Windows
Analysis Report
https://www.asafm.army.mil/Portals/72/Documents/BudgetMaterial/2025/Base%20Budget/Procurement/Procurement-of-Ammunition-Army.pdf
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
chrome.exe (PID: 1412 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) chrome.exe (PID: 2276 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2320 --fi eld-trial- handle=200 8,i,537282 9012406818 501,310270 1673576048 389,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
chrome.exe (PID: 4052 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://www.a safm.army. mil/Portal s/72/Docum ents/Budge tMaterial/ 2025/Base% 20Budget/P rocurement /Procureme nt-of-Ammu nition-Arm y.pdf" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
Acrobat.exe (PID: 5440 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Downloads \downloade d.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) AcroCEF.exe (PID: 4228 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) AcroCEF.exe (PID: 5804 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 12 --field -trial-han dle=1544,i ,105016835 7745068951 5,15840798 2784228791 6,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | File opened: | Jump to behavior |
Source: | Window detected: |
Source: | File created: | |||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 11 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
chrome.cloudflare-dns.com | 172.64.41.3 | true | false | unknown | |
www.google.com | 172.217.18.4 | true | false | unknown | |
fp2e7a.wpc.phicdn.net | 192.229.221.95 | true | false | unknown | |
www.asafm.army.mil | unknown | unknown | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false | unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.217.18.4 | www.google.com | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
172.64.41.3 | chrome.cloudflare-dns.com | United States | 13335 | CLOUDFLARENETUS | false |
IP |
---|
192.168.2.4 |
192.168.2.5 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1447262 |
Start date and time: | 2024-05-24 17:44:24 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 32s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://www.asafm.army.mil/Portals/72/Documents/BudgetMaterial/2025/Base%20Budget/Procurement/Procurement-of-Ammunition-Army.pdf |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 13 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean1.win@41/52@7/5 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.250.184.195, 142.250.184.238, 64.233.184.84, 34.104.35.123, 23.204.24.144, 40.68.123.157, 95.101.54.121, 95.101.54.120, 95.101.54.113, 95.101.54.128, 95.101.54.195, 192.229.221.95, 13.85.23.206, 13.95.31.18, 52.165.165.26, 142.250.185.67, 184.28.88.176, 107.22.247.231, 18.207.85.246, 54.144.73.197, 34.193.227.236, 172.217.23.110, 2.16.241.15, 2.16.241.13, 2.16.164.121, 2.16.164.131, 2.16.164.105, 2.16.164.120, 2.16.164.129, 2.16.164.107, 2.16.164.122, 2.16.164.114, 2.16.164.113, 2.16.164.64, 2.16.164.59, 2.16.164.24, 2.16.164.51, 2.16.164.17, 2.16.164.33, 2.16.164.16, 2.16.164.35, 142.251.40.131, 142.250.80.67, 23.200.196.138
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, slscr.update.microsoft.com, e4578.dscb.akamaiedge.net, www.asafm.army.mil.edgekey.net, clientservices.googleapis.com, a767.dspw65.akamai.net, e17131.dscb.akamaiedge.net, acroipm2.adobe.com, a1952.dscq.akamai.net, clients2.google.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, www.gstatic.com, wu-b-net.trafficmanager.net, apps.identrust.com, glb.sls.prod.dcat.dsp.trafficmanager.net, clients1.google.com, fs.microsoft.com, identrust.edgesuite.net, accounts.google.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, armmf.adobe.com, clients.l.google.com, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenFile calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: https://www.asafm.army.mil/Portals/72/Documents/BudgetMaterial/2025/Base%20Budget/Procurement/Procurement-of-Ammunition-Army.pdf
Time | Type | Description |
---|---|---|
11:46:48 | API Interceptor |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.229469898085802 |
Encrypted: | false |
SSDEEP: | 6:DT5TU+lL+q2P92nKuAl9OmbnIFUt86T5TU8z1Zmw+6T5TU8lLVkwO92nKuAl9Omt:D5Lyv4HAahFUt865DZ/+65DlR5LHAaSJ |
MD5: | A709555187502D29E99CF5FE6B23A08C |
SHA1: | 292699E9AEDFD770EED146DB43FC92204DEA165C |
SHA-256: | A7B1847C3B2E0A4068C56C66D3A06D6B53379BC8B2D54F8414C10E6EE4546AEA |
SHA-512: | 01BC61E10089A9D42C1B991FD33A667A69B0CCAE7763DE646E9785EBB6397549E283838CEA489229B3852518274AF7E51F43E9C360901A5D269465F34533C7EB |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.229469898085802 |
Encrypted: | false |
SSDEEP: | 6:DT5TU+lL+q2P92nKuAl9OmbnIFUt86T5TU8z1Zmw+6T5TU8lLVkwO92nKuAl9Omt:D5Lyv4HAahFUt865DZ/+65DlR5LHAaSJ |
MD5: | A709555187502D29E99CF5FE6B23A08C |
SHA1: | 292699E9AEDFD770EED146DB43FC92204DEA165C |
SHA-256: | A7B1847C3B2E0A4068C56C66D3A06D6B53379BC8B2D54F8414C10E6EE4546AEA |
SHA-512: | 01BC61E10089A9D42C1B991FD33A667A69B0CCAE7763DE646E9785EBB6397549E283838CEA489229B3852518274AF7E51F43E9C360901A5D269465F34533C7EB |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.204174051281625 |
Encrypted: | false |
SSDEEP: | 6:DT5TUiKq2P92nKuAl9Ombzo2jMGIFUt86T5TUIZmw+6T5TUQkwO92nKuAl9Ombzz:D5Av4HAa8uFUt865Z/+65z5LHAa8RJ |
MD5: | 90B64C354D4FEF05DB30C66D5C81661B |
SHA1: | CFB2E20B211AB1A7812586AF8D050C47FCC88ADD |
SHA-256: | AF3228D7F3F0C6DC80F49E6C82351E0D02717C3FCF8D805D97EEB8C41F196E77 |
SHA-512: | 1CF2AB6B9FA1569761149968C083E4133AA8524C432D9B0EDDB965918877923CD01438B1F9FD35FD07F091ADA888709CD0C06F1CD134BAD2FEA6FC3598F62FD7 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.204174051281625 |
Encrypted: | false |
SSDEEP: | 6:DT5TUiKq2P92nKuAl9Ombzo2jMGIFUt86T5TUIZmw+6T5TUQkwO92nKuAl9Ombzz:D5Av4HAa8uFUt865Z/+65z5LHAa8RJ |
MD5: | 90B64C354D4FEF05DB30C66D5C81661B |
SHA1: | CFB2E20B211AB1A7812586AF8D050C47FCC88ADD |
SHA-256: | AF3228D7F3F0C6DC80F49E6C82351E0D02717C3FCF8D805D97EEB8C41F196E77 |
SHA-512: | 1CF2AB6B9FA1569761149968C083E4133AA8524C432D9B0EDDB965918877923CD01438B1F9FD35FD07F091ADA888709CD0C06F1CD134BAD2FEA6FC3598F62FD7 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4099 |
Entropy (8bit): | 5.2413557484907765 |
Encrypted: | false |
SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUNYgLNp:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLw |
MD5: | 5DDBFDD9EEC4C183F1DFE94C56C9762E |
SHA1: | 4D9A39F654FC122DCB0435BE2985E43B94D63E0F |
SHA-256: | BAECFD6DB5CED0FCD53E8436AF701E777C1832BD2E92892F4E2ED256C34F62F4 |
SHA-512: | 4DEB4E424746433DFA68305C799C5D6783F52D615F84BE32BEFEFB4F2259CA577D2E8682EC546A10FBD3688EA32EABACAB7780CE1E9C8B9721830FCEC96F71F4 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.226874846789706 |
Encrypted: | false |
SSDEEP: | 6:DT5TUeawVOq2P92nKuAl9OmbzNMxIFUt86T5TUe8vZZmw+6T5TUerXkwO92nKuAo:D5DOv4HAa8jFUt865s/+65n5LHAa84J |
MD5: | 6DCD029D454D6C8835283DAA4EE494B8 |
SHA1: | 76A5E6D8EAB6853510029345661413ABA05D0B02 |
SHA-256: | 7B01F3CED080229372251EEA6AA6BD9BBB87C615DF0AF64DF6FB8E2D2EF691F1 |
SHA-512: | 384F2D14960908DE2016E77AA4ACB96991BE24636CBB32EC4DF82AFEE3864FE0E91466A6F8CF2F45EFAEABD99767E4656A32A35F0BD4FF6F5A3D978208E3C4AF |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.226874846789706 |
Encrypted: | false |
SSDEEP: | 6:DT5TUeawVOq2P92nKuAl9OmbzNMxIFUt86T5TUe8vZZmw+6T5TUerXkwO92nKuAo:D5DOv4HAa8jFUt865s/+65n5LHAa84J |
MD5: | 6DCD029D454D6C8835283DAA4EE494B8 |
SHA1: | 76A5E6D8EAB6853510029345661413ABA05D0B02 |
SHA-256: | 7B01F3CED080229372251EEA6AA6BD9BBB87C615DF0AF64DF6FB8E2D2EF691F1 |
SHA-512: | 384F2D14960908DE2016E77AA4ACB96991BE24636CBB32EC4DF82AFEE3864FE0E91466A6F8CF2F45EFAEABD99767E4656A32A35F0BD4FF6F5A3D978208E3C4AF |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240524154640Z-185.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 82710 |
Entropy (8bit): | 1.1521894466357347 |
Encrypted: | false |
SSDEEP: | 192:M/0vXVkOiSHjKyMPYzkgzOUdhrUZ2rUK1FqVwllT6GgU4cKCuh:M/0PVNiSHjKy+8y8wZ2X1oVYlTQcKCuh |
MD5: | 5F695CB90CDEE4CA19AC5BF77E7053E2 |
SHA1: | 54983531B4F232AF27D983268AF3C5BAB3BAA428 |
SHA-256: | FD13A106DF7B8C543C6A4581714C1E445C6A7062905DB827BAC820D01A32EC26 |
SHA-512: | 28117B458B6CACB2DFD7A243C4372460411A98940F17C6061681CF11881222FF861FE9ADCFBF43835F0E73319CEA28BF4AAF50444BC7D846E7BBCA0EF1348087 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 893 |
Entropy (8bit): | 7.366016576663508 |
Encrypted: | false |
SSDEEP: | 24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x |
MD5: | D4AE187B4574036C2D76B6DF8A8C1A30 |
SHA1: | B06F409FA14BAB33CBAF4A37811B8740B624D9E5 |
SHA-256: | A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7 |
SHA-512: | 1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 252 |
Entropy (8bit): | 3.0185313792061232 |
Encrypted: | false |
SSDEEP: | 3:kkFklVR/kVXfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7l3:kKqRslxliBAIdQZV7I7kc3 |
MD5: | 625070911F4BF7EAAEE88E491D4F6DFB |
SHA1: | EDFFFAFAFA6308105862EE6CCAD119C465C352BE |
SHA-256: | D84535ACB74E2B9A12F68491118F28C0FA61DCDAAB7693DC221CF6217F461AE4 |
SHA-512: | 45142CD67D8C3B0DEF4CB2BF6BD67A20F4DFFD800FC4F4BC5CBDF942119A11FFD0376E9EBD0EBBBBEAC39468D1A5859ED97C293EB74B2FCCBC401CA3EB478506 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.322532179480769 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHERNIiVuZLpR+FIbRI6XVW7+0Y0lxoAvJM3g98kUwPeUkwRe9:YvXKXYafZLSYpW7gGMbLUkee9 |
MD5: | AA3F8F2612FFCF4FD3154FC5C837EF09 |
SHA1: | 595782EC7DF343D664523394E433C9AB9A215B5B |
SHA-256: | FBE7B03AE6BA681D9BAAB2266A33628C64493946DA41CC0CB340AFFDD8E1F1E5 |
SHA-512: | 4AA270CE274504DE4B9191F09B25A6EDB7F565DD8E515ED918D18BCF40718874D17F71094E8E52069234F8824A07061ED218707EABE0BE98E0C3C9DFC9BAF4C3 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.258958874126939 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHERNIiVuZLpR+FIbRI6XVW7+0Y0lxoAvJfBoTfXpnrPeUkwRe9:YvXKXYafZLSYpW7gGWTfXcUkee9 |
MD5: | 23B4465EB4509C6004B33C1B04553862 |
SHA1: | 9B1500BA760ADD2BBDCEA28843E45CDFD9FAD27C |
SHA-256: | 2314ED95704A50722B1E79ED8DD3637D4AF13904CC05F5EB0392543A032BA487 |
SHA-512: | C1EBAC7591BE20973D7D9B85A35E655AFBF6D2919C718350750DCD5ED32E73F9FAE604649DD3F6E401277140CE537BE779F761A71C31A3F07DE15FC549B3F7D4 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.238485057200971 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHERNIiVuZLpR+FIbRI6XVW7+0Y0lxoAvJfBD2G6UpnrPeUkwRe9:YvXKXYafZLSYpW7gGR22cUkee9 |
MD5: | 36A11B61730754C1B8D202DC254725F4 |
SHA1: | AC3261A881C94E742D2D3CBE411925EC9B5CC400 |
SHA-256: | EB8B242CA1ADBD450C23BC160574F13018C7C9F82342C2C1CD71B4CE43BDEB96 |
SHA-512: | A6C190FFD49ACE2A3F7EE093A722C3D96375DFC0835F6957AF34B31148BC9EBE0D15EA8965C4B84EF9B869E7AAB60A74A8D57086D761B91C2600C2F268C82F8E |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.299992383210619 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHERNIiVuZLpR+FIbRI6XVW7+0Y0lxoAvJfPmwrPeUkwRe9:YvXKXYafZLSYpW7gGH56Ukee9 |
MD5: | D2F79E73BDDC94F32775BDCD4BCBFDE0 |
SHA1: | B6799F20B8B23D424D42D36EA5D7886C2BB1FA31 |
SHA-256: | FFC1B52C37D43B744F9A21EBFB020F407811D8E5FADAA53960C08FA221770A8F |
SHA-512: | 77783CBBCACA1F69B11BC83C3CC50050EED4988C049CB7D8BB861DA2C84D6667023F37F4046B947CC513312E9BC4B7B78DB2780286C437EF4F02FE0ED3453428 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.255946391105743 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHERNIiVuZLpR+FIbRI6XVW7+0Y0lxoAvJfJWCtMdPeUkwRe9:YvXKXYafZLSYpW7gGBS8Ukee9 |
MD5: | BA5F58732FC015799E7D55CDC1B53577 |
SHA1: | ED75DF979612AB59F4BFE7ED9688D58D0111C0DF |
SHA-256: | 199559536794B00A98B42F511EA0A8155D8F6AFD0E25CBD7E3616531BB497BFC |
SHA-512: | CF9030EF14C656EFD773EAB69FD6EF52B1A542765A1157D61F4E0E29EACA03FEBA43B779A5CE60AFE5CDD947F6251EA7DEBAE7E51DAB0DAC2CCEF810DD60CFCD |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.242635757461539 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHERNIiVuZLpR+FIbRI6XVW7+0Y0lxoAvJf8dPeUkwRe9:YvXKXYafZLSYpW7gGU8Ukee9 |
MD5: | F6F72CE1E9D0107F87FBF4B25F41ACF8 |
SHA1: | 68B4A6F9808DB09055559D5B142265644AEBF1BC |
SHA-256: | 85E2C1629A616ABABD77BCA9A3360EEB536F6F12B2AC01EFA3BA713A3010632E |
SHA-512: | D6BF987DFD22E29EBC88982E219C53F95CB0DA238715F847269D8558A134102DB9C7D9117E99F22E2126B0D601BAFD391A7FE96CED4678A735AC5D7A7B2D0E9D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.243954529254294 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHERNIiVuZLpR+FIbRI6XVW7+0Y0lxoAvJfQ1rPeUkwRe9:YvXKXYafZLSYpW7gGY16Ukee9 |
MD5: | 2EA9FF7F1ACD13818084590D5AF9B121 |
SHA1: | EB6582E8241CF079783A1CE2A0C64398C6637D88 |
SHA-256: | D99A5C19322B0CCA99BC8A1AB8ADE8E6BCBDE238DAEC76EEB8BF69EB86DC2187 |
SHA-512: | 946BE5D1D064C3C18B975A9E7AF6B83D72219F7B7B49FAD06CA4D22FCFC2B8203CA2913FC6BA4596BAAAB5D0B75FC9288944352D6FE89584B31B0F9401AFA5B8 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.2626527788630995 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHERNIiVuZLpR+FIbRI6XVW7+0Y0lxoAvJfFldPeUkwRe9:YvXKXYafZLSYpW7gGz8Ukee9 |
MD5: | 1AF8F0582C0DE9C863A85DBA8116411D |
SHA1: | 5F0C416B1FAF39C6EA735F35FB9B7FAD1C453B2D |
SHA-256: | F082828181EF344EE62E77928CAE7F15C393B8A7C718628C3CD03449A669E882 |
SHA-512: | 0C5C1EA8646B1397FAEE8CC90A05D900FF6FA60A810D3DCBA33275125337B739CB4F8AEBADAD79CF0B0B5A458D77C0693B19EFEFB965C53A65318CB90E128888 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.737108104903754 |
Encrypted: | false |
SSDEEP: | 24:Yv6XTR3iYKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNY:YvSSYEgigrNt0wSJn+ns8cvFJ2 |
MD5: | 9036E7BE41BF82AC016BD8F867455E22 |
SHA1: | EC6D0A6DF6A2398B7F6B92DFC8CB7E68D0CE8A9C |
SHA-256: | B1BF4F7BEF5FC9638C5E6E9E545280F833C1F95A9EA25C9637A924923C08A03D |
SHA-512: | CE5F951A6C83FE28CF18FF3D97E172B38DAAD1C78CEF51D843C5E309558BA7CCE201C57950A5929E4D586900F3CCE588D3CAA16DA6ABA29AE8E389FAA5D85101 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.2495675558879435 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHERNIiVuZLpR+FIbRI6XVW7+0Y0lxoAvJfYdPeUkwRe9:YvXKXYafZLSYpW7gGg8Ukee9 |
MD5: | CDB276983D035FC7544F4FC69B78E7F5 |
SHA1: | 3AF6BF452C2110A39495AAF7A6C8F8B539E365B6 |
SHA-256: | 55946C65C535FA77382FB2DCBDD5814215C472CB9CC492CA1C3DB8A772104E05 |
SHA-512: | CE5766482D5F3D7798A11F4829267EF19DDFD1CDE5A0977D0653F4BB79B9E5FE21FED0237526DB4957C09AF8EE5949D793BE7D4DDE35B6F10D80E47F4B8585ED |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.772305763977881 |
Encrypted: | false |
SSDEEP: | 24:Yv6XTR3i3rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNw:YvSS3HgDv3W2aYQfgB5OUupHrQ9FJK |
MD5: | AD0B29668B1F1847EA4A46AFDEAF4BFC |
SHA1: | 22BE3FED05624E47CF2F3C1B07C53880694AFB53 |
SHA-256: | 781FC067AB3012F51B68A2BB0B17F149B3365A3B2252B3909027ECEC51641321 |
SHA-512: | 493D0516B7E1118BCDA7071AA010114A29685C9115D30633C9E1D8D31D89DA71B8D2C76B509874B91C83662D17C45E0657F4798F5212369A05CFE16F8BD932F7 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.2334612682979715 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHERNIiVuZLpR+FIbRI6XVW7+0Y0lxoAvJfbPtdPeUkwRe9:YvXKXYafZLSYpW7gGDV8Ukee9 |
MD5: | A233D2EDEFE8790C7903A44709DE36C3 |
SHA1: | E5465482D80C5354A46EFA97678878203540E38E |
SHA-256: | CD277228C18308CE5C52803F5A0949A901EB28D26E6E2B240E21F0DBF2989E2A |
SHA-512: | ED3BE27FA1269F3C163498E624FB5FA50D682F4AAC8C5398CD0C2846042A044F6C4EC54425158936620A5D56F4ED2C13DDD171D6B6A7F0004100AFEB0E40CDE8 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.234732292828529 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHERNIiVuZLpR+FIbRI6XVW7+0Y0lxoAvJf21rPeUkwRe9:YvXKXYafZLSYpW7gG+16Ukee9 |
MD5: | 62E9E602EC4436A6A209D73DED52FBEF |
SHA1: | 2AAE7CB47C863F77188F18ECB4CEB0B10D86F988 |
SHA-256: | 471157CB696DEAE5F96632D234BF9D68F397D221B20E671BBF2E4889FBC45092 |
SHA-512: | 00595E216EC6D868141B21F9A58B8F1C043DAE5006B870D81FEF734EEFF00AEC11EC5DCD73E1E48DC5AAE99DE729CACB57038D6E87E307866B32CB6A28F1B13A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.256943021731258 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHERNIiVuZLpR+FIbRI6XVW7+0Y0lxoAvJfbpatdPeUkwRe9:YvXKXYafZLSYpW7gGVat8Ukee9 |
MD5: | 4A37597717558CDBC83F020CEAEAD201 |
SHA1: | F4AD7619D3E7BF71458F51EC2450EA5E52E6AB8B |
SHA-256: | 1B351F1FEFD7FF221581E34AB705159CA41A58A6B46EF71AEBEFB6609AB4B7BC |
SHA-512: | AC765F7593813914EAE233E2448FE4E1CDB045A0ED3F211DE711F296685AC5FC301CF3E1F2A2C3EF11FAEF6C5853ED2197C12C440CEF89B66A6C90EF53A21566 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.209420085246915 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXHERNIiVuZLpR+FIbRI6XVW7+0Y0lxoAvJfshHHrPeUkwRe9:YvXKXYafZLSYpW7gGUUUkee9 |
MD5: | 0B0E0C048BE03C154D2C44B9EE43E87C |
SHA1: | F4DE4CB830C9376EA0A7699C274E3033B09507C0 |
SHA-256: | 2ABE33DF53640C34E2F8D229164DD27D4C7558A24967CA80B8264AE57C4BA868 |
SHA-512: | C5C62AEA72499750F2A5781A5A9EB3874EA452DC9C1FC5274FC797B40D50100EA39A9F525C23301FB8E1628F7752D886F14EB41E5607FEC1FFDF2B719EF33ACA |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.3557423520180105 |
Encrypted: | false |
SSDEEP: | 12:YvXKXYafZLSYpW7gGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWM:Yv6XTR3iW168CgEXX5kcIfANh9 |
MD5: | 717BD2D7FFE34882B3F74042940AB2ED |
SHA1: | 9FDF3C2CBF54189818C11DB012024B2B95EC1018 |
SHA-256: | 062265691236E1F918448596D2C950E499204C691100BD9D36E3309379EAADE6 |
SHA-512: | 2CC643CA3A9B32B3A3C581000342F842FC1BCC57E74FA01766B79DDB7B8753F1BE2CBAE87C659781ADF085195AB3EA998662FB8847CCBA899906571E91DD4E9F |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.139908245804581 |
Encrypted: | false |
SSDEEP: | 48:Yi5thcKa9jnkfBBV6fkI479lPP67mNX9E:/5Xna9DEQMI479FyyDE |
MD5: | 8F262C8878F53002F3C11A8878D889FF |
SHA1: | 4B580A1BEBBA82C1599D1F78003DED033C6A7E8E |
SHA-256: | D4D92E6A0F3F91C4708248027F1C7ACFE1D2767F9BA0C04D48B23F1059C41D04 |
SHA-512: | 46F0B358220D0452F9AE55BC5F47123A6A346D0F759AEF45A9F440D51EEB81822CE990E0797D7388BFF9647BA15AD6A92054385AABC52AC07A21D2CE6F0789E1 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9836365624140849 |
Encrypted: | false |
SSDEEP: | 24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SpU34zJwtNBwtNbRZ6bRZ4H3F:TVl2GL7ms6ggOVpJzutYtp6Po |
MD5: | 452E97349950E369D571F77314BC2DF6 |
SHA1: | 6E086B5EEEAA0BBC1CB80CE06082119F0DCDE248 |
SHA-256: | F3E442E49EF4E209CB5099464BEC155A3C08E8371025954A255BD6BB5BDEBE57 |
SHA-512: | 7623D39CBE3A22C0ABBB2671174A6B8AE93168EDC86406C20A052A1655BF04B0771B2AB9FEBEFDE0108755DA7E213387FFBF349CF0844E52046074779F336A73 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3379996702818238 |
Encrypted: | false |
SSDEEP: | 24:7+tMAD1RZKHs/Ds/SpU3PzJwtNBwtNbRZ6bRZWf1RZKAqLBx/XYKQvGJF7urss:7MMGgOVpSzutYtp6PM1qll2GL7mss |
MD5: | 33C33AD1B9EE6037A9F25E0D06FB7AB1 |
SHA1: | BEF20CE03EBE2852580D4A969FDD273ABB69F51A |
SHA-256: | FE55FE5BB30FB56CD195B4028B64B710F20F7FFF4AE35B1D4B595DFE85C32CE8 |
SHA-512: | 8A2404B1CAADDAB34C92CF82760172717E99FFA1BFB1E75B0DD1BF7908E4A90150230286DD10A0828E34EE75098CFE4379D9E9DF27E734A5A07E24F81C7C67C8 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5258803161342094 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8c6LNlH:Qw946cPbiOxDlbYnuRKH+N9 |
MD5: | 5A06C81676BD1FE1151F1ECED62B44AB |
SHA1: | F5C7ECDF1E1A0CE099158F1FB15795F976F6E7BD |
SHA-256: | 14984B1402FDBA7D2C8DF98B4FB5859435B3576B73C60CF8FED671A528AFDC59 |
SHA-512: | BD7FFDC365F2BE051ED719DBDE66B2EFBAF697C6D67609291966807B97AAD2B71599D8F4A4C1B5A8FBC9AD4F4C95951248F5E4F3AAA9D8A9E5C42AA52C418F2E |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-05-24 11-46-38-366.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.376360055978702 |
Encrypted: | false |
SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
MD5: | 1336667A75083BF81E2632FABAA88B67 |
SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.373620158314672 |
Encrypted: | false |
SSDEEP: | 384:NEANYk5OtteujV5Qrb7UuDiCRLmw+UlJXMWi0Q0BkTj1PK3Iw3dh696H+ZL6JI4H:qU3 |
MD5: | D23162D57ADB66F6BF811BA5291899EC |
SHA1: | 5F699057FFDC39FEF5F6C61B8D29A36A662324D6 |
SHA-256: | 895B59B1882F92A186A6F76005F81D638BC499D0F601C49516F120F431157369 |
SHA-512: | C7F8250034B77C271C34A1574BEFA60046153CB771DAF76820DDA4C9AE646267DF7994887052BF8186154D998C42151A740E9587263F357D6C3B7AB455508150 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.398812052077034 |
Encrypted: | false |
SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbp:N |
MD5: | 4C74B15B4B647EF188E3D625F2A4CD9D |
SHA1: | C3C135192013772CDC0E7E57D896C64F18A8758E |
SHA-256: | 60FF97DDC429D60F63CD2CFFA30A71FE39D2B726EEA53FB07974015ADFE90A7D |
SHA-512: | 0C48D961C5E52E02269285129D9ABA18CF19631FEEECCBFB145C9C4BAA5E4FB592CE60F93283C8FDFD92D2D1C90BFDA864302BEAB4E26C185B2CF13E2F31185D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/ewYIGNPgOWL07oYGZRydpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:WwZGDWLxYGZRy3mlind9i4ufFXpAXkru |
MD5: | E74D5582DDC404CA71E55438495CFFE8 |
SHA1: | 6B7EBA431D176AF86122744D4732EB79203C64D2 |
SHA-256: | 9543D2405322E147F939F7710F066FA8F83827EB5733CC627F409C6A5BBCA123 |
SHA-512: | A9231BCD1CDB077AC3B3249233276BEF7A34943D8BD81FD0E496453054E8B863FEA6775A7C62C8B4DE32F9B35B385AEE92E55441628EC7E83009DCA41380C2BB |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.986546679155999 |
Encrypted: | false |
SSDEEP: | 48:8aqdOPTuHgeH8idAKZdA19ehwiZUklqehgy+3:8OHF3y |
MD5: | C28568E7D965D2058530286794C9A30B |
SHA1: | 5C0C4DAD24B67CDD7CABF290523EFFCDE473E753 |
SHA-256: | B95DDB1641FB53B6B31D10E6E0A76DB47D0B7D6787EE5792A96D72CD20429363 |
SHA-512: | 508A4F2C7940FFB500DCDBB14D195C3E4EE4BD28CA008D52E63A3D66D00347DF99E212D77128E3FF0DE6FBFB4813C6D64105013A0A014E200189F80589936643 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.998232615594948 |
Encrypted: | false |
SSDEEP: | 48:8X5dOPTuHgeH8idAKZdA1weh/iZUkAQkqehny+2:8IHf9QKy |
MD5: | 9C05302B157713E3FC3970D2E2F99CA5 |
SHA1: | 1C31148C468B152F24610E8ADB0C7CB0137D4FDD |
SHA-256: | 9A6A51E024E84FACD56CFFF3E919C8B0C5DD576EB70C492B6EC98F9C5E68A8CD |
SHA-512: | EA98B99B29B8F7A6971FF53B30A03AF69EFAD37C3C1BA33CB1A106AD9CCDCE073F031DF2ADE1B8D79A5DD4F7CB054C7F9CA2E1B3BBB8F70A65B10861CA287A12 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 4.010494077190633 |
Encrypted: | false |
SSDEEP: | 48:8x5dOPTuHgsH8idAKZdA14tseh7sFiZUkmgqeh7sBy+BX:8x4Htnzy |
MD5: | 1782E480D75C365702BC5EAA9C70D556 |
SHA1: | 1B25DFF178EEAB5319E71CBABA56F8E8CCA8F244 |
SHA-256: | CE074EC23936D63714D5D3939EC6BBEBFC6BFBCF0FD0BDD760575BBA7C11C0D3 |
SHA-512: | 7EA3B1B82FBA0DB28FD53F338E288F63C9629F34927DCB3C5B1E6B76CFFD19E7F79A93FE4DFBAF40EBA68A60861AAD38B4E7F361B9E9F4275874EA079D97C407 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.999875977000559 |
Encrypted: | false |
SSDEEP: | 48:8QdOPTuHgeH8idAKZdA1vehDiZUkwqehby+R:8bHcpy |
MD5: | 09FC2F7BB0FE5A6F855E7735EC8DD074 |
SHA1: | 7232914F3B4045D1A1640A0AB68B9FDA81B0EE8B |
SHA-256: | 7E02F4078231DFE21F8488424902C04C04FA5C8D272802BB0858ABC1A9B8CC55 |
SHA-512: | 68682A302249B5614C4AA1457644133AFBC967526D3236ABD198F37CC4D21033E91C7DB4E402BD915BCF1C963468CBA6ED00B031F8ADF210EB5A9FE42F604BF3 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.98736762917202 |
Encrypted: | false |
SSDEEP: | 48:8HFdOPTuHgeH8idAKZdA1hehBiZUk1W1qehty+C:8HkHs9Ny |
MD5: | A911E7BB2EDA85A9E9BBF3DBB732761C |
SHA1: | 919F8A8EE6DB75AB1A0AC07CD52B90647DE6FE0C |
SHA-256: | B5FA00729AF268B5584838277F2A196596B8732EB7961A10ABF4DD12F0FD50D5 |
SHA-512: | EF180F1E1A7EB69BE698D3A3D3EB7FF24CC9BBA32E78ACE7A9A4B4CE158688CDC3F48D4D5765AE8E62321ED0424A6F0CCB59D4368513E366C11AFF1079BF50E6 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2683 |
Entropy (8bit): | 3.9971220984061584 |
Encrypted: | false |
SSDEEP: | 48:8/dOPTuHgeH8idAKZdA1duT+ehOuTbbiZUk5OjqehOuTbzy+yT+:8CHCT/TbxWOvTbzy7T |
MD5: | E96D08BF178448FB35B4D57B87473675 |
SHA1: | 3807628101953136924D9A524892609A730816F0 |
SHA-256: | 354C25294F371B531486C39AAB13934E851C4247A289758A28E913103A323F82 |
SHA-512: | 780416ADF4617430C14C2F1793A85A7E2606BC9CE4B608B6E9B56EE7734C64B00862E64A993EAAA844935048613F02E50D055807D429837F39B019590CCBBD8D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3607 |
Entropy (8bit): | 7.829792964526653 |
Encrypted: | false |
SSDEEP: | 96:eQM35472auw/ZRlzc0EZZGFJBGn20jp6bW63IKJNd:ej5G2EZ3dEh20ahNd |
MD5: | 1F1D0B19748084FCDC2349C9804BCD81 |
SHA1: | FA8F610688B28461CA9B833CFD1C17E0DEB60B41 |
SHA-256: | 33B0F2B5DC33C2FD154D68530C7A12A90ECD9EFE09010DBD72BC806C45A8E995 |
SHA-512: | 33F5BF396B72974775C74053518782725AE137B13E24FF4AF648DA26CFE09D3E52EC9386EF3DFF89DF06822D1AAEB83A6629E5BE959729EAD310C17A8985338E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8029386 |
Entropy (8bit): | 7.970778734534875 |
Encrypted: | false |
SSDEEP: | 196608:HTbo89XcUDaKCoK6QmWL6FCSe9V90n6CJ/hne:Q0BKI6PkxY |
MD5: | 10C3EB7EEFC4A14A34BC68C6BF855664 |
SHA1: | A3BD3AC0F7A40FE5168B099319593D035B35E684 |
SHA-256: | 6D9928651923A958645080930CCDAC93AA1F822CFE70AE69F57FCAF194D81995 |
SHA-512: | 9F1F59BB3F471F6A60A6587C9BF6FFD143588D87AA9F8506EFD14EDB2675FFAE2BF3292586A999184CAC9530D227D276D5921BCB9009EB364E4536BE5C96DE4A |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8029386 |
Entropy (8bit): | 7.970778734534875 |
Encrypted: | false |
SSDEEP: | 196608:HTbo89XcUDaKCoK6QmWL6FCSe9V90n6CJ/hne:Q0BKI6PkxY |
MD5: | 10C3EB7EEFC4A14A34BC68C6BF855664 |
SHA1: | A3BD3AC0F7A40FE5168B099319593D035B35E684 |
SHA-256: | 6D9928651923A958645080930CCDAC93AA1F822CFE70AE69F57FCAF194D81995 |
SHA-512: | 9F1F59BB3F471F6A60A6587C9BF6FFD143588D87AA9F8506EFD14EDB2675FFAE2BF3292586A999184CAC9530D227D276D5921BCB9009EB364E4536BE5C96DE4A |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 8029386 |
Entropy (8bit): | 7.970778734534875 |
Encrypted: | false |
SSDEEP: | 196608:HTbo89XcUDaKCoK6QmWL6FCSe9V90n6CJ/hne:Q0BKI6PkxY |
MD5: | 10C3EB7EEFC4A14A34BC68C6BF855664 |
SHA1: | A3BD3AC0F7A40FE5168B099319593D035B35E684 |
SHA-256: | 6D9928651923A958645080930CCDAC93AA1F822CFE70AE69F57FCAF194D81995 |
SHA-512: | 9F1F59BB3F471F6A60A6587C9BF6FFD143588D87AA9F8506EFD14EDB2675FFAE2BF3292586A999184CAC9530D227D276D5921BCB9009EB364E4536BE5C96DE4A |
Malicious: | false |
Reputation: | low |
URL: | https://www.asafm.army.mil/Portals/72/Documents/BudgetMaterial/2025/Base%20Budget/Procurement/Procurement-of-Ammunition-Army.pdf |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 198 |
Entropy (8bit): | 1.23143406345007 |
Encrypted: | false |
SSDEEP: | 3:2oXllvlNl/FXltlBe/h/555555555555555n:2Y1UJ555555555555555n |
MD5: | C6ACEDAFF906029FC5455D9EC52C7F42 |
SHA1: | 92CBD806CA421AA2C9FF5E1FF76BBC20913A2F81 |
SHA-256: | 9DEB629637088856FE61DC868BF40A7D21ED942E4117659F3D6C3408F59B906B |
SHA-512: | 7A8D002CA6B607E38860AD4485493E109CB7D3BEF241B0E5BF2A65C2E316E6185DED8EC74E3FCBD78745AB302C6D876657ABC178EE028D1B8B9A5572F429D972 |
Malicious: | false |
Reputation: | low |
URL: | https://www.asafm.army.mil/favicon.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 198 |
Entropy (8bit): | 1.23143406345007 |
Encrypted: | false |
SSDEEP: | 3:2oXllvlNl/FXltlBe/h/555555555555555n:2Y1UJ555555555555555n |
MD5: | C6ACEDAFF906029FC5455D9EC52C7F42 |
SHA1: | 92CBD806CA421AA2C9FF5E1FF76BBC20913A2F81 |
SHA-256: | 9DEB629637088856FE61DC868BF40A7D21ED942E4117659F3D6C3408F59B906B |
SHA-512: | 7A8D002CA6B607E38860AD4485493E109CB7D3BEF241B0E5BF2A65C2E316E6185DED8EC74E3FCBD78745AB302C6D876657ABC178EE028D1B8B9A5572F429D972 |
Malicious: | false |
Reputation: | low |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 24, 2024 17:45:05.411781073 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
May 24, 2024 17:45:05.411886930 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
May 24, 2024 17:45:05.521294117 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
May 24, 2024 17:45:10.224272013 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
May 24, 2024 17:45:10.224272013 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
May 24, 2024 17:45:10.333628893 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
May 24, 2024 17:45:18.320703983 CEST | 49709 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:18.325862885 CEST | 49710 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:18.335393906 CEST | 53 | 49709 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:18.335481882 CEST | 49709 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:18.335570097 CEST | 49709 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:18.335580111 CEST | 49709 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:18.340485096 CEST | 53 | 49710 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:18.340573072 CEST | 49710 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:18.340643883 CEST | 49710 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:18.340643883 CEST | 49710 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:18.345364094 CEST | 53 | 49709 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:18.350224018 CEST | 53 | 49709 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:18.399419069 CEST | 53 | 49710 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:18.399440050 CEST | 53 | 49710 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:18.890326023 CEST | 53 | 49710 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:18.891550064 CEST | 49710 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:18.895580053 CEST | 53 | 49709 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:18.896521091 CEST | 49709 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:18.902523994 CEST | 53 | 49710 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:18.902595043 CEST | 49710 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:18.907674074 CEST | 53 | 49709 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:18.907751083 CEST | 49709 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:19.376651049 CEST | 49713 | 443 | 192.168.2.5 | 172.217.18.4 |
May 24, 2024 17:45:19.376710892 CEST | 443 | 49713 | 172.217.18.4 | 192.168.2.5 |
May 24, 2024 17:45:19.377578020 CEST | 49713 | 443 | 192.168.2.5 | 172.217.18.4 |
May 24, 2024 17:45:19.377788067 CEST | 49713 | 443 | 192.168.2.5 | 172.217.18.4 |
May 24, 2024 17:45:19.377809048 CEST | 443 | 49713 | 172.217.18.4 | 192.168.2.5 |
May 24, 2024 17:45:19.832912922 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
May 24, 2024 17:45:19.832912922 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
May 24, 2024 17:45:19.938350916 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
May 24, 2024 17:45:20.156004906 CEST | 443 | 49713 | 172.217.18.4 | 192.168.2.5 |
May 24, 2024 17:45:20.162244081 CEST | 49713 | 443 | 192.168.2.5 | 172.217.18.4 |
May 24, 2024 17:45:20.162309885 CEST | 443 | 49713 | 172.217.18.4 | 192.168.2.5 |
May 24, 2024 17:45:20.164221048 CEST | 443 | 49713 | 172.217.18.4 | 192.168.2.5 |
May 24, 2024 17:45:20.164331913 CEST | 49713 | 443 | 192.168.2.5 | 172.217.18.4 |
May 24, 2024 17:45:20.175177097 CEST | 49713 | 443 | 192.168.2.5 | 172.217.18.4 |
May 24, 2024 17:45:20.175357103 CEST | 443 | 49713 | 172.217.18.4 | 192.168.2.5 |
May 24, 2024 17:45:20.211282969 CEST | 49717 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:20.211435080 CEST | 49718 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:20.222383022 CEST | 53 | 49717 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:20.222474098 CEST | 49717 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:20.222604036 CEST | 49717 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:20.222625971 CEST | 49717 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:20.223119974 CEST | 49713 | 443 | 192.168.2.5 | 172.217.18.4 |
May 24, 2024 17:45:20.223150015 CEST | 443 | 49713 | 172.217.18.4 | 192.168.2.5 |
May 24, 2024 17:45:20.232435942 CEST | 53 | 49718 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:20.232525110 CEST | 49718 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:20.232592106 CEST | 49718 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:20.232642889 CEST | 49718 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:20.242077112 CEST | 53 | 49717 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:20.242098093 CEST | 53 | 49717 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:20.246896982 CEST | 53 | 49718 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:20.246928930 CEST | 53 | 49718 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:20.266809940 CEST | 49713 | 443 | 192.168.2.5 | 172.217.18.4 |
May 24, 2024 17:45:20.777698040 CEST | 53 | 49718 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:20.788080931 CEST | 53 | 49717 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:20.820674896 CEST | 49718 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:20.832406044 CEST | 49717 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:20.878982067 CEST | 49717 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:20.883647919 CEST | 49718 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:20.886655092 CEST | 53 | 49717 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:20.886704922 CEST | 49717 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:20.895235062 CEST | 53 | 49718 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:20.895286083 CEST | 49718 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:21.661159992 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
May 24, 2024 17:45:21.661319971 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
May 24, 2024 17:45:22.587671041 CEST | 49721 | 443 | 192.168.2.5 | 184.28.90.27 |
May 24, 2024 17:45:22.587716103 CEST | 443 | 49721 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 17:45:22.587836027 CEST | 49721 | 443 | 192.168.2.5 | 184.28.90.27 |
May 24, 2024 17:45:22.591487885 CEST | 49721 | 443 | 192.168.2.5 | 184.28.90.27 |
May 24, 2024 17:45:22.591506004 CEST | 443 | 49721 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 17:45:23.264964104 CEST | 443 | 49721 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 17:45:23.265044928 CEST | 49721 | 443 | 192.168.2.5 | 184.28.90.27 |
May 24, 2024 17:45:23.298345089 CEST | 49721 | 443 | 192.168.2.5 | 184.28.90.27 |
May 24, 2024 17:45:23.298363924 CEST | 443 | 49721 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 17:45:23.298708916 CEST | 443 | 49721 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 17:45:23.351567984 CEST | 49721 | 443 | 192.168.2.5 | 184.28.90.27 |
May 24, 2024 17:45:23.353962898 CEST | 49721 | 443 | 192.168.2.5 | 184.28.90.27 |
May 24, 2024 17:45:23.394498110 CEST | 443 | 49721 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 17:45:23.544835091 CEST | 443 | 49721 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 17:45:23.545025110 CEST | 443 | 49721 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 17:45:23.545110941 CEST | 49721 | 443 | 192.168.2.5 | 184.28.90.27 |
May 24, 2024 17:45:23.545353889 CEST | 49721 | 443 | 192.168.2.5 | 184.28.90.27 |
May 24, 2024 17:45:23.545399904 CEST | 443 | 49721 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 17:45:23.545429945 CEST | 49721 | 443 | 192.168.2.5 | 184.28.90.27 |
May 24, 2024 17:45:23.545445919 CEST | 443 | 49721 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 17:45:23.870925903 CEST | 49722 | 443 | 192.168.2.5 | 184.28.90.27 |
May 24, 2024 17:45:23.871011019 CEST | 443 | 49722 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 17:45:23.871098995 CEST | 49722 | 443 | 192.168.2.5 | 184.28.90.27 |
May 24, 2024 17:45:23.871474028 CEST | 49722 | 443 | 192.168.2.5 | 184.28.90.27 |
May 24, 2024 17:45:23.871515036 CEST | 443 | 49722 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 17:45:24.553548098 CEST | 443 | 49722 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 17:45:24.553653002 CEST | 49722 | 443 | 192.168.2.5 | 184.28.90.27 |
May 24, 2024 17:45:25.988409042 CEST | 49722 | 443 | 192.168.2.5 | 184.28.90.27 |
May 24, 2024 17:45:25.988483906 CEST | 443 | 49722 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 17:45:25.988807917 CEST | 443 | 49722 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 17:45:25.991616964 CEST | 49722 | 443 | 192.168.2.5 | 184.28.90.27 |
May 24, 2024 17:45:26.034504890 CEST | 443 | 49722 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 17:45:26.324449062 CEST | 443 | 49722 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 17:45:26.324526072 CEST | 443 | 49722 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 17:45:26.324573994 CEST | 49722 | 443 | 192.168.2.5 | 184.28.90.27 |
May 24, 2024 17:45:27.184762001 CEST | 49722 | 443 | 192.168.2.5 | 184.28.90.27 |
May 24, 2024 17:45:27.184808969 CEST | 443 | 49722 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 17:45:27.184830904 CEST | 49722 | 443 | 192.168.2.5 | 184.28.90.27 |
May 24, 2024 17:45:27.184839964 CEST | 443 | 49722 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 17:45:30.023935080 CEST | 443 | 49713 | 172.217.18.4 | 192.168.2.5 |
May 24, 2024 17:45:30.024085999 CEST | 443 | 49713 | 172.217.18.4 | 192.168.2.5 |
May 24, 2024 17:45:30.024144888 CEST | 49713 | 443 | 192.168.2.5 | 172.217.18.4 |
May 24, 2024 17:45:31.477358103 CEST | 49713 | 443 | 192.168.2.5 | 172.217.18.4 |
May 24, 2024 17:45:31.477399111 CEST | 443 | 49713 | 172.217.18.4 | 192.168.2.5 |
May 24, 2024 17:45:34.173500061 CEST | 53324 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:34.226406097 CEST | 53 | 53324 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:34.226587057 CEST | 53324 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:34.226632118 CEST | 53324 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:34.288501978 CEST | 53 | 53324 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:34.699907064 CEST | 53 | 53324 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:34.700814962 CEST | 53324 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:34.716300964 CEST | 53 | 53324 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:34.716424942 CEST | 53324 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:41.253627062 CEST | 58578 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:41.258615971 CEST | 53 | 58578 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:41.258693933 CEST | 58578 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:41.258754969 CEST | 58578 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:41.312850952 CEST | 53 | 58578 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:41.741036892 CEST | 53 | 58578 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:41.744483948 CEST | 58578 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:41.749787092 CEST | 53 | 58578 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:41.749845028 CEST | 58578 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:46:19.465348005 CEST | 58583 | 443 | 192.168.2.5 | 172.217.18.4 |
May 24, 2024 17:46:19.465404987 CEST | 443 | 58583 | 172.217.18.4 | 192.168.2.5 |
May 24, 2024 17:46:19.465526104 CEST | 58583 | 443 | 192.168.2.5 | 172.217.18.4 |
May 24, 2024 17:46:19.466222048 CEST | 58583 | 443 | 192.168.2.5 | 172.217.18.4 |
May 24, 2024 17:46:19.466243982 CEST | 443 | 58583 | 172.217.18.4 | 192.168.2.5 |
May 24, 2024 17:46:20.127046108 CEST | 443 | 58583 | 172.217.18.4 | 192.168.2.5 |
May 24, 2024 17:46:20.127445936 CEST | 58583 | 443 | 192.168.2.5 | 172.217.18.4 |
May 24, 2024 17:46:20.127463102 CEST | 443 | 58583 | 172.217.18.4 | 192.168.2.5 |
May 24, 2024 17:46:20.128627062 CEST | 443 | 58583 | 172.217.18.4 | 192.168.2.5 |
May 24, 2024 17:46:20.129096031 CEST | 58583 | 443 | 192.168.2.5 | 172.217.18.4 |
May 24, 2024 17:46:20.129277945 CEST | 443 | 58583 | 172.217.18.4 | 192.168.2.5 |
May 24, 2024 17:46:20.181653976 CEST | 58583 | 443 | 192.168.2.5 | 172.217.18.4 |
May 24, 2024 17:46:30.047674894 CEST | 443 | 58583 | 172.217.18.4 | 192.168.2.5 |
May 24, 2024 17:46:30.047775984 CEST | 443 | 58583 | 172.217.18.4 | 192.168.2.5 |
May 24, 2024 17:46:30.047841072 CEST | 58583 | 443 | 192.168.2.5 | 172.217.18.4 |
May 24, 2024 17:46:31.484759092 CEST | 58583 | 443 | 192.168.2.5 | 172.217.18.4 |
May 24, 2024 17:46:31.484793901 CEST | 443 | 58583 | 172.217.18.4 | 192.168.2.5 |
May 24, 2024 17:46:42.598381042 CEST | 58587 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:42.598419905 CEST | 443 | 58587 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:42.598484039 CEST | 58587 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:42.598985910 CEST | 58587 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:42.599000931 CEST | 443 | 58587 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:42.602345943 CEST | 58588 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:42.602380037 CEST | 443 | 58588 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:42.602437973 CEST | 58588 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:42.602628946 CEST | 58588 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:42.602641106 CEST | 443 | 58588 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:43.146656990 CEST | 443 | 58587 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:43.147005081 CEST | 58587 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:43.147013903 CEST | 443 | 58587 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:43.148230076 CEST | 443 | 58587 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:43.148317099 CEST | 58587 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:43.151283979 CEST | 58587 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:43.151350021 CEST | 443 | 58587 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:43.151799917 CEST | 58587 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:43.151804924 CEST | 443 | 58587 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:43.172549963 CEST | 443 | 58588 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:43.172998905 CEST | 58588 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:43.173022032 CEST | 443 | 58588 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:43.174045086 CEST | 443 | 58588 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:43.174124956 CEST | 58588 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:43.176959991 CEST | 58588 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:43.177026033 CEST | 443 | 58588 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:43.177140951 CEST | 58588 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:43.218509912 CEST | 443 | 58588 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:43.282083988 CEST | 58588 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:43.282108068 CEST | 443 | 58588 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:43.282113075 CEST | 58587 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:43.292413950 CEST | 443 | 58587 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:43.292603970 CEST | 443 | 58587 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:43.292735100 CEST | 58587 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:43.293145895 CEST | 58587 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:43.293159962 CEST | 443 | 58587 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:43.312083006 CEST | 443 | 58588 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:43.312215090 CEST | 58588 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:43.314759016 CEST | 58588 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:43.314771891 CEST | 443 | 58588 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:48.953934908 CEST | 58590 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:48.953980923 CEST | 443 | 58590 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:48.954050064 CEST | 58590 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:48.954273939 CEST | 58590 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:48.954288006 CEST | 443 | 58590 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:49.467634916 CEST | 443 | 58590 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:49.467986107 CEST | 58590 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:49.468055010 CEST | 443 | 58590 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:49.469189882 CEST | 443 | 58590 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:49.469269037 CEST | 58590 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:49.469626904 CEST | 58590 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:49.469702005 CEST | 443 | 58590 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:49.469979048 CEST | 58590 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:49.469995975 CEST | 443 | 58590 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:49.516030073 CEST | 58590 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:49.644869089 CEST | 443 | 58590 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:49.644963980 CEST | 443 | 58590 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:49.645051956 CEST | 58590 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:49.645493031 CEST | 58590 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:49.645535946 CEST | 443 | 58590 | 172.64.41.3 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 24, 2024 17:45:17.224075079 CEST | 53 | 60719 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:17.499841928 CEST | 53 | 65122 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:18.311315060 CEST | 57357 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:18.311470985 CEST | 58647 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:18.318711996 CEST | 53 | 57357 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:18.325567961 CEST | 53 | 58647 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:18.576682091 CEST | 53 | 54738 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:19.359498024 CEST | 55311 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:19.359697104 CEST | 61011 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:19.367005110 CEST | 53 | 55311 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:19.374217033 CEST | 53 | 61011 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:20.145697117 CEST | 55982 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:20.145873070 CEST | 56928 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:45:20.196619034 CEST | 53 | 55982 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:20.196641922 CEST | 53 | 56928 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:34.173002958 CEST | 53 | 61525 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:35.939539909 CEST | 53 | 62775 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:45:41.247719049 CEST | 53 | 59634 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:46:17.004010916 CEST | 53 | 59072 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:46:42.542412996 CEST | 51761 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 17:46:42.596998930 CEST | 53 | 51761 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 17:46:48.646677971 CEST | 51307 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:48.953479052 CEST | 51307 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:49.107173920 CEST | 443 | 51307 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:49.108819008 CEST | 443 | 51307 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:49.109049082 CEST | 51307 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:49.112833023 CEST | 443 | 51307 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:49.116117954 CEST | 51307 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:49.116871119 CEST | 443 | 51307 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:49.118267059 CEST | 51307 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:49.123718023 CEST | 443 | 51307 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:49.125272036 CEST | 51307 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:49.423455000 CEST | 51307 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:49.567414045 CEST | 443 | 51307 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:49.909593105 CEST | 51307 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:49.909893990 CEST | 51307 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:50.003572941 CEST | 443 | 51307 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:50.019125938 CEST | 443 | 51307 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:50.019136906 CEST | 443 | 51307 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:50.019145012 CEST | 443 | 51307 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:50.019153118 CEST | 443 | 51307 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:50.019480944 CEST | 51307 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:50.019665003 CEST | 51307 | 443 | 192.168.2.5 | 172.64.41.3 |
May 24, 2024 17:46:50.123516083 CEST | 443 | 51307 | 172.64.41.3 | 192.168.2.5 |
May 24, 2024 17:46:50.150038004 CEST | 51307 | 443 | 192.168.2.5 | 172.64.41.3 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
May 24, 2024 17:45:19.376689911 CEST | 192.168.2.5 | 1.1.1.1 | c1fe | (Port unreachable) | Destination Unreachable |
May 24, 2024 17:46:17.004111052 CEST | 192.168.2.5 | 1.1.1.1 | c225 | (Port unreachable) | Destination Unreachable |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
May 24, 2024 17:45:18.311315060 CEST | 192.168.2.5 | 1.1.1.1 | 0xf1ae | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 24, 2024 17:45:18.311470985 CEST | 192.168.2.5 | 1.1.1.1 | 0x5ee5 | Standard query (0) | 65 | IN (0x0001) | false | |
May 24, 2024 17:45:19.359498024 CEST | 192.168.2.5 | 1.1.1.1 | 0x3386 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 24, 2024 17:45:19.359697104 CEST | 192.168.2.5 | 1.1.1.1 | 0x40d6 | Standard query (0) | 65 | IN (0x0001) | false | |
May 24, 2024 17:45:20.145697117 CEST | 192.168.2.5 | 1.1.1.1 | 0x3462 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 24, 2024 17:45:20.145873070 CEST | 192.168.2.5 | 1.1.1.1 | 0x574e | Standard query (0) | 65 | IN (0x0001) | false | |
May 24, 2024 17:46:42.542412996 CEST | 192.168.2.5 | 1.1.1.1 | 0x59b7 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
May 24, 2024 17:45:18.890326023 CEST | 1.1.1.1 | 192.168.2.5 | 0xfe17 | No error (0) | www.asafm.army.mil.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
May 24, 2024 17:45:18.895580053 CEST | 1.1.1.1 | 192.168.2.5 | 0x3160 | No error (0) | www.asafm.army.mil.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
May 24, 2024 17:45:19.367005110 CEST | 1.1.1.1 | 192.168.2.5 | 0x3386 | No error (0) | 172.217.18.4 | A (IP address) | IN (0x0001) | false | ||
May 24, 2024 17:45:19.374217033 CEST | 1.1.1.1 | 192.168.2.5 | 0x40d6 | No error (0) | 65 | IN (0x0001) | false | |||
May 24, 2024 17:45:20.777698040 CEST | 1.1.1.1 | 192.168.2.5 | 0xec67 | No error (0) | www.asafm.army.mil.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
May 24, 2024 17:45:20.788080931 CEST | 1.1.1.1 | 192.168.2.5 | 0xc577 | No error (0) | www.asafm.army.mil.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
May 24, 2024 17:45:31.744343042 CEST | 1.1.1.1 | 192.168.2.5 | 0xdf26 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
May 24, 2024 17:45:31.744343042 CEST | 1.1.1.1 | 192.168.2.5 | 0xdf26 | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false | ||
May 24, 2024 17:46:42.596998930 CEST | 1.1.1.1 | 192.168.2.5 | 0x59b7 | No error (0) | 172.64.41.3 | A (IP address) | IN (0x0001) | false | ||
May 24, 2024 17:46:42.596998930 CEST | 1.1.1.1 | 192.168.2.5 | 0x59b7 | No error (0) | 162.159.61.3 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49721 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 15:45:23 UTC | 161 | OUT | |
2024-05-24 15:45:23 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49722 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 15:45:25 UTC | 239 | OUT | |
2024-05-24 15:45:26 UTC | 515 | IN | |
2024-05-24 15:45:26 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 58587 | 172.64.41.3 | 443 | 5804 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 15:46:43 UTC | 245 | OUT | |
2024-05-24 15:46:43 UTC | 128 | OUT | |
2024-05-24 15:46:43 UTC | 247 | IN | |
2024-05-24 15:46:43 UTC | 468 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 58588 | 172.64.41.3 | 443 | 5804 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 15:46:43 UTC | 245 | OUT | |
2024-05-24 15:46:43 UTC | 128 | OUT | |
2024-05-24 15:46:43 UTC | 247 | IN | |
2024-05-24 15:46:43 UTC | 468 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.5 | 58590 | 172.64.41.3 | 443 | 5804 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 15:46:49 UTC | 245 | OUT | |
2024-05-24 15:46:49 UTC | 128 | OUT | |
2024-05-24 15:46:49 UTC | 247 | IN | |
2024-05-24 15:46:49 UTC | 468 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 11:45:08 |
Start date: | 24/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 11:45:15 |
Start date: | 24/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 11:45:17 |
Start date: | 24/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 8 |
Start time: | 11:46:34 |
Start date: | 24/05/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff686a00000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 9 |
Start time: | 11:46:35 |
Start date: | 24/05/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 10 |
Start time: | 11:46:36 |
Start date: | 24/05/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6068e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |