Windows
Analysis Report
Law Clerk to Michael Nanne and Brian DeLorenzi.pdf
Overview
General Information
Detection
Score: | 21 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 6860 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\L aw Clerk t o Michael Nanne and Brian DeLo renzi.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 7176 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7364 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 92 --field -trial-han dle=1652,i ,100754699 6047266290 5,25577081 5710948484 3,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- chrome.exe (PID: 2104 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "https ://saepe.c fd/m/?c3Y9 bzM2NV8xX2 5vbSZyYW5k PVJXRjVkWH A0YmtkM1pX eGpWRU01U2 1WalFqYz0m dWlkPVVTRV IwMTA3MjAy NFVOSVFVRT AyMzIwNzAx NTYyMDI0Mj AyNDA3MDEz MjAyNTY=N0 123N%5bEMa il%5d" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 7872 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2128 --fi eld-trial- handle=208 0,i,578167 9661677650 540,112465 6444966446 8304,26214 4 /prefetc h:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Persistence and Installation Behavior |
---|
Source: | LLM: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 1 Spearphishing Link | Windows Management Instrumentation | 1 Browser Extensions | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 4 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 5 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 3 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | unknown | |
a.nel.cloudflare.com | 35.190.80.1 | true | false | unknown | |
saepe.cfd | 172.67.221.31 | true | false | unknown | |
www.google.com | 142.250.185.196 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown | ||
false |
| unknown | |
false |
| unknown | |
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.67.221.31 | saepe.cfd | United States | 13335 | CLOUDFLARENETUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.250.185.196 | www.google.com | United States | 15169 | GOOGLEUS | false | |
35.190.80.1 | a.nel.cloudflare.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.4 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1467858 |
Start date and time: | 2024-07-04 23:12:31 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 19s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 13 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Law Clerk to Michael Nanne and Brian DeLorenzi.pdf |
Detection: | SUS |
Classification: | sus21.winPDF@40/50@6/5 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 52.22.41.97, 3.219.243.226, 52.6.155.20, 3.233.129.217, 2.19.126.149, 2.19.126.143, 162.159.61.3, 172.64.41.3, 2.16.241.15, 2.16.241.13, 2.18.96.131, 199.232.210.172, 192.229.221.95, 142.250.186.131, 172.217.18.14, 142.250.110.84, 34.104.35.123, 142.250.185.74, 216.58.212.170, 142.250.185.202, 216.58.212.138, 216.58.206.42, 142.250.186.170, 142.250.185.106, 142.250.181.234, 142.250.185.234, 142.250.184.234, 172.217.23.106, 142.250.186.42, 142.250.185.138, 142.250.185.170, 216.58.206.74, 142.250.186.74, 172.217.18.3, 142.250.186.35, 142.250.185.238
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, slscr.update.microsoft.com, e4578.dscb.akamaiedge.net, clientservices.googleapis.com, acroipm2.adobe.com, a1952.dscq.akamai.net, clients2.google.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, www.gstatic.com, apps.identrust.com, wu-b-net.trafficmanager.net, optimizationguide-pa.googleapis.com, clients1.google.com, fs.microsoft.com, identrust.edgesuite.net, accounts.google.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, armmf.adobe.com, edgedl.me.gvt1.com, clients.l.google.com, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: Law Clerk to Michael Nanne and Brian DeLorenzi.pdf
Time | Type | Description |
---|---|---|
17:13:32 | API Interceptor |
Input | Output |
---|---|
URL: PDF Model: gpt-4o | ```json{ "riskscore": 8, "reasons": "The PDF document contains a visually prominent 'Open' button which could mislead the user into clicking on a potentially harmful link. The text 'This link is protected for your view only. Download to open the file' creates a sense of urgency and interest, encouraging the user to click the button. The document impersonates a well-known brand, Microsoft OneDrive, which adds to its credibility and potential to deceive. The sense of urgency in the text is directly connected to the prominent 'Open' button, increasing the risk of phishing or malware download."} |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
172.67.221.31 | Get hash | malicious | HTMLPhisher | Browse | ||
Get hash | malicious | HTMLPhisher | Browse | |||
239.255.255.250 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Amadey, Mars Stealer, Stealc, Vidar | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Amadey, Mars Stealer, Stealc, Vidar | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
bg.microsoft.map.fastly.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, PureLog Stealer, RisePro Stealer, zgRAT | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | Amadey | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | LummaC, SmokeLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
28a2c9bd18a11de089ef85a160da29e4 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Amadey, Mars Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Amadey, Mars Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.212788404363134 |
Encrypted: | false |
SSDEEP: | 6:BOX/cq2Pwkn2nKuAl9OmbnIFUt84OXQ8ZZmw+4OXQ8zkwOwkn2nKuAl9OmbjLJ:EPcvYfHAahFUt81x/+1r5JfHAaSJ |
MD5: | A05F06575E30782E097D7970999A545E |
SHA1: | 49E72ED9824596F467E6528BE6312DF68A4BC798 |
SHA-256: | 8D3B39B082EF99FB4969567B8D694A61968DE43990108B98A7EA84C37C9DD0D3 |
SHA-512: | 70018A911DCE8E13EA23F71B338675E6F9E6F4189FC9E58B10ACFFE80603603D189F6AE3457744157FB640CCFEE609A8411107118C92F16E9DD795A2F1EF86CD |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.212788404363134 |
Encrypted: | false |
SSDEEP: | 6:BOX/cq2Pwkn2nKuAl9OmbnIFUt84OXQ8ZZmw+4OXQ8zkwOwkn2nKuAl9OmbjLJ:EPcvYfHAahFUt81x/+1r5JfHAaSJ |
MD5: | A05F06575E30782E097D7970999A545E |
SHA1: | 49E72ED9824596F467E6528BE6312DF68A4BC798 |
SHA-256: | 8D3B39B082EF99FB4969567B8D694A61968DE43990108B98A7EA84C37C9DD0D3 |
SHA-512: | 70018A911DCE8E13EA23F71B338675E6F9E6F4189FC9E58B10ACFFE80603603D189F6AE3457744157FB640CCFEE609A8411107118C92F16E9DD795A2F1EF86CD |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.174455503059571 |
Encrypted: | false |
SSDEEP: | 6:BOXfDM+q2Pwkn2nKuAl9Ombzo2jMGIFUt84OXKVgZmw+4OX/pDMVkwOwkn2nKuAv:ErM+vYfHAa8uFUt81X/+1vpMV5JfHAaU |
MD5: | 92C203D49206C8CD28C2E90370F2D1F5 |
SHA1: | 40A104FF4BCAAABA7F51F791A61DE8A8F0606FFD |
SHA-256: | FA85B87B5DB1989CEE5FE21CDD1827958F9F3165388ACDF385AC9FB74872DD94 |
SHA-512: | 9807ECD3B25F5C1AEF80BFBF538F781A57F5441BF38D7EFFA59845F88DD6D4AD0567250957458B8B2CE4677B5F41E7B2E13D13DC22CA87A86AAC469538EE643C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.174455503059571 |
Encrypted: | false |
SSDEEP: | 6:BOXfDM+q2Pwkn2nKuAl9Ombzo2jMGIFUt84OXKVgZmw+4OX/pDMVkwOwkn2nKuAv:ErM+vYfHAa8uFUt81X/+1vpMV5JfHAaU |
MD5: | 92C203D49206C8CD28C2E90370F2D1F5 |
SHA1: | 40A104FF4BCAAABA7F51F791A61DE8A8F0606FFD |
SHA-256: | FA85B87B5DB1989CEE5FE21CDD1827958F9F3165388ACDF385AC9FB74872DD94 |
SHA-512: | 9807ECD3B25F5C1AEF80BFBF538F781A57F5441BF38D7EFFA59845F88DD6D4AD0567250957458B8B2CE4677B5F41E7B2E13D13DC22CA87A86AAC469538EE643C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\78f6864a-9214-470d-9b3d-dd0c9e773f60.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.972695042269216 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqwVShsBdOg2HZOWZcaq3QYiubInP7E4T3y:Y2sRds3UydMHZ5g3QYhbG7nby |
MD5: | C53F302898238806C322104AB2AFE651 |
SHA1: | 7BA6543520696E6D649936FDEC708229A65CCB71 |
SHA-256: | 5B8C0E1965DBE64422F2EF279867D5EC7C19AE838DD8BB38080F5C8460AFABA6 |
SHA-512: | F3334B5AB0B689294188FA36C1DC0C2237EC6622ACCE578F30ABAEFBD956AC362D3867AC9D8C1D2FE8237092176094281510853E85C9EF1BB572C3789428D22A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.972695042269216 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqwVShsBdOg2HZOWZcaq3QYiubInP7E4T3y:Y2sRds3UydMHZ5g3QYhbG7nby |
MD5: | C53F302898238806C322104AB2AFE651 |
SHA1: | 7BA6543520696E6D649936FDEC708229A65CCB71 |
SHA-256: | 5B8C0E1965DBE64422F2EF279867D5EC7C19AE838DD8BB38080F5C8460AFABA6 |
SHA-512: | F3334B5AB0B689294188FA36C1DC0C2237EC6622ACCE578F30ABAEFBD956AC362D3867AC9D8C1D2FE8237092176094281510853E85C9EF1BB572C3789428D22A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.256492612553144 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7LSvzuQlEplcz/Z:etJCV4FiN/jTN/2r8Mta02fEhgO73go+ |
MD5: | D70794712D5EB0EA46E85EB74DDD0260 |
SHA1: | 513E47F7D8F0C9EBFAE1F5E398C0409524058D9A |
SHA-256: | 0050355B49CC4B8645935E052E9F36973279BA0A2E056B9448602D96942E4DA2 |
SHA-512: | 35A39C4B96CDB777BD46AAB14A6B43C61A88738BCFB0429DE8BC2B7C44A919D38F3B64A5B2E0240934D7CB8F3E8394E8B13007C7218126B3523FF657CDE750AF |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.231351940621203 |
Encrypted: | false |
SSDEEP: | 6:BOXvVDM+q2Pwkn2nKuAl9OmbzNMxIFUt84OXUJtgZmw+4OXUJtDMVkwOwkn2nKuP:Ef9M+vYfHAa8jFUt81sq/+1s1MV5JfHP |
MD5: | F9567C7279009774E6AA957662F5EF2A |
SHA1: | 44C686CF7C46C5E6BDB2E19DB3695CA0457CC4A7 |
SHA-256: | 74C4211612038DD7ABF0A7BD5A142A5EC4AD753C59BFEB4C7C78C52B74CA71ED |
SHA-512: | 03F79B31357A9AA6CB32D2FCBA994A8443E2226855A06F7FD8E02561782EA56361F7C7A96C2C4D53F03D0C93A52E1D2D70A4CBD2649B9427B9684AFDFE7FDD79 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.231351940621203 |
Encrypted: | false |
SSDEEP: | 6:BOXvVDM+q2Pwkn2nKuAl9OmbzNMxIFUt84OXUJtgZmw+4OXUJtDMVkwOwkn2nKuP:Ef9M+vYfHAa8jFUt81sq/+1s1MV5JfHP |
MD5: | F9567C7279009774E6AA957662F5EF2A |
SHA1: | 44C686CF7C46C5E6BDB2E19DB3695CA0457CC4A7 |
SHA-256: | 74C4211612038DD7ABF0A7BD5A142A5EC4AD753C59BFEB4C7C78C52B74CA71ED |
SHA-512: | 03F79B31357A9AA6CB32D2FCBA994A8443E2226855A06F7FD8E02561782EA56361F7C7A96C2C4D53F03D0C93A52E1D2D70A4CBD2649B9427B9684AFDFE7FDD79 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240704211323Z-153.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 1.4723945346608638 |
Encrypted: | false |
SSDEEP: | 96:e2rzhRRRtRt2bXqg+On0LfLoLYL9P7N4iU0GVEwkXZcCpbT2QbXZMjsfVzB7/8DQ:e2rdRRRtRt2bXq7DcM9PeiUhKBXtGvyV |
MD5: | 727861E3077CBB9985A236B121AEA9ED |
SHA1: | D6B3A2EF6EB06B17DD6A78D032F327926A9DAAA9 |
SHA-256: | 5E38F028504811A6130965136FA5E0610B0B6B37F7139ABDD0D2976B5C86F2D5 |
SHA-512: | 6F612ABBBB8C2569265A5475EC39AE81DD1ADA22613ACB9D090519EF9FEF9C74F1458F13947C422A05074F452A63F694F995A6C2A404E2FDF275E882301EF6F6 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.444964264481681 |
Encrypted: | false |
SSDEEP: | 384:yezci5t+iBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rRs3OazzU89UTTgUL |
MD5: | 994164FAC225E38E4E269FE1715F9FB0 |
SHA1: | C7A5659A2BD1DB07B8AF391C7F078F3EFDC1C87E |
SHA-256: | 4A167A25FECD041A0E739C0A73EE384C0AB25D191A137A61C4D2ADD6EFB6B121 |
SHA-512: | F06D48BAE7F386237E05070D647AC40BDDC852B28CC9E6D643B85FF7B5E5F8D82551EC5A3A8CFE1507FF77B10206E0B8EA5861BDA5B14456778129DE2425D244 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.7730417174245665 |
Encrypted: | false |
SSDEEP: | 48:7MIp/E2ioyVrioy9oWoy1Cwoy1nKOioy1noy1AYoy1Wioy1hioybioyLoy1noy1K:7npjurF6XKQCyb9IVXEBodRBkh |
MD5: | EA810FDACA87C13BD0766C26C5D11CF1 |
SHA1: | 237C9953B5E6C31403BA92758F6ADF45E9758CD1 |
SHA-256: | 592C01946A639D0A42380EFDCE2EBD529506538EC1D0ABADA9619944A81C06D9 |
SHA-512: | 51A03AD393EF63CC148DAEE2E0E0DC98567E99C3F6025DFD8CDFD854AD59B8507C8939B5CB6EA7E888677D7D7CE8F1A8279668D03D283E51AFC3E26BC9BABFD3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 893 |
Entropy (8bit): | 7.366016576663508 |
Encrypted: | false |
SSDEEP: | 24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x |
MD5: | D4AE187B4574036C2D76B6DF8A8C1A30 |
SHA1: | B06F409FA14BAB33CBAF4A37811B8740B624D9E5 |
SHA-256: | A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7 |
SHA-512: | 1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.2478978672539016 |
Encrypted: | false |
SSDEEP: | 6:kK3D9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:SDImsLNkPlE99SNxAhUe/3 |
MD5: | E179A715DDF59610BDABA06D2EF3F1BC |
SHA1: | 81B2C4DB601FFC69DA650382CC4201E9366CDA8D |
SHA-256: | E982A880FF2A1E77C48030D55F86FD6CFB7712527B05E03D55D577B9D91AECBC |
SHA-512: | 0F094A438E17B9D5381C019CF7962F26F30F96BEE538AEFC8B6BEF6F9F73B9D0EA39C67EAE3C1E7DA1FA9BC47DF0B693C4F128943C985CAD270C752C49BDFE4A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 252 |
Entropy (8bit): | 3.0264678871426307 |
Encrypted: | false |
SSDEEP: | 3:kkFklrVfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7lnklG3:kKUxliBAIdQZV7I7kc3 |
MD5: | FABDE71E1F3CE5584D1ED866BD8D2DA1 |
SHA1: | 0CA0F7C46CF62C28399D3350CC4A3CBABA6F2CF3 |
SHA-256: | 50A8267DB5F33681F95283436D041B3272BD051E9D4E22415A7D0A827CF59359 |
SHA-512: | AF6FBF7CB87F6D948D4C994283EF99C45212FB882088831483BFAED6E3AD7927CAB411BFA43654677128727ABF3856701E1342C7863E0487475E542EF9D6FE6B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 243196 |
Entropy (8bit): | 3.3450692389394283 |
Encrypted: | false |
SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.365871332849474 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXk4UVoZcg1vRcR0YOGT/eoAvJM3g98kUwPeUkwRe9:YvXKXk2Zc0vgNGMbLUkee9 |
MD5: | AA837EC8FA6E804895B4643D60F7AF53 |
SHA1: | F1D03F03DE71192B102DE0A911C3657A24A7466B |
SHA-256: | 58A4E62E913AB05A6B208CF2ADF61AD929B07748E6B1CCB622187AB9C8A9077F |
SHA-512: | 02520C4D6C6D9390BEF5A4E2B66E6E6784101EDD1497FAA7D2CA3BD4EE2DFA692905C9108969FF422904CF8BCAF0A6D5952096F9AA2C6DEA0F468671B118784A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.314113202598185 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXk4UVoZcg1vRcR0YOGT/eoAvJfBoTfXpnrPeUkwRe9:YvXKXk2Zc0vgNGWTfXcUkee9 |
MD5: | B813AD3337867F2CE2C6AAF07906C76B |
SHA1: | 944AB591F7AB3C2766EAC56EEE400ADF4EA39F85 |
SHA-256: | A25D464B2C72E97A3DBC1F2368D2779E95A9DE2A00BBC45914894126D683E7E1 |
SHA-512: | EE91B2EAA562031DBD55E9A66016056C5764AFD29830666256A833171230B4140B2B399BBEAAF15DC17CE4FFF844A2953CE4ACFF2EDDA22C5DEDD27CFFBC4297 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.292252117343453 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXk4UVoZcg1vRcR0YOGT/eoAvJfBD2G6UpnrPeUkwRe9:YvXKXk2Zc0vgNGR22cUkee9 |
MD5: | 6AE6780D9097393031F2DA92D4B60129 |
SHA1: | 50FB7003D89357400F5DDB009BEE2714D57661A6 |
SHA-256: | 5A688A8E62CDC36B655EA882A11CBD9372A2CA91E64DCC2C4513B3EE464AB7F0 |
SHA-512: | E69D8B94814F95A4599ED8FF125E7F60A73B5A699DC1860CCAE9567A750411001C1C30315AC10BE8E7DD01A8CA311A760E30BFA7CE2F6E0E208577B7856F89E9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.352969837168573 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXk4UVoZcg1vRcR0YOGT/eoAvJfPmwrPeUkwRe9:YvXKXk2Zc0vgNGH56Ukee9 |
MD5: | 1A9C42EFAEE3536AB0F3A3C0608648FA |
SHA1: | BC40E45A85213FD69CD20CB763933D4DD4C75853 |
SHA-256: | A14748D481E53CBE7A1CEE9DF92EBE4D286E6B7841367A277A1EB50D7EE5D51E |
SHA-512: | C03526A6749875811AC53E4EE2A26733E8A25C9D0266EA145A6F0E919B5BF78CEBE5BC60A0D701DACCF3AC9995A9863764B6D06B19F24FA2C8DF666B1FF3214C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.31302479993102 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXk4UVoZcg1vRcR0YOGT/eoAvJfJWCtMdPeUkwRe9:YvXKXk2Zc0vgNGBS8Ukee9 |
MD5: | 9CC18B8C83E3C65BD5A9B70B18B5DBA8 |
SHA1: | 655156A6369FB44C434F546087716B76865BCBA4 |
SHA-256: | 4C2A1E3BFD34A0441FF8E342BA868C767D039E4175EC16909F76707C3FEED099 |
SHA-512: | 5CCB33073402644FC99F4822F7D0A558540D9B43F99E95606A9AE64C3C163C49A6806C4457DAE79BD162E8D8FC8BF60408A1E15C97097DE31344CDC6D764AA64 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.299488175962244 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXk4UVoZcg1vRcR0YOGT/eoAvJf8dPeUkwRe9:YvXKXk2Zc0vgNGU8Ukee9 |
MD5: | E5B5F7048FB2232E9F8AC25B68D5FE5C |
SHA1: | 38B676362F412867FFA11A8B1CBCC035CD0B0F87 |
SHA-256: | 409A87952C0749298819EF9EC3EC5550200810B0D0BF86AAFADA9001615C7BC3 |
SHA-512: | D87F6BA66043647BA51E810BF03B4B842009EE4247B23A37E1921D21252BCF409E569FC0C7DD6992EDC71ABAD6335906B333880AB7167A5CC4DA6AE1BF3BFEC7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.30339407005272 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXk4UVoZcg1vRcR0YOGT/eoAvJfQ1rPeUkwRe9:YvXKXk2Zc0vgNGY16Ukee9 |
MD5: | FC3C54C01C30EEA57CAB9D4A5F8ED30B |
SHA1: | 2EFA23BB4C6AB86AF9FF4EFA9F8CEA673E90CFED |
SHA-256: | D75984B832480F88A2CD839160ABE405EAA07BBCDAD202408C4A1A25EB6E0409 |
SHA-512: | C9514DA2CEB87AEC94E6A00EFFFB82C659D7502923111858E0DAB4D6528BC9DC4BADD192CDC38A5DCD6D9F6972F18A5BB6FCEAEED131EC954F8E8C093855CAC3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.310250877330935 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXk4UVoZcg1vRcR0YOGT/eoAvJfFldPeUkwRe9:YvXKXk2Zc0vgNGz8Ukee9 |
MD5: | EFC9554F05B5930357DE8C6D7E04D9C4 |
SHA1: | 37A305ED31604FA2C38BD6A6378D5E58CDE9A76F |
SHA-256: | 26BAB0A7F98DB7D8D3C6F0807C2E9ECA9BF91BDC813A95DAFF2D9F796332AE98 |
SHA-512: | 9A4971D367577F2FF4790409AAF18FAEA587CC8060B9D764C9B34DF2CBC8EC5808DACCD6C725D3BF9E04D3903A393F4FD2F38C15F5C0D2A9F32FC02227B5F325 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.737722955516789 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xk2zvgpKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNqg:YvsIpEgigrNt0wSJn+ns8cvFJUg |
MD5: | FCC12C712E8534C6D7ACEF529065C6D6 |
SHA1: | B54A8BD2883E06EF5340E2AC3687752A1ECDBE34 |
SHA-256: | 6A2E7E76FC4C676E993C96386A4747C67FB70B5C2F10352E1E7D5BDF74EEE619 |
SHA-512: | C8ACCACF5649F7DEA2BC5D3C50072C7CBD99AF3CD154626C4D73C6F40CF4F13C5FCEE55A6273965C47374DC88B3E47ABC64D722ADB635C33AF36035FCF910049 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.306233304405341 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXk4UVoZcg1vRcR0YOGT/eoAvJfYdPeUkwRe9:YvXKXk2Zc0vgNGg8Ukee9 |
MD5: | CD9E78EC2DBEFF6873C960589F7745FB |
SHA1: | 02C1665CA0A3E01DFF86E4557DBDA9C1784CCBCA |
SHA-256: | 929E3673D42982CE3CAD4D4AA3D6D3C8BD38AB3A2B127708D7B7BF8853D8782C |
SHA-512: | 3D7294A62F2915957E8DFA1131D6580D248A693B14F34BC602A53FBF6758D76E8B85910586A7A54EFE91C41ED3814C70D138E60DA19F4F2C9B67B52BAC90D5E0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.77533808086163 |
Encrypted: | false |
SSDEEP: | 24:Yv6Xk2zvgErLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNin:YvsIEHgDv3W2aYQfgB5OUupHrQ9FJgn |
MD5: | DAC254EAFE3C2B5FD806116FD6FE9F36 |
SHA1: | E17792F6B9DBD73F3AEBC72AF6DBCFAB905E405F |
SHA-256: | 110BBC57DE52251188D00911C3EAC3DB8C1A1129444FEAF8D1B26E46CE5C3FC8 |
SHA-512: | 8C82C7072436F1E9833A0837DAD830A11B2CF1F6CA3459726ED61C5CF07BC557A7CCC847CE58D60BA803AAEA1687D784F8DB9611C32B1C85FEEFE5C170511597 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.289737561499099 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXk4UVoZcg1vRcR0YOGT/eoAvJfbPtdPeUkwRe9:YvXKXk2Zc0vgNGDV8Ukee9 |
MD5: | 139620A855ECCB522E195246B9C11C2B |
SHA1: | DB5ACD029474D522D35F0A2D7EB28A1C17FF599E |
SHA-256: | 8465454009C8EB850448276ADFA7D68E3E5EFE4F038600F82AA1848858BA4C07 |
SHA-512: | 486F32E3B8F945F65D0124B740344686F098BB13DEE434532E8F90DEB0E6FCAA1F3889A3BB85CF5FDD9B4300E6B9BAF761CBAB11BE1D1B9C8B49ACA29E614523 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.29447529237679 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXk4UVoZcg1vRcR0YOGT/eoAvJf21rPeUkwRe9:YvXKXk2Zc0vgNG+16Ukee9 |
MD5: | D7B71001A59D5340F360EF43578C8D73 |
SHA1: | 3C94EE0E80CFF7DD69DC77F035ABABCEFB5825CB |
SHA-256: | B045DE7A2A88F873F73680F159EDC8C2FB3429123CAE31145E1E466B1A75EC2F |
SHA-512: | 324422D63439812F7A1E427DD3B3A9B992C03D3F8B5175DD667D7765348C65EE479FA71A98920314FCE6F3E4CBF35E958CF8D87C6C7446C9DC7BD292EEB29B2E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.313068433163489 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXk4UVoZcg1vRcR0YOGT/eoAvJfbpatdPeUkwRe9:YvXKXk2Zc0vgNGVat8Ukee9 |
MD5: | 3FF99EF9CDBAE4ADD489E19792C1FB52 |
SHA1: | 35E1F993A6494749061C4EF95C720BBA04C25BDC |
SHA-256: | CCEB149FDF09C3F501457AE306FF9455BCC3F14216071A7C22BCDB0087B97441 |
SHA-512: | 711FD99AB964D027DD9BB8111B6C5D21FAB696A8D94B36349A48E571800D8F1D927040F545F02AFDC876F26DD8C7BDAF6AEB78EE14930A048DF10CFA7413712F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.271154298488504 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXk4UVoZcg1vRcR0YOGT/eoAvJfshHHrPeUkwRe9:YvXKXk2Zc0vgNGUUUkee9 |
MD5: | D516BD6DD234456615CA6FEB5D75739C |
SHA1: | 359098105D893A830D95630B60C937D111ADF003 |
SHA-256: | FAE26141F7D89BB4F5C60B3A83267E213A9F1A4A5FB7D3242791D0001AC60CAC |
SHA-512: | 8CDAD9AB6D48BC72971ED207255EA45E076CDAB57FD27C1DB2732AB7C255C6498774E440E59662B2433AA3B19467C1719A6201F8DE5B6F5472A59B564BA05EEA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.363585278566013 |
Encrypted: | false |
SSDEEP: | 12:YvXKXk2Zc0vgNGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWGg:Yv6Xk2zvg5168CgEXX5kcIfANh1g |
MD5: | 3F29B06BD4EFCEB9F47F4B5107466619 |
SHA1: | 950C781D057581095F4BE20518238367981B6380 |
SHA-256: | 6443009772C8E74E63F11CF126BE080F00F365649CC822F7426988EA631BBD3A |
SHA-512: | 8DD86645FD96F2FAFF1DE58D62B0415F49BECCF7FB2C2D2137F521B88088BB75661DE302CE877F820055718A0BA17751402F2F46D49DD68071DFC9A8C2BAEF09 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.11574595024413 |
Encrypted: | false |
SSDEEP: | 48:Y7XNbhXPoa/D5MJCQizEJBTqR10FDaF9ty:8XNlH/D5MJCQizEJBT2uDyty |
MD5: | 4C16C2F53E5D3C87E191D1F1578C8031 |
SHA1: | 0FDF20579C3F204CB498D934263219209810AC39 |
SHA-256: | 9778CB223CF2C51D5D0725DC0D10DEFCA4D3B5AC88991F5945754ED4644FE57C |
SHA-512: | 5A27D938A8C1163FA99A63DFBF1B26C7D5FA9F4B47C779044C7264D7C784C89EAE8F675679804A3725C19ED5D2C088CC7D8BEBDE7F2B0EAF6EA598C7E475EE5C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1879332897434551 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUWZRSvR9H9vxFGiDIAEkGVvp6ZV:lNVmswUUUUUUUUWn+FGSItWH |
MD5: | 4BB0554C1F194712D840F368994860EA |
SHA1: | 4BBA2F22D6763493C5167E0AE0C182277B344DCD |
SHA-256: | CFA5391A157B61845A8913483A515596862500E417480ECD0B34FC6CCD81F032 |
SHA-512: | C5F455BC508DC81B8280B77656A1FF1F15CC7B0498DC8F43479E8122A9FAFF897B3EB1C7378C7EBA0BB1F1DEB20BDEC247FB415C4DF16CBE668954A6C267777A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6078214434542752 |
Encrypted: | false |
SSDEEP: | 48:7M4KUUUUUUUUUUWZ5vR9H9vxFGiDIAEkGVvTRqFl2GL7msc:70UUUUUUUUUUWLFGSItzKVmsc |
MD5: | 7289C11BA461FBA9E57AAFC907CB1C00 |
SHA1: | 44260E3CE8F0DB5F4F2AD522CE4C5FF83F2CEBF1 |
SHA-256: | C2DD001676D247D4EE71B8B013DEF44E1864F6A257B0EB07C8A74EE6DBFD842C |
SHA-512: | 5721D963545AFDCE27E79112C67A671AD78CDDF13AD8CA07DE91598520595790E72F7815ACB0973F111031F69BD24C976D3ADE51E9C17BB31E6BFF827D17730A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5065515051498046 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K82/aYA9:Qw946cPbiOxDlbYnuRK//F+ |
MD5: | 38AC4FDFE5F6E2A7F4047E6E3D1C249C |
SHA1: | CB914248CB129C5F4CE64E246DEAC2663FCEB0E6 |
SHA-256: | 898BBD09F7B428DF15F3A6D01414A9990C189AF64EFCC9217BED4EFF936F1576 |
SHA-512: | 3F4BCD3A0915FF7E9C78FA60DFEF82516ACEDC0C50BCBDC208B7DA6316995ED7E0EB39B446318863B16746FEE52C565BB2448F8EA8AA4464580A357C7E66AA8F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.023113942774525 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOkQ2SNzzQ2SNzTCSyAAO:IngVMre9T0HQIDmy9g06JXU5Q5ulX |
MD5: | 2BEA9277B1778B41BDFADA4BFE132109 |
SHA1: | C9721BF1DC68B723D60DACCAA7206D1799AC5110 |
SHA-256: | 77D12154428815EB4F30399F71AAB8F175F3A12642B0D1FC19C8B796F6B75A1C |
SHA-512: | 563782CF9C5F4FB3275E90DCA9B992C27600BCB2813174D6FB915907D9399780E89ABB742FCBFD7AF6CCE39AEDAD1063038D734288DF124467FDEE41BCD6DAF3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-07-04 17-13-21-899.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.357483467596877 |
Encrypted: | false |
SSDEEP: | 384:qy9/H/2/P/x/E/zh/8/5U/a/f/t/F4M464pOWOCO8OYb3bLbSbpb33EhEhE3ELUr:dcyz |
MD5: | FA807AE374CD7A466EF002FDCCEF8AE7 |
SHA1: | 794E4E9403E31A52F3ADC55DFFC33247A335E3BC |
SHA-256: | D98D521C4D55CDCE20F8D06AB692A2807A2B6A9CC685F1FBAA7C0CB958E46255 |
SHA-512: | D39C758F154F1E8851BB646F02C1F0D777CE269031C9953D22C98A0825002F7357CEFDFAC5F86503F60E0693985F9AFB64777CB96E32E08DCC23221980113343 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.385292435587018 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rg:E |
MD5: | 8E0E55FB8002E3E65A0565BCC8DC2A58 |
SHA1: | 3E2B7D47EDB12D629D06AF86AE9A9F36B45F66A0 |
SHA-256: | 0F9C28EFF95755527CD515AC0376E870819C08CAAAFF0AC06D0FD327C45E071C |
SHA-512: | 9CFA05F02DFA7C546142CB89512E370DD8C0AB437AC49070A469B135B6F5BCFFF7B98B30BD336AF3D2F7851A20A24DE2E19BD9CCBE25722E6B242E41A7B88CD0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw |
MD5: | 8B9FA2EC5118087D19CFDB20DA7C4C26 |
SHA1: | E32D6A1829B18717EF1455B73E88D36E0410EF93 |
SHA-256: | 4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD |
SHA-512: | 662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 295 |
Entropy (8bit): | 5.288439437332061 |
Encrypted: | false |
SSDEEP: | 6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoIR4fLTRONO2FWVJcXaoD:J0+oxBeRmR9etdzRxGezHxN9FWvma+ |
MD5: | B035CD8333EA6F1C37EEECA8ECD09A22 |
SHA1: | 5E2CF602942E949FC68379B4D7052E83287C704E |
SHA-256: | 1E76CA9B66CD0D060F25416D26A334E832FAE23B80A85225E14D0B9CBA356A1D |
SHA-512: | 1399B37794986ECEF4A77B2B004563F9C42CDFA732815144EBCD4174C20A57C7468F9FE294FD6DBFB1DE1F3FC593F87BD99306EA62ACBD0E3263D1CAF8626906 |
Malicious: | false |
URL: | https://saepe.cfd/favicon.ico |
Preview: |
File type: | |
Entropy (8bit): | 7.913688088029627 |
TrID: |
|
File name: | Law Clerk to Michael Nanne and Brian DeLorenzi.pdf |
File size: | 131'911 bytes |
MD5: | a167796a70b1fb4a64ad4af83b1719eb |
SHA1: | 681d7cea541073d6cd676243b0d90c436b42420f |
SHA256: | 0109ea120cf30bd5a14ecde672ff9414f2f70c7af69f96b8a4cf96f4dad5b2d1 |
SHA512: | 8aed32e2eb8dc504c47af95e6ab1707d9ca11b53d70392267707290356b33c059e1fa4ee0fe0b5844a98e1bc57760c923e0e177c13ae61fd107ea5ab74e3b3da |
SSDEEP: | 3072:pFs0g/rNDQSic3cB53k5zY98Kw6yMdY/IcoiAHty:H1g/rZ9iIcB53kdY98K/SYiANy |
TLSH: | D8D3F120DD783DECD0969F91AF2F3C1DA85BB092A6C88190356CC3D78308F7699775A6 |
File Content Preview: | %PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 51 0 R/MarkInfo<</Marked true>>/Metadata 130 0 R/ViewerPreferences 131 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 1/Kids[ 3 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.913688 |
Total Bytes: | 131911 |
Stream Entropy: | 7.972973 |
Stream Bytes: | 119012 |
Entropy outside Streams: | 5.290366 |
Bytes outside Streams: | 12899 |
Number of EOF found: | 2 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 71 |
endobj | 71 |
stream | 26 |
endstream | 26 |
xref | 2 |
trailer | 2 |
startxref | 2 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 1 |
/URI | 4 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
38 | 71cc9696b296cc71 | 138860b1344e98b88c5c13e93e38910a | |
39 | f0c0b2c0c0b2c0f0 | e40d109ea3b33065525462fb0490b5e2 | |
40 | 6960f8dcdedaf860 | 506ec06c44dbd41495d92cb68b5493ad | |
41 | e860ea80a080e068 | 9afe52864b296d2c8aa384278eefc6ac | |
42 | 0000000000000000 | 70d5351691622e1dd33a50b0c6e42379 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 4, 2024 23:13:15.386018991 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Jul 4, 2024 23:13:24.998996973 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Jul 4, 2024 23:13:26.346632957 CEST | 49738 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 23:13:26.346656084 CEST | 443 | 49738 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 23:13:26.346730947 CEST | 49738 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 23:13:26.348597050 CEST | 49738 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 23:13:26.348612070 CEST | 443 | 49738 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 23:13:27.005502939 CEST | 443 | 49738 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 23:13:27.005573988 CEST | 49738 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 23:13:27.029793024 CEST | 49738 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 23:13:27.029809952 CEST | 443 | 49738 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 23:13:27.030112982 CEST | 443 | 49738 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 23:13:27.077405930 CEST | 49738 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 23:13:27.102416992 CEST | 49738 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 23:13:27.144536018 CEST | 443 | 49738 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 23:13:27.291387081 CEST | 443 | 49738 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 23:13:27.291444063 CEST | 443 | 49738 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 23:13:27.291488886 CEST | 49738 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 23:13:27.293721914 CEST | 49738 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 23:13:27.293730021 CEST | 443 | 49738 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 23:13:27.293742895 CEST | 49738 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 23:13:27.293747902 CEST | 443 | 49738 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 23:13:27.375869989 CEST | 49739 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 23:13:27.375910044 CEST | 443 | 49739 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 23:13:27.375982046 CEST | 49739 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 23:13:27.376458883 CEST | 49739 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 23:13:27.376475096 CEST | 443 | 49739 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 23:13:28.027398109 CEST | 443 | 49739 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 23:13:28.027621984 CEST | 49739 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 23:13:28.028855085 CEST | 49739 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 23:13:28.028865099 CEST | 443 | 49739 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 23:13:28.029095888 CEST | 443 | 49739 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 23:13:28.033724070 CEST | 49739 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 23:13:28.080502987 CEST | 443 | 49739 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 23:13:28.309933901 CEST | 443 | 49739 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 23:13:28.309989929 CEST | 443 | 49739 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 23:13:28.310746908 CEST | 49739 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 23:13:28.310746908 CEST | 49739 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 23:13:28.310848951 CEST | 49739 | 443 | 192.168.2.4 | 184.28.90.27 |
Jul 4, 2024 23:13:28.310858965 CEST | 443 | 49739 | 184.28.90.27 | 192.168.2.4 |
Jul 4, 2024 23:13:37.132776022 CEST | 49743 | 443 | 192.168.2.4 | 13.85.23.86 |
Jul 4, 2024 23:13:37.132812977 CEST | 443 | 49743 | 13.85.23.86 | 192.168.2.4 |
Jul 4, 2024 23:13:37.132872105 CEST | 49743 | 443 | 192.168.2.4 | 13.85.23.86 |
Jul 4, 2024 23:13:37.134342909 CEST | 49743 | 443 | 192.168.2.4 | 13.85.23.86 |
Jul 4, 2024 23:13:37.134358883 CEST | 443 | 49743 | 13.85.23.86 | 192.168.2.4 |
Jul 4, 2024 23:13:37.864742994 CEST | 443 | 49743 | 13.85.23.86 | 192.168.2.4 |
Jul 4, 2024 23:13:37.864845037 CEST | 49743 | 443 | 192.168.2.4 | 13.85.23.86 |
Jul 4, 2024 23:13:37.868815899 CEST | 49743 | 443 | 192.168.2.4 | 13.85.23.86 |
Jul 4, 2024 23:13:37.868824959 CEST | 443 | 49743 | 13.85.23.86 | 192.168.2.4 |
Jul 4, 2024 23:13:37.869034052 CEST | 443 | 49743 | 13.85.23.86 | 192.168.2.4 |
Jul 4, 2024 23:13:37.923046112 CEST | 49743 | 443 | 192.168.2.4 | 13.85.23.86 |
Jul 4, 2024 23:13:38.660626888 CEST | 49743 | 443 | 192.168.2.4 | 13.85.23.86 |
Jul 4, 2024 23:13:38.704503059 CEST | 443 | 49743 | 13.85.23.86 | 192.168.2.4 |
Jul 4, 2024 23:13:38.898823977 CEST | 443 | 49743 | 13.85.23.86 | 192.168.2.4 |
Jul 4, 2024 23:13:38.898842096 CEST | 443 | 49743 | 13.85.23.86 | 192.168.2.4 |
Jul 4, 2024 23:13:38.898849010 CEST | 443 | 49743 | 13.85.23.86 | 192.168.2.4 |
Jul 4, 2024 23:13:38.898873091 CEST | 443 | 49743 | 13.85.23.86 | 192.168.2.4 |
Jul 4, 2024 23:13:38.898890972 CEST | 443 | 49743 | 13.85.23.86 | 192.168.2.4 |
Jul 4, 2024 23:13:38.898895025 CEST | 49743 | 443 | 192.168.2.4 | 13.85.23.86 |
Jul 4, 2024 23:13:38.898900032 CEST | 443 | 49743 | 13.85.23.86 | 192.168.2.4 |
Jul 4, 2024 23:13:38.898919106 CEST | 443 | 49743 | 13.85.23.86 | 192.168.2.4 |
Jul 4, 2024 23:13:38.898932934 CEST | 49743 | 443 | 192.168.2.4 | 13.85.23.86 |
Jul 4, 2024 23:13:38.898957968 CEST | 49743 | 443 | 192.168.2.4 | 13.85.23.86 |
Jul 4, 2024 23:13:38.899456978 CEST | 443 | 49743 | 13.85.23.86 | 192.168.2.4 |
Jul 4, 2024 23:13:38.899516106 CEST | 49743 | 443 | 192.168.2.4 | 13.85.23.86 |
Jul 4, 2024 23:13:38.899523020 CEST | 443 | 49743 | 13.85.23.86 | 192.168.2.4 |
Jul 4, 2024 23:13:38.899537086 CEST | 443 | 49743 | 13.85.23.86 | 192.168.2.4 |
Jul 4, 2024 23:13:38.899575949 CEST | 49743 | 443 | 192.168.2.4 | 13.85.23.86 |
Jul 4, 2024 23:13:39.401809931 CEST | 49743 | 443 | 192.168.2.4 | 13.85.23.86 |
Jul 4, 2024 23:13:39.401828051 CEST | 443 | 49743 | 13.85.23.86 | 192.168.2.4 |
Jul 4, 2024 23:13:45.821422100 CEST | 49749 | 443 | 192.168.2.4 | 172.67.221.31 |
Jul 4, 2024 23:13:45.821453094 CEST | 443 | 49749 | 172.67.221.31 | 192.168.2.4 |
Jul 4, 2024 23:13:45.821515083 CEST | 49749 | 443 | 192.168.2.4 | 172.67.221.31 |
Jul 4, 2024 23:13:45.821980000 CEST | 49749 | 443 | 192.168.2.4 | 172.67.221.31 |
Jul 4, 2024 23:13:45.821991920 CEST | 443 | 49749 | 172.67.221.31 | 192.168.2.4 |
Jul 4, 2024 23:13:46.328334093 CEST | 443 | 49749 | 172.67.221.31 | 192.168.2.4 |
Jul 4, 2024 23:13:46.328701019 CEST | 49749 | 443 | 192.168.2.4 | 172.67.221.31 |
Jul 4, 2024 23:13:46.328715086 CEST | 443 | 49749 | 172.67.221.31 | 192.168.2.4 |
Jul 4, 2024 23:13:46.329760075 CEST | 443 | 49749 | 172.67.221.31 | 192.168.2.4 |
Jul 4, 2024 23:13:46.329849005 CEST | 49749 | 443 | 192.168.2.4 | 172.67.221.31 |
Jul 4, 2024 23:13:46.331830978 CEST | 49749 | 443 | 192.168.2.4 | 172.67.221.31 |
Jul 4, 2024 23:13:46.331887960 CEST | 443 | 49749 | 172.67.221.31 | 192.168.2.4 |
Jul 4, 2024 23:13:46.332465887 CEST | 49749 | 443 | 192.168.2.4 | 172.67.221.31 |
Jul 4, 2024 23:13:46.332472086 CEST | 443 | 49749 | 172.67.221.31 | 192.168.2.4 |
Jul 4, 2024 23:13:46.372854948 CEST | 49749 | 443 | 192.168.2.4 | 172.67.221.31 |
Jul 4, 2024 23:13:50.160573959 CEST | 49754 | 443 | 192.168.2.4 | 142.250.185.196 |
Jul 4, 2024 23:13:50.160614014 CEST | 443 | 49754 | 142.250.185.196 | 192.168.2.4 |
Jul 4, 2024 23:13:50.160676956 CEST | 49754 | 443 | 192.168.2.4 | 142.250.185.196 |
Jul 4, 2024 23:13:50.160903931 CEST | 49754 | 443 | 192.168.2.4 | 142.250.185.196 |
Jul 4, 2024 23:13:50.160916090 CEST | 443 | 49754 | 142.250.185.196 | 192.168.2.4 |
Jul 4, 2024 23:13:50.811317921 CEST | 443 | 49754 | 142.250.185.196 | 192.168.2.4 |
Jul 4, 2024 23:13:50.811619997 CEST | 49754 | 443 | 192.168.2.4 | 142.250.185.196 |
Jul 4, 2024 23:13:50.811644077 CEST | 443 | 49754 | 142.250.185.196 | 192.168.2.4 |
Jul 4, 2024 23:13:50.812510967 CEST | 443 | 49754 | 142.250.185.196 | 192.168.2.4 |
Jul 4, 2024 23:13:50.812587976 CEST | 49754 | 443 | 192.168.2.4 | 142.250.185.196 |
Jul 4, 2024 23:13:50.813500881 CEST | 49754 | 443 | 192.168.2.4 | 142.250.185.196 |
Jul 4, 2024 23:13:50.813554049 CEST | 443 | 49754 | 142.250.185.196 | 192.168.2.4 |
Jul 4, 2024 23:13:50.857014894 CEST | 49754 | 443 | 192.168.2.4 | 142.250.185.196 |
Jul 4, 2024 23:13:50.857023001 CEST | 443 | 49754 | 142.250.185.196 | 192.168.2.4 |
Jul 4, 2024 23:13:50.904856920 CEST | 49754 | 443 | 192.168.2.4 | 142.250.185.196 |
Jul 4, 2024 23:14:00.773298979 CEST | 443 | 49754 | 142.250.185.196 | 192.168.2.4 |
Jul 4, 2024 23:14:00.773370028 CEST | 443 | 49754 | 142.250.185.196 | 192.168.2.4 |
Jul 4, 2024 23:14:00.773423910 CEST | 49754 | 443 | 192.168.2.4 | 142.250.185.196 |
Jul 4, 2024 23:14:00.813606024 CEST | 49754 | 443 | 192.168.2.4 | 142.250.185.196 |
Jul 4, 2024 23:14:00.813622952 CEST | 443 | 49754 | 142.250.185.196 | 192.168.2.4 |
Jul 4, 2024 23:14:15.697729111 CEST | 49763 | 443 | 192.168.2.4 | 13.85.23.86 |
Jul 4, 2024 23:14:15.697762966 CEST | 443 | 49763 | 13.85.23.86 | 192.168.2.4 |
Jul 4, 2024 23:14:15.697833061 CEST | 49763 | 443 | 192.168.2.4 | 13.85.23.86 |
Jul 4, 2024 23:14:15.698201895 CEST | 49763 | 443 | 192.168.2.4 | 13.85.23.86 |
Jul 4, 2024 23:14:15.698214054 CEST | 443 | 49763 | 13.85.23.86 | 192.168.2.4 |
Jul 4, 2024 23:14:17.233134031 CEST | 443 | 49763 | 13.85.23.86 | 192.168.2.4 |
Jul 4, 2024 23:14:17.233452082 CEST | 49763 | 443 | 192.168.2.4 | 13.85.23.86 |
Jul 4, 2024 23:14:17.237076044 CEST | 49763 | 443 | 192.168.2.4 | 13.85.23.86 |
Jul 4, 2024 23:14:17.237088919 CEST | 443 | 49763 | 13.85.23.86 | 192.168.2.4 |
Jul 4, 2024 23:14:17.237289906 CEST | 443 | 49763 | 13.85.23.86 | 192.168.2.4 |
Jul 4, 2024 23:14:17.245104074 CEST | 49763 | 443 | 192.168.2.4 | 13.85.23.86 |
Jul 4, 2024 23:14:17.288533926 CEST | 443 | 49763 | 13.85.23.86 | 192.168.2.4 |
Jul 4, 2024 23:14:17.512487888 CEST | 443 | 49763 | 13.85.23.86 | 192.168.2.4 |
Jul 4, 2024 23:14:17.512509108 CEST | 443 | 49763 | 13.85.23.86 | 192.168.2.4 |
Jul 4, 2024 23:14:17.512522936 CEST | 443 | 49763 | 13.85.23.86 | 192.168.2.4 |
Jul 4, 2024 23:14:17.512696981 CEST | 49763 | 443 | 192.168.2.4 | 13.85.23.86 |
Jul 4, 2024 23:14:17.512726068 CEST | 443 | 49763 | 13.85.23.86 | 192.168.2.4 |
Jul 4, 2024 23:14:17.512789011 CEST | 49763 | 443 | 192.168.2.4 | 13.85.23.86 |
Jul 4, 2024 23:14:17.513267994 CEST | 443 | 49763 | 13.85.23.86 | 192.168.2.4 |
Jul 4, 2024 23:14:17.513303995 CEST | 443 | 49763 | 13.85.23.86 | 192.168.2.4 |
Jul 4, 2024 23:14:17.513329029 CEST | 49763 | 443 | 192.168.2.4 | 13.85.23.86 |
Jul 4, 2024 23:14:17.513336897 CEST | 443 | 49763 | 13.85.23.86 | 192.168.2.4 |
Jul 4, 2024 23:14:17.513346910 CEST | 49763 | 443 | 192.168.2.4 | 13.85.23.86 |
Jul 4, 2024 23:14:17.513349056 CEST | 443 | 49763 | 13.85.23.86 | 192.168.2.4 |
Jul 4, 2024 23:14:17.513406038 CEST | 49763 | 443 | 192.168.2.4 | 13.85.23.86 |
Jul 4, 2024 23:14:17.518069029 CEST | 49763 | 443 | 192.168.2.4 | 13.85.23.86 |
Jul 4, 2024 23:14:17.518084049 CEST | 443 | 49763 | 13.85.23.86 | 192.168.2.4 |
Jul 4, 2024 23:14:17.518104076 CEST | 49763 | 443 | 192.168.2.4 | 13.85.23.86 |
Jul 4, 2024 23:14:17.518109083 CEST | 443 | 49763 | 13.85.23.86 | 192.168.2.4 |
Jul 4, 2024 23:14:25.571024895 CEST | 443 | 49749 | 172.67.221.31 | 192.168.2.4 |
Jul 4, 2024 23:14:25.571121931 CEST | 443 | 49749 | 172.67.221.31 | 192.168.2.4 |
Jul 4, 2024 23:14:25.571180105 CEST | 49749 | 443 | 192.168.2.4 | 172.67.221.31 |
Jul 4, 2024 23:14:25.572084904 CEST | 49749 | 443 | 192.168.2.4 | 172.67.221.31 |
Jul 4, 2024 23:14:25.572103024 CEST | 443 | 49749 | 172.67.221.31 | 192.168.2.4 |
Jul 4, 2024 23:14:25.589683056 CEST | 49764 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:14:25.589723110 CEST | 443 | 49764 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:14:25.589901924 CEST | 49764 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:14:25.589982986 CEST | 49764 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:14:25.589993954 CEST | 443 | 49764 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:14:25.612051964 CEST | 49765 | 443 | 192.168.2.4 | 172.67.221.31 |
Jul 4, 2024 23:14:25.612082958 CEST | 443 | 49765 | 172.67.221.31 | 192.168.2.4 |
Jul 4, 2024 23:14:25.612175941 CEST | 49765 | 443 | 192.168.2.4 | 172.67.221.31 |
Jul 4, 2024 23:14:25.612346888 CEST | 49765 | 443 | 192.168.2.4 | 172.67.221.31 |
Jul 4, 2024 23:14:25.612360954 CEST | 443 | 49765 | 172.67.221.31 | 192.168.2.4 |
Jul 4, 2024 23:14:26.064237118 CEST | 443 | 49764 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:14:26.074767113 CEST | 49764 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:14:26.074780941 CEST | 443 | 49764 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:14:26.075789928 CEST | 443 | 49764 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:14:26.075881958 CEST | 49764 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:14:26.090434074 CEST | 49764 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:14:26.090519905 CEST | 443 | 49764 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:14:26.090553045 CEST | 49764 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:14:26.099625111 CEST | 443 | 49765 | 172.67.221.31 | 192.168.2.4 |
Jul 4, 2024 23:14:26.101918936 CEST | 49765 | 443 | 192.168.2.4 | 172.67.221.31 |
Jul 4, 2024 23:14:26.101928949 CEST | 443 | 49765 | 172.67.221.31 | 192.168.2.4 |
Jul 4, 2024 23:14:26.102210999 CEST | 443 | 49765 | 172.67.221.31 | 192.168.2.4 |
Jul 4, 2024 23:14:26.115900993 CEST | 49765 | 443 | 192.168.2.4 | 172.67.221.31 |
Jul 4, 2024 23:14:26.115928888 CEST | 49765 | 443 | 192.168.2.4 | 172.67.221.31 |
Jul 4, 2024 23:14:26.115933895 CEST | 443 | 49765 | 172.67.221.31 | 192.168.2.4 |
Jul 4, 2024 23:14:26.115963936 CEST | 443 | 49765 | 172.67.221.31 | 192.168.2.4 |
Jul 4, 2024 23:14:26.135539055 CEST | 49764 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:14:26.135548115 CEST | 443 | 49764 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:14:26.159219027 CEST | 49765 | 443 | 192.168.2.4 | 172.67.221.31 |
Jul 4, 2024 23:14:26.175658941 CEST | 49764 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:14:26.219238997 CEST | 443 | 49764 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:14:26.219317913 CEST | 443 | 49764 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:14:26.219466925 CEST | 49764 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:14:26.219516039 CEST | 49764 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:14:26.219527006 CEST | 443 | 49764 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:14:26.220031023 CEST | 49766 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:14:26.220074892 CEST | 443 | 49766 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:14:26.220133066 CEST | 49766 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:14:26.220346928 CEST | 49766 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:14:26.220360994 CEST | 443 | 49766 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:14:26.701601982 CEST | 443 | 49766 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:14:26.701942921 CEST | 49766 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:14:26.701961040 CEST | 443 | 49766 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:14:26.702434063 CEST | 443 | 49766 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:14:26.702756882 CEST | 49766 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:14:26.702816963 CEST | 443 | 49766 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:14:26.702874899 CEST | 49766 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:14:26.744117975 CEST | 49766 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:14:26.744126081 CEST | 443 | 49766 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:14:26.834671021 CEST | 443 | 49766 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:14:26.834929943 CEST | 443 | 49766 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:14:26.834965944 CEST | 49766 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:14:26.834974051 CEST | 443 | 49766 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:14:26.835139990 CEST | 49766 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:14:26.835139990 CEST | 49766 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:14:32.838268995 CEST | 49723 | 80 | 192.168.2.4 | 93.184.221.240 |
Jul 4, 2024 23:14:32.838387966 CEST | 49724 | 80 | 192.168.2.4 | 93.184.221.240 |
Jul 4, 2024 23:14:32.843713999 CEST | 80 | 49723 | 93.184.221.240 | 192.168.2.4 |
Jul 4, 2024 23:14:32.843826056 CEST | 49723 | 80 | 192.168.2.4 | 93.184.221.240 |
Jul 4, 2024 23:14:32.844247103 CEST | 80 | 49724 | 93.184.221.240 | 192.168.2.4 |
Jul 4, 2024 23:14:32.844322920 CEST | 49724 | 80 | 192.168.2.4 | 93.184.221.240 |
Jul 4, 2024 23:14:45.627698898 CEST | 443 | 49765 | 172.67.221.31 | 192.168.2.4 |
Jul 4, 2024 23:14:45.627789021 CEST | 443 | 49765 | 172.67.221.31 | 192.168.2.4 |
Jul 4, 2024 23:14:45.627830982 CEST | 49765 | 443 | 192.168.2.4 | 172.67.221.31 |
Jul 4, 2024 23:14:45.629076958 CEST | 49765 | 443 | 192.168.2.4 | 172.67.221.31 |
Jul 4, 2024 23:14:45.629092932 CEST | 443 | 49765 | 172.67.221.31 | 192.168.2.4 |
Jul 4, 2024 23:14:50.214186907 CEST | 49768 | 443 | 192.168.2.4 | 142.250.185.196 |
Jul 4, 2024 23:14:50.214226961 CEST | 443 | 49768 | 142.250.185.196 | 192.168.2.4 |
Jul 4, 2024 23:14:50.214307070 CEST | 49768 | 443 | 192.168.2.4 | 142.250.185.196 |
Jul 4, 2024 23:14:50.214545965 CEST | 49768 | 443 | 192.168.2.4 | 142.250.185.196 |
Jul 4, 2024 23:14:50.214560986 CEST | 443 | 49768 | 142.250.185.196 | 192.168.2.4 |
Jul 4, 2024 23:14:50.862786055 CEST | 443 | 49768 | 142.250.185.196 | 192.168.2.4 |
Jul 4, 2024 23:14:50.863149881 CEST | 49768 | 443 | 192.168.2.4 | 142.250.185.196 |
Jul 4, 2024 23:14:50.863162994 CEST | 443 | 49768 | 142.250.185.196 | 192.168.2.4 |
Jul 4, 2024 23:14:50.863488913 CEST | 443 | 49768 | 142.250.185.196 | 192.168.2.4 |
Jul 4, 2024 23:14:50.863868952 CEST | 49768 | 443 | 192.168.2.4 | 142.250.185.196 |
Jul 4, 2024 23:14:50.863933086 CEST | 443 | 49768 | 142.250.185.196 | 192.168.2.4 |
Jul 4, 2024 23:14:50.916038990 CEST | 49768 | 443 | 192.168.2.4 | 142.250.185.196 |
Jul 4, 2024 23:15:00.776829004 CEST | 443 | 49768 | 142.250.185.196 | 192.168.2.4 |
Jul 4, 2024 23:15:00.776896954 CEST | 443 | 49768 | 142.250.185.196 | 192.168.2.4 |
Jul 4, 2024 23:15:00.777024031 CEST | 49768 | 443 | 192.168.2.4 | 142.250.185.196 |
Jul 4, 2024 23:15:02.169891119 CEST | 49768 | 443 | 192.168.2.4 | 142.250.185.196 |
Jul 4, 2024 23:15:02.169910908 CEST | 443 | 49768 | 142.250.185.196 | 192.168.2.4 |
Jul 4, 2024 23:15:25.590657949 CEST | 49770 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:15:25.590691090 CEST | 443 | 49770 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:15:25.590833902 CEST | 49770 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:15:25.591387033 CEST | 49770 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:15:25.591398954 CEST | 443 | 49770 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:15:26.062813997 CEST | 443 | 49770 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:15:26.063498974 CEST | 49770 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:15:26.063514948 CEST | 443 | 49770 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:15:26.063818932 CEST | 443 | 49770 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:15:26.064659119 CEST | 49770 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:15:26.064712048 CEST | 443 | 49770 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:15:26.065059900 CEST | 49770 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:15:26.112498999 CEST | 443 | 49770 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:15:26.193156958 CEST | 443 | 49770 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:15:26.193209887 CEST | 443 | 49770 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:15:26.193268061 CEST | 49770 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:15:26.193727016 CEST | 49770 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:15:26.193744898 CEST | 443 | 49770 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:15:26.194509983 CEST | 49771 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:15:26.194550991 CEST | 443 | 49771 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:15:26.194626093 CEST | 49771 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:15:26.194906950 CEST | 49771 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:15:26.194922924 CEST | 443 | 49771 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:15:26.684889078 CEST | 443 | 49771 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:15:26.685203075 CEST | 49771 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:15:26.685220003 CEST | 443 | 49771 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:15:26.685530901 CEST | 443 | 49771 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:15:26.685899973 CEST | 49771 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:15:26.685960054 CEST | 443 | 49771 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:15:26.686083078 CEST | 49771 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:15:26.728502989 CEST | 443 | 49771 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:15:26.819454908 CEST | 443 | 49771 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:15:26.819531918 CEST | 443 | 49771 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:15:26.819633007 CEST | 49771 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:15:26.820312023 CEST | 49771 | 443 | 192.168.2.4 | 35.190.80.1 |
Jul 4, 2024 23:15:26.820324898 CEST | 443 | 49771 | 35.190.80.1 | 192.168.2.4 |
Jul 4, 2024 23:15:50.276563883 CEST | 49772 | 443 | 192.168.2.4 | 142.250.185.196 |
Jul 4, 2024 23:15:50.276597977 CEST | 443 | 49772 | 142.250.185.196 | 192.168.2.4 |
Jul 4, 2024 23:15:50.276655912 CEST | 49772 | 443 | 192.168.2.4 | 142.250.185.196 |
Jul 4, 2024 23:15:50.276876926 CEST | 49772 | 443 | 192.168.2.4 | 142.250.185.196 |
Jul 4, 2024 23:15:50.276887894 CEST | 443 | 49772 | 142.250.185.196 | 192.168.2.4 |
Jul 4, 2024 23:15:50.935770988 CEST | 443 | 49772 | 142.250.185.196 | 192.168.2.4 |
Jul 4, 2024 23:15:50.936094046 CEST | 49772 | 443 | 192.168.2.4 | 142.250.185.196 |
Jul 4, 2024 23:15:50.936120987 CEST | 443 | 49772 | 142.250.185.196 | 192.168.2.4 |
Jul 4, 2024 23:15:50.936398029 CEST | 443 | 49772 | 142.250.185.196 | 192.168.2.4 |
Jul 4, 2024 23:15:50.936671972 CEST | 49772 | 443 | 192.168.2.4 | 142.250.185.196 |
Jul 4, 2024 23:15:50.936728954 CEST | 443 | 49772 | 142.250.185.196 | 192.168.2.4 |
Jul 4, 2024 23:15:50.978595018 CEST | 49772 | 443 | 192.168.2.4 | 142.250.185.196 |
Jul 4, 2024 23:16:00.895214081 CEST | 443 | 49772 | 142.250.185.196 | 192.168.2.4 |
Jul 4, 2024 23:16:00.895287037 CEST | 443 | 49772 | 142.250.185.196 | 192.168.2.4 |
Jul 4, 2024 23:16:00.895498037 CEST | 49772 | 443 | 192.168.2.4 | 142.250.185.196 |
Jul 4, 2024 23:16:02.169197083 CEST | 49772 | 443 | 192.168.2.4 | 142.250.185.196 |
Jul 4, 2024 23:16:02.169218063 CEST | 443 | 49772 | 142.250.185.196 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 4, 2024 23:13:44.434915066 CEST | 138 | 138 | 192.168.2.4 | 192.168.2.255 |
Jul 4, 2024 23:13:45.787338972 CEST | 59246 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 4, 2024 23:13:45.794235945 CEST | 59641 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 4, 2024 23:13:45.803904057 CEST | 53 | 59246 | 1.1.1.1 | 192.168.2.4 |
Jul 4, 2024 23:13:45.810554981 CEST | 53 | 59641 | 1.1.1.1 | 192.168.2.4 |
Jul 4, 2024 23:13:45.822412014 CEST | 53 | 54183 | 1.1.1.1 | 192.168.2.4 |
Jul 4, 2024 23:13:45.836922884 CEST | 53 | 63135 | 1.1.1.1 | 192.168.2.4 |
Jul 4, 2024 23:13:46.842001915 CEST | 53 | 55282 | 1.1.1.1 | 192.168.2.4 |
Jul 4, 2024 23:13:50.151496887 CEST | 53131 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 4, 2024 23:13:50.151642084 CEST | 49451 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 4, 2024 23:13:50.158987045 CEST | 53 | 53131 | 1.1.1.1 | 192.168.2.4 |
Jul 4, 2024 23:13:50.159877062 CEST | 53 | 49451 | 1.1.1.1 | 192.168.2.4 |
Jul 4, 2024 23:13:57.893404007 CEST | 53 | 60193 | 1.1.1.1 | 192.168.2.4 |
Jul 4, 2024 23:14:03.881263018 CEST | 53 | 56849 | 1.1.1.1 | 192.168.2.4 |
Jul 4, 2024 23:14:15.330810070 CEST | 53 | 61646 | 1.1.1.1 | 192.168.2.4 |
Jul 4, 2024 23:14:22.658792973 CEST | 53 | 63622 | 1.1.1.1 | 192.168.2.4 |
Jul 4, 2024 23:14:25.573095083 CEST | 57927 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 4, 2024 23:14:25.573314905 CEST | 53810 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 4, 2024 23:14:25.581053972 CEST | 53 | 57927 | 1.1.1.1 | 192.168.2.4 |
Jul 4, 2024 23:14:25.581068993 CEST | 53 | 53810 | 1.1.1.1 | 192.168.2.4 |
Jul 4, 2024 23:14:45.431246042 CEST | 53 | 59827 | 1.1.1.1 | 192.168.2.4 |
Jul 4, 2024 23:14:45.472307920 CEST | 53 | 54833 | 1.1.1.1 | 192.168.2.4 |
Jul 4, 2024 23:15:14.066976070 CEST | 53 | 50836 | 1.1.1.1 | 192.168.2.4 |
Jul 4, 2024 23:15:59.052531004 CEST | 53 | 63213 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jul 4, 2024 23:13:45.787338972 CEST | 192.168.2.4 | 1.1.1.1 | 0x71ff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 4, 2024 23:13:45.794235945 CEST | 192.168.2.4 | 1.1.1.1 | 0x2594 | Standard query (0) | 65 | IN (0x0001) | false | |
Jul 4, 2024 23:13:50.151496887 CEST | 192.168.2.4 | 1.1.1.1 | 0x238a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 4, 2024 23:13:50.151642084 CEST | 192.168.2.4 | 1.1.1.1 | 0x3ea0 | Standard query (0) | 65 | IN (0x0001) | false | |
Jul 4, 2024 23:14:25.573095083 CEST | 192.168.2.4 | 1.1.1.1 | 0x8562 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 4, 2024 23:14:25.573314905 CEST | 192.168.2.4 | 1.1.1.1 | 0xd142 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jul 4, 2024 23:13:33.346857071 CEST | 1.1.1.1 | 192.168.2.4 | 0xe48c | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Jul 4, 2024 23:13:33.346857071 CEST | 1.1.1.1 | 192.168.2.4 | 0xe48c | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Jul 4, 2024 23:13:45.803904057 CEST | 1.1.1.1 | 192.168.2.4 | 0x71ff | No error (0) | 172.67.221.31 | A (IP address) | IN (0x0001) | false | ||
Jul 4, 2024 23:13:45.803904057 CEST | 1.1.1.1 | 192.168.2.4 | 0x71ff | No error (0) | 104.21.53.248 | A (IP address) | IN (0x0001) | false | ||
Jul 4, 2024 23:13:45.810554981 CEST | 1.1.1.1 | 192.168.2.4 | 0x2594 | No error (0) | 65 | IN (0x0001) | false | |||
Jul 4, 2024 23:13:50.158987045 CEST | 1.1.1.1 | 192.168.2.4 | 0x238a | No error (0) | 142.250.185.196 | A (IP address) | IN (0x0001) | false | ||
Jul 4, 2024 23:13:50.159877062 CEST | 1.1.1.1 | 192.168.2.4 | 0x3ea0 | No error (0) | 65 | IN (0x0001) | false | |||
Jul 4, 2024 23:14:25.581053972 CEST | 1.1.1.1 | 192.168.2.4 | 0x8562 | No error (0) | 35.190.80.1 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49738 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-04 21:13:27 UTC | 161 | OUT | |
2024-07-04 21:13:27 UTC | 466 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49739 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-04 21:13:28 UTC | 239 | OUT | |
2024-07-04 21:13:28 UTC | 514 | IN | |
2024-07-04 21:13:28 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49743 | 13.85.23.86 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-04 21:13:38 UTC | 306 | OUT | |
2024-07-04 21:13:38 UTC | 560 | IN | |
2024-07-04 21:13:38 UTC | 15824 | IN | |
2024-07-04 21:13:38 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49749 | 172.67.221.31 | 443 | 7872 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-04 21:13:46 UTC | 804 | OUT | |
2024-07-04 21:14:25 UTC | 727 | IN | |
2024-07-04 21:14:25 UTC | 15 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49763 | 13.85.23.86 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-04 21:14:17 UTC | 306 | OUT | |
2024-07-04 21:14:17 UTC | 560 | IN | |
2024-07-04 21:14:17 UTC | 15824 | IN | |
2024-07-04 21:14:17 UTC | 14181 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49764 | 35.190.80.1 | 443 | 7872 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-04 21:14:26 UTC | 520 | OUT | |
2024-07-04 21:14:26 UTC | 336 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 49765 | 172.67.221.31 | 443 | 7872 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-04 21:14:26 UTC | 726 | OUT | |
2024-07-04 21:14:45 UTC | 626 | IN | |
2024-07-04 21:14:45 UTC | 302 | IN | |
2024-07-04 21:14:45 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.4 | 49766 | 35.190.80.1 | 443 | 7872 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-04 21:14:26 UTC | 468 | OUT | |
2024-07-04 21:14:26 UTC | 533 | OUT | |
2024-07-04 21:14:26 UTC | 168 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.4 | 49770 | 35.190.80.1 | 443 | 7872 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-04 21:15:26 UTC | 530 | OUT | |
2024-07-04 21:15:26 UTC | 336 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.4 | 49771 | 35.190.80.1 | 443 | 7872 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-04 21:15:26 UTC | 478 | OUT | |
2024-07-04 21:15:26 UTC | 566 | OUT | |
2024-07-04 21:15:26 UTC | 168 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 17:13:18 |
Start date: | 04/07/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 1 |
Start time: | 17:13:19 |
Start date: | 04/07/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 3 |
Start time: | 17:13:19 |
Start date: | 04/07/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 7 |
Start time: | 17:13:43 |
Start date: | 04/07/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 8 |
Start time: | 17:13:44 |
Start date: | 04/07/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |