Windows
Analysis Report
24R-0168EG - COPIRG Initial Comments_5-18-24.pdf
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
- System is w10x64
Acrobat.exe (PID: 7544 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\2 4R-0168EG - COPIRG I nitial Com ments_5-18 -24.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) AcroCEF.exe (PID: 7720 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) AcroCEF.exe (PID: 7900 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 04 --field -trial-han dle=1712,i ,162019078 0947184976 9,35557534 5486349903 2,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
chrome.exe (PID: 8744 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "https ://www.sac bee.com/ne ws/politic s-governme nt/capitol -alert/art icle277266 828.html#s torylink=c py" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) chrome.exe (PID: 8920 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =1836 --fi eld-trial- handle=200 4,i,173990 6671266809 9153,11573 6335462655 36389,2621 44 /prefet ch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | Initial sample: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 1 Spearphishing Link | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.google.com | 172.217.16.196 | true | false | unknown | |
www.sacbee.com | unknown | unknown | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.47.168.24 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
172.217.16.196 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.4 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1446059 |
Start date and time: | 2024-05-22 21:27:34 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 37s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 17 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 24R-0168EG - COPIRG Initial Comments_5-18-24.pdf |
Detection: | UNKNOWN |
Classification: | unknown1.winPDF@49/45@6/4 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Corrupt sample or wrongly selected analyzer.
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, MoUsoCoreWorker.exe, WmiPrvSE.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.43.60.134, 54.227.187.23, 52.5.13.197, 52.202.204.11, 23.22.254.206, 2.16.100.177, 88.221.110.59, 88.221.110.75, 88.221.110.64, 88.221.110.91, 88.221.110.89, 88.221.110.99, 2.16.100.176, 88.221.110.112, 172.64.41.3, 162.159.61.3, 2.22.242.88, 2.22.242.130, 2.22.242.11, 2.22.242.224, 2.22.242.122, 142.250.186.163, 23.197.52.12, 172.217.16.142, 64.233.184.84, 34.104.35.123, 2.19.122.199, 2.19.122.216, 142.250.181.234, 142.250.184.202, 172.217.16.138, 142.250.186.138, 142.250.184.234, 142.250.186.74, 142.250.185.74, 142.250.186.170, 142.250.186.106, 172.217.23.106, 142.250.185.202, 142.250.186.42, 172.217.16.202, 216.58.206.74, 172.217.18.10, 172.217.18.106, 2.22.242.136, 199.232.210.172, 142.250.185.131, 142.250.185.206, 23.196.230.25
- Excluded domains from analysis (whitelisted): clients1.google.com, e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, clientservices.googleapis.com, mi.edgekey.net, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, e49.g.akamaiedge.net, clients2.google.com, edgedl.me.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, clients.l.google.com, geo2.adobe.com, optimizationguide-pa.googleapis.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: 24R-0168EG - COPIRG Initial Comments_5-18-24.pdf
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.47.168.24 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | RHADAMANTHYS | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
239.255.255.250 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Vidar | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
28a2c9bd18a11de089ef85a160da29e4 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.190526187088527 |
Encrypted: | false |
SSDEEP: | 6:DsMdQvQ+q2Pwkn2nKuAl9OmbnIFUt86sMdQoARpgZmw+6sMdQoARpQVkwOwkn2nC:DkvQ+vYfHAahFUt86koARpg/+6koARpP |
MD5: | A0AD80E6B281672C4B759FB03FCEBE9F |
SHA1: | 88105297CC5CB1D73AC591E4E82158754CC3963C |
SHA-256: | 20D7F55BFFE3B377A215CC9EE91BFDE070582EAB85A56D047B180CC32210DDF3 |
SHA-512: | 9412DBDE01B4D9397E260ACBA7C77398CBFD445E49E67B8FA53CA646E602ABFF30ED7AEC60E5B4B5B31CF190BB9261F35661190A3A1AA2A3333168E071E0C33D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.190526187088527 |
Encrypted: | false |
SSDEEP: | 6:DsMdQvQ+q2Pwkn2nKuAl9OmbnIFUt86sMdQoARpgZmw+6sMdQoARpQVkwOwkn2nC:DkvQ+vYfHAahFUt86koARpg/+6koARpP |
MD5: | A0AD80E6B281672C4B759FB03FCEBE9F |
SHA1: | 88105297CC5CB1D73AC591E4E82158754CC3963C |
SHA-256: | 20D7F55BFFE3B377A215CC9EE91BFDE070582EAB85A56D047B180CC32210DDF3 |
SHA-512: | 9412DBDE01B4D9397E260ACBA7C77398CBFD445E49E67B8FA53CA646E602ABFF30ED7AEC60E5B4B5B31CF190BB9261F35661190A3A1AA2A3333168E071E0C33D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.164712061326076 |
Encrypted: | false |
SSDEEP: | 6:DsMdEe9q2Pwkn2nKuAl9Ombzo2jMGIFUt86sMdErZmw+6sMdEhkwOwkn2nKuAl97:Do8vYfHAa8uFUt86or/+6oh5JfHAa8RJ |
MD5: | 16E3604EE84A4C7502EBDBB2ADC1207C |
SHA1: | 62BDF168360E7175959BBAB650962CE59A381FAC |
SHA-256: | A8F0EC509077BC9EF01DB157B1A044E34F42A0CCC371E81427D1EAA23AB7DF62 |
SHA-512: | 07BD296159A70ACCB484E40A8F092EA304FAC1C9936C4DDAC76CFDF2EAAEA153175FD44F364AF3C6020BBB5DAAD10339B673C99D79A8EAFB6E52EC0F57C7B76F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.164712061326076 |
Encrypted: | false |
SSDEEP: | 6:DsMdEe9q2Pwkn2nKuAl9Ombzo2jMGIFUt86sMdErZmw+6sMdEhkwOwkn2nKuAl97:Do8vYfHAa8uFUt86or/+6oh5JfHAa8RJ |
MD5: | 16E3604EE84A4C7502EBDBB2ADC1207C |
SHA1: | 62BDF168360E7175959BBAB650962CE59A381FAC |
SHA-256: | A8F0EC509077BC9EF01DB157B1A044E34F42A0CCC371E81427D1EAA23AB7DF62 |
SHA-512: | 07BD296159A70ACCB484E40A8F092EA304FAC1C9936C4DDAC76CFDF2EAAEA153175FD44F364AF3C6020BBB5DAAD10339B673C99D79A8EAFB6E52EC0F57C7B76F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\3452bb7e-2c26-4a6b-8071-7125973b318f.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.967961042110297 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqDnsBdOg2HEtcaq3QYiubInP7E4T3y:Y2sRdsWIdMHEc3QYhbG7nby |
MD5: | 38AF3B266AA35AFB3432F851C8A334D3 |
SHA1: | 488FD4B73E8E2E407340EAC7561EBDCA7EE9CC33 |
SHA-256: | 16B14364898FB007E82FEBB4DFAB09DFED7802D0F93C74A148A7220502E9F318 |
SHA-512: | ED9C5CC665C17DF4FFBFDAB94D934130BEA48F67EC6E4F983C6D20F1AB64BC55DB04FFA85E750E7DDCABE3F90B6BF15E74C8E1276ED846E93E4F3900E0EFD95A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.967961042110297 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqDnsBdOg2HEtcaq3QYiubInP7E4T3y:Y2sRdsWIdMHEc3QYhbG7nby |
MD5: | 38AF3B266AA35AFB3432F851C8A334D3 |
SHA1: | 488FD4B73E8E2E407340EAC7561EBDCA7EE9CC33 |
SHA-256: | 16B14364898FB007E82FEBB4DFAB09DFED7802D0F93C74A148A7220502E9F318 |
SHA-512: | ED9C5CC665C17DF4FFBFDAB94D934130BEA48F67EC6E4F983C6D20F1AB64BC55DB04FFA85E750E7DDCABE3F90B6BF15E74C8E1276ED846E93E4F3900E0EFD95A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.253808748802583 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7n7C0hfuZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goY |
MD5: | ECBE49D045333EE2EFFAA4C2336FEA57 |
SHA1: | DBE77C907040A559DFF968F051BB67A63D74E517 |
SHA-256: | FA08514A54547E4138F3F7D8EB5E805134206A183B2A448DC67CB4D487CEAF2B |
SHA-512: | A8E7EF98E554285543624336189FFF09BC92453C792927AE7EB23EF8D85BFF2D9C0D4AC76B2D42B12B3764075771128BDE2CBCF36368FF9D87BC630F7FD43B77 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.153698171574131 |
Encrypted: | false |
SSDEEP: | 6:DsMdUGq2Pwkn2nKuAl9OmbzNMxIFUt86sMdU4EZmw+6sMdUAMAkwOwkn2nKuAl9c:DgGvYfHAa8jFUt86g9/+6glA5JfHAa8E |
MD5: | 88E74CC5C68D20E9653001115D6AD521 |
SHA1: | BB67D31B88EEA77E194E2E589E5289C7BC8EEE53 |
SHA-256: | 810229E905A19595ADEBECA5D4430258BF7422DF734FE64991A7C2CDE3460F96 |
SHA-512: | 6258868CE2B19C4209B9B194CC31F940098E5265C2C6DE5F39FDE936A99169AE3A4967BB31F9890CEA9689A0FB0414B92AA19048271BEFEDBB50B9CD0AE84B5A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.153698171574131 |
Encrypted: | false |
SSDEEP: | 6:DsMdUGq2Pwkn2nKuAl9OmbzNMxIFUt86sMdU4EZmw+6sMdUAMAkwOwkn2nKuAl9c:DgGvYfHAa8jFUt86g9/+6glA5JfHAa8E |
MD5: | 88E74CC5C68D20E9653001115D6AD521 |
SHA1: | BB67D31B88EEA77E194E2E589E5289C7BC8EEE53 |
SHA-256: | 810229E905A19595ADEBECA5D4430258BF7422DF734FE64991A7C2CDE3460F96 |
SHA-512: | 6258868CE2B19C4209B9B194CC31F940098E5265C2C6DE5F39FDE936A99169AE3A4967BB31F9890CEA9689A0FB0414B92AA19048271BEFEDBB50B9CD0AE84B5A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240522192824Z-158.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 2.137100598942702 |
Encrypted: | false |
SSDEEP: | 96:jMDs9uMMtjM9mXCz49MMMlHoM+LILZVN9NMMMZMMMMbYMMmbcFlMK93MMAME7M/u:sdJnAAjI8mlgMNNomjJ8AjjQIsrZi32P |
MD5: | 0F80C65912DECF2AA7F6AAF321CE7E16 |
SHA1: | 41DC3FFDC4FB158F8E8F181E3E3503FBADEE990F |
SHA-256: | 4E50663957AC1E6A76B7BFD3BB8AE6AD020F2A551A6B02A70BF0572C65C0A7A0 |
SHA-512: | 697D3EDB0DDC46FB380C48E4447EE0C0F2428F54C76D20C320F03248A5AC3821AB04E03643B9C0809948D21ECB8D863FBE1250CBF86AD7C60805198D8E262EAF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.445237563594202 |
Encrypted: | false |
SSDEEP: | 384:yezci5t0iBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rjs3OazzU89UTTgUL |
MD5: | E6140EC2D65159E99963800686174D6D |
SHA1: | 78FA5EB811EFC4E4384B3AB43C097C0F2606B97A |
SHA-256: | 15DA885F4A640D87809F5A5AB12122F1128F10205955BD100C5252C70D17BB74 |
SHA-512: | 471F06FECDC785CA27FDAE331A6817985F98FE63BB6CFD9061C52E4FD0B3AC41DB85BECAAD2876D182A590B57383B2EAD052890EDE0D30115FD624B4461D192D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.774582495710844 |
Encrypted: | false |
SSDEEP: | 48:7Mop/E2ioyVE5ioy9oWoy1Cwoy1XCKOioy1noy1AYoy1Wioy1hioybioyJWoy1nr:77pjuE5FOqXKQgUjb9IVXEBodRBkhn |
MD5: | 55AC782AA1AFEF6B9751BBA3714F32E7 |
SHA1: | 85B9B24B8340BF4CECE69330FB53C88FCA1CABEB |
SHA-256: | 22287926BBFD28E74D57A07F2C97FA1A329FD94C6BF85B60EBFD9CA41F42A057 |
SHA-512: | 3F64CBB1F0A33F0069288936ACB68DBD3AE7AF47FBA0804C8103467625E8B74BBE65C5977434FAF7A0220C660E110584C05A4464EFB74248BA0AEDC33AEDECCA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 243196 |
Entropy (8bit): | 3.3450692389394283 |
Encrypted: | false |
SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.393838695026302 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXE3X1YLJHH9VoZcg1vRcR0YaToAvJM3g98kUwPeUkwRe9:YvXKXSEnEZc0vlcGMbLUkee9 |
MD5: | D306EC5BC4AD13EF0929FA68A9808C56 |
SHA1: | 8587381768EA87807791AAAF6755DF008ED7595E |
SHA-256: | EAE25D2DB181862079483DA695D98C555D524009063C323A6B64AA816A6145F7 |
SHA-512: | CBA9D9A86B8BBB8A1C4B7120755FC986CDEAF5A8FF95CC5FE17D25DB5F19435465CAFD44802A82CC195023DDAEF12E1A620998CE725D1FDE6BA5533C06140B40 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.345607293783349 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXE3X1YLJHH9VoZcg1vRcR0YaToAvJfBoTfXpnrPeUkwRe9:YvXKXSEnEZc0vlcGWTfXcUkee9 |
MD5: | E15E2044F51AB21CABDD4459CF81757D |
SHA1: | DC5CAFB3536C922BDE07C6A86A02D51B2A443EB0 |
SHA-256: | A17BE0DDEB054160DE46CD628D1E94369A360D65CB5523A8306FD1477F077FD4 |
SHA-512: | E0C5DE8D9D3B0A404EEBCC4BEF72F7AA215F809B0CA346FCECE6444764B2A2B15AF90B2E754F529FF284065F8E812062F572692E5A82CC499BE3BFE2C25D8C28 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.32400661265178 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXE3X1YLJHH9VoZcg1vRcR0YaToAvJfBD2G6UpnrPeUkwRe9:YvXKXSEnEZc0vlcGR22cUkee9 |
MD5: | 330FF99ABE9F326734EA5BFD08968987 |
SHA1: | 284C306E45E02BE2880E8B52B9AA6D222B484899 |
SHA-256: | C022779C759B93AB2FB6DC5BFF73367FE32E2439B39E3116E5B4610115C0B530 |
SHA-512: | 12854F945E5711D5DB1DBDA5528B94CF81887D2A72A60B7762016760DFCA5BBCD26CAE0529F1ADD5B32077FFAE88A35FD3F26CA8BC7934087C785489B954A2A9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.381918510298974 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXE3X1YLJHH9VoZcg1vRcR0YaToAvJfPmwrPeUkwRe9:YvXKXSEnEZc0vlcGH56Ukee9 |
MD5: | E91F49CED8611ED7BFED1FDB88A38702 |
SHA1: | D317C6FA9A25753D0C74BD3183644C983C58C45B |
SHA-256: | FFBEF3622ACBDEBDA8601010DD75A291150A9F52FB54B753CA64D0DDC3942BDB |
SHA-512: | 356278E38849149E525EF42F3A82AC454D8C9B302B479AE2CDB51481D177E76BEB6517BB4FD1E302FA82BA541F6979CEBB56D0F44D37E10BA4B4B78F035A4C13 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.34693471339842 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXE3X1YLJHH9VoZcg1vRcR0YaToAvJfJWCtMdPeUkwRe9:YvXKXSEnEZc0vlcGBS8Ukee9 |
MD5: | C711D64441A23653E2685A32AC610D60 |
SHA1: | 4AEF9DF1A2935AEE4A3258ED3AE85FAD322939D9 |
SHA-256: | 93350E90A809F35E1EFFB6EE41854182180D191056C9FAD3A766E6B61670E59B |
SHA-512: | FBA8FA0906454D329B7EBE629AC26FC1361F2520AFD35C8C845835F09DF107AE41527E41BE040A31B3F1F18549A1949A8889A7213F285A0C0A794D093E8CE229 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.334098557766389 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXE3X1YLJHH9VoZcg1vRcR0YaToAvJf8dPeUkwRe9:YvXKXSEnEZc0vlcGU8Ukee9 |
MD5: | B2CCD0ED780B12643DE64897BE12EEBE |
SHA1: | D52229CC63D7549C7B701709EE937CB707F17E12 |
SHA-256: | AE92047BA55734E98BE1F7C13C5DAF3A739042832BAE2FF29568DB455002017E |
SHA-512: | A043D2F099B372808F31210D9B85B170CB331B235B197400E3DB402809E07F07088E8B6E674C910A852E877B44FC14E9DB6D98F1CA7142139BA1246548C28D27 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.3376100382866145 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXE3X1YLJHH9VoZcg1vRcR0YaToAvJfQ1rPeUkwRe9:YvXKXSEnEZc0vlcGY16Ukee9 |
MD5: | 9CD93B591FE7C28DEF2DD75F8512E030 |
SHA1: | 0A7FBFE90AB963F8BA9CC5C7395F0EB7B7846662 |
SHA-256: | 70AC135060AB746C00EA076186DB0582F07AC757DB4093E5C61172D97DA2A652 |
SHA-512: | 22FBD7A780C122B964056005676B7008BDFBAA9D41355D465B92EB9CF02E4CF811B46A27A225F3CE041A887C1A776FA42325B20A8906DAEFD22658774A2FB592 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.345168116259127 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXE3X1YLJHH9VoZcg1vRcR0YaToAvJfFldPeUkwRe9:YvXKXSEnEZc0vlcGz8Ukee9 |
MD5: | 80F0782AF65E218EEE499AC021833DB3 |
SHA1: | DD1963BFCBE54CC9DEB769A033033550AD7D863D |
SHA-256: | FC2D538C9BF3BC56DF27B4B82B45EBE61992C33C02E42F197C25892FC8181B71 |
SHA-512: | BCD61313E9A4BEEA46B99715507B1BF4BFDABCEDBA990349CA95373AE10216C16664491D18F88660C4143065D94198B4906DF923912853C12F70FBF05495DF7D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.74594765404826 |
Encrypted: | false |
SSDEEP: | 24:Yv6XZnEzvlEKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNr4:YvCMdEEgigrNt0wSJn+ns8cvFJx4 |
MD5: | 43F4602DAC13F2EBA5079C2182ACA0B2 |
SHA1: | 8EBD7A1FC8228C1FA2B2A1530656177A5F3017CE |
SHA-256: | A797B52947981A2599353E0817687D7A3951A1037CDB3F081D8E1E1BD668CE2C |
SHA-512: | 3E59547D4AD163ABC35A5229B38E00E8604DDF73974FB7DC1C11FA2E3298D675E9D175A7ED42D32AC958719C5DE06DDAF8E18EDE34FB4E896A9B6E198DC7E292 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.3404952238948935 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXE3X1YLJHH9VoZcg1vRcR0YaToAvJfYdPeUkwRe9:YvXKXSEnEZc0vlcGg8Ukee9 |
MD5: | AD23016CF1F0E7119F7248D39FD7C6D1 |
SHA1: | 36C40DD2D39FC6EE3541BCD985DD377E93D93A89 |
SHA-256: | EB7A19A9AE73187EEEE857C19FA38EC2062FAAA0636A31A24232A43CC060E316 |
SHA-512: | E808BB1E52D37CC81D8A18347759F06E7AC6CFEAFAB51F8C026548F75ABB97EDF595C505BC70FB7A9F06A949EBAC7F3A72A29FFDB961196BCD8259371813877A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.783308196484163 |
Encrypted: | false |
SSDEEP: | 24:Yv6XZnEzvlrrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNz4:YvCMdrHgDv3W2aYQfgB5OUupHrQ9FJl4 |
MD5: | 96029FF656995CB9225B13A07CB06CF3 |
SHA1: | C460BB5B97E5424CA110FE8F4E5578165E35DEFA |
SHA-256: | 70486754FB02B193BADB92F5C60C3322A71A4DD3360172D2D82787960B68FA7C |
SHA-512: | E5B6F313D002253E8A505A599197BD4CD226981365FA8252322E49E4E9EAEDCBEB7998014EF1C0FD1934909A421729D62389535F008589B38835215D21005DF9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.3237640038787575 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXE3X1YLJHH9VoZcg1vRcR0YaToAvJfbPtdPeUkwRe9:YvXKXSEnEZc0vlcGDV8Ukee9 |
MD5: | C965200462EDB1F040C51F19844C3A01 |
SHA1: | 9B2BA79CBE5AB469327089CF6082A26748D05FD9 |
SHA-256: | 6FD5084F87C52FFCBF51CBC68320D914910C0A25E353C457B0732B1B16113320 |
SHA-512: | 10142D3BE29142FCB3133B4E0E63C841A6D66C0CB192036AEBDDE9499FC0041D5858E2AC6E583A58BBC40920D6EDCA6CB240FE3459BD3A15821CBB40C69639A1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.328326220796813 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXE3X1YLJHH9VoZcg1vRcR0YaToAvJf21rPeUkwRe9:YvXKXSEnEZc0vlcG+16Ukee9 |
MD5: | 9E8AF5DA76EB86EEAC73FD2B5CD39AE6 |
SHA1: | 4B98725909DAF8D27100735B6EA7A0FBB66484D7 |
SHA-256: | 83BBC8382DD118E01AD68304FA17904D117920DC9E0B0C1220842463C57550E8 |
SHA-512: | B78E90AB6D5E6F2261992B2DCFB2E4B1EE1C87651A07902CF622A4BAAC096B5A2E2D3DBCBE06815C1B759397D41E8AF6A5F29DA43CA96DAC3DC28D6C5E84703E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.346724329612095 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXE3X1YLJHH9VoZcg1vRcR0YaToAvJfbpatdPeUkwRe9:YvXKXSEnEZc0vlcGVat8Ukee9 |
MD5: | 902172825FD562E1E224E08A8C5A29A0 |
SHA1: | EBB92073869493C14F9ADDE6D7E40C829D29B2CD |
SHA-256: | CB051272688A1BA0C3D117AAD1E042F382F7CFB98107029C91A083EB199B2C22 |
SHA-512: | 813018DB62B21B25E13D6A9207745D60EC13ADA9B2E5F095145E775F286708E74E25C465C82D574CA24363D2644A4B5464D2C032F1F16E0C907ED2CD2F0C077B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.306437802160699 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXE3X1YLJHH9VoZcg1vRcR0YaToAvJfshHHrPeUkwRe9:YvXKXSEnEZc0vlcGUUUkee9 |
MD5: | 483D285AE8634893C92E8AD5FE93A105 |
SHA1: | 7FD11C294BE03F347071513315B2D4A9BDFAD9E2 |
SHA-256: | 03CA313F75BECB03DFF896ECEC4B2FDEB08148251CB7B9E46894BCBD979A8D9C |
SHA-512: | B2DA824C07B3CD000FF83C816F1F77CE4E1DCEFFE59E18BD75E3ACC6BB1B1393CED9B7ACF201260E0E84868B3BA751F7E71C7CCF2AEF4346EC2C9A871A3CAB1C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.381240629703365 |
Encrypted: | false |
SSDEEP: | 12:YvXKXSEnEZc0vlcGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWfe1:Yv6XZnEzvly168CgEXX5kcIfANhW4 |
MD5: | B130FA4996885AA334F6A36C538107A3 |
SHA1: | FF389B64F7E7BD0D8588F75E2AB7D0800272CD8D |
SHA-256: | F1370B5C2482563D747CEC9FD9EEC14CD40E7B15D159022F0F44B3FADCA6F805 |
SHA-512: | AD41AECC8153895529FD7FA3A05BBF6AC628C7512BFAE4D7AB18FE4FF7D41C45FFD3AEDCCE54E0C57F8B6C2263646CE854173730FEE33E7B114A6A7226EA6C68 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.133544563489712 |
Encrypted: | false |
SSDEEP: | 48:YRFpIyb+emVkk5stES2YymPKCD7xROqv1tA4Dtdh9bLJVVNE:IlmVB7m/ROqE4X/Tg |
MD5: | C8A6A318B481E65443DCE2FA55353BFE |
SHA1: | 80F6F1B68BBCC99BAFD6E56FA0BE408B4BC6A0E3 |
SHA-256: | 72C72B0A29BA14ED05592B98E10618AEA04A075C6A513C15DCF8F332AD823AD7 |
SHA-512: | D6B0EE334E9456CA1CCBA8073D547EA970799228084863B27A3FEBD9A86B1B2C4510FBA0B8F98C9D46DFAB5C0BD39ED1DC9560F410647A20A1E98E03FCBA0BEC |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.188260894629094 |
Encrypted: | false |
SSDEEP: | 48:Tll2GL7msETUUUUUUU4XvR9H9vxFGiDIAEkGVvpGZqx:fVmsQUUUUUUU4vFGSItW8x |
MD5: | 6925650E48385B0B16E4942AFC5F2A2E |
SHA1: | 8E4B2ED3C66B11E0546F9B28AC291B96E72616CB |
SHA-256: | 996BFDFF0A5F210335D74A82851715E69196145C944C1C6A97C3A0899743AFD5 |
SHA-512: | 174124C3BADA15761736D879C85874CDCBF43510D2E2F5D9D6A1B4A782FB3EDF4E0A621475DA063926F4126A3F787F3B4EB4E0D695DEA4879AF0659C46B3F322 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6091591122645745 |
Encrypted: | false |
SSDEEP: | 48:7MYUUUUUUUU4FSvR9H9vxFGiDIAEkGVvpUrqGufl2GL7msD:7zUUUUUUUU4F+FGSIt4rKNVmsD |
MD5: | 4B0CEAF7592AEBC0F08156418242F95F |
SHA1: | 68FA422142ED4698F07B2E97B18DA15074AB5B36 |
SHA-256: | C8F035B541C22459D3BB8840B00731A08F9CFD9335F14152D9CB01CA3B49F687 |
SHA-512: | 078B0337205ED434AD186565B6A3C28D7B2B3B9AAA14807CB5BD37D7A31EA6E8BCB1203A23FBF17568441BEA58776CEB5EABF5286B3C9DB93B3FBE1EBB81834A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5079682350099546 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8lW6N9:Qw946cPbiOxDlbYnuRKz6H |
MD5: | 82F0BBD1B05319FFE1E6BF1A4D8A4B43 |
SHA1: | 903D001A7457D89B32E5AFCBD6BC5E30A8F00C37 |
SHA-256: | 36996D75FDCBB24BF1AF45ED4ADE0855BFD23F8674851C4FE6EB48A58DFF034B |
SHA-512: | 36583979B3D94216FF4546862C5625FA4A3A75131C6C7A3A629BD6AD73A25140A2F652E64C8CD0B12509B0A346B8F9F3EFFE8F91053E40630451A1CE395CFF07 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.050645967482242 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOl6THTLLCSyAAO:IngVMre9T0HQIDmy9g06JXKLlX |
MD5: | 9B9DF942F9C39C1D037AEA182D5166EC |
SHA1: | 5BEFAD7E44CF4F3320B8490F93090CD49AE9D21F |
SHA-256: | BDEE8023720FB89655D69050467209A33317F5A62F9FA07EE61D7DFDD80CA0B7 |
SHA-512: | ECAECAA6D4D2C9DC7CB473DEAE24D86C37DF165F88AE44DAFEDA504FE4B1D3A0724B9D16E5AFFAF1E4F0351988C9D3D93C83DF4458EE5A04B508AB636DA3DAC9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-05-22 15-28-22-595.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.331654538073873 |
Encrypted: | false |
SSDEEP: | 384:uo+1msPFOn/JRGBFhjZVZHw1B2rJMKqI5Ga+IQAJ4nC35WtIIzp1u1urSpvsNgoV:088q |
MD5: | 4893F682C7EE165A8399492BADBDD5AB |
SHA1: | 04314DD6E787BDF237B323C7B626A68517955E72 |
SHA-256: | C68A041502F9EB33A5F17296A8B0D7CA714BEDF7945D1B6A24B75BA18AF71A77 |
SHA-512: | BA1BAC0930472B9E31CE96FD0899E1D1EC78687A66A89A0690010C8368785BFA5C11EAB6BDD2098E7C27E3EA79481FC9250644EA97345046FD9F959D646A63D3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.3813252891801735 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rP:7 |
MD5: | A3A79FA011F282AD82F7BE4BD769FD78 |
SHA1: | 635C48C1051F6B1BF4BFCA482B646686A1646C5C |
SHA-256: | 5E00CB9D590D7217518A1306D8A040549768D040516C6598DE6E8FB679A17840 |
SHA-512: | F713441DD61356678C64A1091C3FA3BDE4F92E7C358B588E10DE248AA01B58E4435026223E12EEA39DDF1CDA928CF4A9DAE241228CAD76562D226CC5480BFB02 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw |
MD5: | 8B9FA2EC5118087D19CFDB20DA7C4C26 |
SHA1: | E32D6A1829B18717EF1455B73E88D36E0410EF93 |
SHA-256: | 4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD |
SHA-512: | 662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24 |
Entropy (8bit): | 3.66829583405449 |
Encrypted: | false |
SSDEEP: | 3:So6FwHn:So6FwHn |
MD5: | DD4A3BD8B9FF61628346391EA9987E1D |
SHA1: | 474076C122CACAAF112469FC62976BB69187AA2B |
SHA-256: | 7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486 |
SHA-512: | FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.627921281099503 |
TrID: |
|
File name: | 24R-0168EG - COPIRG Initial Comments_5-18-24.pdf |
File size: | 131'375 bytes |
MD5: | 659c64bcfde894f10b9d7048041d6027 |
SHA1: | 279f6bce6b46f6eb121149bd4c49a834eecf91f7 |
SHA256: | 62336ada52c09834a43c1b36802cbdab7f76aa641ff0fca515bf0841ff26b465 |
SHA512: | cc134de28b86c38d471ea3084277eb6c9aec93f25d892cb17de2b4d7134a1d27807ae890b4ac474b9c6b60c7d8e1da62cebd7ee21eb278fb905d1808a631eb66 |
SSDEEP: | 1536:qzo6bPzjhLxOg2qY0iyhUYCUViysYnA5Fx6gqn8Ta4uFvHnJELgDM0w2USgHNsuy:UVviyhnCUViYAqyaD26mR1Frb0KrljM |
TLSH: | BBD3BFDCA58AD4D820A3CFD0F30D89A6938E47635ECD447B765E4DC20B43E97E98E642 |
File Content Preview: | %PDF-1.6.%......121 0 obj.<</Filter/FlateDecode/First 18/Length 327/N 3/Type/ObjStm>>stream..h...Aj.0.E.27..H....q..J!...PB"J....@z......t...0..f........1....Ku.u}..\.v.H.<}u.....N1CX.C0.(.......s.8P.(....K..*.....Z..z...a._...2.<7{.=.ri.j......G.d..k\... |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.6 |
Total Entropy: | 7.627921 |
Total Bytes: | 131375 |
Stream Entropy: | 7.948433 |
Stream Bytes: | 97856 |
Entropy outside Streams: | 4.922033 |
Bytes outside Streams: | 33519 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 71 |
endobj | 71 |
stream | 54 |
endstream | 54 |
xref | 0 |
trailer | 0 |
startxref | 1 |
/Page | 0 |
/Encrypt | 0 |
/ObjStm | 3 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 1 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 22, 2024 21:28:16.544872999 CEST | 49678 | 443 | 192.168.2.4 | 104.46.162.224 |
May 22, 2024 21:28:16.888539076 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
May 22, 2024 21:28:26.494107008 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
May 22, 2024 21:28:27.468616009 CEST | 49744 | 443 | 192.168.2.4 | 23.43.61.160 |
May 22, 2024 21:28:27.468647957 CEST | 443 | 49744 | 23.43.61.160 | 192.168.2.4 |
May 22, 2024 21:28:27.468740940 CEST | 49744 | 443 | 192.168.2.4 | 23.43.61.160 |
May 22, 2024 21:28:27.470577002 CEST | 49744 | 443 | 192.168.2.4 | 23.43.61.160 |
May 22, 2024 21:28:27.470587015 CEST | 443 | 49744 | 23.43.61.160 | 192.168.2.4 |
May 22, 2024 21:28:28.121143103 CEST | 443 | 49744 | 23.43.61.160 | 192.168.2.4 |
May 22, 2024 21:28:28.121212006 CEST | 49744 | 443 | 192.168.2.4 | 23.43.61.160 |
May 22, 2024 21:28:28.162930965 CEST | 49744 | 443 | 192.168.2.4 | 23.43.61.160 |
May 22, 2024 21:28:28.162962914 CEST | 443 | 49744 | 23.43.61.160 | 192.168.2.4 |
May 22, 2024 21:28:28.163239002 CEST | 443 | 49744 | 23.43.61.160 | 192.168.2.4 |
May 22, 2024 21:28:28.215562105 CEST | 49744 | 443 | 192.168.2.4 | 23.43.61.160 |
May 22, 2024 21:28:28.233289957 CEST | 49744 | 443 | 192.168.2.4 | 23.43.61.160 |
May 22, 2024 21:28:28.274509907 CEST | 443 | 49744 | 23.43.61.160 | 192.168.2.4 |
May 22, 2024 21:28:28.429470062 CEST | 443 | 49744 | 23.43.61.160 | 192.168.2.4 |
May 22, 2024 21:28:28.429543018 CEST | 443 | 49744 | 23.43.61.160 | 192.168.2.4 |
May 22, 2024 21:28:28.429591894 CEST | 49744 | 443 | 192.168.2.4 | 23.43.61.160 |
May 22, 2024 21:28:28.446074009 CEST | 49744 | 443 | 192.168.2.4 | 23.43.61.160 |
May 22, 2024 21:28:28.446099997 CEST | 443 | 49744 | 23.43.61.160 | 192.168.2.4 |
May 22, 2024 21:28:28.446115971 CEST | 49744 | 443 | 192.168.2.4 | 23.43.61.160 |
May 22, 2024 21:28:28.446121931 CEST | 443 | 49744 | 23.43.61.160 | 192.168.2.4 |
May 22, 2024 21:28:28.587372065 CEST | 49745 | 443 | 192.168.2.4 | 23.43.61.160 |
May 22, 2024 21:28:28.587418079 CEST | 443 | 49745 | 23.43.61.160 | 192.168.2.4 |
May 22, 2024 21:28:28.587517023 CEST | 49745 | 443 | 192.168.2.4 | 23.43.61.160 |
May 22, 2024 21:28:28.588145971 CEST | 49745 | 443 | 192.168.2.4 | 23.43.61.160 |
May 22, 2024 21:28:28.588174105 CEST | 443 | 49745 | 23.43.61.160 | 192.168.2.4 |
May 22, 2024 21:28:29.235418081 CEST | 443 | 49745 | 23.43.61.160 | 192.168.2.4 |
May 22, 2024 21:28:29.235507965 CEST | 49745 | 443 | 192.168.2.4 | 23.43.61.160 |
May 22, 2024 21:28:29.237020016 CEST | 49745 | 443 | 192.168.2.4 | 23.43.61.160 |
May 22, 2024 21:28:29.237032890 CEST | 443 | 49745 | 23.43.61.160 | 192.168.2.4 |
May 22, 2024 21:28:29.237462997 CEST | 443 | 49745 | 23.43.61.160 | 192.168.2.4 |
May 22, 2024 21:28:29.238815069 CEST | 49745 | 443 | 192.168.2.4 | 23.43.61.160 |
May 22, 2024 21:28:29.286505938 CEST | 443 | 49745 | 23.43.61.160 | 192.168.2.4 |
May 22, 2024 21:28:29.518378019 CEST | 443 | 49745 | 23.43.61.160 | 192.168.2.4 |
May 22, 2024 21:28:29.518454075 CEST | 443 | 49745 | 23.43.61.160 | 192.168.2.4 |
May 22, 2024 21:28:29.518515110 CEST | 49745 | 443 | 192.168.2.4 | 23.43.61.160 |
May 22, 2024 21:28:29.519239902 CEST | 49745 | 443 | 192.168.2.4 | 23.43.61.160 |
May 22, 2024 21:28:29.519258976 CEST | 443 | 49745 | 23.43.61.160 | 192.168.2.4 |
May 22, 2024 21:28:29.519269943 CEST | 49745 | 443 | 192.168.2.4 | 23.43.61.160 |
May 22, 2024 21:28:29.519275904 CEST | 443 | 49745 | 23.43.61.160 | 192.168.2.4 |
May 22, 2024 21:28:33.849703074 CEST | 49747 | 443 | 192.168.2.4 | 23.47.168.24 |
May 22, 2024 21:28:33.849746943 CEST | 443 | 49747 | 23.47.168.24 | 192.168.2.4 |
May 22, 2024 21:28:33.849842072 CEST | 49747 | 443 | 192.168.2.4 | 23.47.168.24 |
May 22, 2024 21:28:33.850025892 CEST | 49747 | 443 | 192.168.2.4 | 23.47.168.24 |
May 22, 2024 21:28:33.850038052 CEST | 443 | 49747 | 23.47.168.24 | 192.168.2.4 |
May 22, 2024 21:28:34.519368887 CEST | 443 | 49747 | 23.47.168.24 | 192.168.2.4 |
May 22, 2024 21:28:34.519701004 CEST | 49747 | 443 | 192.168.2.4 | 23.47.168.24 |
May 22, 2024 21:28:34.519727945 CEST | 443 | 49747 | 23.47.168.24 | 192.168.2.4 |
May 22, 2024 21:28:34.521186113 CEST | 443 | 49747 | 23.47.168.24 | 192.168.2.4 |
May 22, 2024 21:28:34.521249056 CEST | 49747 | 443 | 192.168.2.4 | 23.47.168.24 |
May 22, 2024 21:28:34.523339987 CEST | 49747 | 443 | 192.168.2.4 | 23.47.168.24 |
May 22, 2024 21:28:34.523426056 CEST | 443 | 49747 | 23.47.168.24 | 192.168.2.4 |
May 22, 2024 21:28:34.523705959 CEST | 49747 | 443 | 192.168.2.4 | 23.47.168.24 |
May 22, 2024 21:28:34.523714066 CEST | 443 | 49747 | 23.47.168.24 | 192.168.2.4 |
May 22, 2024 21:28:34.576216936 CEST | 49747 | 443 | 192.168.2.4 | 23.47.168.24 |
May 22, 2024 21:28:34.897077084 CEST | 443 | 49747 | 23.47.168.24 | 192.168.2.4 |
May 22, 2024 21:28:34.903734922 CEST | 443 | 49747 | 23.47.168.24 | 192.168.2.4 |
May 22, 2024 21:28:34.903805017 CEST | 49747 | 443 | 192.168.2.4 | 23.47.168.24 |
May 22, 2024 21:28:34.909751892 CEST | 49747 | 443 | 192.168.2.4 | 23.47.168.24 |
May 22, 2024 21:28:34.909774065 CEST | 443 | 49747 | 23.47.168.24 | 192.168.2.4 |
May 22, 2024 21:28:39.412045956 CEST | 49748 | 443 | 192.168.2.4 | 40.127.169.103 |
May 22, 2024 21:28:39.412101984 CEST | 443 | 49748 | 40.127.169.103 | 192.168.2.4 |
May 22, 2024 21:28:39.412189007 CEST | 49748 | 443 | 192.168.2.4 | 40.127.169.103 |
May 22, 2024 21:28:39.413187027 CEST | 49748 | 443 | 192.168.2.4 | 40.127.169.103 |
May 22, 2024 21:28:39.413204908 CEST | 443 | 49748 | 40.127.169.103 | 192.168.2.4 |
May 22, 2024 21:28:40.257781982 CEST | 443 | 49748 | 40.127.169.103 | 192.168.2.4 |
May 22, 2024 21:28:40.257987022 CEST | 49748 | 443 | 192.168.2.4 | 40.127.169.103 |
May 22, 2024 21:28:40.291285038 CEST | 49748 | 443 | 192.168.2.4 | 40.127.169.103 |
May 22, 2024 21:28:40.291302919 CEST | 443 | 49748 | 40.127.169.103 | 192.168.2.4 |
May 22, 2024 21:28:40.291516066 CEST | 443 | 49748 | 40.127.169.103 | 192.168.2.4 |
May 22, 2024 21:28:40.341839075 CEST | 49748 | 443 | 192.168.2.4 | 40.127.169.103 |
May 22, 2024 21:28:40.347606897 CEST | 49748 | 443 | 192.168.2.4 | 40.127.169.103 |
May 22, 2024 21:28:40.390501976 CEST | 443 | 49748 | 40.127.169.103 | 192.168.2.4 |
May 22, 2024 21:28:40.625221014 CEST | 443 | 49748 | 40.127.169.103 | 192.168.2.4 |
May 22, 2024 21:28:40.625243902 CEST | 443 | 49748 | 40.127.169.103 | 192.168.2.4 |
May 22, 2024 21:28:40.625251055 CEST | 443 | 49748 | 40.127.169.103 | 192.168.2.4 |
May 22, 2024 21:28:40.625262976 CEST | 443 | 49748 | 40.127.169.103 | 192.168.2.4 |
May 22, 2024 21:28:40.625282049 CEST | 443 | 49748 | 40.127.169.103 | 192.168.2.4 |
May 22, 2024 21:28:40.625426054 CEST | 49748 | 443 | 192.168.2.4 | 40.127.169.103 |
May 22, 2024 21:28:40.625426054 CEST | 49748 | 443 | 192.168.2.4 | 40.127.169.103 |
May 22, 2024 21:28:40.625452042 CEST | 443 | 49748 | 40.127.169.103 | 192.168.2.4 |
May 22, 2024 21:28:40.625494003 CEST | 49748 | 443 | 192.168.2.4 | 40.127.169.103 |
May 22, 2024 21:28:40.641814947 CEST | 443 | 49748 | 40.127.169.103 | 192.168.2.4 |
May 22, 2024 21:28:40.641886950 CEST | 443 | 49748 | 40.127.169.103 | 192.168.2.4 |
May 22, 2024 21:28:40.641907930 CEST | 49748 | 443 | 192.168.2.4 | 40.127.169.103 |
May 22, 2024 21:28:40.642065048 CEST | 49748 | 443 | 192.168.2.4 | 40.127.169.103 |
May 22, 2024 21:28:40.642863035 CEST | 49748 | 443 | 192.168.2.4 | 40.127.169.103 |
May 22, 2024 21:28:40.642879963 CEST | 443 | 49748 | 40.127.169.103 | 192.168.2.4 |
May 22, 2024 21:28:40.642900944 CEST | 49748 | 443 | 192.168.2.4 | 40.127.169.103 |
May 22, 2024 21:28:40.642905951 CEST | 443 | 49748 | 40.127.169.103 | 192.168.2.4 |
May 22, 2024 21:28:50.889106989 CEST | 49754 | 443 | 192.168.2.4 | 172.217.16.196 |
May 22, 2024 21:28:50.889141083 CEST | 443 | 49754 | 172.217.16.196 | 192.168.2.4 |
May 22, 2024 21:28:50.889286041 CEST | 49754 | 443 | 192.168.2.4 | 172.217.16.196 |
May 22, 2024 21:28:50.889508009 CEST | 49754 | 443 | 192.168.2.4 | 172.217.16.196 |
May 22, 2024 21:28:50.889520884 CEST | 443 | 49754 | 172.217.16.196 | 192.168.2.4 |
May 22, 2024 21:28:51.540412903 CEST | 443 | 49754 | 172.217.16.196 | 192.168.2.4 |
May 22, 2024 21:28:51.542557955 CEST | 49754 | 443 | 192.168.2.4 | 172.217.16.196 |
May 22, 2024 21:28:51.542582035 CEST | 443 | 49754 | 172.217.16.196 | 192.168.2.4 |
May 22, 2024 21:28:51.543534994 CEST | 443 | 49754 | 172.217.16.196 | 192.168.2.4 |
May 22, 2024 21:28:51.544481993 CEST | 49754 | 443 | 192.168.2.4 | 172.217.16.196 |
May 22, 2024 21:28:51.545561075 CEST | 49754 | 443 | 192.168.2.4 | 172.217.16.196 |
May 22, 2024 21:28:51.545619011 CEST | 443 | 49754 | 172.217.16.196 | 192.168.2.4 |
May 22, 2024 21:28:51.595755100 CEST | 49754 | 443 | 192.168.2.4 | 172.217.16.196 |
May 22, 2024 21:28:51.595771074 CEST | 443 | 49754 | 172.217.16.196 | 192.168.2.4 |
May 22, 2024 21:28:51.643110991 CEST | 49754 | 443 | 192.168.2.4 | 172.217.16.196 |
May 22, 2024 21:29:01.433404922 CEST | 443 | 49754 | 172.217.16.196 | 192.168.2.4 |
May 22, 2024 21:29:01.433471918 CEST | 443 | 49754 | 172.217.16.196 | 192.168.2.4 |
May 22, 2024 21:29:01.433602095 CEST | 49754 | 443 | 192.168.2.4 | 172.217.16.196 |
May 22, 2024 21:29:02.657542944 CEST | 49754 | 443 | 192.168.2.4 | 172.217.16.196 |
May 22, 2024 21:29:02.657573938 CEST | 443 | 49754 | 172.217.16.196 | 192.168.2.4 |
May 22, 2024 21:29:11.683943987 CEST | 49723 | 80 | 192.168.2.4 | 2.19.126.163 |
May 22, 2024 21:29:11.684020996 CEST | 49724 | 80 | 192.168.2.4 | 2.19.126.163 |
May 22, 2024 21:29:11.689876080 CEST | 80 | 49723 | 2.19.126.163 | 192.168.2.4 |
May 22, 2024 21:29:11.689981937 CEST | 49723 | 80 | 192.168.2.4 | 2.19.126.163 |
May 22, 2024 21:29:11.737859011 CEST | 80 | 49724 | 2.19.126.163 | 192.168.2.4 |
May 22, 2024 21:29:11.737994909 CEST | 49724 | 80 | 192.168.2.4 | 2.19.126.163 |
May 22, 2024 21:29:16.911473036 CEST | 49766 | 443 | 192.168.2.4 | 40.127.169.103 |
May 22, 2024 21:29:16.911514997 CEST | 443 | 49766 | 40.127.169.103 | 192.168.2.4 |
May 22, 2024 21:29:16.911598921 CEST | 49766 | 443 | 192.168.2.4 | 40.127.169.103 |
May 22, 2024 21:29:16.912028074 CEST | 49766 | 443 | 192.168.2.4 | 40.127.169.103 |
May 22, 2024 21:29:16.912051916 CEST | 443 | 49766 | 40.127.169.103 | 192.168.2.4 |
May 22, 2024 21:29:17.831126928 CEST | 443 | 49766 | 40.127.169.103 | 192.168.2.4 |
May 22, 2024 21:29:17.831747055 CEST | 49766 | 443 | 192.168.2.4 | 40.127.169.103 |
May 22, 2024 21:29:17.834647894 CEST | 49766 | 443 | 192.168.2.4 | 40.127.169.103 |
May 22, 2024 21:29:17.834656954 CEST | 443 | 49766 | 40.127.169.103 | 192.168.2.4 |
May 22, 2024 21:29:17.834980011 CEST | 443 | 49766 | 40.127.169.103 | 192.168.2.4 |
May 22, 2024 21:29:17.842369080 CEST | 49766 | 443 | 192.168.2.4 | 40.127.169.103 |
May 22, 2024 21:29:17.882512093 CEST | 443 | 49766 | 40.127.169.103 | 192.168.2.4 |
May 22, 2024 21:29:18.221396923 CEST | 443 | 49766 | 40.127.169.103 | 192.168.2.4 |
May 22, 2024 21:29:18.221429110 CEST | 443 | 49766 | 40.127.169.103 | 192.168.2.4 |
May 22, 2024 21:29:18.221448898 CEST | 443 | 49766 | 40.127.169.103 | 192.168.2.4 |
May 22, 2024 21:29:18.221482038 CEST | 49766 | 443 | 192.168.2.4 | 40.127.169.103 |
May 22, 2024 21:29:18.221496105 CEST | 443 | 49766 | 40.127.169.103 | 192.168.2.4 |
May 22, 2024 21:29:18.221548080 CEST | 49766 | 443 | 192.168.2.4 | 40.127.169.103 |
May 22, 2024 21:29:18.249001026 CEST | 443 | 49766 | 40.127.169.103 | 192.168.2.4 |
May 22, 2024 21:29:18.249056101 CEST | 443 | 49766 | 40.127.169.103 | 192.168.2.4 |
May 22, 2024 21:29:18.249080896 CEST | 49766 | 443 | 192.168.2.4 | 40.127.169.103 |
May 22, 2024 21:29:18.249095917 CEST | 443 | 49766 | 40.127.169.103 | 192.168.2.4 |
May 22, 2024 21:29:18.249131918 CEST | 443 | 49766 | 40.127.169.103 | 192.168.2.4 |
May 22, 2024 21:29:18.249154091 CEST | 49766 | 443 | 192.168.2.4 | 40.127.169.103 |
May 22, 2024 21:29:18.249178886 CEST | 49766 | 443 | 192.168.2.4 | 40.127.169.103 |
May 22, 2024 21:29:18.249212980 CEST | 49766 | 443 | 192.168.2.4 | 40.127.169.103 |
May 22, 2024 21:29:18.249226093 CEST | 443 | 49766 | 40.127.169.103 | 192.168.2.4 |
May 22, 2024 21:29:18.249238014 CEST | 49766 | 443 | 192.168.2.4 | 40.127.169.103 |
May 22, 2024 21:29:18.249243021 CEST | 443 | 49766 | 40.127.169.103 | 192.168.2.4 |
May 22, 2024 21:29:35.494647026 CEST | 49734 | 80 | 192.168.2.4 | 192.229.221.95 |
May 22, 2024 21:29:35.494868040 CEST | 49735 | 80 | 192.168.2.4 | 93.184.221.240 |
May 22, 2024 21:29:35.501015902 CEST | 80 | 49734 | 192.229.221.95 | 192.168.2.4 |
May 22, 2024 21:29:35.501166105 CEST | 49734 | 80 | 192.168.2.4 | 192.229.221.95 |
May 22, 2024 21:29:35.507302046 CEST | 80 | 49735 | 93.184.221.240 | 192.168.2.4 |
May 22, 2024 21:29:35.507392883 CEST | 49735 | 80 | 192.168.2.4 | 93.184.221.240 |
May 22, 2024 21:29:50.936218977 CEST | 49770 | 443 | 192.168.2.4 | 172.217.16.196 |
May 22, 2024 21:29:50.936307907 CEST | 443 | 49770 | 172.217.16.196 | 192.168.2.4 |
May 22, 2024 21:29:50.936408997 CEST | 49770 | 443 | 192.168.2.4 | 172.217.16.196 |
May 22, 2024 21:29:50.936661959 CEST | 49770 | 443 | 192.168.2.4 | 172.217.16.196 |
May 22, 2024 21:29:50.936696053 CEST | 443 | 49770 | 172.217.16.196 | 192.168.2.4 |
May 22, 2024 21:29:51.571799994 CEST | 443 | 49770 | 172.217.16.196 | 192.168.2.4 |
May 22, 2024 21:29:51.572175980 CEST | 49770 | 443 | 192.168.2.4 | 172.217.16.196 |
May 22, 2024 21:29:51.572208881 CEST | 443 | 49770 | 172.217.16.196 | 192.168.2.4 |
May 22, 2024 21:29:51.572537899 CEST | 443 | 49770 | 172.217.16.196 | 192.168.2.4 |
May 22, 2024 21:29:51.572909117 CEST | 49770 | 443 | 192.168.2.4 | 172.217.16.196 |
May 22, 2024 21:29:51.572968006 CEST | 443 | 49770 | 172.217.16.196 | 192.168.2.4 |
May 22, 2024 21:29:51.613737106 CEST | 49770 | 443 | 192.168.2.4 | 172.217.16.196 |
May 22, 2024 21:30:01.487942934 CEST | 443 | 49770 | 172.217.16.196 | 192.168.2.4 |
May 22, 2024 21:30:01.488094091 CEST | 443 | 49770 | 172.217.16.196 | 192.168.2.4 |
May 22, 2024 21:30:01.488171101 CEST | 49770 | 443 | 192.168.2.4 | 172.217.16.196 |
May 22, 2024 21:30:02.752553940 CEST | 49770 | 443 | 192.168.2.4 | 172.217.16.196 |
May 22, 2024 21:30:02.752624035 CEST | 443 | 49770 | 172.217.16.196 | 192.168.2.4 |
May 22, 2024 21:30:20.210340977 CEST | 54070 | 53 | 192.168.2.4 | 1.1.1.1 |
May 22, 2024 21:30:20.215320110 CEST | 53 | 54070 | 1.1.1.1 | 192.168.2.4 |
May 22, 2024 21:30:20.215405941 CEST | 54070 | 53 | 192.168.2.4 | 1.1.1.1 |
May 22, 2024 21:30:20.215473890 CEST | 54070 | 53 | 192.168.2.4 | 1.1.1.1 |
May 22, 2024 21:30:20.268413067 CEST | 53 | 54070 | 1.1.1.1 | 192.168.2.4 |
May 22, 2024 21:30:20.670128107 CEST | 53 | 54070 | 1.1.1.1 | 192.168.2.4 |
May 22, 2024 21:30:20.677969933 CEST | 54070 | 53 | 192.168.2.4 | 1.1.1.1 |
May 22, 2024 21:30:20.693268061 CEST | 53 | 54070 | 1.1.1.1 | 192.168.2.4 |
May 22, 2024 21:30:20.693358898 CEST | 54070 | 53 | 192.168.2.4 | 1.1.1.1 |
May 22, 2024 21:30:50.988548040 CEST | 54075 | 443 | 192.168.2.4 | 172.217.16.196 |
May 22, 2024 21:30:50.988603115 CEST | 443 | 54075 | 172.217.16.196 | 192.168.2.4 |
May 22, 2024 21:30:50.988676071 CEST | 54075 | 443 | 192.168.2.4 | 172.217.16.196 |
May 22, 2024 21:30:50.989129066 CEST | 54075 | 443 | 192.168.2.4 | 172.217.16.196 |
May 22, 2024 21:30:50.989144087 CEST | 443 | 54075 | 172.217.16.196 | 192.168.2.4 |
May 22, 2024 21:30:51.680408955 CEST | 443 | 54075 | 172.217.16.196 | 192.168.2.4 |
May 22, 2024 21:30:51.680747986 CEST | 54075 | 443 | 192.168.2.4 | 172.217.16.196 |
May 22, 2024 21:30:51.680785894 CEST | 443 | 54075 | 172.217.16.196 | 192.168.2.4 |
May 22, 2024 21:30:51.681123018 CEST | 443 | 54075 | 172.217.16.196 | 192.168.2.4 |
May 22, 2024 21:30:51.681422949 CEST | 54075 | 443 | 192.168.2.4 | 172.217.16.196 |
May 22, 2024 21:30:51.681509018 CEST | 443 | 54075 | 172.217.16.196 | 192.168.2.4 |
May 22, 2024 21:30:51.731621027 CEST | 54075 | 443 | 192.168.2.4 | 172.217.16.196 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 22, 2024 21:28:46.524732113 CEST | 49805 | 53 | 192.168.2.4 | 1.1.1.1 |
May 22, 2024 21:28:46.524847984 CEST | 51594 | 53 | 192.168.2.4 | 1.1.1.1 |
May 22, 2024 21:28:46.549839973 CEST | 53 | 49992 | 1.1.1.1 | 192.168.2.4 |
May 22, 2024 21:28:46.573810101 CEST | 53 | 55608 | 1.1.1.1 | 192.168.2.4 |
May 22, 2024 21:28:47.067918062 CEST | 138 | 138 | 192.168.2.4 | 192.168.2.255 |
May 22, 2024 21:28:47.831523895 CEST | 53 | 49438 | 1.1.1.1 | 192.168.2.4 |
May 22, 2024 21:28:50.872828960 CEST | 58530 | 53 | 192.168.2.4 | 1.1.1.1 |
May 22, 2024 21:28:50.872828960 CEST | 53654 | 53 | 192.168.2.4 | 1.1.1.1 |
May 22, 2024 21:28:50.880167961 CEST | 53 | 58530 | 1.1.1.1 | 192.168.2.4 |
May 22, 2024 21:28:50.888371944 CEST | 53 | 53654 | 1.1.1.1 | 192.168.2.4 |
May 22, 2024 21:28:58.841779947 CEST | 53 | 57756 | 1.1.1.1 | 192.168.2.4 |
May 22, 2024 21:29:04.911422014 CEST | 53 | 63268 | 1.1.1.1 | 192.168.2.4 |
May 22, 2024 21:29:23.933033943 CEST | 53 | 62485 | 1.1.1.1 | 192.168.2.4 |
May 22, 2024 21:29:46.072280884 CEST | 53 | 65010 | 1.1.1.1 | 192.168.2.4 |
May 22, 2024 21:29:46.375808001 CEST | 53 | 49599 | 1.1.1.1 | 192.168.2.4 |
May 22, 2024 21:30:15.211335897 CEST | 53 | 58095 | 1.1.1.1 | 192.168.2.4 |
May 22, 2024 21:30:20.209882021 CEST | 53 | 56362 | 1.1.1.1 | 192.168.2.4 |
May 22, 2024 21:30:35.289710999 CEST | 52418 | 53 | 192.168.2.4 | 1.1.1.1 |
May 22, 2024 21:30:35.290069103 CEST | 61751 | 53 | 192.168.2.4 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
May 22, 2024 21:28:46.683612108 CEST | 192.168.2.4 | 1.1.1.1 | c259 | (Port unreachable) | Destination Unreachable |
May 22, 2024 21:29:46.072427034 CEST | 192.168.2.4 | 1.1.1.1 | c224 | (Port unreachable) | Destination Unreachable |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
May 22, 2024 21:28:46.524732113 CEST | 192.168.2.4 | 1.1.1.1 | 0x58e3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 22, 2024 21:28:46.524847984 CEST | 192.168.2.4 | 1.1.1.1 | 0x9433 | Standard query (0) | 65 | IN (0x0001) | false | |
May 22, 2024 21:28:50.872828960 CEST | 192.168.2.4 | 1.1.1.1 | 0x6f75 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 22, 2024 21:28:50.872828960 CEST | 192.168.2.4 | 1.1.1.1 | 0x51bb | Standard query (0) | 65 | IN (0x0001) | false | |
May 22, 2024 21:30:35.289710999 CEST | 192.168.2.4 | 1.1.1.1 | 0xb29e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 22, 2024 21:30:35.290069103 CEST | 192.168.2.4 | 1.1.1.1 | 0xbbd8 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
May 22, 2024 21:28:46.562355042 CEST | 1.1.1.1 | 192.168.2.4 | 0x58e3 | No error (0) | mi.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
May 22, 2024 21:28:46.683511972 CEST | 1.1.1.1 | 192.168.2.4 | 0x9433 | No error (0) | mi.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
May 22, 2024 21:28:50.880167961 CEST | 1.1.1.1 | 192.168.2.4 | 0x6f75 | No error (0) | 172.217.16.196 | A (IP address) | IN (0x0001) | false | ||
May 22, 2024 21:28:50.888371944 CEST | 1.1.1.1 | 192.168.2.4 | 0x51bb | No error (0) | 65 | IN (0x0001) | false | |||
May 22, 2024 21:30:35.425513983 CEST | 1.1.1.1 | 192.168.2.4 | 0xbbd8 | No error (0) | mi.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
May 22, 2024 21:30:35.430296898 CEST | 1.1.1.1 | 192.168.2.4 | 0xb29e | No error (0) | mi.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49744 | 23.43.61.160 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-22 19:28:28 UTC | 161 | OUT | |
2024-05-22 19:28:28 UTC | 466 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49745 | 23.43.61.160 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-22 19:28:29 UTC | 239 | OUT | |
2024-05-22 19:28:29 UTC | 534 | IN | |
2024-05-22 19:28:29 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49747 | 23.47.168.24 | 443 | 7900 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-22 19:28:34 UTC | 475 | OUT | |
2024-05-22 19:28:34 UTC | 198 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49748 | 40.127.169.103 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-22 19:28:40 UTC | 306 | OUT | |
2024-05-22 19:28:40 UTC | 560 | IN | |
2024-05-22 19:28:40 UTC | 15824 | IN | |
2024-05-22 19:28:40 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49766 | 40.127.169.103 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-22 19:29:17 UTC | 306 | OUT | |
2024-05-22 19:29:18 UTC | 560 | IN | |
2024-05-22 19:29:18 UTC | 15824 | IN | |
2024-05-22 19:29:18 UTC | 9633 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 15:28:19 |
Start date: | 22/05/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 1 |
Start time: | 15:28:20 |
Start date: | 22/05/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 3 |
Start time: | 15:28:20 |
Start date: | 22/05/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 9 |
Start time: | 15:28:44 |
Start date: | 22/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 10 |
Start time: | 15:28:44 |
Start date: | 22/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |