 UTC | 480 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.5 | 49744 | 52.165.165.26 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-08 18:20:13 UTC | 306 | OUT | |
2024-05-08 18:20:14 UTC | 560 | IN | |
2024-05-08 18:20:14 UTC | 15824 | IN | |
2024-05-08 18:20:14 UTC | 9633 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 20:19:15 |
Start date: | 08/05/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff686a00000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 2 |
Start time: | 20:19:15 |
Start date: | 08/05/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 4 |
Start time: | 20:19:16 |
Start date: | 08/05/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 8 |
Start time: | 20:19:40 |
Start date: | 08/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 9 |
Start time: | 20:19:40 |
Start date: | 08/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |