Windows
Analysis Report
FAXOC_03019_99091_02052521.pdf
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 6864 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\F AXOC_03019 _99091_020 52521.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 7088 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7212 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 80 --field -trial-han dle=1628,i ,144547885 3660669842 6,12340969 7549250042 64,131072 --disable- features=B ackForward Cache,Calc ulateNativ eWinOcclus ion,WinUse BrowserSpe llChecker /prefetch: 8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- chrome.exe (PID: 7220 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "http: //www.dulc esol.es" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 7648 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2144 --fi eld-trial- handle=197 2,i,168670 3969579029 826,104444 1814743804 8298,26214 4 /prefetc h:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | Initial sample: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 1 Spearphishing Link | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
dulcesol.es | 15.197.142.173 | true | false |
| unknown |
www.google.com | 142.250.64.196 | true | false | high | |
www.dulcesol.es | unknown | unknown | false |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| low |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
15.197.142.173 | dulcesol.es | United States | 7430 | TANDEMUS | false | |
96.17.61.58 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
142.250.64.196 | www.google.com | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false |
IP |
---|
192.168.2.4 |
192.168.2.6 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1436917 |
Start date and time: | 2024-05-06 18:44:52 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 32s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 13 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | FAXOC_03019_99091_02052521.pdf |
Detection: | CLEAN |
Classification: | clean1.winPDF@44/43@6/6 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 104.110.176.137, 107.22.247.231, 18.207.85.246, 34.193.227.236, 54.144.73.197, 23.219.155.165, 23.219.155.148, 172.64.41.3, 162.159.61.3, 162.222.107.18, 192.229.211.108, 192.178.50.35, 142.250.98.84, 192.178.50.46, 34.104.35.123, 142.250.64.170, 172.217.165.202, 142.250.217.234, 142.250.217.202, 142.250.217.170, 192.178.50.42, 172.217.3.74, 142.250.64.234, 142.250.189.138, 192.178.50.74, 23.219.155.137, 142.250.217.195, 23.205.165.20, 23.205.165.13, 142.250.64.131, 142.251.35.238
- Excluded domains from analysis (whitelisted): clients1.google.com, e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, clientservices.googleapis.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, clients.l.google.com, www.gstatic.com, geo2.adobe.com, optimizationguide-pa.googleapis.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
239.255.255.250 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
15.197.142.173 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | FormBook, PureLog Stealer | Browse |
| ||
Get hash | malicious | FormBook, PureLog Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook, PureLog Stealer | Browse |
| ||
96.17.61.58 | Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Arc Stealer | Browse |
| ||
Get hash | malicious | Arc Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai, Gafgyt | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
TANDEMUS | Get hash | malicious | FormBook | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook, PureLog Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
28a2c9bd18a11de089ef85a160da29e4 | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.251021122479032 |
Encrypted: | false |
SSDEEP: | 6:Deaq2Pwkn2nKuAl9OmbnIFUt86i+XZmw+6i+FkwOwkn2nKuAl9OmbjLJ:DVvYfHAahFUt86i+X/+6i+F5JfHAaSJ |
MD5: | D69815426CD99796CDAA734E3C020FBC |
SHA1: | 3C84323F3DE431591D4A690A5F2C990BE3FF3479 |
SHA-256: | 675AA6CE291E9C80B2F69B92772493EE31AF90847E1CC67CF6B231FF243A7EF0 |
SHA-512: | 328E7A614285AF074881835D1A08856082476D86D5C29528C0252A525AE011B3698321653915E9B7E66B5CF9DD63393BC80EE790702C76DC240FE816251BCEF5 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.251021122479032 |
Encrypted: | false |
SSDEEP: | 6:Deaq2Pwkn2nKuAl9OmbnIFUt86i+XZmw+6i+FkwOwkn2nKuAl9OmbjLJ:DVvYfHAahFUt86i+X/+6i+F5JfHAaSJ |
MD5: | D69815426CD99796CDAA734E3C020FBC |
SHA1: | 3C84323F3DE431591D4A690A5F2C990BE3FF3479 |
SHA-256: | 675AA6CE291E9C80B2F69B92772493EE31AF90847E1CC67CF6B231FF243A7EF0 |
SHA-512: | 328E7A614285AF074881835D1A08856082476D86D5C29528C0252A525AE011B3698321653915E9B7E66B5CF9DD63393BC80EE790702C76DC240FE816251BCEF5 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.211952461422486 |
Encrypted: | false |
SSDEEP: | 6:DVFqM+q2Pwkn2nKuAl9Ombzo2jMGIFUt861Zmw+66ulMVkwOwkn2nKuAl9Ombzos:DP+vYfHAa8uFUt861/+6bWV5JfHAa8RJ |
MD5: | 5D64F6963E459A070B42C454A1557112 |
SHA1: | 396DE1483AC8AAB89D934F089BF765B22AB32E3B |
SHA-256: | CAD9134670349EF21A107F7EE11238C389524A8A7E790081628FCF7E0C735456 |
SHA-512: | 6F49D52E3D74D788D9BD29A017566EB22B76695261275769A8BC45FD50BF282BC5CAF13C2500E2A39B3B591145DA67D1625DBFC39EC2740498A16D53592916B0 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.211952461422486 |
Encrypted: | false |
SSDEEP: | 6:DVFqM+q2Pwkn2nKuAl9Ombzo2jMGIFUt861Zmw+66ulMVkwOwkn2nKuAl9Ombzos:DP+vYfHAa8uFUt861/+6bWV5JfHAa8RJ |
MD5: | 5D64F6963E459A070B42C454A1557112 |
SHA1: | 396DE1483AC8AAB89D934F089BF765B22AB32E3B |
SHA-256: | CAD9134670349EF21A107F7EE11238C389524A8A7E790081628FCF7E0C735456 |
SHA-512: | 6F49D52E3D74D788D9BD29A017566EB22B76695261275769A8BC45FD50BF282BC5CAF13C2500E2A39B3B591145DA67D1625DBFC39EC2740498A16D53592916B0 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\7ddc6c95-b97e-459a-b526-e47205f963a8.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.963716805413449 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZcEfHksBdOg2HcZcaq3QYiubInP7E4T3y:Y2sRdsadMHd3QYhbG7nby |
MD5: | 9EC0FE2C65E870E7013F09F525630608 |
SHA1: | 802E373072F81A3CA423E3E98ECB21B601ECA347 |
SHA-256: | 4FC997CFD684F2AA72A01B05D339932CDFA147A4D7C87895AAA4AFBFAB9FABBA |
SHA-512: | 19AD9E154AF95E0C5226AD21487074CE5B17D83671257E0AFA78C9B41DA9EC8AA008CBA75A96262D389457A9F528CBC08EA4DC9A9DD0A76852EFA4D65EE8C8FF |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.963716805413449 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZcEfHksBdOg2HcZcaq3QYiubInP7E4T3y:Y2sRdsadMHd3QYhbG7nby |
MD5: | 9EC0FE2C65E870E7013F09F525630608 |
SHA1: | 802E373072F81A3CA423E3E98ECB21B601ECA347 |
SHA-256: | 4FC997CFD684F2AA72A01B05D339932CDFA147A4D7C87895AAA4AFBFAB9FABBA |
SHA-512: | 19AD9E154AF95E0C5226AD21487074CE5B17D83671257E0AFA78C9B41DA9EC8AA008CBA75A96262D389457A9F528CBC08EA4DC9A9DD0A76852EFA4D65EE8C8FF |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.258597208783717 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7wC91/bMrC9GT/Z:etJCV4FiN/jTN/2r8Mta02fEhgO73gos |
MD5: | 24D0A0BEB9F777E0377F35D9724CD476 |
SHA1: | EA53BA45BA555C58C49CD90EC60CFF1D83D5F63D |
SHA-256: | C34CC14352D5A38F35008573C4D1A8C27617E5F76E34069E5AE4EB9E63C22D3D |
SHA-512: | D02903553D4F027402625BC93DF471F99A6C29B0A6CA52023C6E7ED1FDA816C9C4E5C5FAEA35AF2801BA05430D48C4D901248F418E3F7B1A15FC7D45B8C0902E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.242081958685227 |
Encrypted: | false |
SSDEEP: | 6:DKFqM+q2Pwkn2nKuAl9OmbzNMxIFUt86CFXZmw+6KMVkwOwkn2nKuAl9OmbzNMFd:DKt+vYfHAa8jFUt86C5/+6XV5JfHAa8E |
MD5: | 8CEBECE6E114A3D45BBF41D16C7603C8 |
SHA1: | 460D593788A65A773052066FF25AE08AF42E7C63 |
SHA-256: | 212AFE61BDF468770353B24C0E42D32DCC821FCB2FEC981AA96711BB40878B73 |
SHA-512: | E0C081B7361116F7F17628E9F41687BDE59C3DD272C877BC7F50A5EF6814479B9AC72E58204F6A2F965FB0763953EFDA075E367E0B3F6DD1C1AB9A74B3E88D3C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.242081958685227 |
Encrypted: | false |
SSDEEP: | 6:DKFqM+q2Pwkn2nKuAl9OmbzNMxIFUt86CFXZmw+6KMVkwOwkn2nKuAl9OmbzNMFd:DKt+vYfHAa8jFUt86C5/+6XV5JfHAa8E |
MD5: | 8CEBECE6E114A3D45BBF41D16C7603C8 |
SHA1: | 460D593788A65A773052066FF25AE08AF42E7C63 |
SHA-256: | 212AFE61BDF468770353B24C0E42D32DCC821FCB2FEC981AA96711BB40878B73 |
SHA-512: | E0C081B7361116F7F17628E9F41687BDE59C3DD272C877BC7F50A5EF6814479B9AC72E58204F6A2F965FB0763953EFDA075E367E0B3F6DD1C1AB9A74B3E88D3C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240506164551Z-160.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 1.4263969225994708 |
Encrypted: | false |
SSDEEP: | 768:GbuVvHslrVXr0tVxFLySZyvNXZZJwdA0VmPwgBgK7Do2RVgWlhK2W:8S |
MD5: | 74F545E9F52D1679554CAE516B9F4A8E |
SHA1: | F70B275858CB5C4D911EA8C7B410209A28CCDA90 |
SHA-256: | 328A0B696507C7932CFF45AAA2907D283D57A7C6E8EF209FB0C0C4227937BE4F |
SHA-512: | AAC29EE51CB512C69FBBC92FADB15E0B2E6B051AE866BFFF5D40E284DCA1D87559EC421EC6795B4FFC0E5012D2A504604C5D884101AEF9498838D13AE28EE73C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.4454429802653355 |
Encrypted: | false |
SSDEEP: | 384:yezci5tOiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rhs3OazzU89UTTgUL |
MD5: | E905E1733338ECB4133FE4135CF9A69D |
SHA1: | 36813C3FDDE7022392F49E7251ECFECF531CD58E |
SHA-256: | CB6E911122C0874E38E777623AAB6B4A56A5BBE96F778C61BC5BA13B183940B1 |
SHA-512: | F6ECE253A2EAF6EE5D37C766DCCDFD61575B8B061489CED5B290C42FC7B50C3CD26C7383130615CF8A5DD1A0DD03D3257CCD45BAFD4D0373BEC6C6EB3D3245C9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.7774033857618066 |
Encrypted: | false |
SSDEEP: | 48:7Mgp/E2ioyVBioy9oWoy1Cwoy1xKOioy1noy1AYoy1Wioy1hioybioyxoy1noy1s:7HpjuBFUXKQocb9IVXEBodRBkp |
MD5: | B59C06F1361CADA9DE785A8C3E954BE5 |
SHA1: | 19C51EA5A9A937C73246426EEC93DEDCF5A132E3 |
SHA-256: | 0BB50DAD145EC3AD0128A8DB79D7E0D0BDB2E9A1D26CBB391B85AAA58812674F |
SHA-512: | 9C293EB054663852700D422967FDBB2000C41EE62EF92128751B3354A99EDE03ACE7D6EB1B8E0EDCD629CE112E835F96646E7BE6CD2CE5C4F6846974D9CC0342 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 243196 |
Entropy (8bit): | 3.3450692389394283 |
Encrypted: | false |
SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.347477817444748 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXKkFzwq9VoZcg1vRcR0YytxoAvJM3g98kUwPeUkwRe9:YvXKXv9jEZc0v5tOGMbLUkee9 |
MD5: | CA94D9735FE14AF814F6FF74C614A356 |
SHA1: | 21938D9DCC618101FBB346357438DD0366416B2C |
SHA-256: | 0E436C07EDF38B01D1D4B22123D476E880C0F2B95016575C66A39B4518078F6D |
SHA-512: | DDF85523F232B2BB1A9B9B33D216481476D72605FC59C8BABEE6389ADF866C40A1385112C48A1BC87C3813449074433AABFC2B3372069D498D3B58247DEBFB08 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.295589163207157 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXKkFzwq9VoZcg1vRcR0YytxoAvJfBoTfXpnrPeUkwRe9:YvXKXv9jEZc0v5tOGWTfXcUkee9 |
MD5: | CBCF48C6C6B788E3C13BDEA7A8E955A0 |
SHA1: | 1C905967B191476CB7F07B8F1D60071E10F1CC63 |
SHA-256: | C95F15F26D58C417A0195C8ED48E2F7138C2D598222CBAE6A5CF9DE708DD372D |
SHA-512: | 6123D7D4F82E5AB4DF0BA7054AB47941B0C555743ACAB5F6CCCEFB7B64F1301FE8F3A73CF4B16587817756D22CD71784B2C6EFCF218766376267BC8106E47E16 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.274410238252755 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXKkFzwq9VoZcg1vRcR0YytxoAvJfBD2G6UpnrPeUkwRe9:YvXKXv9jEZc0v5tOGR22cUkee9 |
MD5: | 0962BA8DA726352E9B735933A9F2905B |
SHA1: | B2437258BC74D3C65E4DC3EF3F761CE47585B72D |
SHA-256: | 48CE62A898C87E35A8BF3D7B743F4AB31B495390729DEBFD73EFEECFF04E4152 |
SHA-512: | BBEA2B23B3C45D00B650746326584CAFF28A7010FE13CDCB7055F8CCBC1EB526912F578655ED1E8D874EB8E3C8261B385E2E08FC5E5D3A2C624A08B6AD046EBE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.333930935258419 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXKkFzwq9VoZcg1vRcR0YytxoAvJfPmwrPeUkwRe9:YvXKXv9jEZc0v5tOGH56Ukee9 |
MD5: | 4B0EADE3D396A7614E4075AA063DB996 |
SHA1: | 42030EC09766A4264506A307F4C14FECBB3E646F |
SHA-256: | 5364D95FFB041B528A88CB52CD8C437E60F49595445C499D3143559B8C127A2E |
SHA-512: | 983A7ED03FEEC4EC83F2F369E1DE72813C79F90D46BA0F146E586305302A16B7C4A31F297DED134998B5B1466E8CCB68CE04820761148903E02F8B95710A2447 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.291390079437962 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXKkFzwq9VoZcg1vRcR0YytxoAvJfJWCtMdPeUkwRe9:YvXKXv9jEZc0v5tOGBS8Ukee9 |
MD5: | A60B6A299A87905E09263B17151E1699 |
SHA1: | B7201F1B49CC783D624846EB573760EA0E4B012D |
SHA-256: | 81C4A324A307BAAC1D659DF89A15CD744456019DCAD029AF1EC5B1300A5E2959 |
SHA-512: | E1466F869230659642B6BC34BBF7555F61B18E1A8C0C1F894553DEAE5C676631CAF342548F614C3B460C0AE252A830A0055988CA698EF53075189E98BDE9210A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.2783607986899055 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXKkFzwq9VoZcg1vRcR0YytxoAvJf8dPeUkwRe9:YvXKXv9jEZc0v5tOGU8Ukee9 |
MD5: | 1E57946AE71E00894441F3DF93262016 |
SHA1: | 362168DC08ADDF10F0194DADEA4E42C2484C3D48 |
SHA-256: | E38C071FD6D098401E8F77102CA152AFD6BE20908B0A00C1B30BAAF9E286596F |
SHA-512: | 00CD6D38F09A0451FF3AA7260ACD06DB0EA2C63C08BEF2AF1BD8D4F1DA2CE249AD46926939DBA3F0B1009A39CF20E64B62DA6F433036E8A98E52B7CDAF6CA10F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.282499927542389 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXKkFzwq9VoZcg1vRcR0YytxoAvJfQ1rPeUkwRe9:YvXKXv9jEZc0v5tOGY16Ukee9 |
MD5: | 0E32B82AFB6CD434D67B75525FAA87C3 |
SHA1: | 94D8A398BBC9DF5565197AE9FEAF9DCDB089107F |
SHA-256: | 66D0E00318AC22EF5B30F948D5FCD10F4B662E27B4E7375C7C6539B074EE8AA3 |
SHA-512: | ECF693C0419917955A181EF4B4FBC4BAAF5C541A1D5FB05E1C1C05E73D6797C5973291F26CA1781FEA92A6663E17D480377D48FA4A0F626D27755ADB940CAF6C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.2876638827473155 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXKkFzwq9VoZcg1vRcR0YytxoAvJfFldPeUkwRe9:YvXKXv9jEZc0v5tOGz8Ukee9 |
MD5: | 3F9D31F69728FA1BC5588513555961A5 |
SHA1: | 29F221B459F77A18264161992FA25CF627A2FCC6 |
SHA-256: | 29E985F584A1328489F45729F848744A491BE52999201CE8FED292B92606FB27 |
SHA-512: | 6C458A9A1DEE82F8E60CD6E6345A776FD054424C3B767656F6D9E7473AD3DAF6D5396615CDAAC9D665DAABE367E14060720A01C063A1E2F898176412D4B19F62 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.734507054407414 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xv+zvzKKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNEu:YvUWeEgigrNt0wSJn+ns8cvFJOu |
MD5: | 419A523A5C168720FCFBFCF14E900F81 |
SHA1: | D21B0521347FF55BB7FA2CFA839F74A732BED162 |
SHA-256: | 15841498CDD7D0B5DBC6F0BAC70F4ACCC8873E5A2A3CCC74F00E6D9DA922AF87 |
SHA-512: | 7EDFAF7B3B9657776349F06CD9E2B66219C6F26DB146E1A020D93FC74CE93D774E25877A5A26D5CB98F85964B571C52E476BEDA850C715EE257803C99BDFCB5E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.284374002038652 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXKkFzwq9VoZcg1vRcR0YytxoAvJfYdPeUkwRe9:YvXKXv9jEZc0v5tOGg8Ukee9 |
MD5: | 3390B1B2F7D14888F7E494B851025F0B |
SHA1: | D7C8A257455C15732CF4199B21FF5FE0D386DBBC |
SHA-256: | D5426AE17CC7487B3B8375686494F451EC7CBF5B2355322B46F46496BF784324 |
SHA-512: | A8413E9A60E2CC89F78739AACAB36FC58828540719945FC6DC58AC48F664A1196B5E8F834D7DD95F7B55AE8A11B818B7B3EA3B495EC05B49CF8B7577B8A26D71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.770836903382114 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xv+zvz5rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNcu:YvUWVHgDv3W2aYQfgB5OUupHrQ9FJKu |
MD5: | E1FD6DAB44C572A5ADD6268F42B595A3 |
SHA1: | 4D7E53785146E5D5424127508EA707D9E7E12483 |
SHA-256: | D59D1CD5BF93C19805D05CD08B64466B3166D9BCC2282BFE7A6D5B432972A1CF |
SHA-512: | 30EC24DA662441E0391C5D30DAEFBDE3C2D89C764058E6C48FB4558040AE2CCE4B991268891F835CD481B910CABB6FB1E17E39FBF2218519BA675828F85CA095 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.268028494887507 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXKkFzwq9VoZcg1vRcR0YytxoAvJfbPtdPeUkwRe9:YvXKXv9jEZc0v5tOGDV8Ukee9 |
MD5: | DCCD0EF5A3A35AC20DB01ACD78100F4B |
SHA1: | 6ED1E9492F496D9C52305C1568BCFCB1DE6E1239 |
SHA-256: | E6457180E9A1A3F13CBB70582AE85D56E57D2A7F495FEF3D73D8C6C59BBB7BC1 |
SHA-512: | BCC2E93D9E500BA5D43AEA6E7CE41AFBAC695D857060B2916285235DB2A56C2C043093624DC4583529C1C679D9EFF88EFDC3D527599466B85799047A1DB8B84E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.272759525963817 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXKkFzwq9VoZcg1vRcR0YytxoAvJf21rPeUkwRe9:YvXKXv9jEZc0v5tOG+16Ukee9 |
MD5: | 345CABAA655A7E398A4372054E8DDCCD |
SHA1: | 8473CD7B320FB1FD8F844DCD54C4B49816AF599C |
SHA-256: | AB3591E46BD84B6D49DF55528EDBCDA1BA2BBC8CA69F161F169BA468144F3B34 |
SHA-512: | 1152CC27CA31271551C1D5889F945313E3D74FD82B644D3AC3322F0ED4DC1ADC1FC8B5C5168173EDB877ED4D6BEE2B8C2120E01899DB2903C58A9FCC48EE2541 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.2914866083219225 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXKkFzwq9VoZcg1vRcR0YytxoAvJfbpatdPeUkwRe9:YvXKXv9jEZc0v5tOGVat8Ukee9 |
MD5: | 35A9FD1BBB9C1B879FE747EBFE7B87BC |
SHA1: | BAC9D0C66AA0F1B4B9FD81A29AB157C358FC5F65 |
SHA-256: | 9DA6E06C5E537E108D2EAFBFD56517C1F7D82F2184638B38BA7971F44919D195 |
SHA-512: | 56DD2AE9C87593C7498FC1ED84F32D15A8296580F5D0BDF02E4443108824CA3E8EE70F53DD15EA491EDFE675B38D49EEA435740C510E04848EA44DE7F7B2B3D1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.248330377388274 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXKkFzwq9VoZcg1vRcR0YytxoAvJfshHHrPeUkwRe9:YvXKXv9jEZc0v5tOGUUUkee9 |
MD5: | 6BB37343FA7E02E1783A1BB5E45654ED |
SHA1: | 1B010FC8447636B757D9850DE63E932ADA2C0071 |
SHA-256: | 793F1FB03A89E63C65A112CC5582578F484D78A397ABC2A4164BC7B09DBC5FC7 |
SHA-512: | CDBA875DB423937326FD17314EECC000840CE86C1551D42E7C4C0CBADCF38CFE3F5739720865E69A5D23B75BF27DECFB39093335B505CA6EF330B13B815BB280 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.362013240922771 |
Encrypted: | false |
SSDEEP: | 12:YvXKXv9jEZc0v5tOGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWgu:Yv6Xv+zvzY168CgEXX5kcIfANhru |
MD5: | BFC9AD8F9480EF625B4C460F26806B7A |
SHA1: | 41B31FE3EDEEC70EB6909DEFF07D27D961C05F91 |
SHA-256: | 60B230818F8BBC5EB3332CC30CFD10DC88EB32E4361BDBF2A738C27AEA0C7325 |
SHA-512: | D30822F483E08F8E41928D7B38225AC7A67E645DFA2077610E05882107ECD47159670188172A91A0979D530DE3012E30168159E2A5A451C91C2C996C4F6060AF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.125526830804106 |
Encrypted: | false |
SSDEEP: | 48:YQSVC6c0pa89mki1q7PeWcDQ+i9BPiSJ7m5TsjO90u3AtIO:BWD5g89mki1qyWcDQfjKSJ6sQ0u3AtIO |
MD5: | AD137D7D92800B5DB1C473D899141224 |
SHA1: | 9BAA8DE4708DEC483A3A81F7ECD1E18E43A16D76 |
SHA-256: | 8567322B754163EE635387E7AA773DF0A8BAD0491D7A4648634976FCA5BCE5AE |
SHA-512: | 1B42CA9A9A4D5350334BDCA8009411640533AD2A6BB10C50A7362AE9FEB25ABE18F0264C5BDB68B789125FEE376898CFF49103F10C7515ECE28932D8A75FD487 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1881882861379554 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUMSvR9H9vxFGiDIAEkGVvpW:lNVmswUUUUUUUUM+FGSIty |
MD5: | 3987E756ADFEC6676CD05E282AC6813C |
SHA1: | C45A1743F39088415B926BCCA01AF6B12922DA56 |
SHA-256: | DC6B49B23B70401673DA04E929A0C8E0FA2363374FA066D3DA6D6AEBE87616A4 |
SHA-512: | 73873B6D36CACB04F586780D06CDF22717B5267B1646CC2A4964A2477A65C31AD7EFBB70B30572FBB2A7E8967713B421D6D40D52A36B075608666DCC1603D844 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.607331715051392 |
Encrypted: | false |
SSDEEP: | 48:7M0mtKUUUUUUUUUUevR9H9vxFGiDIAEkGVvmqFl2GL7ms1:7VmQUUUUUUUUUUiFGSItcKVms1 |
MD5: | 9AF3A9259359A8344EF11EE52FE83E50 |
SHA1: | 8C6E1EDF8271F616721E6ED2244AAEB93E94CEE6 |
SHA-256: | 12B5825DF358C03F575BF53BD5E827CA9429471AB9D9AF00E16034C2E901AA61 |
SHA-512: | EFA84190D89073A482D67554AF423C522E3E5C67B5ACA6A33C5784151A5315A28EF4CD4814D21308EC967E76204527BB9C68DB6BDDB363F6570F685EEBE5DE4C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5329345335875004 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K88yFRw:Qw946cPbiOxDlbYnuRK+w |
MD5: | 794C958A82C1091A40859E22E6E72B4F |
SHA1: | 10F857DACC9F8C94D1AF26C1D2AE0CBA50CE623D |
SHA-256: | 61B981DC5EEFEA4506A783C84FAF1E7389A915F7F8A064610343C81A68B0588D |
SHA-512: | 787CC08F65D17EDEE2A18D144D7391901E18D02CE7C6DBA6752B12994C34F95BB4D1DB3FBFC381DCE86EC1469243C5EB6DD82BE214D6B9E655C910334EAD260A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-05-06 18-45-49-456.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.385999451606317 |
Encrypted: | false |
SSDEEP: | 384:j1vMqUnsf6AvlmwV41lxfW/rE9/M4cKRmYaMoKqLbdrMPNQAebm3c3Kv+sevIA07:9Sl |
MD5: | 511477E38E1AF16F4A8C022C047569CA |
SHA1: | 70ADBA3E81EC0F83DCF494709C75E088FB852E5E |
SHA-256: | 6AD2D74CB2271E4DE76CA32FB9AABC2C1EECE654F3E8089A9009AEA9D4326C37 |
SHA-512: | EBA554ED34B6F6189BA354ABFE111A9767BB800567F4428772DBD4057B4D1030AE9AF4A2E4E55265E6523558A7C627105847C4542F1C569A792CE74078C84D58 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.399007158987435 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2r7:/ |
MD5: | 31D0A4EFA0B763C322836F26B279E629 |
SHA1: | E231579F418D52B4F11E09C668535A05C6E63086 |
SHA-256: | BFD723D6B818EDA9F630760D216221798ABA9405CB2D8833BB295ED7956668B1 |
SHA-512: | 6CBFD58F6D95B4F01C73EC4975C945EDDFB62325EA1F59F8D993FA266008AA246968B33B124FC2F23A79ECF708207B35905C58832FE54577BF4394853C001A24 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/x0Wo7olgGZtwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:J0W9lgGZtwZGk3mlind9i4ufFXpAXkru |
MD5: | 60A20736363451AD65B9217321E372DC |
SHA1: | EB236E320D8C8531CF011BD6FDEE4442DB08972F |
SHA-256: | 89BE7B3D7546985FF85535E3F979C94C4519709B05E5FEC63747805FCF899CE0 |
SHA-512: | 4A096D43D6EE15C7BD5255D35655AD55C265DF829A4AFBC24CAAB8C201D4C109AD2C3DDD298C6CB3980D0C6C31A19D5EAC8E509748FF5083A0F9E42ACA1589BA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZjZwYIGNPJe:RB3mlind9i4ufFXpAXkrfUs03WLaGZje |
MD5: | 716C2C392DCD15C95BBD760EEBABFCD0 |
SHA1: | 4B4CE9C6AED6A7F809236B2DAFA9987CA886E603 |
SHA-256: | DD3E6CFC38DA1B30D5250B132388EF73536D00628267E7F9C7E21603388724D8 |
SHA-512: | E164702386F24FF72111A53DA48DC57866D10DAE50A21D4737B5687E149FF9D673729C5D2F2B8DA9EB76A2E5727A2AFCFA5DE6CC0EEEF7D6EBADE784385460AF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.809450068296632 |
TrID: |
|
File name: | FAXOC_03019_99091_02052521.pdf |
File size: | 15'695 bytes |
MD5: | dfd293aa1d8895a61e95ee58954292a3 |
SHA1: | 7467896aa9d95aad320c7531a4c14ceed0af0d5c |
SHA256: | 0954754f22379a4e2d6056687f39245023a1952a96c01b60390d62a3bad069fc |
SHA512: | d23e2e9a888d3c1891a8a3de604fa3f59a0d75f0393e366994f3242f7dc1cfa7a0d392eab42907f667b931e07796fe93c1c9db4951a5f113946f0078fdc1fa31 |
SSDEEP: | 384:JHVNZtcQaD12K1mCpErUQvvWIjEyd6jm7o0juClbisOz:JHVN7cQaD12K1mAErnXCykms0Hu |
TLSH: | A2623C0FE2834BDDDDC7BA65E27172F25AEDA77E40CB2A1194A54D0DCEE409812019B3 |
File Content Preview: | %PDF-1.4.3 0 obj.<</Type /Page./Parent 1 0 R./Resources 2 0 R./Annots [<</Type /Annot /Subtype /Link /Rect [28.35 824.88 141.73 711.50] /Border [0 0 0] /A <</S /URI /URI (http://www.dulcesol.es)>>>>]./Group <</Type /Group /S /Transparency /CS /DeviceRGB>> |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.4 |
Total Entropy: | 7.809450 |
Total Bytes: | 15695 |
Stream Entropy: | 7.893933 |
Stream Bytes: | 13447 |
Entropy outside Streams: | 5.107525 |
Bytes outside Streams: | 2248 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 14 |
endobj | 14 |
stream | 4 |
endstream | 4 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 2 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
11 | 0000505226160000 | 651a9a5b8799778f278c577c72765ee9 | |
12 | 0000000008000000 | 639af13c200358a062260a9004068fff |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 6, 2024 18:45:53.391808987 CEST | 49738 | 443 | 192.168.2.4 | 104.110.176.109 |
May 6, 2024 18:45:53.391855955 CEST | 443 | 49738 | 104.110.176.109 | 192.168.2.4 |
May 6, 2024 18:45:53.391947985 CEST | 49738 | 443 | 192.168.2.4 | 104.110.176.109 |
May 6, 2024 18:45:53.393686056 CEST | 49738 | 443 | 192.168.2.4 | 104.110.176.109 |
May 6, 2024 18:45:53.393697023 CEST | 443 | 49738 | 104.110.176.109 | 192.168.2.4 |
May 6, 2024 18:45:53.622330904 CEST | 443 | 49738 | 104.110.176.109 | 192.168.2.4 |
May 6, 2024 18:45:53.622539997 CEST | 49738 | 443 | 192.168.2.4 | 104.110.176.109 |
May 6, 2024 18:45:53.625720024 CEST | 49738 | 443 | 192.168.2.4 | 104.110.176.109 |
May 6, 2024 18:45:53.625727892 CEST | 443 | 49738 | 104.110.176.109 | 192.168.2.4 |
May 6, 2024 18:45:53.625974894 CEST | 443 | 49738 | 104.110.176.109 | 192.168.2.4 |
May 6, 2024 18:45:53.659634113 CEST | 49738 | 443 | 192.168.2.4 | 104.110.176.109 |
May 6, 2024 18:45:53.700120926 CEST | 443 | 49738 | 104.110.176.109 | 192.168.2.4 |
May 6, 2024 18:45:53.837106943 CEST | 443 | 49738 | 104.110.176.109 | 192.168.2.4 |
May 6, 2024 18:45:53.837181091 CEST | 443 | 49738 | 104.110.176.109 | 192.168.2.4 |
May 6, 2024 18:45:53.837275028 CEST | 49738 | 443 | 192.168.2.4 | 104.110.176.109 |
May 6, 2024 18:45:53.837414026 CEST | 49738 | 443 | 192.168.2.4 | 104.110.176.109 |
May 6, 2024 18:45:53.837435007 CEST | 443 | 49738 | 104.110.176.109 | 192.168.2.4 |
May 6, 2024 18:45:53.837447882 CEST | 49738 | 443 | 192.168.2.4 | 104.110.176.109 |
May 6, 2024 18:45:53.837454081 CEST | 443 | 49738 | 104.110.176.109 | 192.168.2.4 |
May 6, 2024 18:45:53.873992920 CEST | 49739 | 443 | 192.168.2.4 | 104.110.176.109 |
May 6, 2024 18:45:53.874047995 CEST | 443 | 49739 | 104.110.176.109 | 192.168.2.4 |
May 6, 2024 18:45:53.874162912 CEST | 49739 | 443 | 192.168.2.4 | 104.110.176.109 |
May 6, 2024 18:45:53.874420881 CEST | 49739 | 443 | 192.168.2.4 | 104.110.176.109 |
May 6, 2024 18:45:53.874432087 CEST | 443 | 49739 | 104.110.176.109 | 192.168.2.4 |
May 6, 2024 18:45:54.100605965 CEST | 443 | 49739 | 104.110.176.109 | 192.168.2.4 |
May 6, 2024 18:45:54.100677013 CEST | 49739 | 443 | 192.168.2.4 | 104.110.176.109 |
May 6, 2024 18:45:54.106914997 CEST | 49739 | 443 | 192.168.2.4 | 104.110.176.109 |
May 6, 2024 18:45:54.106929064 CEST | 443 | 49739 | 104.110.176.109 | 192.168.2.4 |
May 6, 2024 18:45:54.107258081 CEST | 443 | 49739 | 104.110.176.109 | 192.168.2.4 |
May 6, 2024 18:45:54.110474110 CEST | 49739 | 443 | 192.168.2.4 | 104.110.176.109 |
May 6, 2024 18:45:54.156126022 CEST | 443 | 49739 | 104.110.176.109 | 192.168.2.4 |
May 6, 2024 18:45:54.327394009 CEST | 443 | 49739 | 104.110.176.109 | 192.168.2.4 |
May 6, 2024 18:45:54.327476025 CEST | 443 | 49739 | 104.110.176.109 | 192.168.2.4 |
May 6, 2024 18:45:54.327527046 CEST | 49739 | 443 | 192.168.2.4 | 104.110.176.109 |
May 6, 2024 18:45:54.328834057 CEST | 49739 | 443 | 192.168.2.4 | 104.110.176.109 |
May 6, 2024 18:45:54.328855991 CEST | 443 | 49739 | 104.110.176.109 | 192.168.2.4 |
May 6, 2024 18:45:54.328871012 CEST | 49739 | 443 | 192.168.2.4 | 104.110.176.109 |
May 6, 2024 18:45:54.328876972 CEST | 443 | 49739 | 104.110.176.109 | 192.168.2.4 |
May 6, 2024 18:45:59.641834021 CEST | 49740 | 443 | 192.168.2.4 | 96.17.61.58 |
May 6, 2024 18:45:59.641870975 CEST | 443 | 49740 | 96.17.61.58 | 192.168.2.4 |
May 6, 2024 18:45:59.641942978 CEST | 49740 | 443 | 192.168.2.4 | 96.17.61.58 |
May 6, 2024 18:45:59.642119884 CEST | 49740 | 443 | 192.168.2.4 | 96.17.61.58 |
May 6, 2024 18:45:59.642133951 CEST | 443 | 49740 | 96.17.61.58 | 192.168.2.4 |
May 6, 2024 18:45:59.981525898 CEST | 443 | 49740 | 96.17.61.58 | 192.168.2.4 |
May 6, 2024 18:45:59.983998060 CEST | 49740 | 443 | 192.168.2.4 | 96.17.61.58 |
May 6, 2024 18:45:59.984019995 CEST | 443 | 49740 | 96.17.61.58 | 192.168.2.4 |
May 6, 2024 18:45:59.984949112 CEST | 443 | 49740 | 96.17.61.58 | 192.168.2.4 |
May 6, 2024 18:45:59.985018015 CEST | 49740 | 443 | 192.168.2.4 | 96.17.61.58 |
May 6, 2024 18:45:59.987257957 CEST | 49740 | 443 | 192.168.2.4 | 96.17.61.58 |
May 6, 2024 18:45:59.987309933 CEST | 443 | 49740 | 96.17.61.58 | 192.168.2.4 |
May 6, 2024 18:45:59.987433910 CEST | 49740 | 443 | 192.168.2.4 | 96.17.61.58 |
May 6, 2024 18:45:59.987445116 CEST | 443 | 49740 | 96.17.61.58 | 192.168.2.4 |
May 6, 2024 18:46:00.038371086 CEST | 49740 | 443 | 192.168.2.4 | 96.17.61.58 |
May 6, 2024 18:46:00.111706018 CEST | 443 | 49740 | 96.17.61.58 | 192.168.2.4 |
May 6, 2024 18:46:00.111829042 CEST | 443 | 49740 | 96.17.61.58 | 192.168.2.4 |
May 6, 2024 18:46:00.111888885 CEST | 49740 | 443 | 192.168.2.4 | 96.17.61.58 |
May 6, 2024 18:46:00.112482071 CEST | 49740 | 443 | 192.168.2.4 | 96.17.61.58 |
May 6, 2024 18:46:00.112499952 CEST | 443 | 49740 | 96.17.61.58 | 192.168.2.4 |
May 6, 2024 18:46:04.999618053 CEST | 49741 | 443 | 192.168.2.4 | 20.12.23.50 |
May 6, 2024 18:46:04.999666929 CEST | 443 | 49741 | 20.12.23.50 | 192.168.2.4 |
May 6, 2024 18:46:04.999728918 CEST | 49741 | 443 | 192.168.2.4 | 20.12.23.50 |
May 6, 2024 18:46:05.001051903 CEST | 49741 | 443 | 192.168.2.4 | 20.12.23.50 |
May 6, 2024 18:46:05.001063108 CEST | 443 | 49741 | 20.12.23.50 | 192.168.2.4 |
May 6, 2024 18:46:05.425486088 CEST | 443 | 49741 | 20.12.23.50 | 192.168.2.4 |
May 6, 2024 18:46:05.425616026 CEST | 49741 | 443 | 192.168.2.4 | 20.12.23.50 |
May 6, 2024 18:46:05.429025888 CEST | 49741 | 443 | 192.168.2.4 | 20.12.23.50 |
May 6, 2024 18:46:05.429035902 CEST | 443 | 49741 | 20.12.23.50 | 192.168.2.4 |
May 6, 2024 18:46:05.429270029 CEST | 443 | 49741 | 20.12.23.50 | 192.168.2.4 |
May 6, 2024 18:46:05.478996992 CEST | 49741 | 443 | 192.168.2.4 | 20.12.23.50 |
May 6, 2024 18:46:05.902981997 CEST | 49741 | 443 | 192.168.2.4 | 20.12.23.50 |
May 6, 2024 18:46:05.948120117 CEST | 443 | 49741 | 20.12.23.50 | 192.168.2.4 |
May 6, 2024 18:46:06.177674055 CEST | 443 | 49741 | 20.12.23.50 | 192.168.2.4 |
May 6, 2024 18:46:06.177694082 CEST | 443 | 49741 | 20.12.23.50 | 192.168.2.4 |
May 6, 2024 18:46:06.177696943 CEST | 443 | 49741 | 20.12.23.50 | 192.168.2.4 |
May 6, 2024 18:46:06.177742004 CEST | 443 | 49741 | 20.12.23.50 | 192.168.2.4 |
May 6, 2024 18:46:06.177778959 CEST | 443 | 49741 | 20.12.23.50 | 192.168.2.4 |
May 6, 2024 18:46:06.177884102 CEST | 49741 | 443 | 192.168.2.4 | 20.12.23.50 |
May 6, 2024 18:46:06.177884102 CEST | 49741 | 443 | 192.168.2.4 | 20.12.23.50 |
May 6, 2024 18:46:06.177921057 CEST | 443 | 49741 | 20.12.23.50 | 192.168.2.4 |
May 6, 2024 18:46:06.177948952 CEST | 49741 | 443 | 192.168.2.4 | 20.12.23.50 |
May 6, 2024 18:46:06.177958012 CEST | 443 | 49741 | 20.12.23.50 | 192.168.2.4 |
May 6, 2024 18:46:06.177978992 CEST | 49741 | 443 | 192.168.2.4 | 20.12.23.50 |
May 6, 2024 18:46:06.178755999 CEST | 49741 | 443 | 192.168.2.4 | 20.12.23.50 |
May 6, 2024 18:46:06.190144062 CEST | 49741 | 443 | 192.168.2.4 | 20.12.23.50 |
May 6, 2024 18:46:06.190144062 CEST | 49741 | 443 | 192.168.2.4 | 20.12.23.50 |
May 6, 2024 18:46:06.190177917 CEST | 443 | 49741 | 20.12.23.50 | 192.168.2.4 |
May 6, 2024 18:46:06.190192938 CEST | 443 | 49741 | 20.12.23.50 | 192.168.2.4 |
May 6, 2024 18:46:13.107321978 CEST | 49747 | 80 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:46:13.108292103 CEST | 49749 | 80 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:46:13.216589928 CEST | 80 | 49747 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:46:13.216703892 CEST | 49747 | 80 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:46:13.217006922 CEST | 49747 | 80 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:46:13.217447042 CEST | 80 | 49749 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:46:13.217505932 CEST | 49749 | 80 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:46:13.326272964 CEST | 80 | 49747 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:46:13.354414940 CEST | 80 | 49747 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:46:13.396825075 CEST | 49747 | 80 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:46:13.474520922 CEST | 49751 | 443 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:46:13.474560976 CEST | 443 | 49751 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:46:13.474617004 CEST | 49751 | 443 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:46:13.474865913 CEST | 49751 | 443 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:46:13.474875927 CEST | 443 | 49751 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:46:17.367810011 CEST | 49753 | 443 | 192.168.2.4 | 142.250.64.196 |
May 6, 2024 18:46:17.367860079 CEST | 443 | 49753 | 142.250.64.196 | 192.168.2.4 |
May 6, 2024 18:46:17.367937088 CEST | 49753 | 443 | 192.168.2.4 | 142.250.64.196 |
May 6, 2024 18:46:17.368220091 CEST | 49753 | 443 | 192.168.2.4 | 142.250.64.196 |
May 6, 2024 18:46:17.368231058 CEST | 443 | 49753 | 142.250.64.196 | 192.168.2.4 |
May 6, 2024 18:46:17.611042023 CEST | 443 | 49753 | 142.250.64.196 | 192.168.2.4 |
May 6, 2024 18:46:17.611416101 CEST | 49753 | 443 | 192.168.2.4 | 142.250.64.196 |
May 6, 2024 18:46:17.611443043 CEST | 443 | 49753 | 142.250.64.196 | 192.168.2.4 |
May 6, 2024 18:46:17.612453938 CEST | 443 | 49753 | 142.250.64.196 | 192.168.2.4 |
May 6, 2024 18:46:17.612531900 CEST | 49753 | 443 | 192.168.2.4 | 142.250.64.196 |
May 6, 2024 18:46:17.613917112 CEST | 49753 | 443 | 192.168.2.4 | 142.250.64.196 |
May 6, 2024 18:46:17.613975048 CEST | 443 | 49753 | 142.250.64.196 | 192.168.2.4 |
May 6, 2024 18:46:17.662230968 CEST | 49753 | 443 | 192.168.2.4 | 142.250.64.196 |
May 6, 2024 18:46:17.662259102 CEST | 443 | 49753 | 142.250.64.196 | 192.168.2.4 |
May 6, 2024 18:46:17.708184004 CEST | 49753 | 443 | 192.168.2.4 | 142.250.64.196 |
May 6, 2024 18:46:27.593178034 CEST | 443 | 49753 | 142.250.64.196 | 192.168.2.4 |
May 6, 2024 18:46:27.593287945 CEST | 443 | 49753 | 142.250.64.196 | 192.168.2.4 |
May 6, 2024 18:46:27.593327045 CEST | 49753 | 443 | 192.168.2.4 | 142.250.64.196 |
May 6, 2024 18:46:28.043560982 CEST | 49753 | 443 | 192.168.2.4 | 142.250.64.196 |
May 6, 2024 18:46:28.043596983 CEST | 443 | 49753 | 142.250.64.196 | 192.168.2.4 |
May 6, 2024 18:46:42.630121946 CEST | 49761 | 443 | 192.168.2.4 | 20.12.23.50 |
May 6, 2024 18:46:42.630160093 CEST | 443 | 49761 | 20.12.23.50 | 192.168.2.4 |
May 6, 2024 18:46:42.630245924 CEST | 49761 | 443 | 192.168.2.4 | 20.12.23.50 |
May 6, 2024 18:46:42.630719900 CEST | 49761 | 443 | 192.168.2.4 | 20.12.23.50 |
May 6, 2024 18:46:42.630745888 CEST | 443 | 49761 | 20.12.23.50 | 192.168.2.4 |
May 6, 2024 18:46:43.050859928 CEST | 443 | 49761 | 20.12.23.50 | 192.168.2.4 |
May 6, 2024 18:46:43.051016092 CEST | 49761 | 443 | 192.168.2.4 | 20.12.23.50 |
May 6, 2024 18:46:43.055522919 CEST | 49761 | 443 | 192.168.2.4 | 20.12.23.50 |
May 6, 2024 18:46:43.055547953 CEST | 443 | 49761 | 20.12.23.50 | 192.168.2.4 |
May 6, 2024 18:46:43.055972099 CEST | 443 | 49761 | 20.12.23.50 | 192.168.2.4 |
May 6, 2024 18:46:43.064224005 CEST | 49761 | 443 | 192.168.2.4 | 20.12.23.50 |
May 6, 2024 18:46:43.108118057 CEST | 443 | 49761 | 20.12.23.50 | 192.168.2.4 |
May 6, 2024 18:46:43.463890076 CEST | 443 | 49761 | 20.12.23.50 | 192.168.2.4 |
May 6, 2024 18:46:43.463911057 CEST | 443 | 49761 | 20.12.23.50 | 192.168.2.4 |
May 6, 2024 18:46:43.463927031 CEST | 443 | 49761 | 20.12.23.50 | 192.168.2.4 |
May 6, 2024 18:46:43.464036942 CEST | 49761 | 443 | 192.168.2.4 | 20.12.23.50 |
May 6, 2024 18:46:43.464068890 CEST | 443 | 49761 | 20.12.23.50 | 192.168.2.4 |
May 6, 2024 18:46:43.464148045 CEST | 49761 | 443 | 192.168.2.4 | 20.12.23.50 |
May 6, 2024 18:46:43.468787909 CEST | 49761 | 443 | 192.168.2.4 | 20.12.23.50 |
May 6, 2024 18:46:43.468812943 CEST | 443 | 49761 | 20.12.23.50 | 192.168.2.4 |
May 6, 2024 18:46:43.468827009 CEST | 49761 | 443 | 192.168.2.4 | 20.12.23.50 |
May 6, 2024 18:46:43.468832970 CEST | 443 | 49761 | 20.12.23.50 | 192.168.2.4 |
May 6, 2024 18:46:43.476217031 CEST | 49751 | 443 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:46:43.524116039 CEST | 443 | 49751 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:46:44.510965109 CEST | 49763 | 443 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:46:44.511020899 CEST | 443 | 49763 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:46:44.511092901 CEST | 49763 | 443 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:46:44.511368990 CEST | 49764 | 443 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:46:44.511425018 CEST | 443 | 49764 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:46:44.511476994 CEST | 49764 | 443 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:46:44.511672974 CEST | 49763 | 443 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:46:44.511686087 CEST | 443 | 49763 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:46:44.511821985 CEST | 49764 | 443 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:46:44.511832952 CEST | 443 | 49764 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:46:58.146652937 CEST | 49723 | 80 | 192.168.2.4 | 199.232.214.172 |
May 6, 2024 18:46:58.146711111 CEST | 49724 | 80 | 192.168.2.4 | 199.232.214.172 |
May 6, 2024 18:46:58.222256899 CEST | 49749 | 80 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:46:58.262444019 CEST | 80 | 49723 | 199.232.214.172 | 192.168.2.4 |
May 6, 2024 18:46:58.262475014 CEST | 80 | 49723 | 199.232.214.172 | 192.168.2.4 |
May 6, 2024 18:46:58.262623072 CEST | 49723 | 80 | 192.168.2.4 | 199.232.214.172 |
May 6, 2024 18:46:58.268069983 CEST | 80 | 49724 | 199.232.214.172 | 192.168.2.4 |
May 6, 2024 18:46:58.268112898 CEST | 80 | 49724 | 199.232.214.172 | 192.168.2.4 |
May 6, 2024 18:46:58.268253088 CEST | 49724 | 80 | 192.168.2.4 | 199.232.214.172 |
May 6, 2024 18:46:58.331561089 CEST | 80 | 49749 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:46:58.365263939 CEST | 49747 | 80 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:46:58.475097895 CEST | 80 | 49747 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:47:13.266783953 CEST | 80 | 49749 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:47:13.267013073 CEST | 49749 | 80 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:47:13.354815960 CEST | 80 | 49747 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:47:13.354913950 CEST | 49747 | 80 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:47:14.521306992 CEST | 49763 | 443 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:47:14.521946907 CEST | 49764 | 443 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:47:14.526864052 CEST | 49749 | 80 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:47:14.526899099 CEST | 49747 | 80 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:47:14.568116903 CEST | 443 | 49764 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:47:14.568116903 CEST | 443 | 49763 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:47:14.636207104 CEST | 80 | 49749 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:47:14.636233091 CEST | 80 | 49747 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:47:17.318793058 CEST | 49766 | 443 | 192.168.2.4 | 142.250.64.196 |
May 6, 2024 18:47:17.318844080 CEST | 443 | 49766 | 142.250.64.196 | 192.168.2.4 |
May 6, 2024 18:47:17.318918943 CEST | 49766 | 443 | 192.168.2.4 | 142.250.64.196 |
May 6, 2024 18:47:17.319231987 CEST | 49766 | 443 | 192.168.2.4 | 142.250.64.196 |
May 6, 2024 18:47:17.319246054 CEST | 443 | 49766 | 142.250.64.196 | 192.168.2.4 |
May 6, 2024 18:47:17.556404114 CEST | 443 | 49766 | 142.250.64.196 | 192.168.2.4 |
May 6, 2024 18:47:17.556822062 CEST | 49766 | 443 | 192.168.2.4 | 142.250.64.196 |
May 6, 2024 18:47:17.556833982 CEST | 443 | 49766 | 142.250.64.196 | 192.168.2.4 |
May 6, 2024 18:47:17.557343960 CEST | 443 | 49766 | 142.250.64.196 | 192.168.2.4 |
May 6, 2024 18:47:17.557641029 CEST | 49766 | 443 | 192.168.2.4 | 142.250.64.196 |
May 6, 2024 18:47:17.557694912 CEST | 443 | 49766 | 142.250.64.196 | 192.168.2.4 |
May 6, 2024 18:47:17.598946095 CEST | 49766 | 443 | 192.168.2.4 | 142.250.64.196 |
May 6, 2024 18:47:19.562911987 CEST | 49767 | 443 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:47:19.562968969 CEST | 443 | 49767 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:47:19.563174009 CEST | 49767 | 443 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:47:19.563182116 CEST | 49768 | 443 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:47:19.563246012 CEST | 443 | 49768 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:47:19.563303947 CEST | 49768 | 443 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:47:19.563359976 CEST | 49767 | 443 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:47:19.563371897 CEST | 443 | 49767 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:47:19.563549995 CEST | 49768 | 443 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:47:19.563566923 CEST | 443 | 49768 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:47:27.542275906 CEST | 443 | 49766 | 142.250.64.196 | 192.168.2.4 |
May 6, 2024 18:47:27.542340040 CEST | 443 | 49766 | 142.250.64.196 | 192.168.2.4 |
May 6, 2024 18:47:27.542452097 CEST | 49766 | 443 | 192.168.2.4 | 142.250.64.196 |
May 6, 2024 18:47:28.536092043 CEST | 49751 | 443 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:47:28.536115885 CEST | 443 | 49751 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:47:29.165404081 CEST | 49766 | 443 | 192.168.2.4 | 142.250.64.196 |
May 6, 2024 18:47:29.165427923 CEST | 443 | 49766 | 142.250.64.196 | 192.168.2.4 |
May 6, 2024 18:47:49.567049980 CEST | 49767 | 443 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:47:49.567121029 CEST | 49768 | 443 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:47:49.608131886 CEST | 443 | 49768 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:47:49.612123013 CEST | 443 | 49767 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:47:59.582110882 CEST | 49763 | 443 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:47:59.582115889 CEST | 49764 | 443 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:47:59.582135916 CEST | 443 | 49763 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:47:59.582144976 CEST | 443 | 49764 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:48:13.550939083 CEST | 49751 | 443 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:48:13.550966024 CEST | 443 | 49751 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:48:17.380495071 CEST | 49770 | 443 | 192.168.2.4 | 142.250.64.196 |
May 6, 2024 18:48:17.380531073 CEST | 443 | 49770 | 142.250.64.196 | 192.168.2.4 |
May 6, 2024 18:48:17.380721092 CEST | 49770 | 443 | 192.168.2.4 | 142.250.64.196 |
May 6, 2024 18:48:17.381400108 CEST | 49770 | 443 | 192.168.2.4 | 142.250.64.196 |
May 6, 2024 18:48:17.381412029 CEST | 443 | 49770 | 142.250.64.196 | 192.168.2.4 |
May 6, 2024 18:48:17.615652084 CEST | 443 | 49770 | 142.250.64.196 | 192.168.2.4 |
May 6, 2024 18:48:17.616763115 CEST | 49770 | 443 | 192.168.2.4 | 142.250.64.196 |
May 6, 2024 18:48:17.616790056 CEST | 443 | 49770 | 142.250.64.196 | 192.168.2.4 |
May 6, 2024 18:48:17.617172956 CEST | 443 | 49770 | 142.250.64.196 | 192.168.2.4 |
May 6, 2024 18:48:17.617532969 CEST | 49770 | 443 | 192.168.2.4 | 142.250.64.196 |
May 6, 2024 18:48:17.617609024 CEST | 443 | 49770 | 142.250.64.196 | 192.168.2.4 |
May 6, 2024 18:48:17.660015106 CEST | 49770 | 443 | 192.168.2.4 | 142.250.64.196 |
May 6, 2024 18:48:19.592854023 CEST | 49771 | 443 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:48:19.592895985 CEST | 443 | 49771 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:48:19.592988014 CEST | 49771 | 443 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:48:19.593061924 CEST | 49772 | 443 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:48:19.593118906 CEST | 443 | 49772 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:48:19.593173027 CEST | 49772 | 443 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:48:19.594027996 CEST | 49772 | 443 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:48:19.594041109 CEST | 443 | 49772 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:48:19.594189882 CEST | 49771 | 443 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:48:19.594202042 CEST | 443 | 49771 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:48:22.700391054 CEST | 443 | 49751 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:48:27.610923052 CEST | 443 | 49770 | 142.250.64.196 | 192.168.2.4 |
May 6, 2024 18:48:27.610986948 CEST | 443 | 49770 | 142.250.64.196 | 192.168.2.4 |
May 6, 2024 18:48:27.611053944 CEST | 49770 | 443 | 192.168.2.4 | 142.250.64.196 |
May 6, 2024 18:48:29.163204908 CEST | 49770 | 443 | 192.168.2.4 | 142.250.64.196 |
May 6, 2024 18:48:29.163233995 CEST | 443 | 49770 | 142.250.64.196 | 192.168.2.4 |
May 6, 2024 18:48:34.613246918 CEST | 49767 | 443 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:48:34.613269091 CEST | 443 | 49767 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:48:34.613267899 CEST | 49768 | 443 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:48:34.613291025 CEST | 443 | 49768 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:48:44.582989931 CEST | 49763 | 443 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:48:44.582992077 CEST | 49764 | 443 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:48:44.583012104 CEST | 443 | 49764 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:48:44.583019972 CEST | 443 | 49763 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:48:49.600488901 CEST | 49772 | 443 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:48:49.600569010 CEST | 49771 | 443 | 192.168.2.4 | 15.197.142.173 |
May 6, 2024 18:48:49.644117117 CEST | 443 | 49771 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:48:49.644126892 CEST | 443 | 49772 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:48:55.468369007 CEST | 443 | 49763 | 15.197.142.173 | 192.168.2.4 |
May 6, 2024 18:48:55.468381882 CEST | 443 | 49764 | 15.197.142.173 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 6, 2024 18:46:05.763716936 CEST | 138 | 138 | 192.168.2.4 | 192.168.2.255 |
May 6, 2024 18:46:12.986135960 CEST | 61304 | 53 | 192.168.2.4 | 1.1.1.1 |
May 6, 2024 18:46:12.986376047 CEST | 58152 | 53 | 192.168.2.4 | 1.1.1.1 |
May 6, 2024 18:46:13.096010923 CEST | 53 | 49956 | 1.1.1.1 | 192.168.2.4 |
May 6, 2024 18:46:13.102895975 CEST | 53 | 61304 | 1.1.1.1 | 192.168.2.4 |
May 6, 2024 18:46:13.106805086 CEST | 53 | 58152 | 1.1.1.1 | 192.168.2.4 |
May 6, 2024 18:46:13.107615948 CEST | 53 | 50755 | 1.1.1.1 | 192.168.2.4 |
May 6, 2024 18:46:13.356848001 CEST | 59853 | 53 | 192.168.2.4 | 1.1.1.1 |
May 6, 2024 18:46:13.357052088 CEST | 58038 | 53 | 192.168.2.4 | 1.1.1.1 |
May 6, 2024 18:46:13.473457098 CEST | 53 | 59853 | 1.1.1.1 | 192.168.2.4 |
May 6, 2024 18:46:13.474092007 CEST | 53 | 58038 | 1.1.1.1 | 192.168.2.4 |
May 6, 2024 18:46:13.764154911 CEST | 53 | 64944 | 1.1.1.1 | 192.168.2.4 |
May 6, 2024 18:46:17.254232883 CEST | 54409 | 53 | 192.168.2.4 | 1.1.1.1 |
May 6, 2024 18:46:17.254393101 CEST | 63702 | 53 | 192.168.2.4 | 1.1.1.1 |
May 6, 2024 18:46:17.364248037 CEST | 53 | 54409 | 1.1.1.1 | 192.168.2.4 |
May 6, 2024 18:46:17.365828037 CEST | 53 | 63702 | 1.1.1.1 | 192.168.2.4 |
May 6, 2024 18:46:25.335675001 CEST | 53 | 51501 | 1.1.1.1 | 192.168.2.4 |
May 6, 2024 18:46:30.803924084 CEST | 53 | 62052 | 1.1.1.1 | 192.168.2.4 |
May 6, 2024 18:46:43.475910902 CEST | 53 | 56906 | 1.1.1.1 | 192.168.2.4 |
May 6, 2024 18:46:49.511429071 CEST | 53 | 63771 | 1.1.1.1 | 192.168.2.4 |
May 6, 2024 18:47:11.848448038 CEST | 53 | 63267 | 1.1.1.1 | 192.168.2.4 |
May 6, 2024 18:47:12.729039907 CEST | 53 | 62454 | 1.1.1.1 | 192.168.2.4 |
May 6, 2024 18:47:40.474797010 CEST | 53 | 60195 | 1.1.1.1 | 192.168.2.4 |
May 6, 2024 18:48:27.101119041 CEST | 53 | 49558 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
May 6, 2024 18:46:12.986135960 CEST | 192.168.2.4 | 1.1.1.1 | 0x74b2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 6, 2024 18:46:12.986376047 CEST | 192.168.2.4 | 1.1.1.1 | 0x48d0 | Standard query (0) | 65 | IN (0x0001) | false | |
May 6, 2024 18:46:13.356848001 CEST | 192.168.2.4 | 1.1.1.1 | 0xd5ce | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 6, 2024 18:46:13.357052088 CEST | 192.168.2.4 | 1.1.1.1 | 0x3ca0 | Standard query (0) | 65 | IN (0x0001) | false | |
May 6, 2024 18:46:17.254232883 CEST | 192.168.2.4 | 1.1.1.1 | 0x6b6c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 6, 2024 18:46:17.254393101 CEST | 192.168.2.4 | 1.1.1.1 | 0x1c57 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
May 6, 2024 18:46:13.102895975 CEST | 1.1.1.1 | 192.168.2.4 | 0x74b2 | No error (0) | dulcesol.es | CNAME (Canonical name) | IN (0x0001) | false | ||
May 6, 2024 18:46:13.102895975 CEST | 1.1.1.1 | 192.168.2.4 | 0x74b2 | No error (0) | 15.197.142.173 | A (IP address) | IN (0x0001) | false | ||
May 6, 2024 18:46:13.102895975 CEST | 1.1.1.1 | 192.168.2.4 | 0x74b2 | No error (0) | 3.33.152.147 | A (IP address) | IN (0x0001) | false | ||
May 6, 2024 18:46:13.106805086 CEST | 1.1.1.1 | 192.168.2.4 | 0x48d0 | No error (0) | dulcesol.es | CNAME (Canonical name) | IN (0x0001) | false | ||
May 6, 2024 18:46:13.473457098 CEST | 1.1.1.1 | 192.168.2.4 | 0xd5ce | No error (0) | 15.197.142.173 | A (IP address) | IN (0x0001) | false | ||
May 6, 2024 18:46:13.473457098 CEST | 1.1.1.1 | 192.168.2.4 | 0xd5ce | No error (0) | 3.33.152.147 | A (IP address) | IN (0x0001) | false | ||
May 6, 2024 18:46:17.364248037 CEST | 1.1.1.1 | 192.168.2.4 | 0x6b6c | No error (0) | 142.250.64.196 | A (IP address) | IN (0x0001) | false | ||
May 6, 2024 18:46:17.365828037 CEST | 1.1.1.1 | 192.168.2.4 | 0x1c57 | No error (0) | 65 | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49747 | 15.197.142.173 | 80 | 7648 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
May 6, 2024 18:46:13.217006922 CEST | 430 | OUT | |
May 6, 2024 18:46:13.354414940 CEST | 355 | IN | |
May 6, 2024 18:46:58.365263939 CEST | 6 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49749 | 15.197.142.173 | 80 | 7648 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
May 6, 2024 18:46:58.222256899 CEST | 6 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49738 | 104.110.176.109 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-06 16:45:53 UTC | 161 | OUT | |
2024-05-06 16:45:53 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49739 | 104.110.176.109 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-06 16:45:54 UTC | 239 | OUT | |
2024-05-06 16:45:54 UTC | 531 | IN | |
2024-05-06 16:45:54 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49740 | 96.17.61.58 | 443 | 7212 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-06 16:45:59 UTC | 475 | OUT | |
2024-05-06 16:46:00 UTC | 198 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49741 | 20.12.23.50 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-06 16:46:05 UTC | 306 | OUT | |
2024-05-06 16:46:06 UTC | 560 | IN | |
2024-05-06 16:46:06 UTC | 15824 | IN | |
2024-05-06 16:46:06 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49761 | 20.12.23.50 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-06 16:46:43 UTC | 306 | OUT | |
2024-05-06 16:46:43 UTC | 560 | IN | |
2024-05-06 16:46:43 UTC | 15824 | IN | |
2024-05-06 16:46:43 UTC | 9633 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 18:45:46 |
Start date: | 06/05/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 1 |
Start time: | 18:45:46 |
Start date: | 06/05/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 3 |
Start time: | 18:45:47 |
Start date: | 06/05/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 9 |
Start time: | 18:46:11 |
Start date: | 06/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 10 |
Start time: | 18:46:11 |
Start date: | 06/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |