Edit tour
Windows
Analysis Report
z5z84fR7lS.pdf
Overview
General Information
| Sample name: | z5z84fR7lS.pdfrenamed because original name is a hash value |
| Original sample name: | 76e47cd1a3b2222bf010b4841a387b789a3f5b43a0ac9749591cddd3f48a71df.pdf |
| Analysis ID: | 1592937 |
| MD5: | 47dce4cb9850e0cfa982773f565f643c |
| SHA1: | b4c5b05fe45d3ca49e2b931148cdd31be130f9c8 |
| SHA256: | 76e47cd1a3b2222bf010b4841a387b789a3f5b43a0ac9749591cddd3f48a71df |
| Tags: | bookingItalianPastapdfuser-JAMESWT_MHT |
| Infos: | |
 | |
Detection
| Score: | 48 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
AI detected landing page (webpage, office document or email)
AI detected suspicious Javascript
IP address seen in connection with other malware
PDF has an OpenAction (likely to launch a dropper script)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Stores files to the Windows start menu directory
Classification
- System is w10x64
Acrobat.exe (PID: 4512 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\z 5z84fR7lS. pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) 
AcroCEF.exe (PID: 6340 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 5600 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 84 --field -trial-han dle=1620,i ,103774182 2889835179 9,10444597 9831714335 59,131072 --disable- features=B ackForward Cache,Calc ulateNativ eWinOcclus ion,WinUse BrowserSpe llChecker /prefetch: 8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
chrome.exe (PID: 8056 cmdline: "C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "https ://clinton makes.com/ 215c/#y629 8uxbb34a1v nowtpivb" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92) - chrome.exe (PID: 7604 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2144 --fi eld-trial- handle=193 6,i,316870 7771584968 907,863490 9364830262 492,262144 /prefetch :8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
Phishing |   |
|---|
| Source: | Joe Sandbox AI: | ||
| Source: | Joe Sandbox AI: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Classification label: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | WMI Queries: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | LNK file: | ||
| Source: | LNK file: | ||
| Source: | LNK file: | ||
| Source: | LNK file: | ||
| Source: | LNK file: | ||
| Source: | LNK file: | ||
| Source: | Window detected: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | WMI Queries: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | 1 Spearphishing Link | 11 Windows Management Instrumentation | 2 Browser Extensions | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 Registry Run Keys / Startup Folder | 1 Registry Run Keys / Startup Folder | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 3 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 2 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 5 Application Layer Protocol | Traffic Duplication | Data Destruction |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| a.nel.cloudflare.com | 35.190.80.1 | true | false | high | |
| e8652.dscx.akamaiedge.net | 2.23.197.184 | true | false | high | |
| www.google.com | 142.250.185.68 | true | false | high | |
| clintonmakes.com | 66.63.187.216 | true | false | high | |
| fixecondfirbook.info | 172.67.168.162 | true | false | high | |
| minedudiser.com | 186.64.116.70 | true | false | high | |
| x1.i.lencr.org | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high | ||
| false | unknown | ||
| true |
| unknown | |
| false | high | ||
| false |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 142.250.185.68 | www.google.com | United States | 15169 | GOOGLEUS | false | |
| 172.67.168.162 | fixecondfirbook.info | United States | 13335 | CLOUDFLARENETUS | false | |
| 2.23.197.184 | e8652.dscx.akamaiedge.net | European Union | 1273 | CWVodafoneGroupPLCEU | false | |
| 66.63.187.216 | clintonmakes.com | United States | 8100 | ASN-QUADRANET-GLOBALUS | false | |
| 239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
| 186.64.116.70 | minedudiser.com | Chile | 52368 | ZAMLTDACL | false | |
| 35.190.80.1 | a.nel.cloudflare.com | United States | 15169 | GOOGLEUS | false |
| IP |
|---|
| 192.168.2.16 |
| 192.168.2.9 |
| 192.168.2.11 |
| 192.168.2.10 |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1592937 |
| Start date and time: | 2025-01-16 17:09:04 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 58s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowspdfcookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 18 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | z5z84fR7lS.pdfrenamed because original name is a hash value |
| Original Sample Name: | 76e47cd1a3b2222bf010b4841a387b789a3f5b43a0ac9749591cddd3f48a71df.pdf |
| Detection: | MAL |
| Classification: | mal48.winPDF@49/56@13/11 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 172.64.41.3, 162.159.61.3, 2.22.50.131, 2.22.50.144, 2.16.168.107, 2.16.168.105, 216.58.212.163, 142.250.185.110, 108.177.15.84, 142.250.184.206, 142.250.185.142, 142.250.186.138, 216.58.212.170, 142.250.184.202, 142.250.184.234, 172.217.23.106, 142.250.185.138, 172.217.18.106, 216.58.206.74, 142.250.186.74, 142.250.185.74, 172.217.16.202, 216.58.206.42, 172.217.16.138, 172.217.18.10, 142.250.185.106, 142.250.186.42, 216.58.212.142, 142.250.186.78, 216.58.206.78, 142.250.185.227, 216.58.206.46, 142.250.186.46, 142.250.185.78, 172.217.18.14, 142.250.185.174, 184.28.90.27, 50.16.47.176, 52.149.20.212, 23.56.162.204
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, slscr.update.microsoft.com, clientservices.googleapis.com, a767.dspw65.akamai.net, acroipm2.adobe.com, clients2.google.com, redirector.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, wu-b-net.trafficmanager.net, optimizationguide-pa.googleapis.com, crl.root-x1.letsencrypt.org.edgekey.net, clients1.google.com, fs.microsoft.com, accounts.google.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, edgedl.me.gvt1.com, armmf.adobe.com, clients.l.google.com, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 11:10:19 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 2.23.197.184 | Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| 66.63.187.216 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| ||
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| 172.67.168.162 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse | |||
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse | |||
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse | |||
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Glupteba, SmokeLoader, Socks5Systemz, Stealc, Xmrig | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| minedudiser.com | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| ||
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| fixecondfirbook.info | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| ||
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| e8652.dscx.akamaiedge.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| ||
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| clintonmakes.com | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC, PureLog Stealer, Xmrig | Browse |
| ||
| Get hash | malicious | LummaC, PureLog Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | Stealerium | Browse |
| ||
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| ||
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| ||
| ZAMLTDACL | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| ||
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| ASN-QUADRANET-GLOBALUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| ||
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| CWVodafoneGroupPLCEU | Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 290 |
| Entropy (8bit): | 5.066584125620936 |
| Encrypted: | false |
| SSDEEP: | 6:iO+Deq2PqLTwi2nKuAl9OmbnIFUtUPVZZmwqPVzkwOqLTwi2nKuAl9OmbjLJ:7+Dev8wZHAahFUtUPVZ/qPVz5TwZHAae |
| MD5: | 655C4BDB785F4A086C2ED5D30E8EABA4 |
| SHA1: | 185FC016DACD2C7682ECB0CAB2EEF744DA7F88A3 |
| SHA-256: | DAD94600D9F5891A5B3E3073F99094864AC940F497FA9EB1F19350F16922EA66 |
| SHA-512: | 09B101B47DDF36325484DBD2884E1BBAB1D9D51CCA6B4000FC68EE3A8AADCEB971B23DDA1A771DB68D1F24592CF980108812C586E87D764B3D4EED203DD9169E |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 290 |
| Entropy (8bit): | 5.066584125620936 |
| Encrypted: | false |
| SSDEEP: | 6:iO+Deq2PqLTwi2nKuAl9OmbnIFUtUPVZZmwqPVzkwOqLTwi2nKuAl9OmbjLJ:7+Dev8wZHAahFUtUPVZ/qPVz5TwZHAae |
| MD5: | 655C4BDB785F4A086C2ED5D30E8EABA4 |
| SHA1: | 185FC016DACD2C7682ECB0CAB2EEF744DA7F88A3 |
| SHA-256: | DAD94600D9F5891A5B3E3073F99094864AC940F497FA9EB1F19350F16922EA66 |
| SHA-512: | 09B101B47DDF36325484DBD2884E1BBAB1D9D51CCA6B4000FC68EE3A8AADCEB971B23DDA1A771DB68D1F24592CF980108812C586E87D764B3D4EED203DD9169E |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 334 |
| Entropy (8bit): | 5.135445272208317 |
| Encrypted: | false |
| SSDEEP: | 6:iO+JN94q2PqLTwi2nKuAl9Ombzo2jMGIFUtUJeJZmwqXnVDkwOqLTwi2nKuAl9OU:7+2v8wZHAa8uFUtUa/qXnd5TwZHAa8RJ |
| MD5: | 00725D9E0E5BF1145AD341A36416C089 |
| SHA1: | 2E18C06F28243F18399E452BEEC42E36069D9DA5 |
| SHA-256: | EC6CAD47E895E3976DF2D74BE9B2EB348E8CF0022ABBA35BF64DDC2D091FD6B3 |
| SHA-512: | 2B8B8E85E378CDDC9F8056E6DC418FCC85CA27B5DE0F931B14410B4FD3B422B2F1D38657F99AC3D453CB2701D4210D786D903F58513A1064A9B27C4C0A90374A |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 334 |
| Entropy (8bit): | 5.135445272208317 |
| Encrypted: | false |
| SSDEEP: | 6:iO+JN94q2PqLTwi2nKuAl9Ombzo2jMGIFUtUJeJZmwqXnVDkwOqLTwi2nKuAl9OU:7+2v8wZHAa8uFUtUa/qXnd5TwZHAa8RJ |
| MD5: | 00725D9E0E5BF1145AD341A36416C089 |
| SHA1: | 2E18C06F28243F18399E452BEEC42E36069D9DA5 |
| SHA-256: | EC6CAD47E895E3976DF2D74BE9B2EB348E8CF0022ABBA35BF64DDC2D091FD6B3 |
| SHA-512: | 2B8B8E85E378CDDC9F8056E6DC418FCC85CA27B5DE0F931B14410B4FD3B422B2F1D38657F99AC3D453CB2701D4210D786D903F58513A1064A9B27C4C0A90374A |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\032f5b4b-fc75-4ce6-b4eb-5530932949df.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.972436193729398 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqjmYEsBdOg2HUJHWZcaq3QYiub5P7E4T3y:Y2sRds4rdMHQHL3QYhbt7nby |
| MD5: | 40D607E877666BDAC021AB626EB4FEC3 |
| SHA1: | 1F892E2F85C9B6FF8250BBF235D08508BE6A27E3 |
| SHA-256: | 108F9EDD46A91C0E74F3E88117193E4D4A2EC0A8E0ABF683191422CB0F46D63C |
| SHA-512: | CE3461F59F21881BB4FDC3B67E9B93FD62CFCF6E1EE95C19D26CCFC1136E311204824C0432746460D427AB75478049455B7D6C2CBC12A0C659973BA3B19917FB |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.972436193729398 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqjmYEsBdOg2HUJHWZcaq3QYiub5P7E4T3y:Y2sRds4rdMHQHL3QYhbt7nby |
| MD5: | 40D607E877666BDAC021AB626EB4FEC3 |
| SHA1: | 1F892E2F85C9B6FF8250BBF235D08508BE6A27E3 |
| SHA-256: | 108F9EDD46A91C0E74F3E88117193E4D4A2EC0A8E0ABF683191422CB0F46D63C |
| SHA-512: | CE3461F59F21881BB4FDC3B67E9B93FD62CFCF6E1EE95C19D26CCFC1136E311204824C0432746460D427AB75478049455B7D6C2CBC12A0C659973BA3B19917FB |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4288 |
| Entropy (8bit): | 5.217731154392823 |
| Encrypted: | false |
| SSDEEP: | 96:GICD8SBCmPAi8j0/8qbGNSwPgGYPx8xRqhm068OzjklFqg4FqyZ:1CDLCmPj8j0/8qKgwPHYPx8xemT8OzjR |
| MD5: | 483649E188A9C4D42B5A388502C2A702 |
| SHA1: | D172CDBD7D3CDD93F6E599BDE834ABCBC3C0F51A |
| SHA-256: | 72F3D3CC845DE1CB57118D1128B34F5912140ABCEB973DD2876F4190F95F8D61 |
| SHA-512: | 41E407445620ADCA93F4A33FFFD6CD963BDA67C15F8B730DC6B508ED3B4B870AB6DAA193DF57AEF0C1CCB1218C2A8848F60F679801ADC3045605BEC9D241DE90 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 322 |
| Entropy (8bit): | 5.1431436175922505 |
| Encrypted: | false |
| SSDEEP: | 6:iO+bQFV4q2PqLTwi2nKuAl9OmbzNMxIFUtUVFJ9JZmwqVA3DkwOqLTwi2nKuAl9c:7+bQFWv8wZHAa8jFUtUR/qiz5TwZHAab |
| MD5: | C63C1B3C8EA2B3E6947F62EEF311AA38 |
| SHA1: | 561EC79C90D983944A955DE75E255C4829D6F707 |
| SHA-256: | 9B896AC5F5EDDA25AA59D298113AE5ACE56918E236F6C6CB06739E11EFFCA3FB |
| SHA-512: | D5A8E9815AC30B6042ACACB69054B0A22ED3D66B575426314491990424B3BDDE156B0418DF455EBD86B72CA6F8E32E8D5FCE91DA07945EA501022DB511883873 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 322 |
| Entropy (8bit): | 5.1431436175922505 |
| Encrypted: | false |
| SSDEEP: | 6:iO+bQFV4q2PqLTwi2nKuAl9OmbzNMxIFUtUVFJ9JZmwqVA3DkwOqLTwi2nKuAl9c:7+bQFWv8wZHAa8jFUtUR/qiz5TwZHAab |
| MD5: | C63C1B3C8EA2B3E6947F62EEF311AA38 |
| SHA1: | 561EC79C90D983944A955DE75E255C4829D6F707 |
| SHA-256: | 9B896AC5F5EDDA25AA59D298113AE5ACE56918E236F6C6CB06739E11EFFCA3FB |
| SHA-512: | D5A8E9815AC30B6042ACACB69054B0A22ED3D66B575426314491990424B3BDDE156B0418DF455EBD86B72CA6F8E32E8D5FCE91DA07945EA501022DB511883873 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250116161017Z-234.bmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 94518 |
| Entropy (8bit): | 1.7218092363776238 |
| Encrypted: | false |
| SSDEEP: | 192:b+DXhUuk7/KBOI9K4hpHO7Wmgrfv+M/wcLUKQw:iDXhUuk+Z4cHLrnbU/w |
| MD5: | DFB6346410704874ED3998CD4D1771E6 |
| SHA1: | B00D40BE868E19F7DBC28C1A4CFBE9C0EF5A310D |
| SHA-256: | DB6893B61591E1BED5358239670D550EB865AE57914F097CED0F43C550B1C0BD |
| SHA-512: | A4EABF17D61E6E3EDA74386BDFDDE18F4F4B3AE879316D6F3B56641552E92B65A719F1E02C8331E30C40684D500624F033093FA1981CDA115A8EEE903E9D630B |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 86016 |
| Entropy (8bit): | 4.438182522175686 |
| Encrypted: | false |
| SSDEEP: | 384:ye+ci5GViBA7vEmzKNURFXoD1NC1SK0gkzPlrFzqFK/WY+lUTTcKqZ5bEmzVz:pZurVgazUpUTTGt |
| MD5: | 8CE8FB5AB6061C7F2D143B9278A81A6C |
| SHA1: | 1B9F1537C7E5DC8D7BEF14A48751F42B5767D185 |
| SHA-256: | 024D4A14581A600842EC2E61156F20BCCC852E05833D3F50E45FFD87E9ADEA5E |
| SHA-512: | 756444812CC0BE37B66643E31D10E17B13A985F262E3E49036669903EBEBEE31523BBAE503150CA829A5CFEAC30E8207E1510565E76A4378A3CA93C635F14060 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 3.7661582490465606 |
| Encrypted: | false |
| SSDEEP: | 48:7MOJioyVFioydoy1C7oy16oy1bKOioy1noy1AYoy1Wioy1oioykioyBoy1noy1OL:71JuFDyXjBi7b9IVXEBodRBkA |
| MD5: | 0D1B977C3E73C7653A7B96CC14AEB480 |
| SHA1: | 0A33CC87B8C3FE1E9304D569270A35863AFCB24B |
| SHA-256: | B19C8467ED424D2B3BEAB18CB448D952D6FA6E138048BCAD066AEE7509AF0339 |
| SHA-512: | 195F35ACD55B1E6149EB67D7D82D1A0F02A0915E93594B69AA55211F8646A83707AA0CBA40C12D62DA380060F8D22FAD8A575258E852BF32FFE66355B851F6E5 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1391 |
| Entropy (8bit): | 7.705940075877404 |
| Encrypted: | false |
| SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
| MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
| SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
| SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
| SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71954 |
| Entropy (8bit): | 7.996617769952133 |
| Encrypted: | true |
| SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
| MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
| SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
| SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
| SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 192 |
| Entropy (8bit): | 2.73606823983964 |
| Encrypted: | false |
| SSDEEP: | 3:kkFklzlwkfllXlE/HT8kqyh/tNNX8RolJuRdxLlGB9lQRYwpDdt:kKZT887NMa8RdWBwRd |
| MD5: | 7F2D72D5C2ED0A966FD26D49F1A1A21F |
| SHA1: | A82F3180D3741147073769CEF51E7F23FB05F1D6 |
| SHA-256: | BE32B85AF23B7AE62C9A0758DCA23A2B985FA6793BDAF4AF0398C16DA17406DE |
| SHA-512: | F6979ED466EFA392F21AF639BF972A2A69D49879F725E53DF927394C4A4E5035A0BFDC459BB166A3D4F49A88B9BA3565B3298421A080CF3B20D26103FF92BB06 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 328 |
| Entropy (8bit): | 3.1272885043655076 |
| Encrypted: | false |
| SSDEEP: | 6:kKI9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:LDnLNkPlE99SNxAhUe/3 |
| MD5: | 971FB8890B163D12341306058E77B11C |
| SHA1: | DA1A349402DD51ADEA70C54E9AC9967CA1322303 |
| SHA-256: | AE816ACDB02DF80A463AC197B05C96F5DE845E44D95C85550C0F6E62410AA702 |
| SHA-512: | 9C724E5DAAA9D88F9480A488445137EB729965659E8FC9B98F7597D17C54D75B84354C79E404AF862EF44B29C504F9F9FB13075ABBC6FA15491B21065FDF7720 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 228351 |
| Entropy (8bit): | 3.3898188882857125 |
| Encrypted: | false |
| SSDEEP: | 1536:WKPC4iyzDtrh1cK3XEivy7VK/3AYvYwgF/rRoL+sn:DPCaB/3AYvYwglFoL+sn |
| MD5: | ACA51534514B0D4B1B9F8BF4D06EE465 |
| SHA1: | CAFE48684C472EF082A75AD52A91585C3D6A6140 |
| SHA-256: | 5F368A2112832DAB28EA78D75A051F2CC6D87055693A5DC395F53E9A45CDFE7C |
| SHA-512: | EF0F536AC60C8C8F22600AE0CC195C514703FD796E41E205A3861F96DC4075F6BE6324BF81D433CE770EA0826F574749E9694C903CFF55D1273FD82F7C895E39 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.358817285401087 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXmyVI1WVECl2mSg1c2LjcWkHvR0YnclEVeoAvJM3g98kUwPeUkwRe9:YvXKXmyVI1SBlBT5LjIPKgGMbLUkee9 |
| MD5: | A498F83164892B488E13DF054DBE9C33 |
| SHA1: | 7CE2364D3BB83E0F8C1DA3F716829515DC5CA58A |
| SHA-256: | A080D8E268D2F63E69F68C8E9CCBFDC70555570FB9AC42B4F99E62F1957DEDB3 |
| SHA-512: | 43686A36B71FDDDF1D5D0CA7C8E1570DCF5D683095E1B3093C7EA5739ABA37BBAB6A321F9C8D17CEE8B759997924F2DE54C0E18E52EAD33684AF047B85600FC1 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.313352867257004 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXmyVI1WVECl2mSg1c2LjcWkHvR0YnclEVeoAvJfBoTfXpnrPeUkwRe9:YvXKXmyVI1SBlBT5LjIPKgGWTfXcUke6 |
| MD5: | 35A97F6023AF96BEA38DD4D6024DA4BC |
| SHA1: | 6D306B56FF246E07265E3B3A0B84D1907A947D3E |
| SHA-256: | B76922E9307AFCE488EADC99A1D33028C48E59336B35BCEFEFBC2AE51DC8A1D5 |
| SHA-512: | B1E8FA7C0B2AED024D5B2B2FA81A715018A1553D5ADDAD4CD6FF3F900B80CAA14CEE44D777EEE7F568940AFE6430E02EE1727A2745F786CD16B18E5DEF94B699 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.291305467256364 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXmyVI1WVECl2mSg1c2LjcWkHvR0YnclEVeoAvJfBD2G6UpnrPeUkwRe9:YvXKXmyVI1SBlBT5LjIPKgGR22cUkee9 |
| MD5: | 9E685A4DC421BD90ACE38692312114B2 |
| SHA1: | 79089BB9007ECC8FE467ACDBB9D10070B5547754 |
| SHA-256: | A8805CDA589B59D4F73C802B2699728423A405F5B710C310588FC6F286D6DC71 |
| SHA-512: | C05B7723377CCBA4C2F82178AD8EA1F9D9657DF5A1BD30F59F1E8F45CCF02ACFCCD5922D323FB0D29D0087407959A42D4760765F512938C7F292B241C4D28FD9 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 285 |
| Entropy (8bit): | 5.339659805646983 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXmyVI1WVECl2mSg1c2LjcWkHvR0YnclEVeoAvJfPmwrPeUkwRe9:YvXKXmyVI1SBlBT5LjIPKgGH56Ukee9 |
| MD5: | E92B57008AE8C613326567F29253C67D |
| SHA1: | BFC40057C212BC64C0617CCDA20DCB8D416A5214 |
| SHA-256: | 962207E82A51DAC0446A4EBE073A9C46C925A2E4A7B4FA9C4AFC2459B9B32BAC |
| SHA-512: | E5095AD78DAC913A733401C769DAF7002E1DBDF22A509FA91AF534853B1A917D926A485825BE7F8B6C6AD081196BC4110601FA8D6466E478B29624DCA692C842 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1123 |
| Entropy (8bit): | 5.695879338808041 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6X3VySBfT5XIy9pLgE9cQx8LennAvzBvkn0RCmK8czOCCSt1:YvIyOtX79hgy6SAFv5Ah8cv/j |
| MD5: | 38AD9D8C051520DB7BB7F84B9B1F5F59 |
| SHA1: | 7C2489ECD4F81B99190DE50990C9D934B3EC62A0 |
| SHA-256: | 6025DE6FF0A18E4A4BF0B233963B2117B0A9B16604C2F6D8C37D6A4D2A8A832F |
| SHA-512: | AAA82B972C51025B85FCB8BF101901EDB39C809F7524D7C46598658A221E224E2405FD87CBD9C4289CAABBB3441816727CEA0773326995CC142383E1C0ACF442 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.312327170630333 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXmyVI1WVECl2mSg1c2LjcWkHvR0YnclEVeoAvJf8dPeUkwRe9:YvXKXmyVI1SBlBT5LjIPKgGU8Ukee9 |
| MD5: | FDC6F3DAE71C83B50FC8F98EC9771548 |
| SHA1: | 56ADA2452C8CCBB1D58ACADCC226E54FF8437249 |
| SHA-256: | 881A2B259AC36E749D097854E4C72EFE98104EE7FC1EA2F19F0C240F242250E5 |
| SHA-512: | 63B6E69939BC0694B1E5E6A46E1B45EFDE64AE69BF41A7F3EC3C519C0B12C498EBB294F2E4007C1A5A8CDE903A1789CE39B84E515943A3A1A8FD376CBDB86F1F |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.30403017419002 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXmyVI1WVECl2mSg1c2LjcWkHvR0YnclEVeoAvJfQ1rPeUkwRe9:YvXKXmyVI1SBlBT5LjIPKgGY16Ukee9 |
| MD5: | AC6D686B238C53BCEA94C7C45BDE3CDB |
| SHA1: | D6B08B834C8C5BBEA505905D3682850FCF128656 |
| SHA-256: | 1102FFF5FD0D073CF0E995B7BC838CA76D3305E24B90C9808439B16E92A2D2C9 |
| SHA-512: | 1FA163E3923334D7A52104A8B996E2FD2784A96A7C0F48C52D4B9E3696ABA8B74FFFF1B13CF11A2386FA44BE5195A2B631A55C90C462C7F12E31F5F518425144 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.3197237133435396 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXmyVI1WVECl2mSg1c2LjcWkHvR0YnclEVeoAvJfFldPeUkwRe9:YvXKXmyVI1SBlBT5LjIPKgGz8Ukee9 |
| MD5: | 9EAEB24C9131A2A7B75F63FE02840322 |
| SHA1: | 6EBAFD5DA66FA70C7C63D722F885BABB2B57644F |
| SHA-256: | 8A49921E6E3B269C0223A2D16B3519E010A2CB9183910D6FEF2ADB4F602894EF |
| SHA-512: | 9E059B91CC30A87FA4B5D0F892873444C2A543D02F891457EF963CF897C4B64773E412F128EA1FDBBE6B6A1550E0F5F6271D6A6561A00946D953FE7B608C0B25 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.339090043045077 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXmyVI1WVECl2mSg1c2LjcWkHvR0YnclEVeoAvJfzdPeUkwRe9:YvXKXmyVI1SBlBT5LjIPKgGb8Ukee9 |
| MD5: | AAA10C0605CB05B7DD5B868DE0644BD1 |
| SHA1: | 34DD343DB471D279C8DF5E84E795BCBB919B0A02 |
| SHA-256: | 593781BB2AE93637DCDAB2584A67DA525AD526F3026840858A995BE6505BAF71 |
| SHA-512: | 798E134B9788DF6EC9F00E63A7E0DDECA9D9D29A08D99E656008375AF82230C829474D4EA19D62091AB165FE8D45DF4CC3D45BD560EDAE54DF70FCF48BF43424 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.319849512840596 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXmyVI1WVECl2mSg1c2LjcWkHvR0YnclEVeoAvJfYdPeUkwRe9:YvXKXmyVI1SBlBT5LjIPKgGg8Ukee9 |
| MD5: | 8F74A59F6ECA776384977288874657F2 |
| SHA1: | 9517D858A86CE66A11660A135A300FC0C2B6732A |
| SHA-256: | E32621FF51E2A4A902158CC09F780B0E5A94C56FADF6E343F2B23262FE8D7BBB |
| SHA-512: | EECFA509EF938C75049731002D4ACC03BCA973E918C40B2914D899F3CFC83BBF1650726FA74DEB3AE5A4271F970F9E8F71C9B1720F3025BB93647BA71446B7B4 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 284 |
| Entropy (8bit): | 5.305931647384664 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXmyVI1WVECl2mSg1c2LjcWkHvR0YnclEVeoAvJf+dPeUkwRe9:YvXKXmyVI1SBlBT5LjIPKgG28Ukee9 |
| MD5: | 2994D71F2391D6C1BFC9453CDE7E9A17 |
| SHA1: | B8999D20968ABACE99397DEF87C31D16BCE2DF2D |
| SHA-256: | DAEDF3BF8033BB2A905644F552DBD9E7A8BB6670D9CD4D852E433233DB149528 |
| SHA-512: | 4BB95C0B20E240293B2988D7ED150177C4C6612B2872566F865E9B898CC8C5A9E8A50EB5194F2F6FB85A2114DF0AFCC5FFA78C83A09D4856F05CA18626BB8FED |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.303260187745796 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXmyVI1WVECl2mSg1c2LjcWkHvR0YnclEVeoAvJfbPtdPeUkwRe9:YvXKXmyVI1SBlBT5LjIPKgGDV8Ukee9 |
| MD5: | 134B5CE730AE404169E6DBE2E6FC1458 |
| SHA1: | F783011377F0282A203CAD226E0E52867E99B36C |
| SHA-256: | 28A4949876354A1E5CED69D984C3F825366648FCB40727CD6178604D8B668F80 |
| SHA-512: | 8540FDF7D3E85AD686FB88476FA1273895D6E61EFEF4BC8EBC480C42A03ADDCDD29326F581F7EA00117AB71E3FC35C64A5E1D16E12E358C00ECC9457C8113558 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.295294862160653 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXmyVI1WVECl2mSg1c2LjcWkHvR0YnclEVeoAvJf21rPeUkwRe9:YvXKXmyVI1SBlBT5LjIPKgG+16Ukee9 |
| MD5: | 66D5A7286C4ABC98F9F42BEC01B0EABD |
| SHA1: | D395422F9E2DA32C7205B7C165AEFA3E9456C4F2 |
| SHA-256: | 63229287B37053B947DF4E6A5F4F29DD3D8F4E2A1478D179FCCF9D456A734B7E |
| SHA-512: | 706ACDC1DC1CCFD597263AE849C4F592FC67724B9B48CA4EBD7AA59ABA35586B1DF3EECAD4C7BC6943F40996FC932A2BD2AB8986A7BE955226ACE2EB56060E2A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1090 |
| Entropy (8bit): | 5.670464279282174 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6X3VySBfT5XIyFamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSt1:YvIyOtX75BgkDMUJUAh8cvMj |
| MD5: | 0E535AB86BAA9026290F306854C40A17 |
| SHA1: | 6D64993CB07EF0B9610036B3DDF65658B8DCB144 |
| SHA-256: | 4CF1B500AE70631AF5254A990DD4B112106DFC85A81D450E4D807816FDF390D4 |
| SHA-512: | F43E4AF425DC5CA2A5DD5EBB1CCF8BF91D70BCF37588034B0C7F20C251DCB345C1ED8C562EC075C1B67D8B5314F0251A0F6A60EBE1080A14751FDA76F38DC56B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 5.267959071751581 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXmyVI1WVECl2mSg1c2LjcWkHvR0YnclEVeoAvJfshHHrPeUkwRe9:YvXKXmyVI1SBlBT5LjIPKgGUUUkee9 |
| MD5: | D80ABD1EF36AC70E62652415BB897A3D |
| SHA1: | 01EA0857926FDA1344B5EA2E2902EC9091146334 |
| SHA-256: | 37A7C1E2A10745EC0572E24CE6224D2B29246F6E1A62BB961364A51854309A40 |
| SHA-512: | 8BDD09EA23F1B6B6C43380D454BC1AA94978A767FCB5E4FD3B92F67FBF428EB3E13C1AB793089DC469FCB10B9FC44C142786A3D0319DE843BF1495DD8047F5E6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 282 |
| Entropy (8bit): | 5.268256843276378 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXmyVI1WVECl2mSg1c2LjcWkHvR0YnclEVeoAvJTqgFCrPeUkwRe9:YvXKXmyVI1SBlBT5LjIPKgGTq16Ukee9 |
| MD5: | D4CF52ED306FF3FF85F840FCBC1A88CC |
| SHA1: | A180BBEAE80729EDF3E7C0C9B6826DF4D7A31BDA |
| SHA-256: | 1EB0A5FCE68E046C5D134CA2F8DE09EF274F3159216DF50777A4749709EADB4B |
| SHA-512: | 8B02C8EF63990CCA471064EF4B4ECE4052DDEE80F5A0A8268C0A86BC10DAC98FB3CEE95E17671DA7CA651F947A940BF1F0E1FB944ACC085821BBD77AA57B12BB |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | 3:e:e |
| MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
| SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
| SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
| SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2814 |
| Entropy (8bit): | 5.12364009509561 |
| Encrypted: | false |
| SSDEEP: | 24:YyPwbEDaIay/6AHeXBEGIn3Efw3r27aGkjoj1Xj0SJOMXWL3CYD2mqf2LSJACKNu:YLzXKaePm1TtY7bqfIjTLOjvEl9kh |
| MD5: | 21A5906C0E5C5F13C2321B50016678CC |
| SHA1: | D5ED849A0E7886BF952C6A54DE214B9185405042 |
| SHA-256: | 664828CE6A81041CAECB131FF23DD037A75D3541FFFBF1FD13F6987FC96691C7 |
| SHA-512: | 1E02C708AAF4FB9ADD1EDD7A49AABC4569B35720E9A124B95FAABE5A4AFF23C19B0A0B8B86AB5A58D03D5BE933E2B9D65CAA1315CAA28625B3B474BECA3A8592 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 1.3666079408770995 |
| Encrypted: | false |
| SSDEEP: | 24:TLBx/XYKQvGJF7urs9S6bqyKn6ylSTofcNqDuO9+QXKdqEKfS8EKfM1ba29+QF:Tll2GL7msMcKTlS8fcsuO9wfI29Z |
| MD5: | 3667630E13F65C36CE5C8702E9CD8D49 |
| SHA1: | 0DB44021B6B217D521D03EB128D07929ED8791B2 |
| SHA-256: | AA29B75EC8B40627C171A377D8358AA8E89BB4D8D483FE0BDED072A4488FE426 |
| SHA-512: | 37E9850FF113EBE75F5917A0ACA1F0863C3291B8381AC1151BD9FFADD34419F6D1E0470045C773FF565519B5C2A2DD766C24567A28432B22BBEF82AE1E6C58CD |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 1.8420244507611885 |
| Encrypted: | false |
| SSDEEP: | 24:7+tJZ6bqyKn6ylSTofcNqDuO9+Q+KdqEKfS8EKfM1banbqJqLKufx/XYKQvGJF79:7MbcKTlS8fcsuO9BfIYqGufl2GL7msZ |
| MD5: | 21C17066CBF953BB09796F808B16FDD2 |
| SHA1: | F1D2FA6B6BF27417D5975DA03C5A4DCF2F13EBAA |
| SHA-256: | 3FBF5430742B22453A2139AB19DF8D60123720DF525CD6C9C4AFCF06B353D828 |
| SHA-512: | D427B6816CACB17A0487C575499318BC02F9DE4D563B4CF223D796BF1E4BC1ED3879F39873D7B1F2AD6346F92064F78425734BB7181FEF66FA06B6E49B9CAA08 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 66726 |
| Entropy (8bit): | 5.392739213842091 |
| Encrypted: | false |
| SSDEEP: | 768:RNOpblrU6TBH44ADKZEgdhAwX+W8xqy15CYT5D3VKTO/CYyu:6a6TZ44ADEHAwX+W8H15C3OCK |
| MD5: | 36DA231455C00E490BCA3E9DBBCBB128 |
| SHA1: | CD6BF9CB993136A3B9511E2B37BE41F5A576C4C0 |
| SHA-256: | 6D3E02A636904AC46B893695FAF7B4DB977D712EAFB8BF5EC5737714996B979C |
| SHA-512: | 776639836D01DA89F5BABAB56977043D4B698EAE60602FB713179AF88CA33C556306E17AEC89D4F5BC0A9D6A1FE3F706A9E7A2B88F91973B38226BEB67CDD2CE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.486646639490294 |
| Encrypted: | false |
| SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8eebClEdSlYH:Qw946cPbiOxDlbYnuRKhsDgYH |
| MD5: | 824DD472DEEB81F37EA716139E540BFE |
| SHA1: | 1BF578497F12CA2319CEEFD6848A4B4C88B92059 |
| SHA-256: | 4BBFF0D72E82B065F930F93187DCC7D8766B01196AAEBD72CE72758E68F74F4C |
| SHA-512: | E366CCCE5D7FED4ADF7F1CF4B4599B2034A61B618C7F040C6985728309841199D73BC78DC5E95D83E43262C48D59963BA13A8F71DD349EB4B75A78B8AC877055 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-01-16 11-10-12-993.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16525 |
| Entropy (8bit): | 5.330589339471305 |
| Encrypted: | false |
| SSDEEP: | 384:usQfQQjZyDzISMjg0svDBjA49Y0/sQHpMVhrSWD0Wny6WxIWd44mJmtaEKHvMMwh:Ink |
| MD5: | 5BC0A308794F062FEC40F3016568DF9F |
| SHA1: | 14149448191AB45E99011CBBEF39F2A9A03A0D15 |
| SHA-256: | 00D910C49F2885F6810F4019A916EFA52F12881CBF1525853D0C184E1B796473 |
| SHA-512: | CF12E0787C1C2A129BE61C4572CF8A28FC48039B2ADFD1816E58078D8DD900771442F210C545AD9B3F4EAEC23F6F1480F7BBF262B6A631160B20D0785BC17242 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 15114 |
| Entropy (8bit): | 5.336671948004921 |
| Encrypted: | false |
| SSDEEP: | 384:Cv7STf+G6CmXCSBG3ljsIOB4ofsez88SjgN53P/vkyjFvWex/yGjXmXGPuAmKHPY:Fog |
| MD5: | 419312770401F7F67583B05619FDE384 |
| SHA1: | 33E8E6EE218F11A02CC3AAD80877A59ACB961A17 |
| SHA-256: | 98DD6C1423A502518CF972EE549FB317DBDBBA1214F559D0124B2B99D0B171F3 |
| SHA-512: | F45962E89767F7B296DAB10528FA93E2BC0CDD45B91F2EA46954B0949A1EB194016FD51198C80858C9CE49932A4561BB1F7F6D64C7D1EEA7E20495F674FE5C14 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 29752 |
| Entropy (8bit): | 5.38213229503457 |
| Encrypted: | false |
| SSDEEP: | 192:icbENIn5cbqlcbgIpLcbJcb4I5jcbKcbQIrxcbmuzcbGIs+cbt:8qnXopZ50rVsJ |
| MD5: | C76DA61DA43870F2FB0F3BBFFB12F51B |
| SHA1: | 33C0CE0A60FDF01A194CBED4A8746E186003F646 |
| SHA-256: | 58896373CE34073D0D2D763D316E0F7FB7F0218A4BEDA6A115657F1652F55F16 |
| SHA-512: | 3EC216C7F18D9202D7E01518A1783132517D1ED6E2077F85C271C1466E3B38E2552F5EB74AB5EA7D7B08612C51DCDE20BFEDF59B2B420BF2FEB9B1249BE2622E |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1419751 |
| Entropy (8bit): | 7.976496077007677 |
| Encrypted: | false |
| SSDEEP: | 24576:/pwYIGNPQ9WL07oXGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:xwZG29WLxXGZn3mlind9i4ufFXpAXkru |
| MD5: | 17A4D09E4373155D739D65D37FDD108E |
| SHA1: | 88ABEDA0447CCB031DD1D459657336A3FC50E486 |
| SHA-256: | 36FC00DA4B14D66BF783B992AC62C7590237C315B55D28A07A1B2E8678F918E3 |
| SHA-512: | B95D3AB00F85EE3C41F813755485CF6B5C7A57F3DE9ACEF2DD2B0BDB3644580D36B43E5F44F5D9120FAD2AE128E7D69EFF2A9C58690B7162C20C497A24C88498 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 386528 |
| Entropy (8bit): | 7.9736851559892425 |
| Encrypted: | false |
| SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
| MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
| SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
| SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
| SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1407294 |
| Entropy (8bit): | 7.97605879016224 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
| MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
| SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
| SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
| SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 758601 |
| Entropy (8bit): | 7.98639316555857 |
| Encrypted: | false |
| SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
| MD5: | 3A49135134665364308390AC398006F1 |
| SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
| SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
| SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2673 |
| Entropy (8bit): | 3.976914053140303 |
| Encrypted: | false |
| SSDEEP: | 48:8RdyTBSuH8idAKZdA1P4ehwiZUklqehny+3:82lSlOMy |
| MD5: | D6E49CD79A2A01962BE42682F3DB6766 |
| SHA1: | 6C96C97ACCF308E7FD5A02A368E2027B9F1D1195 |
| SHA-256: | D3DF2AC4DEE1E7178B80F95195D97548FA205D57B2D2511CACB7448CEEA16AE9 |
| SHA-512: | 98DE3AE5D845C4F5A21CD44903BC784985A98F0AB546A40FF316252AB464B58FEE58DB10A891B7861A993F94C028025B58B2C3B01434C150EF96F0AFF663FE05 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2675 |
| Entropy (8bit): | 3.990856483626486 |
| Encrypted: | false |
| SSDEEP: | 48:8DdyTBSuH8idAKZdA1+4eh/iZUkAQkqeh8y+2:8IlS0F9QNy |
| MD5: | E4583B03C679DDCA198526A974EAB3DF |
| SHA1: | CA97B4705875AE11FCD24B496E937B48364CF315 |
| SHA-256: | E62A6059D99A6525E85B87A38C03A04E5FE59E7692DE22E101F9D778E2139827 |
| SHA-512: | F9A5E93FA60D604D77488A99898FD1E83D62D13C799B2F2482A9E44A1A220234ED6597FD4259656E491E06EA183C2D1C5ECA49F3C1ADF0A07644004C5ABA2E82 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2689 |
| Entropy (8bit): | 4.005803374178169 |
| Encrypted: | false |
| SSDEEP: | 48:8pdyTBSVH8idAKZdA1404eh7sFiZUkmgqeh7sqy+BX:8ulS4Ingy |
| MD5: | 68D86889505D20665D1E9313826FEEC9 |
| SHA1: | AAC2EC33A0A0C317C6545A091A1E07FEB9AD1D45 |
| SHA-256: | 76F337141C643525283865ABA779E5EBEA675B5C8E2F523EDEEDC504ACB747D4 |
| SHA-512: | 276EF86330A61CBC17D4E5E242BF6940CE68BD5962A1C39B7CB5D3133D3E229BEDAFD9D3BA2BC7CC50C9439B4CD6B2A8472329C6AF1B20B9F3BC32FDE3498695 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2677 |
| Entropy (8bit): | 3.98731472847771 |
| Encrypted: | false |
| SSDEEP: | 48:87dyTBSuH8idAKZdA1p4ehDiZUkwqehIy+R:8AlSj5Sy |
| MD5: | CA151132381457AED90F7588E7501CCB |
| SHA1: | 7653E0800D665DA869C22D9382104C688313D02B |
| SHA-256: | BEDFD7DEBD0BCB70CBB52BEAFC3D4FF5249746CCF76F60BD2E13D13FEB9851A0 |
| SHA-512: | B757A6C6B553D303C5926A2E078FD2B11567FFDF251921D148E1587D3F53FBAE2B669082923560E4394BFA910C94D07110F330FD2A59A241EA164A0EEEA58730 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2677 |
| Entropy (8bit): | 3.9790575447342733 |
| Encrypted: | false |
| SSDEEP: | 48:8kdyTBSuH8idAKZdA1X4ehBiZUk1W1qehuy+C:8ZlS9b9Oy |
| MD5: | 10A41186398D91ADAE4B977882BC776C |
| SHA1: | 31E9B33F86C1D22445C5AD4D5F49BD7CC95D2C63 |
| SHA-256: | 3A127344DE790860B713CDC8905ADE18C255361F0DCFBB04188377ABBFEF5D73 |
| SHA-512: | 27D955B034B1F44C74EA85F3CFDAE2D3C8A5C88CE935261F963A07A0AABBB077776D73D9F6C82B8D205138DC5E1EBC741654AC3EB2EE7F114C3F667C254E8FA0 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2679 |
| Entropy (8bit): | 3.9890331980293956 |
| Encrypted: | false |
| SSDEEP: | 48:8wdyTBSuH8idAKZdA1duTc4ehOuTbbiZUk5OjqehOuTbgy+yT+:8VlSeTcJTbxWOvTbgy7T |
| MD5: | CB3CDE746605AD98345FF5E06EA3EF38 |
| SHA1: | 14A5AC81E7A4374A9CA69E337291475269F4DB01 |
| SHA-256: | 66101C13448BAF76D56E09F38DB951130A300DDD3B34B55DA367C8FD31AE9B9E |
| SHA-512: | 374D72998E3D9D1A7A467138CA0D79AE92394D33CAC75AF40D2055051CAC5552A0F5BEC025FD6F8B76FCAE29657C5B08CED4FA8154DA38CBDCCBB59106CE4F48 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 168 |
| Entropy (8bit): | 6.7197357652806184 |
| Encrypted: | false |
| SSDEEP: | 3:FttakNW0v1qHv3HjapKxfD/20PbHykg8TaKRUvKEivzCz4Ecssx2VSREvln:Xt5WaoekNj20P57TaKaHirPF2Vr9n |
| MD5: | 3B84FB10F1DF8E1537F04D6C0F8EB5B6 |
| SHA1: | E486E09F4BEC13056A3C39C48738C50C0983130B |
| SHA-256: | 8675302B63BEDD118BCBB4527599F0FC76E387E96C626776FB7CCB63DA4F498A |
| SHA-512: | 6FC2F7B6FE2EB51700421CC92C30137A3820208B3AA75E159D11FE7064FF152680D0D746ABACB5D0E98350ACA8872B2FCFC12B8E32CE0232E343E1FA505C3660 |
| Malicious: | false |
| URL: | http://clintonmakes.com/favicon.ico |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 252 |
| Entropy (8bit): | 7.110598860032035 |
| Encrypted: | false |
| SSDEEP: | 6:XtyPGgXdn/L/x3ArVZad32XfxRqI+XQcqa/uD+hWpXJy2QDnW/:XKXdnz/x3UU32vxwIjG/+ps3i/ |
| MD5: | 273A8E7CE16720012159CCEB076C49B7 |
| SHA1: | 3D5057731B1521631866D264662F645BAC8CFF95 |
| SHA-256: | 01CE43EC5F0C2288440121A3A84C1A44210912BC59BB0CA41ED7DA3D68ACCCE7 |
| SHA-512: | 916731902918128430C5C3B49C509F8A7DA63312445978CD59B2A9199AC34F95E007C8983A728F2918BF32B1C36F1F310415A14FBDDCF56F18F0D777AEB9ADA3 |
| Malicious: | false |
| URL: | http://clintonmakes.com/215c/ |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.92474340046707 |
| TrID: |
|
| File name: | z5z84fR7lS.pdf |
| File size: | 154'037 bytes |
| MD5: | 47dce4cb9850e0cfa982773f565f643c |
| SHA1: | b4c5b05fe45d3ca49e2b931148cdd31be130f9c8 |
| SHA256: | 76e47cd1a3b2222bf010b4841a387b789a3f5b43a0ac9749591cddd3f48a71df |
| SHA512: | f118b8f5968c56861c6f70b8a75f0906a93abe829e1d9857eb812f2d28dd854c898c6b8e932e3ebb14ce3fca5777fb409ea6797e18f1a592632c4b85ffd9a5f8 |
| SSDEEP: | 3072:XcvEN6djHijSiF3mJ3A9XzwwFBSGEQ+8/d/6hkabgq1TXwYhkHHcEf:oEMdjCjB9GwfSGE3jF1bwYKHFf |
| TLSH: | 1CE3F137D985AC8CF4E3C3FA513A7E8E483EF32303C4A5537439465A5E4994CA6325BA |
| File Content Preview: | %PDF-1.4.1 0 obj.<<./Count 5./Kids [3 0 R.5 0 R.7 0 R.9 0 R.11 0 R]./MediaBox [0 0 595.28 841.89]./Type /Pages.>>.endobj.2 0 obj.<<./OpenAction [3 0 R /FitH null]./PageLayout /OneColumn./Pages 1 0 R./Type /Catalog.>>.endobj.3 0 obj.<<./Annots [<</A <</S / |
 | |
| Icon Hash: | 62cc8caeb29e8ae0 |
General | |
|---|---|
| Header: | %PDF-1.4 |
| Total Entropy: | 7.924743 |
| Total Bytes: | 154037 |
| Stream Entropy: | 7.978665 |
| Stream Bytes: | 141600 |
| Entropy outside Streams: | 5.193316 |
| Bytes outside Streams: | 12437 |
| Number of EOF found: | 1 |
| Bytes after EOF: | |
| Name | Count |
|---|---|
| obj | 77 |
| endobj | 77 |
| stream | 30 |
| endstream | 30 |
| xref | 1 |
| trailer | 1 |
| startxref | 1 |
| /Page | 5 |
| /Encrypt | 0 |
| /ObjStm | 0 |
| /URI | 6 |
| /JS | 0 |
| /JavaScript | 0 |
| /AA | 0 |
| /OpenAction | 1 |
| /AcroForm | 0 |
| /JBIG2Decode | 0 |
| /RichMedia | 0 |
| /Launch | 0 |
| /EmbeddedFile | 0 |
Image Streams |
|---|
| ID | DHASH | MD5 | Preview |
|---|---|---|---|
| 69 | 001024b2b2320c10 | fb78c7ce898eb0937ea7cd5e2ab220f9 |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jan 16, 2025 17:10:05.076503992 CET | 49676 | 443 | 192.168.2.9 | 23.206.229.209 |
| Jan 16, 2025 17:10:05.078074932 CET | 49675 | 443 | 192.168.2.9 | 23.206.229.209 |
| Jan 16, 2025 17:10:05.373491049 CET | 49674 | 443 | 192.168.2.9 | 23.206.229.209 |
| Jan 16, 2025 17:10:09.342142105 CET | 49677 | 443 | 192.168.2.9 | 20.189.173.11 |
| Jan 16, 2025 17:10:19.405879974 CET | 49718 | 80 | 192.168.2.9 | 2.23.197.184 |
| Jan 16, 2025 17:10:19.411540985 CET | 80 | 49718 | 2.23.197.184 | 192.168.2.9 |
| Jan 16, 2025 17:10:19.411618948 CET | 49718 | 80 | 192.168.2.9 | 2.23.197.184 |
| Jan 16, 2025 17:10:19.411765099 CET | 49718 | 80 | 192.168.2.9 | 2.23.197.184 |
| Jan 16, 2025 17:10:19.417073965 CET | 80 | 49718 | 2.23.197.184 | 192.168.2.9 |
| Jan 16, 2025 17:10:20.045897007 CET | 80 | 49718 | 2.23.197.184 | 192.168.2.9 |
| Jan 16, 2025 17:10:20.045918941 CET | 80 | 49718 | 2.23.197.184 | 192.168.2.9 |
| Jan 16, 2025 17:10:20.046070099 CET | 49718 | 80 | 192.168.2.9 | 2.23.197.184 |
| Jan 16, 2025 17:10:35.342772961 CET | 49718 | 80 | 192.168.2.9 | 2.23.197.184 |
| Jan 16, 2025 17:10:36.864948034 CET | 49724 | 443 | 192.168.2.9 | 66.63.187.216 |
| Jan 16, 2025 17:10:36.864991903 CET | 443 | 49724 | 66.63.187.216 | 192.168.2.9 |
| Jan 16, 2025 17:10:36.865051985 CET | 49724 | 443 | 192.168.2.9 | 66.63.187.216 |
| Jan 16, 2025 17:10:36.866066933 CET | 49724 | 443 | 192.168.2.9 | 66.63.187.216 |
| Jan 16, 2025 17:10:36.866082907 CET | 443 | 49724 | 66.63.187.216 | 192.168.2.9 |
| Jan 16, 2025 17:10:37.645531893 CET | 443 | 49724 | 66.63.187.216 | 192.168.2.9 |
| Jan 16, 2025 17:10:37.645695925 CET | 49724 | 443 | 192.168.2.9 | 66.63.187.216 |
| Jan 16, 2025 17:10:37.645701885 CET | 443 | 49724 | 66.63.187.216 | 192.168.2.9 |
| Jan 16, 2025 17:10:37.646692991 CET | 443 | 49724 | 66.63.187.216 | 192.168.2.9 |
| Jan 16, 2025 17:10:37.646749973 CET | 49724 | 443 | 192.168.2.9 | 66.63.187.216 |
| Jan 16, 2025 17:10:37.647870064 CET | 49724 | 443 | 192.168.2.9 | 66.63.187.216 |
| Jan 16, 2025 17:10:37.647931099 CET | 443 | 49724 | 66.63.187.216 | 192.168.2.9 |
| Jan 16, 2025 17:10:37.648011923 CET | 49724 | 443 | 192.168.2.9 | 66.63.187.216 |
| Jan 16, 2025 17:10:37.648020029 CET | 443 | 49724 | 66.63.187.216 | 192.168.2.9 |
| Jan 16, 2025 17:10:37.690818071 CET | 49724 | 443 | 192.168.2.9 | 66.63.187.216 |
| Jan 16, 2025 17:10:38.220838070 CET | 443 | 49724 | 66.63.187.216 | 192.168.2.9 |
| Jan 16, 2025 17:10:38.221003056 CET | 443 | 49724 | 66.63.187.216 | 192.168.2.9 |
| Jan 16, 2025 17:10:38.224152088 CET | 49724 | 443 | 192.168.2.9 | 66.63.187.216 |
| Jan 16, 2025 17:10:38.236687899 CET | 49724 | 443 | 192.168.2.9 | 66.63.187.216 |
| Jan 16, 2025 17:10:38.236706018 CET | 443 | 49724 | 66.63.187.216 | 192.168.2.9 |
| Jan 16, 2025 17:10:38.304622889 CET | 49729 | 80 | 192.168.2.9 | 66.63.187.216 |
| Jan 16, 2025 17:10:38.305284023 CET | 49730 | 80 | 192.168.2.9 | 66.63.187.216 |
| Jan 16, 2025 17:10:38.309448004 CET | 80 | 49729 | 66.63.187.216 | 192.168.2.9 |
| Jan 16, 2025 17:10:38.309540033 CET | 49729 | 80 | 192.168.2.9 | 66.63.187.216 |
| Jan 16, 2025 17:10:38.309708118 CET | 49729 | 80 | 192.168.2.9 | 66.63.187.216 |
| Jan 16, 2025 17:10:38.310187101 CET | 80 | 49730 | 66.63.187.216 | 192.168.2.9 |
| Jan 16, 2025 17:10:38.310580015 CET | 49730 | 80 | 192.168.2.9 | 66.63.187.216 |
| Jan 16, 2025 17:10:38.314558029 CET | 80 | 49729 | 66.63.187.216 | 192.168.2.9 |
| Jan 16, 2025 17:10:39.269768000 CET | 80 | 49729 | 66.63.187.216 | 192.168.2.9 |
| Jan 16, 2025 17:10:39.317511082 CET | 49729 | 80 | 192.168.2.9 | 66.63.187.216 |
| Jan 16, 2025 17:10:39.528801918 CET | 49729 | 80 | 192.168.2.9 | 66.63.187.216 |
| Jan 16, 2025 17:10:39.533766985 CET | 80 | 49729 | 66.63.187.216 | 192.168.2.9 |
| Jan 16, 2025 17:10:39.711916924 CET | 49731 | 443 | 192.168.2.9 | 186.64.116.70 |
| Jan 16, 2025 17:10:39.711975098 CET | 443 | 49731 | 186.64.116.70 | 192.168.2.9 |
| Jan 16, 2025 17:10:39.712052107 CET | 49731 | 443 | 192.168.2.9 | 186.64.116.70 |
| Jan 16, 2025 17:10:39.712516069 CET | 49732 | 443 | 192.168.2.9 | 186.64.116.70 |
| Jan 16, 2025 17:10:39.712555885 CET | 443 | 49732 | 186.64.116.70 | 192.168.2.9 |
| Jan 16, 2025 17:10:39.712614059 CET | 49732 | 443 | 192.168.2.9 | 186.64.116.70 |
| Jan 16, 2025 17:10:39.712846041 CET | 49731 | 443 | 192.168.2.9 | 186.64.116.70 |
| Jan 16, 2025 17:10:39.712868929 CET | 443 | 49731 | 186.64.116.70 | 192.168.2.9 |
| Jan 16, 2025 17:10:39.713102102 CET | 49732 | 443 | 192.168.2.9 | 186.64.116.70 |
| Jan 16, 2025 17:10:39.713118076 CET | 443 | 49732 | 186.64.116.70 | 192.168.2.9 |
| Jan 16, 2025 17:10:39.862946033 CET | 80 | 49729 | 66.63.187.216 | 192.168.2.9 |
| Jan 16, 2025 17:10:39.907577991 CET | 49729 | 80 | 192.168.2.9 | 66.63.187.216 |
| Jan 16, 2025 17:10:40.417136908 CET | 443 | 49732 | 186.64.116.70 | 192.168.2.9 |
| Jan 16, 2025 17:10:40.417551994 CET | 49732 | 443 | 192.168.2.9 | 186.64.116.70 |
| Jan 16, 2025 17:10:40.417586088 CET | 443 | 49732 | 186.64.116.70 | 192.168.2.9 |
| Jan 16, 2025 17:10:40.418642044 CET | 443 | 49732 | 186.64.116.70 | 192.168.2.9 |
| Jan 16, 2025 17:10:40.418725967 CET | 49732 | 443 | 192.168.2.9 | 186.64.116.70 |
| Jan 16, 2025 17:10:40.420016050 CET | 49732 | 443 | 192.168.2.9 | 186.64.116.70 |
| Jan 16, 2025 17:10:40.420108080 CET | 443 | 49732 | 186.64.116.70 | 192.168.2.9 |
| Jan 16, 2025 17:10:40.420331001 CET | 49732 | 443 | 192.168.2.9 | 186.64.116.70 |
| Jan 16, 2025 17:10:40.420348883 CET | 443 | 49732 | 186.64.116.70 | 192.168.2.9 |
| Jan 16, 2025 17:10:40.420886993 CET | 443 | 49731 | 186.64.116.70 | 192.168.2.9 |
| Jan 16, 2025 17:10:40.421087027 CET | 49731 | 443 | 192.168.2.9 | 186.64.116.70 |
| Jan 16, 2025 17:10:40.421107054 CET | 443 | 49731 | 186.64.116.70 | 192.168.2.9 |
| Jan 16, 2025 17:10:40.422169924 CET | 443 | 49731 | 186.64.116.70 | 192.168.2.9 |
| Jan 16, 2025 17:10:40.422249079 CET | 49731 | 443 | 192.168.2.9 | 186.64.116.70 |
| Jan 16, 2025 17:10:40.423024893 CET | 49731 | 443 | 192.168.2.9 | 186.64.116.70 |
| Jan 16, 2025 17:10:40.423103094 CET | 443 | 49731 | 186.64.116.70 | 192.168.2.9 |
| Jan 16, 2025 17:10:40.468214035 CET | 49732 | 443 | 192.168.2.9 | 186.64.116.70 |
| Jan 16, 2025 17:10:40.468975067 CET | 49731 | 443 | 192.168.2.9 | 186.64.116.70 |
| Jan 16, 2025 17:10:40.468998909 CET | 443 | 49731 | 186.64.116.70 | 192.168.2.9 |
| Jan 16, 2025 17:10:40.514611006 CET | 49731 | 443 | 192.168.2.9 | 186.64.116.70 |
| Jan 16, 2025 17:10:40.744673967 CET | 49733 | 443 | 192.168.2.9 | 142.250.185.68 |
| Jan 16, 2025 17:10:40.744705915 CET | 443 | 49733 | 142.250.185.68 | 192.168.2.9 |
| Jan 16, 2025 17:10:40.744775057 CET | 49733 | 443 | 192.168.2.9 | 142.250.185.68 |
| Jan 16, 2025 17:10:40.745007992 CET | 49733 | 443 | 192.168.2.9 | 142.250.185.68 |
| Jan 16, 2025 17:10:40.745016098 CET | 443 | 49733 | 142.250.185.68 | 192.168.2.9 |
| Jan 16, 2025 17:10:40.747030973 CET | 443 | 49732 | 186.64.116.70 | 192.168.2.9 |
| Jan 16, 2025 17:10:40.747101068 CET | 443 | 49732 | 186.64.116.70 | 192.168.2.9 |
| Jan 16, 2025 17:10:40.747157097 CET | 49732 | 443 | 192.168.2.9 | 186.64.116.70 |
| Jan 16, 2025 17:10:40.747523069 CET | 49732 | 443 | 192.168.2.9 | 186.64.116.70 |
| Jan 16, 2025 17:10:40.747543097 CET | 443 | 49732 | 186.64.116.70 | 192.168.2.9 |
| Jan 16, 2025 17:10:40.747554064 CET | 49732 | 443 | 192.168.2.9 | 186.64.116.70 |
| Jan 16, 2025 17:10:40.747596979 CET | 49732 | 443 | 192.168.2.9 | 186.64.116.70 |
| Jan 16, 2025 17:10:40.773359060 CET | 49734 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:40.773391962 CET | 443 | 49734 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:40.773459911 CET | 49734 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:40.773879051 CET | 49734 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:40.773896933 CET | 443 | 49734 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:41.255521059 CET | 443 | 49734 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:41.255892992 CET | 49734 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:41.255913019 CET | 443 | 49734 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:41.256921053 CET | 443 | 49734 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:41.257025003 CET | 49734 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:41.258141041 CET | 49734 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:41.258208990 CET | 443 | 49734 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:41.258228064 CET | 49734 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:41.258372068 CET | 49734 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:41.258383036 CET | 443 | 49734 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:41.258398056 CET | 49734 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:41.258399963 CET | 443 | 49734 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:41.258430004 CET | 49734 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:41.258460999 CET | 49734 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:41.258872986 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:41.258903980 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:41.259027958 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:41.259186029 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:41.259201050 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:41.378834009 CET | 443 | 49733 | 142.250.185.68 | 192.168.2.9 |
| Jan 16, 2025 17:10:41.379215956 CET | 49733 | 443 | 192.168.2.9 | 142.250.185.68 |
| Jan 16, 2025 17:10:41.379232883 CET | 443 | 49733 | 142.250.185.68 | 192.168.2.9 |
| Jan 16, 2025 17:10:41.380254984 CET | 443 | 49733 | 142.250.185.68 | 192.168.2.9 |
| Jan 16, 2025 17:10:41.380352020 CET | 49733 | 443 | 192.168.2.9 | 142.250.185.68 |
| Jan 16, 2025 17:10:41.381725073 CET | 49733 | 443 | 192.168.2.9 | 142.250.185.68 |
| Jan 16, 2025 17:10:41.381777048 CET | 443 | 49733 | 142.250.185.68 | 192.168.2.9 |
| Jan 16, 2025 17:10:41.426606894 CET | 49733 | 443 | 192.168.2.9 | 142.250.185.68 |
| Jan 16, 2025 17:10:41.426636934 CET | 443 | 49733 | 142.250.185.68 | 192.168.2.9 |
| Jan 16, 2025 17:10:41.472996950 CET | 49733 | 443 | 192.168.2.9 | 142.250.185.68 |
| Jan 16, 2025 17:10:41.759284973 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:41.796967983 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:41.797014952 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:41.798300982 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:41.798376083 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:41.799877882 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:41.800153017 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:41.801131964 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:41.843339920 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:41.843624115 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:41.843645096 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:41.885111094 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.164076090 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.164125919 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.164154053 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.164179087 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.164195061 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.164222956 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.164252996 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.164530039 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.164659023 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.164664984 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.164695024 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.164729118 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.164733887 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.168773890 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.168800116 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.168823957 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.168838024 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.169169903 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.241569996 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.256434917 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.256477118 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.256500006 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.256514072 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.256525040 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.256551027 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.256891012 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.256927013 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.256968975 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.256968975 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.256978989 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.257023096 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.257031918 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.257066011 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.257071972 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.257858038 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.257895947 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.257930040 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.257935047 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.257941008 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.257963896 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.258925915 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.258963108 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.258980036 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.258984089 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.259017944 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.259032965 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.259037971 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.259099007 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.353312969 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.353383064 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.353416920 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.353435040 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.353461027 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.353502035 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.353503942 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.353512049 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.353554010 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.353560925 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.354091883 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.354120970 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.354130030 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.354135036 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.354168892 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.354652882 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.354695082 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.354738951 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.354749918 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.354758978 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.354824066 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.355420113 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.355456114 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.355469942 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.355493069 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.355504036 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.355506897 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.355577946 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.355583906 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.355632067 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.356121063 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.356172085 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.356187105 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.356195927 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.356220961 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.356236935 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.357039928 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.357098103 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.358077049 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.358112097 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.358125925 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.358130932 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.358283997 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.410917997 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.410927057 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.457751989 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.457791090 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.457798958 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.457813025 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.457823992 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.457868099 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.458172083 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.458179951 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.458211899 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.458220959 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.458234072 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.458240032 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.458266973 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.458501101 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.458544970 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.458550930 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.458590984 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.458849907 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.458884954 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.459197044 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.459235907 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.459244967 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.459249020 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.459304094 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.459383965 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.459424019 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.459434986 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.459438086 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.459476948 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.459501982 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.459559917 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.460022926 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.460057974 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.460067987 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.460072994 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.460103035 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.460156918 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.460206032 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.460211039 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.460254908 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.462326050 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.462392092 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.462436914 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.462486029 CET | 49736 | 443 | 192.168.2.9 | 172.67.168.162 |
| Jan 16, 2025 17:10:42.462501049 CET | 443 | 49736 | 172.67.168.162 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.473570108 CET | 49738 | 443 | 192.168.2.9 | 35.190.80.1 |
| Jan 16, 2025 17:10:42.473607063 CET | 443 | 49738 | 35.190.80.1 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.473663092 CET | 49738 | 443 | 192.168.2.9 | 35.190.80.1 |
| Jan 16, 2025 17:10:42.474313021 CET | 49738 | 443 | 192.168.2.9 | 35.190.80.1 |
| Jan 16, 2025 17:10:42.474323988 CET | 443 | 49738 | 35.190.80.1 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.935580969 CET | 443 | 49738 | 35.190.80.1 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.935861111 CET | 49738 | 443 | 192.168.2.9 | 35.190.80.1 |
| Jan 16, 2025 17:10:42.935877085 CET | 443 | 49738 | 35.190.80.1 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.936912060 CET | 443 | 49738 | 35.190.80.1 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.936966896 CET | 49738 | 443 | 192.168.2.9 | 35.190.80.1 |
| Jan 16, 2025 17:10:42.941332102 CET | 49738 | 443 | 192.168.2.9 | 35.190.80.1 |
| Jan 16, 2025 17:10:42.941406965 CET | 443 | 49738 | 35.190.80.1 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.941737890 CET | 49738 | 443 | 192.168.2.9 | 35.190.80.1 |
| Jan 16, 2025 17:10:42.941750050 CET | 443 | 49738 | 35.190.80.1 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.984102964 CET | 49738 | 443 | 192.168.2.9 | 35.190.80.1 |
| Jan 16, 2025 17:10:43.067276955 CET | 443 | 49738 | 35.190.80.1 | 192.168.2.9 |
| Jan 16, 2025 17:10:43.067368031 CET | 443 | 49738 | 35.190.80.1 | 192.168.2.9 |
| Jan 16, 2025 17:10:43.067455053 CET | 49738 | 443 | 192.168.2.9 | 35.190.80.1 |
| Jan 16, 2025 17:10:43.067795038 CET | 49738 | 443 | 192.168.2.9 | 35.190.80.1 |
| Jan 16, 2025 17:10:43.067816973 CET | 443 | 49738 | 35.190.80.1 | 192.168.2.9 |
| Jan 16, 2025 17:10:43.069099903 CET | 49739 | 443 | 192.168.2.9 | 35.190.80.1 |
| Jan 16, 2025 17:10:43.069139004 CET | 443 | 49739 | 35.190.80.1 | 192.168.2.9 |
| Jan 16, 2025 17:10:43.069294930 CET | 49739 | 443 | 192.168.2.9 | 35.190.80.1 |
| Jan 16, 2025 17:10:43.069497108 CET | 49739 | 443 | 192.168.2.9 | 35.190.80.1 |
| Jan 16, 2025 17:10:43.069503069 CET | 443 | 49739 | 35.190.80.1 | 192.168.2.9 |
| Jan 16, 2025 17:10:43.545440912 CET | 443 | 49739 | 35.190.80.1 | 192.168.2.9 |
| Jan 16, 2025 17:10:43.545774937 CET | 49739 | 443 | 192.168.2.9 | 35.190.80.1 |
| Jan 16, 2025 17:10:43.545803070 CET | 443 | 49739 | 35.190.80.1 | 192.168.2.9 |
| Jan 16, 2025 17:10:43.546159983 CET | 443 | 49739 | 35.190.80.1 | 192.168.2.9 |
| Jan 16, 2025 17:10:43.546641111 CET | 49739 | 443 | 192.168.2.9 | 35.190.80.1 |
| Jan 16, 2025 17:10:43.546641111 CET | 49739 | 443 | 192.168.2.9 | 35.190.80.1 |
| Jan 16, 2025 17:10:43.546652079 CET | 443 | 49739 | 35.190.80.1 | 192.168.2.9 |
| Jan 16, 2025 17:10:43.546709061 CET | 443 | 49739 | 35.190.80.1 | 192.168.2.9 |
| Jan 16, 2025 17:10:43.593514919 CET | 49739 | 443 | 192.168.2.9 | 35.190.80.1 |
| Jan 16, 2025 17:10:43.680027962 CET | 443 | 49739 | 35.190.80.1 | 192.168.2.9 |
| Jan 16, 2025 17:10:43.680165052 CET | 443 | 49739 | 35.190.80.1 | 192.168.2.9 |
| Jan 16, 2025 17:10:43.680401087 CET | 49739 | 443 | 192.168.2.9 | 35.190.80.1 |
| Jan 16, 2025 17:10:43.680545092 CET | 49739 | 443 | 192.168.2.9 | 35.190.80.1 |
| Jan 16, 2025 17:10:43.680545092 CET | 49739 | 443 | 192.168.2.9 | 35.190.80.1 |
| Jan 16, 2025 17:10:43.680562019 CET | 443 | 49739 | 35.190.80.1 | 192.168.2.9 |
| Jan 16, 2025 17:10:43.681437969 CET | 49739 | 443 | 192.168.2.9 | 35.190.80.1 |
| Jan 16, 2025 17:10:48.944006920 CET | 80 | 49730 | 66.63.187.216 | 192.168.2.9 |
| Jan 16, 2025 17:10:48.944122076 CET | 80 | 49730 | 66.63.187.216 | 192.168.2.9 |
| Jan 16, 2025 17:10:48.944540977 CET | 49730 | 80 | 192.168.2.9 | 66.63.187.216 |
| Jan 16, 2025 17:10:49.864226103 CET | 80 | 49729 | 66.63.187.216 | 192.168.2.9 |
| Jan 16, 2025 17:10:49.864293098 CET | 49729 | 80 | 192.168.2.9 | 66.63.187.216 |
| Jan 16, 2025 17:10:50.027509928 CET | 49729 | 80 | 192.168.2.9 | 66.63.187.216 |
| Jan 16, 2025 17:10:50.032285929 CET | 80 | 49729 | 66.63.187.216 | 192.168.2.9 |
| Jan 16, 2025 17:10:51.300688028 CET | 443 | 49733 | 142.250.185.68 | 192.168.2.9 |
| Jan 16, 2025 17:10:51.300760031 CET | 443 | 49733 | 142.250.185.68 | 192.168.2.9 |
| Jan 16, 2025 17:10:51.300806999 CET | 49733 | 443 | 192.168.2.9 | 142.250.185.68 |
| Jan 16, 2025 17:10:51.475629091 CET | 49733 | 443 | 192.168.2.9 | 142.250.185.68 |
| Jan 16, 2025 17:10:51.475657940 CET | 443 | 49733 | 142.250.185.68 | 192.168.2.9 |
| Jan 16, 2025 17:11:00.654990911 CET | 443 | 49731 | 186.64.116.70 | 192.168.2.9 |
| Jan 16, 2025 17:11:00.655081987 CET | 443 | 49731 | 186.64.116.70 | 192.168.2.9 |
| Jan 16, 2025 17:11:00.655149937 CET | 49731 | 443 | 192.168.2.9 | 186.64.116.70 |
| Jan 16, 2025 17:11:01.220310926 CET | 49731 | 443 | 192.168.2.9 | 186.64.116.70 |
| Jan 16, 2025 17:11:01.220336914 CET | 443 | 49731 | 186.64.116.70 | 192.168.2.9 |
| Jan 16, 2025 17:11:31.075305939 CET | 443 | 49708 | 13.107.246.45 | 192.168.2.9 |
| Jan 16, 2025 17:11:31.075362921 CET | 443 | 49708 | 13.107.246.45 | 192.168.2.9 |
| Jan 16, 2025 17:11:31.075517893 CET | 49708 | 443 | 192.168.2.9 | 13.107.246.45 |
| Jan 16, 2025 17:11:31.076689005 CET | 49708 | 443 | 192.168.2.9 | 13.107.246.45 |
| Jan 16, 2025 17:11:31.081542015 CET | 443 | 49708 | 13.107.246.45 | 192.168.2.9 |
| Jan 16, 2025 17:11:33.952678919 CET | 49730 | 80 | 192.168.2.9 | 66.63.187.216 |
| Jan 16, 2025 17:11:33.957555056 CET | 80 | 49730 | 66.63.187.216 | 192.168.2.9 |
| Jan 16, 2025 17:11:39.221060991 CET | 49730 | 80 | 192.168.2.9 | 66.63.187.216 |
| Jan 16, 2025 17:11:39.222251892 CET | 49730 | 80 | 192.168.2.9 | 66.63.187.216 |
| Jan 16, 2025 17:11:39.227222919 CET | 80 | 49730 | 66.63.187.216 | 192.168.2.9 |
| Jan 16, 2025 17:11:39.227325916 CET | 49730 | 80 | 192.168.2.9 | 66.63.187.216 |
| Jan 16, 2025 17:11:40.798656940 CET | 49750 | 443 | 192.168.2.9 | 142.250.185.68 |
| Jan 16, 2025 17:11:40.798696041 CET | 443 | 49750 | 142.250.185.68 | 192.168.2.9 |
| Jan 16, 2025 17:11:40.798809052 CET | 49750 | 443 | 192.168.2.9 | 142.250.185.68 |
| Jan 16, 2025 17:11:40.799329042 CET | 49750 | 443 | 192.168.2.9 | 142.250.185.68 |
| Jan 16, 2025 17:11:40.799339056 CET | 443 | 49750 | 142.250.185.68 | 192.168.2.9 |
| Jan 16, 2025 17:11:41.436240911 CET | 443 | 49750 | 142.250.185.68 | 192.168.2.9 |
| Jan 16, 2025 17:11:41.436796904 CET | 49750 | 443 | 192.168.2.9 | 142.250.185.68 |
| Jan 16, 2025 17:11:41.436809063 CET | 443 | 49750 | 142.250.185.68 | 192.168.2.9 |
| Jan 16, 2025 17:11:41.437541962 CET | 443 | 49750 | 142.250.185.68 | 192.168.2.9 |
| Jan 16, 2025 17:11:41.437892914 CET | 49750 | 443 | 192.168.2.9 | 142.250.185.68 |
| Jan 16, 2025 17:11:41.438008070 CET | 443 | 49750 | 142.250.185.68 | 192.168.2.9 |
| Jan 16, 2025 17:11:41.483850956 CET | 49750 | 443 | 192.168.2.9 | 142.250.185.68 |
| Jan 16, 2025 17:11:51.344113111 CET | 443 | 49750 | 142.250.185.68 | 192.168.2.9 |
| Jan 16, 2025 17:11:51.344193935 CET | 443 | 49750 | 142.250.185.68 | 192.168.2.9 |
| Jan 16, 2025 17:11:51.344331980 CET | 49750 | 443 | 192.168.2.9 | 142.250.185.68 |
| Jan 16, 2025 17:11:53.220971107 CET | 49750 | 443 | 192.168.2.9 | 142.250.185.68 |
| Jan 16, 2025 17:11:53.220998049 CET | 443 | 49750 | 142.250.185.68 | 192.168.2.9 |
| Jan 16, 2025 17:12:40.859611034 CET | 49752 | 443 | 192.168.2.9 | 142.250.185.68 |
| Jan 16, 2025 17:12:40.859671116 CET | 443 | 49752 | 142.250.185.68 | 192.168.2.9 |
| Jan 16, 2025 17:12:40.859760046 CET | 49752 | 443 | 192.168.2.9 | 142.250.185.68 |
| Jan 16, 2025 17:12:40.860032082 CET | 49752 | 443 | 192.168.2.9 | 142.250.185.68 |
| Jan 16, 2025 17:12:40.860049009 CET | 443 | 49752 | 142.250.185.68 | 192.168.2.9 |
| Jan 16, 2025 17:12:41.495254040 CET | 443 | 49752 | 142.250.185.68 | 192.168.2.9 |
| Jan 16, 2025 17:12:41.495667934 CET | 49752 | 443 | 192.168.2.9 | 142.250.185.68 |
| Jan 16, 2025 17:12:41.495701075 CET | 443 | 49752 | 142.250.185.68 | 192.168.2.9 |
| Jan 16, 2025 17:12:41.496382952 CET | 443 | 49752 | 142.250.185.68 | 192.168.2.9 |
| Jan 16, 2025 17:12:41.496697903 CET | 49752 | 443 | 192.168.2.9 | 142.250.185.68 |
| Jan 16, 2025 17:12:41.496805906 CET | 443 | 49752 | 142.250.185.68 | 192.168.2.9 |
| Jan 16, 2025 17:12:41.545742989 CET | 49752 | 443 | 192.168.2.9 | 142.250.185.68 |
| Jan 16, 2025 17:12:51.407726049 CET | 443 | 49752 | 142.250.185.68 | 192.168.2.9 |
| Jan 16, 2025 17:12:51.407793999 CET | 443 | 49752 | 142.250.185.68 | 192.168.2.9 |
| Jan 16, 2025 17:12:51.407890081 CET | 49752 | 443 | 192.168.2.9 | 142.250.185.68 |
| Jan 16, 2025 17:12:53.219360113 CET | 49752 | 443 | 192.168.2.9 | 142.250.185.68 |
| Jan 16, 2025 17:12:53.219407082 CET | 443 | 49752 | 142.250.185.68 | 192.168.2.9 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jan 16, 2025 17:10:19.391623020 CET | 58852 | 53 | 192.168.2.9 | 1.1.1.1 |
| Jan 16, 2025 17:10:36.341869116 CET | 57236 | 53 | 192.168.2.9 | 1.1.1.1 |
| Jan 16, 2025 17:10:36.342008114 CET | 51814 | 53 | 192.168.2.9 | 1.1.1.1 |
| Jan 16, 2025 17:10:36.347910881 CET | 53 | 55032 | 1.1.1.1 | 192.168.2.9 |
| Jan 16, 2025 17:10:36.377996922 CET | 53 | 51814 | 1.1.1.1 | 192.168.2.9 |
| Jan 16, 2025 17:10:36.528450012 CET | 53 | 57236 | 1.1.1.1 | 192.168.2.9 |
| Jan 16, 2025 17:10:37.018177032 CET | 53 | 49891 | 1.1.1.1 | 192.168.2.9 |
| Jan 16, 2025 17:10:38.019476891 CET | 53 | 52275 | 1.1.1.1 | 192.168.2.9 |
| Jan 16, 2025 17:10:38.261043072 CET | 53337 | 53 | 192.168.2.9 | 1.1.1.1 |
| Jan 16, 2025 17:10:38.261043072 CET | 56531 | 53 | 192.168.2.9 | 1.1.1.1 |
| Jan 16, 2025 17:10:38.293927908 CET | 53 | 56531 | 1.1.1.1 | 192.168.2.9 |
| Jan 16, 2025 17:10:38.304080963 CET | 53 | 53337 | 1.1.1.1 | 192.168.2.9 |
| Jan 16, 2025 17:10:39.516783953 CET | 62100 | 53 | 192.168.2.9 | 1.1.1.1 |
| Jan 16, 2025 17:10:39.517088890 CET | 61272 | 53 | 192.168.2.9 | 1.1.1.1 |
| Jan 16, 2025 17:10:39.706320047 CET | 53 | 61272 | 1.1.1.1 | 192.168.2.9 |
| Jan 16, 2025 17:10:39.711029053 CET | 53 | 62100 | 1.1.1.1 | 192.168.2.9 |
| Jan 16, 2025 17:10:40.735826015 CET | 50368 | 53 | 192.168.2.9 | 1.1.1.1 |
| Jan 16, 2025 17:10:40.735987902 CET | 59078 | 53 | 192.168.2.9 | 1.1.1.1 |
| Jan 16, 2025 17:10:40.742710114 CET | 53 | 50368 | 1.1.1.1 | 192.168.2.9 |
| Jan 16, 2025 17:10:40.743549109 CET | 53 | 59078 | 1.1.1.1 | 192.168.2.9 |
| Jan 16, 2025 17:10:40.752171040 CET | 58310 | 53 | 192.168.2.9 | 1.1.1.1 |
| Jan 16, 2025 17:10:40.752346992 CET | 62004 | 53 | 192.168.2.9 | 1.1.1.1 |
| Jan 16, 2025 17:10:40.761601925 CET | 53 | 62004 | 1.1.1.1 | 192.168.2.9 |
| Jan 16, 2025 17:10:40.772485971 CET | 53 | 58310 | 1.1.1.1 | 192.168.2.9 |
| Jan 16, 2025 17:10:41.149677992 CET | 53 | 55693 | 1.1.1.1 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.464651108 CET | 52774 | 53 | 192.168.2.9 | 1.1.1.1 |
| Jan 16, 2025 17:10:42.465039968 CET | 57603 | 53 | 192.168.2.9 | 1.1.1.1 |
| Jan 16, 2025 17:10:42.471736908 CET | 53 | 52774 | 1.1.1.1 | 192.168.2.9 |
| Jan 16, 2025 17:10:42.472353935 CET | 53 | 57603 | 1.1.1.1 | 192.168.2.9 |
| Jan 16, 2025 17:10:49.827069044 CET | 138 | 138 | 192.168.2.9 | 192.168.2.255 |
| Jan 16, 2025 17:10:54.948920012 CET | 53 | 55896 | 1.1.1.1 | 192.168.2.9 |
| Jan 16, 2025 17:11:13.899996042 CET | 53 | 65395 | 1.1.1.1 | 192.168.2.9 |
| Jan 16, 2025 17:11:35.982589006 CET | 53 | 60790 | 1.1.1.1 | 192.168.2.9 |
| Jan 16, 2025 17:11:36.730914116 CET | 53 | 65397 | 1.1.1.1 | 192.168.2.9 |
| Jan 16, 2025 17:12:06.648840904 CET | 53 | 60866 | 1.1.1.1 | 192.168.2.9 |
| Jan 16, 2025 17:12:50.991280079 CET | 53 | 54788 | 1.1.1.1 | 192.168.2.9 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Jan 16, 2025 17:10:19.391623020 CET | 192.168.2.9 | 1.1.1.1 | 0x1eca | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 16, 2025 17:10:36.341869116 CET | 192.168.2.9 | 1.1.1.1 | 0x4b2a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 16, 2025 17:10:36.342008114 CET | 192.168.2.9 | 1.1.1.1 | 0xd0a9 | Standard query (0) | 65 | IN (0x0001) | false | |
| Jan 16, 2025 17:10:38.261043072 CET | 192.168.2.9 | 1.1.1.1 | 0xe413 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 16, 2025 17:10:38.261043072 CET | 192.168.2.9 | 1.1.1.1 | 0xb2db | Standard query (0) | 65 | IN (0x0001) | false | |
| Jan 16, 2025 17:10:39.516783953 CET | 192.168.2.9 | 1.1.1.1 | 0x7430 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 16, 2025 17:10:39.517088890 CET | 192.168.2.9 | 1.1.1.1 | 0xedeb | Standard query (0) | 65 | IN (0x0001) | false | |
| Jan 16, 2025 17:10:40.735826015 CET | 192.168.2.9 | 1.1.1.1 | 0x9275 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 16, 2025 17:10:40.735987902 CET | 192.168.2.9 | 1.1.1.1 | 0x98ec | Standard query (0) | 65 | IN (0x0001) | false | |
| Jan 16, 2025 17:10:40.752171040 CET | 192.168.2.9 | 1.1.1.1 | 0x121f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 16, 2025 17:10:40.752346992 CET | 192.168.2.9 | 1.1.1.1 | 0xea82 | Standard query (0) | 65 | IN (0x0001) | false | |
| Jan 16, 2025 17:10:42.464651108 CET | 192.168.2.9 | 1.1.1.1 | 0x4ada | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 16, 2025 17:10:42.465039968 CET | 192.168.2.9 | 1.1.1.1 | 0x2e9d | Standard query (0) | 65 | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Jan 16, 2025 17:10:19.398682117 CET | 1.1.1.1 | 192.168.2.9 | 0x1eca | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Jan 16, 2025 17:10:19.398682117 CET | 1.1.1.1 | 192.168.2.9 | 0x1eca | No error (0) | e8652.dscx.akamaiedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Jan 16, 2025 17:10:19.398682117 CET | 1.1.1.1 | 192.168.2.9 | 0x1eca | No error (0) | 2.23.197.184 | A (IP address) | IN (0x0001) | false | ||
| Jan 16, 2025 17:10:36.528450012 CET | 1.1.1.1 | 192.168.2.9 | 0x4b2a | No error (0) | 66.63.187.216 | A (IP address) | IN (0x0001) | false | ||
| Jan 16, 2025 17:10:38.304080963 CET | 1.1.1.1 | 192.168.2.9 | 0xe413 | No error (0) | 66.63.187.216 | A (IP address) | IN (0x0001) | false | ||
| Jan 16, 2025 17:10:39.711029053 CET | 1.1.1.1 | 192.168.2.9 | 0x7430 | No error (0) | 186.64.116.70 | A (IP address) | IN (0x0001) | false | ||
| Jan 16, 2025 17:10:40.742710114 CET | 1.1.1.1 | 192.168.2.9 | 0x9275 | No error (0) | 142.250.185.68 | A (IP address) | IN (0x0001) | false | ||
| Jan 16, 2025 17:10:40.743549109 CET | 1.1.1.1 | 192.168.2.9 | 0x98ec | No error (0) | 65 | IN (0x0001) | false | |||
| Jan 16, 2025 17:10:40.761601925 CET | 1.1.1.1 | 192.168.2.9 | 0xea82 | No error (0) | 65 | IN (0x0001) | false | |||
| Jan 16, 2025 17:10:40.772485971 CET | 1.1.1.1 | 192.168.2.9 | 0x121f | No error (0) | 172.67.168.162 | A (IP address) | IN (0x0001) | false | ||
| Jan 16, 2025 17:10:40.772485971 CET | 1.1.1.1 | 192.168.2.9 | 0x121f | No error (0) | 104.21.94.195 | A (IP address) | IN (0x0001) | false | ||
| Jan 16, 2025 17:10:42.471736908 CET | 1.1.1.1 | 192.168.2.9 | 0x4ada | No error (0) | 35.190.80.1 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.9 | 49718 | 2.23.197.184 | 80 | 6340 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 16, 2025 17:10:19.411765099 CET | 115 | OUT | |
| Jan 16, 2025 17:10:20.045897007 CET | 1236 | IN | |
| Jan 16, 2025 17:10:20.045918941 CET | 509 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.9 | 49729 | 66.63.187.216 | 80 | 7604 | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 16, 2025 17:10:38.309708118 CET | 468 | OUT | |
| Jan 16, 2025 17:10:39.269768000 CET | 448 | IN | |
| Jan 16, 2025 17:10:39.528801918 CET | 381 | OUT | |
| Jan 16, 2025 17:10:39.862946033 CET | 371 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.9 | 49730 | 66.63.187.216 | 80 | 7604 | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 16, 2025 17:10:48.944006920 CET | 212 | IN | |
| Jan 16, 2025 17:11:33.952678919 CET | 6 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.9 | 49724 | 66.63.187.216 | 443 | 7604 | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-16 16:10:37 UTC | 664 | OUT | |
| 2025-01-16 16:10:38 UTC | 210 | IN | |
| 2025-01-16 16:10:38 UTC | 829 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.9 | 49732 | 186.64.116.70 | 443 | 7604 | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-16 16:10:40 UTC | 690 | OUT | |
| 2025-01-16 16:10:40 UTC | 344 | IN | |
| 2025-01-16 16:10:40 UTC | 237 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.9 | 49736 | 172.67.168.162 | 443 | 7604 | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-16 16:10:41 UTC | 684 | OUT | |
| 2025-01-16 16:10:42 UTC | 918 | IN | |
| 2025-01-16 16:10:42 UTC | 451 | IN | |
| 2025-01-16 16:10:42 UTC | 1369 | IN | |
| 2025-01-16 16:10:42 UTC | 1369 | IN | |
| 2025-01-16 16:10:42 UTC | 1369 | IN | |
| 2025-01-16 16:10:42 UTC | 1369 | IN | |
| 2025-01-16 16:10:42 UTC | 1369 | IN | |
| 2025-01-16 16:10:42 UTC | 1369 | IN | |
| 2025-01-16 16:10:42 UTC | 1369 | IN | |
| 2025-01-16 16:10:42 UTC | 1369 | IN | |
| 2025-01-16 16:10:42 UTC | 1369 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.9 | 49738 | 35.190.80.1 | 443 | 7604 | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-16 16:10:42 UTC | 547 | OUT | |
| 2025-01-16 16:10:43 UTC | 336 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.9 | 49739 | 35.190.80.1 | 443 | 7604 | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-16 16:10:43 UTC | 484 | OUT | |
| 2025-01-16 16:10:43 UTC | 455 | OUT | |
| 2025-01-16 16:10:43 UTC | 168 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 11:10:09 |
| Start date: | 16/01/2025 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6153b0000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 2 |
| Start time: | 11:10:10 |
| Start date: | 16/01/2025 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff61f300000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 4 |
| Start time: | 11:10:11 |
| Start date: | 16/01/2025 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff61f300000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 10 |
| Start time: | 11:10:34 |
| Start date: | 16/01/2025 |
| Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6b2cb0000 |
| File size: | 3'242'272 bytes |
| MD5 hash: | 5BBFA6CBDF4C254EB368D534F9E23C92 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 11 |
| Start time: | 11:10:35 |
| Start date: | 16/01/2025 |
| Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6b2cb0000 |
| File size: | 3'242'272 bytes |
| MD5 hash: | 5BBFA6CBDF4C254EB368D534F9E23C92 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
⊘No disassembly