Edit tour
Windows
Analysis Report
payment_3493.pdf
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Clickable URLs found in PDF pointing to potentially malicious files
Downloads suspicious files via Chrome
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected suspicious crossdomain redirect
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Classification
- System is w10x64
- Acrobat.exe (PID: 6188 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\p ayment_349 3.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 7080 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 4184 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 76 --field -trial-han dle=1592,i ,121567671 4580730133 8,13569973 8753676266 2,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- chrome.exe (PID: 7448 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "https ://bitbuck et.org/vch asno/load/ downloads/ %D0%95%D0% BB%D0%B5%D 0%BA%D1%82 %D1%80%D0% BE%D0%BD%D 0%BD%D0%B8 %D0%B9_%D0 %BF%D0%BB% D0%B0%D1%8 2%D1%96%D0 %B6%D0%BD% D0%B8%D0%B 9_%D0%B4%D 0%BE%D0%BA %D1%83%D0% BC%D0%B5%D 0%BD%D1%82 .zip" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92) - chrome.exe (PID: 7924 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2100 --fi eld-trial- handle=202 4,i,710041 7688120371 546,152846 8424420514 2337,26214 4 /prefetc h:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92) - unarchiver.exe (PID: 7572 cmdline:
"C:\Window s\SysWOW64 \unarchive r.exe" "C: \Users\use r\Download s\???????? ???_?????? ???_?????? ??.zip" MD5: 16FF3CC6CC330A08EED70CBC1D35F5D2) - 7za.exe (PID: 7420 cmdline:
"C:\Window s\System32 \7za.exe" x -pinfect ed -y -o"C :\Users\us er\AppData \Local\Tem p\5xa4rbm5 .xja" "C:\ Users\user \Downloads \????????? ??_??????? ??_??????? ?.zip" MD5: 77E556CDFDC5C592F5C46DB4127C6F4C) - conhost.exe (PID: 7556 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- unarchiver.exe (PID: 7976 cmdline:
"C:\Window s\SysWOW64 \unarchive r.exe" "C: \Users\use r\Download s\ _ _ .zip" MD5: 16FF3CC6CC330A08EED70CBC1D35F5D2) - 7za.exe (PID: 6984 cmdline:
"C:\Window s\System32 \7za.exe" x -pinfect ed -y -o"C :\Users\us er\AppData \Local\Tem p\i4oysygl .ccy" "C:\ Users\user \Downloads \ _ _ .zip" MD5: 77E556CDFDC5C592F5C46DB4127C6F4C) - conhost.exe (PID: 612 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- unarchiver.exe (PID: 2784 cmdline:
"C:\Window s\SysWOW64 \unarchive r.exe" "C: \Users\use r\Download s\ _ _ .zip" MD5: 16FF3CC6CC330A08EED70CBC1D35F5D2) - 7za.exe (PID: 5264 cmdline:
"C:\Window s\System32 \7za.exe" x -pinfect ed -y -o"C :\Users\us er\AppData \Local\Tem p\f03mjjhp .rbo" "C:\ Users\user \Downloads \ _ _ .zip" MD5: 77E556CDFDC5C592F5C46DB4127C6F4C) - conhost.exe (PID: 4832 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | HTTP traffic: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | File dump: | Jump to dropped file |
Source: | Classification label: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | Code function: | 14_2_00F8B1D6 |
Source: | Thread delayed: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 1 Spearphishing Link | Windows Management Instrumentation | 1 DLL Side-Loading | 11 Process Injection | 1 Masquerading | OS Credential Dumping | 31 Virtualization/Sandbox Evasion | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 1 Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 31 Virtualization/Sandbox Evasion | Security Account Manager | 3 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 11 Process Injection | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
3% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
s3-w.us-east-1.amazonaws.com | 3.5.29.153 | true | false | high | |
bitbucket.org | 185.166.143.48 | true | false | high | |
www.google.com | 142.250.181.68 | true | false | high | |
bbuseruploads.s3.amazonaws.com | unknown | unknown | false | high | |
x1.i.lencr.org | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | unknown | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
3.5.29.153 | s3-w.us-east-1.amazonaws.com | United States | 14618 | AMAZON-AESUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
185.166.143.48 | bitbucket.org | Germany | 16509 | AMAZON-02US | false | |
142.250.181.68 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.6 |
192.168.2.24 |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1579909 |
Start date and time: | 2024-12-23 15:08:00 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 11s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 31 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | payment_3493.pdf |
Detection: | MAL |
Classification: | mal48.winPDF@52/54@7/6 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.218.208.137, 3.233.129.217, 52.6.155.20, 52.22.41.97, 3.219.243.226, 172.64.41.3, 162.159.61.3, 2.19.126.143, 2.19.126.149, 23.195.39.65, 192.229.221.95, 2.16.168.117, 2.16.168.102, 172.217.19.227, 142.250.181.142, 64.233.161.84, 142.250.181.138, 142.250.181.10, 172.217.19.234, 172.217.21.42, 142.250.181.74, 172.217.17.42, 172.217.19.170, 172.217.17.74, 142.250.181.42, 172.217.19.202, 142.250.181.106, 216.58.208.234, 172.217.17.35, 172.217.17.46, 2.16.158.82, 13.107.246.63, 23.218.208.109, 23.206.252.175, 4.245.163.56, 20.223.35.26, 2.16.158.33, 150.171.27.10, 2.16.158.96, 20.199.58.43
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, tse1.mm.bing.net, clientservices.googleapis.com, g.bing.com, a767.dspw65.akamai.net, arc.msn.com, acroipm2.adobe.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net, optimizationguide-pa.googleapis.com, www.bing.com, clients1.google.com, client.wns.windows.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, edgedl.me.gvt1.com, armmf.adobe.com, clients.l.google.com, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtQueryValueKey calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: payment_3493.pdf
Time | Type | Description |
---|---|---|
09:09:11 | API Interceptor | |
09:11:06 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
239.255.255.250 | Get hash | malicious | Stealc, Vidar | Browse | ||
Get hash | malicious | HtmlDropper | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Cryptbot | Browse | |||
Get hash | malicious | Clipboard Hijacker, Cryptbot | Browse | |||
Get hash | malicious | Clipboard Hijacker, Cryptbot | Browse | |||
185.166.143.48 | Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
s3-w.us-east-1.amazonaws.com | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Babadeda, LummaC Stealer, Stealc, Vidar | Browse |
| ||
bitbucket.org | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Babadeda, LummaC Stealer, Stealc, Vidar | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AMAZON-AESUS | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | Clipboard Hijacker, Cryptbot | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, Cryptbot | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, Cryptbot | Browse |
| ||
Get hash | malicious | Cryptbot | Browse |
| ||
Get hash | malicious | Cryptbot | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, Cryptbot | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, Cryptbot | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
AMAZON-02US | Get hash | malicious | HtmlDropper | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | ValleyRAT | Browse |
| ||
Get hash | malicious | ValleyRAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | Stealc, Vidar | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
⊘No context
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.206718987757681 |
Encrypted: | false |
SSDEEP: | 6:F0L+q2PN72nKuAl9OmbnIFUt8CzG1KWZmw+CzGjLVkwON72nKuAl9OmbjLJ:F0L+vVaHAahFUt8CzGAW/+CzGjLV5OaC |
MD5: | 225DFE7C29D11F9215EE1A9B49CCD8EF |
SHA1: | FCC79BB566E019715C3B645945EED5311C391EA7 |
SHA-256: | 20BED4776B046FC7608BB4D5FB35EEF3BF0AC44299B8C0874C938144D43A005D |
SHA-512: | 471DC5A63F1F315B68A63498FF91EF7729CF466DC15F9FCC24326C8791C33CE129C4F505E04649BA0F14125B006D84004FB1E00C214D6DA06EF17F7D4541BAD2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.206718987757681 |
Encrypted: | false |
SSDEEP: | 6:F0L+q2PN72nKuAl9OmbnIFUt8CzG1KWZmw+CzGjLVkwON72nKuAl9OmbjLJ:F0L+vVaHAahFUt8CzGAW/+CzGjLV5OaC |
MD5: | 225DFE7C29D11F9215EE1A9B49CCD8EF |
SHA1: | FCC79BB566E019715C3B645945EED5311C391EA7 |
SHA-256: | 20BED4776B046FC7608BB4D5FB35EEF3BF0AC44299B8C0874C938144D43A005D |
SHA-512: | 471DC5A63F1F315B68A63498FF91EF7729CF466DC15F9FCC24326C8791C33CE129C4F505E04649BA0F14125B006D84004FB1E00C214D6DA06EF17F7D4541BAD2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 342 |
Entropy (8bit): | 5.21625172838363 |
Encrypted: | false |
SSDEEP: | 6:FT3+q2PN72nKuAl9Ombzo2jMGIFUt8CgZZmw+C1VkwON72nKuAl9Ombzo2jMmLJ:FT3+vVaHAa8uFUt8CM/+C1V5OaHAa8RJ |
MD5: | 45E81AFAD960214E8D21644AEF21D537 |
SHA1: | B1D05F11E76CA7D78670913C6CCDA7D7288CAA2E |
SHA-256: | A3FCA0623245AF0622233C04537F777DD2FE6A321F6BEA4A82A75A727C55A411 |
SHA-512: | FD4773522A2133D6241CF512990AD87A15E980E007D5EE5B35A06927311D418B0514126436216C9BDB01640B780E96E9E76A16464EDCEE65BF9E4D7BD00945D2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 342 |
Entropy (8bit): | 5.21625172838363 |
Encrypted: | false |
SSDEEP: | 6:FT3+q2PN72nKuAl9Ombzo2jMGIFUt8CgZZmw+C1VkwON72nKuAl9Ombzo2jMmLJ:FT3+vVaHAa8uFUt8CM/+C1V5OaHAa8RJ |
MD5: | 45E81AFAD960214E8D21644AEF21D537 |
SHA1: | B1D05F11E76CA7D78670913C6CCDA7D7288CAA2E |
SHA-256: | A3FCA0623245AF0622233C04537F777DD2FE6A321F6BEA4A82A75A727C55A411 |
SHA-512: | FD4773522A2133D6241CF512990AD87A15E980E007D5EE5B35A06927311D418B0514126436216C9BDB01640B780E96E9E76A16464EDCEE65BF9E4D7BD00945D2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.971824627296864 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sq1ZhsBdOg2HIJnAcaq3QYiubcP7E4TX:Y2sRdswydMH0r3QYhbA7n7 |
MD5: | F326539D084B03D88254A74D6018F692 |
SHA1: | 395B367E0E3554C3E78A8211F2D4B9F0F427CA87 |
SHA-256: | 9379694CADD7846403E1B6975502326FBC619E0E3A873BBB7BC2C03EE3623007 |
SHA-512: | C8B5B1DD28605D3FCD9EF4A28BE1125137E6B3CB967F59CB2113656C8EFFFB3842115962DF8B25E9C3FA504F5E1B0A116D780326B1AB8062DC6AC0D80E7C3539 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF470555.TMP (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.971824627296864 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sq1ZhsBdOg2HIJnAcaq3QYiubcP7E4TX:Y2sRdswydMH0r3QYhbA7n7 |
MD5: | F326539D084B03D88254A74D6018F692 |
SHA1: | 395B367E0E3554C3E78A8211F2D4B9F0F427CA87 |
SHA-256: | 9379694CADD7846403E1B6975502326FBC619E0E3A873BBB7BC2C03EE3623007 |
SHA-512: | C8B5B1DD28605D3FCD9EF4A28BE1125137E6B3CB967F59CB2113656C8EFFFB3842115962DF8B25E9C3FA504F5E1B0A116D780326B1AB8062DC6AC0D80E7C3539 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\ab85801f-c7f7-4d47-9435-b03d0d7c62bc.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.965183891754543 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqRxsBdOg2HDpgcaq3QYiubcP7E4TX:Y2sRdswidMHDp3QYhbA7n7 |
MD5: | FB9C0A016B752ECD3EB2C13F2E7A17BF |
SHA1: | 4AC7872D5B68052391652E22B89A7075BE31C9F5 |
SHA-256: | CC1163C965B015E5D2D76EE1268AE7DD68F37AF1A1684381FEFF9E4776DF6D74 |
SHA-512: | A4461458A8B420E65D17861C4300BA33ED38B3AE4BF51F926E25548F56F8FEB282585B8047DA18D378A0447F6DCEBFB4FB96C680CD5F979D428F310BA3489398 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\edc01d3f-ba5b-4132-9bb7-02d5015ee07e.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.971824627296864 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sq1ZhsBdOg2HIJnAcaq3QYiubcP7E4TX:Y2sRdswydMH0r3QYhbA7n7 |
MD5: | F326539D084B03D88254A74D6018F692 |
SHA1: | 395B367E0E3554C3E78A8211F2D4B9F0F427CA87 |
SHA-256: | 9379694CADD7846403E1B6975502326FBC619E0E3A873BBB7BC2C03EE3623007 |
SHA-512: | C8B5B1DD28605D3FCD9EF4A28BE1125137E6B3CB967F59CB2113656C8EFFFB3842115962DF8B25E9C3FA504F5E1B0A116D780326B1AB8062DC6AC0D80E7C3539 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5859 |
Entropy (8bit): | 5.250164105841975 |
Encrypted: | false |
SSDEEP: | 96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE7OTKIp:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzhi |
MD5: | 81D6132AA521C2E6BC33DF772EE491B4 |
SHA1: | 797DABDDAFF7F3FA0B76D7C9BFE74F2486870C61 |
SHA-256: | 52A7A31BB46E0872E1692E51D50F451A569C2C2F92F94F51AB1380030DA022FE |
SHA-512: | 6BEA0D454059D7ECB9FDFD1999219A04EE117690DB0B16134B3588D5F34B5E30A07A241614459637DFA8F431D334475BAB59F3B6C2D7A2752290301B26ADF117 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 330 |
Entropy (8bit): | 5.223316121963081 |
Encrypted: | false |
SSDEEP: | 6:FRQFQN+q2PN72nKuAl9OmbzNMxIFUt8CRWXZmw+CRSFI1NVkwON72nKuAl9OmbzE:Fi8+vVaHAa8jFUt8CoX/+C0enV5OaHAo |
MD5: | F1A9F8453EFFA45CC229FA0FB48C9EAB |
SHA1: | 4DF394148807335CDE9E2BDF58E5CDCA735740D8 |
SHA-256: | 85F960800294AD38BE73A42958F3B54B4831690BCF0B088F5B20908C490922AD |
SHA-512: | A5175DE0A201AC38B2527D1ABF6593AA497BB7A6858371044B6BC1C490EC47C9779E6094EDC9C92CCB0A34B102E2227B31C95CC9B60326C39D2CD758CAB9B53F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 330 |
Entropy (8bit): | 5.223316121963081 |
Encrypted: | false |
SSDEEP: | 6:FRQFQN+q2PN72nKuAl9OmbzNMxIFUt8CRWXZmw+CRSFI1NVkwON72nKuAl9OmbzE:Fi8+vVaHAa8jFUt8CoX/+C0enV5OaHAo |
MD5: | F1A9F8453EFFA45CC229FA0FB48C9EAB |
SHA1: | 4DF394148807335CDE9E2BDF58E5CDCA735740D8 |
SHA-256: | 85F960800294AD38BE73A42958F3B54B4831690BCF0B088F5B20908C490922AD |
SHA-512: | A5175DE0A201AC38B2527D1ABF6593AA497BB7A6858371044B6BC1C490EC47C9779E6094EDC9C92CCB0A34B102E2227B31C95CC9B60326C39D2CD758CAB9B53F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241223140901Z-161.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65110 |
Entropy (8bit): | 1.0388829673346764 |
Encrypted: | false |
SSDEEP: | 192:VynApqeV/ZLRVKy+Slzv52T3OW7NXVI65HBRg93:0ApqeVRXKy+S6TfNX265H3g93 |
MD5: | 56C711D22ADFA0B58926C3D8E5C34021 |
SHA1: | B03247E20144B8DB358B5BCFA51D3A7B7E811E22 |
SHA-256: | 4AAC28C5B118D5E855AD7C3C45FB298A8A237D999160CF0B8338182C028B3DD7 |
SHA-512: | 7FC74D184D5087498C01532503738C34EBDBC46A6FF6F583CB51566E2D432D0CBF140687C750309329B6903784D788172EFB2AAB899C5EBEF2FFAEBC5B6A85C5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.444695625536375 |
Encrypted: | false |
SSDEEP: | 384:ye6ci5tCiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:mNs3OazzU89UTTgUL |
MD5: | 849A00C287AEB38E78E3A34E7E0E27C0 |
SHA1: | DC52E6E05E079A0ABB642C9BEC58C9F36C811821 |
SHA-256: | 59366BDF8780D208DDDAFB16F52F0EB6524553B0C1DCF049E283AFAFB2245B61 |
SHA-512: | A93261A3BCF87B9277CF907417E6E81C9ADCBC88627AC06EEDC5207C8201C856D8FD4D4AE0FA796F4F702A0910A15B307C62A2E97E4089CE3908A86D9B0F5DCA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.769512733535976 |
Encrypted: | false |
SSDEEP: | 48:7MmFJioyVjV4ioyqVt8oy1C7oy16oy1oVRKOioy1noy1AYoy1Wioy1oioykioyBA:7JFJup4ltBHDXjBi3b9IVXEBodRBko |
MD5: | 0B7BC05E7E51EEE04435F68A32E22CBE |
SHA1: | 42718B6F91772745F3430F013591EDF1A4B05316 |
SHA-256: | 652F4AC48BE468FBE9B5CAC12775453DBC601406152FB2835BB27E294B006A43 |
SHA-512: | E4B18F0D5192A16574B09F95993995DD54BF9B0928680934012CEA6E0D25A69D2B5E2E81F3A02CD1552C3EDB11BB477C32C492542B37E935B034227D557774FE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.7234941003697 |
Encrypted: | false |
SSDEEP: | 3:kkFklvlhhLkfllXlE/HT8kZ1NNX8RolJuRdxLlGB9lQRYwpDdt:kK8L9T8u7NMa8RdWBwRd |
MD5: | 0D10A5CDA8E168F1EF775C605805DD88 |
SHA1: | 61DD1327AB20B220E9075905F48EC18928C8A4E6 |
SHA-256: | 9FE0556E0EB995E4F818ED4DDF3B207C13D4AA7570B21F153A7862BDFF05FF80 |
SHA-512: | 6D37D4CE8B40F6233A54246B9BF1B45293706CA20D2BA072D6444BE8DEE8538ADC19CAC8EC7A899D10C863A239D4D1C07F26B66364D1DACBC38C01102E085EC8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.150184159866505 |
Encrypted: | false |
SSDEEP: | 6:kKnc9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:f/DnLNkPlE99SNxAhUe/3 |
MD5: | 5EFEE83A87E711A7A755895361966658 |
SHA1: | C33AF2A976C39F941958DD673C99C99AB6784592 |
SHA-256: | 76BD3FA18065AFE182DE10B49FDE42001D8FCC18162304C371A583B6BDA4104C |
SHA-512: | 6D810C61D752511C7366A5D512D57BEF4513541E1E85A32AAA672E95693D4640E57611D29D09C40158608A8E6F260BA8ED77A5332E1AF325176DDB486647571F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.366150954530171 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXqV1M5pxUnZiQ0YxWxoAvJM3g98kUwPeUkwRe9:YvXKXqV1Qec5OGMbLUkee9 |
MD5: | F6D215F34FD8A0C705F47D95DA964753 |
SHA1: | 9090F65E1F2ACE72679FE1C0183FC3E844139C65 |
SHA-256: | E5FBB31348D14F6E6C4FDBBDB1E26FEF74EB849E65ED21477C361E7F55CCB54E |
SHA-512: | A27CC680883407A86B8A3A20F66A29DAA6E350F9ACEF384B34E5B6981498E745468D5A32C6578C5BB0CBA0F14C83F6FE389E7E3B504709443D619ED6C22E3CB0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.315496563197679 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXqV1M5pxUnZiQ0YxWxoAvJfBoTfXpnrPeUkwRe9:YvXKXqV1Qec5OGWTfXcUkee9 |
MD5: | 279266CADA408A1F0932045B965A7DB4 |
SHA1: | 2A2753E57E5E2FD9B349897B8AF4BAA0718A0241 |
SHA-256: | 754608FB83F52461373894D20B260B08DE27D67FB67AF03FA7DE4E62413835CB |
SHA-512: | 037355843F669F8243CD509ABBB84D53B45F4A59E83D8D9A2F13B31B10C19D3C054B335B625EBEC095B3DD284DD91819FF8014E9847B83204D5787008E8CAE67 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.294317638243278 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXqV1M5pxUnZiQ0YxWxoAvJfBD2G6UpnrPeUkwRe9:YvXKXqV1Qec5OGR22cUkee9 |
MD5: | 0BA41A51E1D99371415C651CE68F407E |
SHA1: | EF0E5348293BA16DDBEBC54A70DAFE600688FE51 |
SHA-256: | 08254D18EC3F5029D7801A491A0286263DBE8FC7535344076D7BD6F887A4A57C |
SHA-512: | 64187D64EC3945E804FA79D4E518087342CD134805CE256334E3E4BCAB658C6DFB6A1D10CE1FB335158AA14073EF78EC28C1660DC3345ACEBBB24747D3938793 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.34627133960509 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXqV1M5pxUnZiQ0YxWxoAvJfPmwrPeUkwRe9:YvXKXqV1Qec5OGH56Ukee9 |
MD5: | 737BDB1850A75691BD3DB59FFCC64B41 |
SHA1: | CEA950A6670751F939B2BCC6CD25467C3B743552 |
SHA-256: | B47590EC6A6817D87C0CB1C82D98114780C33677146D0DC9BC7AC076089C4FCC |
SHA-512: | 41DA9F3289EE7FD2907F4A430F58CD2FF70C792E84F65D5DCEF12017558532D1B3ABFD2EAB8AFE53BC1DF562A69BF41D724240B76294F4A00ACCC953B62A18DF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1123 |
Entropy (8bit): | 5.688755196247676 |
Encrypted: | false |
SSDEEP: | 24:Yv6XqVcBpLgE9cQx8LennAvzBvkn0RCmK8czOCCSV:YvVVMhgy6SAFv5Ah8cv/V |
MD5: | 20D69B366DAE1DD96C7396F660861FBE |
SHA1: | B53B6692085148747F63A80E5E3A7928BA742BDA |
SHA-256: | 048902D362D8DB681F7D451C8382E5426C69663B0C8E023F4A94C65A9D06A72F |
SHA-512: | 1BE1D5C243C1CCA9566588A3BDF96A9F9A1987B54E9A7D4EEB02E14DDE77CEBB3F4A5EA6A1C6831054409BC2897F05079431D4B8DB8EEB4DCE658016EFBD9499 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.296196116648771 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXqV1M5pxUnZiQ0YxWxoAvJf8dPeUkwRe9:YvXKXqV1Qec5OGU8Ukee9 |
MD5: | 3FA4CB648A58ECBF8E38EE3A0A92DA5A |
SHA1: | AC32B9FEAF79F7C03B6390931AE321F69492BA15 |
SHA-256: | 0316A734494B95BCFB5A8FFE7011B2E0AB16053728ADB1A085F783C6BA44EE64 |
SHA-512: | 7429500EED8C4186946F8B018F3210EFC45403CFF0341DF0E33761847FF758BC6944A22E39080754B6C3A59F9DE745CEA7EBB2D431AB27CC3F78DB698A877B71 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.29830382567485 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXqV1M5pxUnZiQ0YxWxoAvJfQ1rPeUkwRe9:YvXKXqV1Qec5OGY16Ukee9 |
MD5: | 78DCCF9917157C707099823A49193D0B |
SHA1: | 10B9F0C109363819503431CC807FAFF3AF07443B |
SHA-256: | F6A40034E311CD981F44707F0507B83A7D096F35543A94D2A393DCF805DD9AE0 |
SHA-512: | 97409BAF333029A181E9821549B7FBE5EC7BF5226B40800B5F2FC744E72BCFCD8ADDA9A41049E268689D2BCF36CAC8ED64F9C8A1B19771E2CF84BAEC368C79AB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.307685825085937 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXqV1M5pxUnZiQ0YxWxoAvJfFldPeUkwRe9:YvXKXqV1Qec5OGz8Ukee9 |
MD5: | 86366E0142A66EBC67E755B38E926E95 |
SHA1: | 759E268B3806BF48DA02278B095E939F9D9DCC97 |
SHA-256: | 14D26E7931C5DB6466D434BEBE35B7DE4D331BFF16A3C0991D30AAF60463C4F5 |
SHA-512: | E5CABFE188D0D9BDC314039EC8BA394D08FDAF8CC6CF1F33C536BFDEF259ECE072BD41B86345FC23B83A9781D62F432F7EB383D5360B5F6A9C800E5F044EC578 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.322966058837098 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXqV1M5pxUnZiQ0YxWxoAvJfzdPeUkwRe9:YvXKXqV1Qec5OGb8Ukee9 |
MD5: | AB3B0B723DFCD8613487ED51C5DAF9D4 |
SHA1: | 79651735FCFFBDC3E2BB2F6DA71A93BAA2B59887 |
SHA-256: | 463AB956053362A942AB890D61DF7D2A76A065E970663C1A4A2AD4A14174DCEE |
SHA-512: | 168C03B93ED3D13EF123DB852DE161445D5F69D0749F835239A00532E22580551E912631FA2FEC41D9184DA71F5EB31788B9ED6FDF33023D851CAD60E82580E3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.3033907746352185 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXqV1M5pxUnZiQ0YxWxoAvJfYdPeUkwRe9:YvXKXqV1Qec5OGg8Ukee9 |
MD5: | E1BB8AB51EF0B86E1B912CBC5EDAA57A |
SHA1: | ABF463844E5CDB98E0FA569EC40BEC2943397505 |
SHA-256: | 94238FDB458FA1B77E5319A6BF309A981A709EC0C995600342C99CCC62404E2D |
SHA-512: | 9186C182E68B88B11DB0B311F57406C9F4398CB0F9317820D5D2C4D1D0CCC8F6B577E6B1FB0700FC919FE01A5129A1FF7ABC1E060AA62F67F2D91C2D2B0CEABA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 284 |
Entropy (8bit): | 5.290082197815087 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXqV1M5pxUnZiQ0YxWxoAvJf+dPeUkwRe9:YvXKXqV1Qec5OG28Ukee9 |
MD5: | 9738AD7281DFF616BDE0759CD32869A1 |
SHA1: | 0F7AC0807DAAC94393452B1488B47B0FD92CAEA2 |
SHA-256: | D7A3B7DE2156E87157C35730F02FF5288BE2D36E4A7322AA24AAB53D6C694BAF |
SHA-512: | 08738DE47C11EDF8A0CFD5E66EC2CA7E5E67956E8DCF4CA6AF09B3ACC6602ECEAC72DC4F867D2A5E7EA2C81E4CF13F82412DD0BB49DDB88B1A7CD4F2D0E4F23A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.286914568016056 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXqV1M5pxUnZiQ0YxWxoAvJfbPtdPeUkwRe9:YvXKXqV1Qec5OGDV8Ukee9 |
MD5: | FE1672F05E10860B0B88D4127EDF2649 |
SHA1: | 8771795DCF9728802EC137C810B165CDDFFBC900 |
SHA-256: | B6F2DB2F7911855ACF5F65D6DC0FAB19FD8E6ED19B33B202ADD6CC374954DDB1 |
SHA-512: | 630CB55243513211B57D59DE320AA8C80ECCCA7EF719CD413D050A7342BA330153220C2949240EF9C120759C94E2AC2D9FDB519C05DBC5E1F78C826414B0C35A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.290028441103099 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXqV1M5pxUnZiQ0YxWxoAvJf21rPeUkwRe9:YvXKXqV1Qec5OG+16Ukee9 |
MD5: | 032D593A4626F3EA7D275B0B9113C316 |
SHA1: | 951149DA585978C1E631833CD1605EA52957722B |
SHA-256: | A20FF0FB9507030C06185C90D5E3A39D5AACA90FAE2BD84B9DE91CB1E9459571 |
SHA-512: | 10C76A11084881776FFD24BCF500A79F44C8B7475BC27979E33FBE5E718E4A347D4F1B250DE0ABF78793057FB89298986B018414F19EC6A2A24AACD51092BF67 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1090 |
Entropy (8bit): | 5.664950018501152 |
Encrypted: | false |
SSDEEP: | 24:Yv6XqVcBamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSbn:YvVV+BgkDMUJUAh8cvMb |
MD5: | 64DE308816A761A483BF6007B7857AFC |
SHA1: | F7CCE06A8AA386C892A1564FCAC9F0A4B23AC3F6 |
SHA-256: | F31D7AD6CBBFA5170A9B5DDC01C4848B62BC833CE4990B2F8A0C7C1273B0FA82 |
SHA-512: | 61474DD0ED157057FF604681B2757E0376190B41E0E4F88C635AD0E81F97905AEFA525A5CFE02BD9B4EE805E45084E2F7E186C0F3BC3493A66CA757590C1599E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.268562340101076 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXqV1M5pxUnZiQ0YxWxoAvJfshHHrPeUkwRe9:YvXKXqV1Qec5OGUUUkee9 |
MD5: | D42D35F8F819492CB9EF852FDE39CE0B |
SHA1: | 10F1EA0A8E431F65CAC56E1C8D9C776B411EB246 |
SHA-256: | FA8E89844022AAF1BA37B4CC34B29FBA488EBB456FF63CF0B810A6DFB11D8861 |
SHA-512: | 0099D3003F1C5FBDB9ED7B4AB0003110598750356C264F715F55052EB580D7AD8284655A7ECE1A44F0DE58457525E84DCFE8DF6F920E3072EC8554CC86AA20DF |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 282 |
Entropy (8bit): | 5.27987668339171 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXqV1M5pxUnZiQ0YxWxoAvJTqgFCrPeUkwRe9:YvXKXqV1Qec5OGTq16Ukee9 |
MD5: | 5FEA3D36CA72013841980B3FB14DD847 |
SHA1: | 708414A04AC7E3FAFEF46CCC35712FB382053D00 |
SHA-256: | 2602B340E04C78BD4AFACC74E2AF0CDF8AD19490ED07687A6A2DDAD4F4545C27 |
SHA-512: | 241ED80771F76EC9CF0E668D53E811BF286F3357160951DDA52CF4ABBBC3703A7581440B882F811B6C97FD3ACDD1845FCDA7B4D878D34A2A0F200F93617D89D9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.141985882228248 |
Encrypted: | false |
SSDEEP: | 24:Y1HaapQB3ayvgnXHvT2dYvpNjfjsj0STvb2m92LS9CpUiP3H6ZI555R9vuJOG:Yh2oXHWMfj+b77OUiPaCZR9C |
MD5: | A07F0D42654EFF27B0F9D1C63B956526 |
SHA1: | A885CAEC34997BD8E9F642BA7782DB2276D333A1 |
SHA-256: | 22D229ABB3ED33E83D40A9BF9538BC8AD5BFF58B76E157BE0ACE9FB6FC5F1C7D |
SHA-512: | 54604F8459E52B3E431800EA8E69A8B4341033E3D562D2C303CC0BB60CE85838C191B44B136E2BAF01CFE91307A9E490AD7B6F43661A98DA332B229ECC227590 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.144518192472927 |
Encrypted: | false |
SSDEEP: | 24:TLhx/XYKQvGJF7urslJmRZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudW:TFl2GL7msj4Xc+XcGNFlRYIX2v3k++ |
MD5: | C953C484AA250F1BD56BDCDB4B01683F |
SHA1: | 93B0DFD589E70D086AA8D079C3D1684646970244 |
SHA-256: | FCD404D7E15505385BECBF5DC62592FD46E188D1AA256A64180927B35BA4BB75 |
SHA-512: | DD7B724282467CEFFC394C78BF9B10C8988D4658DFF6A2D2D2C398C083D39FC99EB82EFF35E8D2BA671FF3D46321789F46C886577D1A74FA7AEE063F274CA954 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.5487681351182874 |
Encrypted: | false |
SSDEEP: | 24:7+twYJmUXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHRuLuxfRqLxx/8:7MNPXc+XcGNFlRYIX2v4qVl2GL7ms6 |
MD5: | 998D016D22CAFBAD0468B9A0448279C7 |
SHA1: | 1D16704FCC3ED8738FA522690ED8F6E5DA9139F2 |
SHA-256: | 0E07E1241D8BD4646314F941993FD70F47249D4FBD166187E6C8A3F8D0588B3F |
SHA-512: | 667542C037EB0853E12365EC5663E7B0A25F26CF202DEA3CC230040EC69A402583C130D466873175F7C7A5141DE39DAABEA239C424AADD7229400C6F77F9CA5B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 66726 |
Entropy (8bit): | 5.392739213842091 |
Encrypted: | false |
SSDEEP: | 768:RNOpblrU6TBH44ADKZEgookjWEEk6XYqDpe29vMz533IYSNpYyu:6a6TZ44ADEooOye2909HIYSTK |
MD5: | 0C6B5809ED6E443CAE21C19767DD98F5 |
SHA1: | 12B3604C0A3A057AE9DF30F04D5324B1EA165589 |
SHA-256: | 08C588DFB497BD3A3914E2D9A1D92DDC6362C4D5CC803C5E453547AB770A6814 |
SHA-512: | 57DCF39E877FD0652DE8154A4816B92F84ED587844AEBC8677D476EE58C3AF0891906CD1C9460ABAAFB61CFC873C1851EC4533038784FC744DD90F3BA4DA3175 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\5xa4rbm5.xja\??????????? ????????? ????????\??? ??????? 398558.txt
Download File
Process: | C:\Windows\SysWOW64\7za.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 156 |
Entropy (8bit): | 3.9510533117572035 |
Encrypted: | false |
SSDEEP: | 3:SU1Zg5QSSJ1Z1f0ZkkQV1Qz1V0xG1E0zF1YtRbV0vl1t0n1V1Y1x1e+Y1nuVVt0Y:nSQSSJ1ZUkk+QBegEjtMHAfYzen1uVRv |
MD5: | 8B02C7DA02910117FE42E84DFED0C248 |
SHA1: | ABC33DD26E4584362FDE28706D1F2196509C6AC6 |
SHA-256: | DE658ED0A267050929179583834D241B1109C1FB3250DB2CF2777A1C289E1CBE |
SHA-512: | 1B95FBFAB60532573C2E2C3E90D020AC39B021CDDBFBD550C97BCF8CDF50CF0057B5C4BA1BF4C497CE57416E73F0B3A4771D3724A155C245A7D96A4F432141BA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\5xa4rbm5.xja\??????????? ????????? ????????\??????????? ????????? ????????.rar
Download File
Process: | C:\Windows\SysWOW64\7za.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71870 |
Entropy (8bit): | 7.997241758915592 |
Encrypted: | true |
SSDEEP: | 1536:nj/4k7reL3wFYuWr1t+hUY36N4LbMeO984Qa57L6DV/S1GGo:j/4ErttsYhU+iMOtxsVWGGo |
MD5: | EFC9C4752ADFF37FFE8539D93ADCB197 |
SHA1: | D7A0BBA9E3D08221DDB8BA283B8BD90335479450 |
SHA-256: | E25FB26939C1617EA43835973522030866D4FD857DFAF90CDC001321444C465C |
SHA-512: | 6C4412BF25AED1D0649B24187E4C48861C793AB953E0BFD30472F122BAD9BCB11B9A48D9CACF25E07F25A381A8FC9DD5F9D8FCB2B2E8B57D399DD7912F763002 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5162684137903053 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8rOlAq0D:Qw946cPbiOxDlbYnuRKDlW |
MD5: | 4309C6993DB42EFAE68AF032F3F32EC5 |
SHA1: | EC384388893DD474B95BC38C19085793CE7DAAA0 |
SHA-256: | 60E311B858315B60D897812783826AD3C0A12B9ACAC81DECA50E333682910507 |
SHA-512: | 89CE2A5DF1C833A0CA71D7F09ACDC03466F2ABB052E1196B230C3886BCE539BFC44823A8C1FF9CF68E89F3129ADE25D80962493EC2205AF905B51900FBA00B95 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-23 09-08-59-225.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.338264912747007 |
Encrypted: | false |
SSDEEP: | 384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb |
MD5: | 128A51060103D95314048C2F32A15C66 |
SHA1: | EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB |
SHA-256: | 601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713 |
SHA-512: | 55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.3704760085315915 |
Encrypted: | false |
SSDEEP: | 384:feqb663MEa11u/M8qOA757uvXY3cixpQqpwc1Nd0Z/w1H9lRRuZ4XIX2jdz1U1VQ:CYa |
MD5: | C9FDCA777F65C2D7B0C4CC1F3BE6C40D |
SHA1: | 4ECB290ED3076250D610E0AFB48DA92D95A78F9E |
SHA-256: | 3176A28BEE3925B876BE5A646D2029572A9BC0CB57C3C9426E4EABBF7B493558 |
SHA-512: | B903767CED84DD7286F27E6EB87C4DDFC1EC27D045C40B4EFE06565A6ED407926C45DC39631645CE85C5DD300073BF406103C16B2E73AA8443937459DBC28F59 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.406083948606664 |
Encrypted: | false |
SSDEEP: | 192:acb4I3dcbPcbaIO4cbYcbqnIdjcb6acbaIewcbccbwIxTcbV:V3fOCIdJDeZxE |
MD5: | D64869530B59B6661CDAEE071729A269 |
SHA1: | ABF58A926B08FD64A55B797DFD8D21445ADAD593 |
SHA-256: | D7F5C156D0B466212E1D830A61C782AFAF26405AE43955AD34463235BE73AD41 |
SHA-512: | 54B569240FED14254B7E44B12967BA7F4586355A70407C30CE2915CB1473F3911D50126B80F55059CBA43A7CEB98B3E1B872BD67C6AE71E83CFF21E3B18616C8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\unarchiver.exe |
File Type: | |
Category: | modified |
Size (bytes): | 5233 |
Entropy (8bit): | 5.4352916253488734 |
Encrypted: | false |
SSDEEP: | 48:4reIG9Gb9G9GpTGaG9Gp0GbPG5GlGtG9GY/G9GzGlsG1GKSewkjSG7Gb7G7GpBGw:qQxS2BteKKXH9teahOcf |
MD5: | C25DB0AB546B91A84196C9B32B0D6523 |
SHA1: | 38AA6A32447124D5399465A8031E17C68ABC0F01 |
SHA-256: | 7D58CC41933362D002CA3D8C5BB1DD33C87BDEEBD7378BE0D17326111F0C5458 |
SHA-512: | 9388B3399E0B51441090AA022D3FB8160C565023B1C57C2215ABA770E15818C5831B9D4275FFD83313137EE53232ED2D946670C0D7AD1B80B67B164EC97EFE89 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 72888 |
Entropy (8bit): | 7.99475845098864 |
Encrypted: | true |
SSDEEP: | 1536:dj/4k7reL3wFYuWr1t+hUY36N4LbMeO984Qa57L6DV/S1GGF:J/4ErttsYhU+iMOtxsVWGGF |
MD5: | A7D1FDF448B0C018B4659596AB31F1B4 |
SHA1: | 1F41416F54A6F4D77E1ADCFD50AF9B86F62FF5E6 |
SHA-256: | 3114A656C50B699926CCC4BA8257E2E1B468D9867E203791D046953B0EB50BB2 |
SHA-512: | DB6B96D9BC482BEDEBF7E78D42F7746C347D85976F1C81D92B0F4C2401167785783546C2B614AB87F5C2B56FA5D61AF34D192C0F67E1929555A5B13BB9827063 |
Malicious: | true |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 72888 |
Entropy (8bit): | 7.99475845098864 |
Encrypted: | true |
SSDEEP: | 1536:dj/4k7reL3wFYuWr1t+hUY36N4LbMeO984Qa57L6DV/S1GGF:J/4ErttsYhU+iMOtxsVWGGF |
MD5: | A7D1FDF448B0C018B4659596AB31F1B4 |
SHA1: | 1F41416F54A6F4D77E1ADCFD50AF9B86F62FF5E6 |
SHA-256: | 3114A656C50B699926CCC4BA8257E2E1B468D9867E203791D046953B0EB50BB2 |
SHA-512: | DB6B96D9BC482BEDEBF7E78D42F7746C347D85976F1C81D92B0F4C2401167785783546C2B614AB87F5C2B56FA5D61AF34D192C0F67E1929555A5B13BB9827063 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 72888 |
Entropy (8bit): | 7.99475845098864 |
Encrypted: | true |
SSDEEP: | 1536:dj/4k7reL3wFYuWr1t+hUY36N4LbMeO984Qa57L6DV/S1GGF:J/4ErttsYhU+iMOtxsVWGGF |
MD5: | A7D1FDF448B0C018B4659596AB31F1B4 |
SHA1: | 1F41416F54A6F4D77E1ADCFD50AF9B86F62FF5E6 |
SHA-256: | 3114A656C50B699926CCC4BA8257E2E1B468D9867E203791D046953B0EB50BB2 |
SHA-512: | DB6B96D9BC482BEDEBF7E78D42F7746C347D85976F1C81D92B0F4C2401167785783546C2B614AB87F5C2B56FA5D61AF34D192C0F67E1929555A5B13BB9827063 |
Malicious: | false |
URL: | https://bbuseruploads.s3.amazonaws.com/ff9a4495-017e-4384-93b3-e2935568b751/downloads/8b125713-9bba-415c-9efb-667961c70fc5/%D0%95%D0%BB%D0%B5%D0%BA%D1%82%D1%80%D0%BE%D0%BD%D0%BD%D0%B8%D0%B9_%D0%BF%D0%BB%D0%B0%D1%82%D1%96%D0%B6%D0%BD%D0%B8%D0%B9_%D0%B4%D0%BE%D0%BA%D1%83%D0%BC%D0%B5%D0%BD%D1%82.zip?response-content-disposition=attachment%3B%20filename%3D%22%25D0%2595%25D0%25BB%25D0%25B5%25D0%25BA%25D1%2582%25D1%2580%25D0%25BE%25D0%25BD%25D0%25BD%25D0%25B8%25D0%25B9_%25D0%25BF%25D0%25BB%25D0%25B0%25D1%2582%25D1%2596%25D0%25B6%25D0%25BD%25D0%25B8%25D0%25B9_%25D0%25B4%25D0%25BE%25D0%25BA%25D1%2583%25D0%25BC%25D0%25B5%25D0%25BD%25D1%2582.zip%22&AWSAccessKeyId=ASIA6KOSE3BNMAKPA4TP&Signature=B7Nleos7sWvhCwqMlzaswjwFDkU%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEA4aCXVzLWVhc3QtMSJHMEUCIQD0F3OG5MFPp%2FRz3%2BBM673xXTvAt7LQQicY8TgFNgqSmgIgCiu3EYOa4naJXBAA22stgtP7IELvFo37Ku6ks7ZvHycqsAII1%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDJpD9StVnxfN%2BRjYNyqEAv6XeJTkzaQnhwypwOBaylObo41xoVvm3UEwX2Onit61mJ%2FX8htz6800tBoyVBWFPu8QnNXsGzXUTKxPGrseT4r%2BSXQ6wMyCLpcDGVHv4jyinlxCMMAkCK7qcuj%2B13DDvgO3HNeLP9zLs41Xj6TvFqfEH6YuYYbENHGK%2BHMVm4b2%2BshMou%2BxpSJDXTxWgGLk3vCrHLb%2FDBdQ6XbNcx31NtcvpehN%2BMSq%2FH81G4Gpy%2F5F7fGWrWwWqRfjCC2v0DJzLbJRc%2Bzo3WU38elxAGO88p3701l9UoeBTaQefv71WTvu1R8wNsuNaPj3z1R7v1hQXNtwb9kf%2BhHKCmDv6WXKm2IMeB1uMNPYpbsGOp0BJG2M5hXaMdyhV7HA%2FvaAMSrXGkIpAD00GBKxxMkfzF8xgCE7VlKaMRKSmAi0BJJzkkSD7z%2BYVyq63ygC89yuqx5Yj2SpF2J3wv99i1l%2FeCI%2FMfwHefXo1A3ebKj4Xu7yx8gJNaKR5Q5YAd0WQskZLBMjysZZV%2FaY9xZXXTtQ%2BuNK9YR9DColkatdX9ra%2FFFdAaajjeIwdKVti0nE0Q%3D%3D&Expires=1734964059 |
Preview: |
File type: | |
Entropy (8bit): | 7.958504187286946 |
TrID: |
|
File name: | payment_3493.pdf |
File size: | 176'101 bytes |
MD5: | 3b8a483aac60a462b9a6d146a2186f5b |
SHA1: | 1fc50e7cd899fadf7f4e71c9e6ef9f728aa3433a |
SHA256: | 862166bb3039365a6240fb9a7d6057a19b0d71c86890ea967ac0b6683e635189 |
SHA512: | 7ea217a83207202e972cf63446305e6ac877139b8ce2dc7b1d77cabeb45eaf4936ba9675debcbcc8fd1a3e552c35af741b5df30e6e115c772271022b9c170b3f |
SSDEEP: | 3072:j95Uri5vntF5bSZbjDD4+xQR75V98jrkyP1QNlkHca6RQfkIPBCu+ThaIkkvi:j95UrEvntbo3E+g75ff3+ARQfBCfTh5i |
TLSH: | 6F0402044F2C3CC7C298A2923B4E392A69CFF192E2DD81D531FCD3971785E2AB176646 |
File Content Preview: | %PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(ru) /StructTreeRoot 33 0 R/MarkInfo<</Marked true>>/Metadata 104 0 R/ViewerPreferences 105 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 1/Kids[ 3 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.958504 |
Total Bytes: | 176101 |
Stream Entropy: | 7.982768 |
Stream Bytes: | 166541 |
Entropy outside Streams: | 5.245117 |
Bytes outside Streams: | 9560 |
Number of EOF found: | 2 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 47 |
endobj | 47 |
stream | 15 |
endstream | 15 |
xref | 2 |
trailer | 2 |
startxref | 2 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 1 |
/URI | 2 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
9 | 04605c4e09400800 | d53047184d017b8e15d77d1cd729e27b | |
28 | 0000000000000000 | 89d5f2b1b2ae141b8b0aa06659074b02 | |
29 | 0000000000000000 | e463cee71f965f614dc89003cd98d1e9 | |
30 | 30797878f4f47158 | c47aed72bf080d9e9ef950e3a08ff7c6 | |
31 | b0f97878f4f47152 | 5ee683e740d4593a3bc2e6e7b647b8d8 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 23, 2024 15:08:52.579215050 CET | 49673 | 443 | 192.168.2.6 | 173.222.162.64 |
Dec 23, 2024 15:08:52.579225063 CET | 49674 | 443 | 192.168.2.6 | 173.222.162.64 |
Dec 23, 2024 15:08:52.876172066 CET | 49672 | 443 | 192.168.2.6 | 173.222.162.64 |
Dec 23, 2024 15:08:53.638084888 CET | 443 | 49710 | 20.198.119.84 | 192.168.2.6 |
Dec 23, 2024 15:08:53.638217926 CET | 49710 | 443 | 192.168.2.6 | 20.198.119.84 |
Dec 23, 2024 15:08:53.644630909 CET | 49710 | 443 | 192.168.2.6 | 20.198.119.84 |
Dec 23, 2024 15:08:53.644649982 CET | 443 | 49710 | 20.198.119.84 | 192.168.2.6 |
Dec 23, 2024 15:08:53.645061016 CET | 443 | 49710 | 20.198.119.84 | 192.168.2.6 |
Dec 23, 2024 15:08:53.646704912 CET | 49710 | 443 | 192.168.2.6 | 20.198.119.84 |
Dec 23, 2024 15:08:53.646821976 CET | 49710 | 443 | 192.168.2.6 | 20.198.119.84 |
Dec 23, 2024 15:08:53.646826982 CET | 443 | 49710 | 20.198.119.84 | 192.168.2.6 |
Dec 23, 2024 15:08:53.647245884 CET | 49710 | 443 | 192.168.2.6 | 20.198.119.84 |
Dec 23, 2024 15:08:53.687334061 CET | 443 | 49710 | 20.198.119.84 | 192.168.2.6 |
Dec 23, 2024 15:08:54.193783045 CET | 443 | 49710 | 20.198.119.84 | 192.168.2.6 |
Dec 23, 2024 15:08:54.194390059 CET | 443 | 49710 | 20.198.119.84 | 192.168.2.6 |
Dec 23, 2024 15:08:54.194482088 CET | 49710 | 443 | 192.168.2.6 | 20.198.119.84 |
Dec 23, 2024 15:08:54.194933891 CET | 49710 | 443 | 192.168.2.6 | 20.198.119.84 |
Dec 23, 2024 15:08:54.194956064 CET | 443 | 49710 | 20.198.119.84 | 192.168.2.6 |
Dec 23, 2024 15:08:54.194988012 CET | 49710 | 443 | 192.168.2.6 | 20.198.119.84 |
Dec 23, 2024 15:08:55.138293028 CET | 49712 | 443 | 192.168.2.6 | 20.198.119.84 |
Dec 23, 2024 15:08:55.138331890 CET | 443 | 49712 | 20.198.119.84 | 192.168.2.6 |
Dec 23, 2024 15:08:55.138406038 CET | 49712 | 443 | 192.168.2.6 | 20.198.119.84 |
Dec 23, 2024 15:08:55.139147043 CET | 49712 | 443 | 192.168.2.6 | 20.198.119.84 |
Dec 23, 2024 15:08:55.139159918 CET | 443 | 49712 | 20.198.119.84 | 192.168.2.6 |
Dec 23, 2024 15:08:57.356492996 CET | 443 | 49712 | 20.198.119.84 | 192.168.2.6 |
Dec 23, 2024 15:08:57.356571913 CET | 49712 | 443 | 192.168.2.6 | 20.198.119.84 |
Dec 23, 2024 15:08:57.359245062 CET | 49712 | 443 | 192.168.2.6 | 20.198.119.84 |
Dec 23, 2024 15:08:57.359255075 CET | 443 | 49712 | 20.198.119.84 | 192.168.2.6 |
Dec 23, 2024 15:08:57.359591961 CET | 443 | 49712 | 20.198.119.84 | 192.168.2.6 |
Dec 23, 2024 15:08:57.361566067 CET | 49712 | 443 | 192.168.2.6 | 20.198.119.84 |
Dec 23, 2024 15:08:57.361634016 CET | 49712 | 443 | 192.168.2.6 | 20.198.119.84 |
Dec 23, 2024 15:08:57.361646891 CET | 443 | 49712 | 20.198.119.84 | 192.168.2.6 |
Dec 23, 2024 15:08:57.361779928 CET | 49712 | 443 | 192.168.2.6 | 20.198.119.84 |
Dec 23, 2024 15:08:57.407331944 CET | 443 | 49712 | 20.198.119.84 | 192.168.2.6 |
Dec 23, 2024 15:08:57.904355049 CET | 443 | 49712 | 20.198.119.84 | 192.168.2.6 |
Dec 23, 2024 15:08:57.904597044 CET | 443 | 49712 | 20.198.119.84 | 192.168.2.6 |
Dec 23, 2024 15:08:57.904676914 CET | 49712 | 443 | 192.168.2.6 | 20.198.119.84 |
Dec 23, 2024 15:08:57.904881001 CET | 49712 | 443 | 192.168.2.6 | 20.198.119.84 |
Dec 23, 2024 15:08:57.904900074 CET | 443 | 49712 | 20.198.119.84 | 192.168.2.6 |
Dec 23, 2024 15:08:57.904910088 CET | 49712 | 443 | 192.168.2.6 | 20.198.119.84 |
Dec 23, 2024 15:09:02.250730038 CET | 49674 | 443 | 192.168.2.6 | 173.222.162.64 |
Dec 23, 2024 15:09:02.269892931 CET | 49673 | 443 | 192.168.2.6 | 173.222.162.64 |
Dec 23, 2024 15:09:02.504278898 CET | 49672 | 443 | 192.168.2.6 | 173.222.162.64 |
Dec 23, 2024 15:09:04.968601942 CET | 443 | 49704 | 173.222.162.64 | 192.168.2.6 |
Dec 23, 2024 15:09:04.968677998 CET | 49704 | 443 | 192.168.2.6 | 173.222.162.64 |
Dec 23, 2024 15:09:20.380001068 CET | 49777 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:09:20.380058050 CET | 443 | 49777 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:09:20.380137920 CET | 49777 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:09:20.380796909 CET | 49777 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:09:20.380816936 CET | 443 | 49777 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:09:22.586859941 CET | 443 | 49777 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:09:22.586961985 CET | 49777 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:09:22.599613905 CET | 49777 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:09:22.599639893 CET | 443 | 49777 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:09:22.599860907 CET | 443 | 49777 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:09:22.601893902 CET | 49777 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:09:22.601972103 CET | 49777 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:09:22.601975918 CET | 443 | 49777 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:09:22.602135897 CET | 49777 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:09:22.647339106 CET | 443 | 49777 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:09:23.262489080 CET | 443 | 49777 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:09:23.262576103 CET | 443 | 49777 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:09:23.262656927 CET | 49777 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:09:23.263839006 CET | 49777 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:09:23.263871908 CET | 443 | 49777 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:09:24.805195093 CET | 49788 | 443 | 192.168.2.6 | 185.166.143.48 |
Dec 23, 2024 15:09:24.805280924 CET | 443 | 49788 | 185.166.143.48 | 192.168.2.6 |
Dec 23, 2024 15:09:24.805365086 CET | 49788 | 443 | 192.168.2.6 | 185.166.143.48 |
Dec 23, 2024 15:09:24.806006908 CET | 49788 | 443 | 192.168.2.6 | 185.166.143.48 |
Dec 23, 2024 15:09:24.806040049 CET | 443 | 49788 | 185.166.143.48 | 192.168.2.6 |
Dec 23, 2024 15:09:26.394912958 CET | 443 | 49788 | 185.166.143.48 | 192.168.2.6 |
Dec 23, 2024 15:09:26.406114101 CET | 49788 | 443 | 192.168.2.6 | 185.166.143.48 |
Dec 23, 2024 15:09:26.406208038 CET | 443 | 49788 | 185.166.143.48 | 192.168.2.6 |
Dec 23, 2024 15:09:26.407402992 CET | 443 | 49788 | 185.166.143.48 | 192.168.2.6 |
Dec 23, 2024 15:09:26.407488108 CET | 49788 | 443 | 192.168.2.6 | 185.166.143.48 |
Dec 23, 2024 15:09:26.413125038 CET | 49788 | 443 | 192.168.2.6 | 185.166.143.48 |
Dec 23, 2024 15:09:26.413331985 CET | 443 | 49788 | 185.166.143.48 | 192.168.2.6 |
Dec 23, 2024 15:09:26.413522959 CET | 49788 | 443 | 192.168.2.6 | 185.166.143.48 |
Dec 23, 2024 15:09:26.413537979 CET | 443 | 49788 | 185.166.143.48 | 192.168.2.6 |
Dec 23, 2024 15:09:26.459306002 CET | 49788 | 443 | 192.168.2.6 | 185.166.143.48 |
Dec 23, 2024 15:09:27.095598936 CET | 443 | 49788 | 185.166.143.48 | 192.168.2.6 |
Dec 23, 2024 15:09:27.095629930 CET | 443 | 49788 | 185.166.143.48 | 192.168.2.6 |
Dec 23, 2024 15:09:27.095690966 CET | 49788 | 443 | 192.168.2.6 | 185.166.143.48 |
Dec 23, 2024 15:09:27.095707893 CET | 443 | 49788 | 185.166.143.48 | 192.168.2.6 |
Dec 23, 2024 15:09:27.095748901 CET | 49788 | 443 | 192.168.2.6 | 185.166.143.48 |
Dec 23, 2024 15:09:27.095768929 CET | 49788 | 443 | 192.168.2.6 | 185.166.143.48 |
Dec 23, 2024 15:09:27.099797964 CET | 49788 | 443 | 192.168.2.6 | 185.166.143.48 |
Dec 23, 2024 15:09:27.099833012 CET | 443 | 49788 | 185.166.143.48 | 192.168.2.6 |
Dec 23, 2024 15:09:27.497601986 CET | 49801 | 443 | 192.168.2.6 | 3.5.29.153 |
Dec 23, 2024 15:09:27.497639894 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:27.497715950 CET | 49801 | 443 | 192.168.2.6 | 3.5.29.153 |
Dec 23, 2024 15:09:27.498169899 CET | 49801 | 443 | 192.168.2.6 | 3.5.29.153 |
Dec 23, 2024 15:09:27.498191118 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:28.058783054 CET | 49805 | 443 | 192.168.2.6 | 142.250.181.68 |
Dec 23, 2024 15:09:28.058825016 CET | 443 | 49805 | 142.250.181.68 | 192.168.2.6 |
Dec 23, 2024 15:09:28.058887005 CET | 49805 | 443 | 192.168.2.6 | 142.250.181.68 |
Dec 23, 2024 15:09:28.059159040 CET | 49805 | 443 | 192.168.2.6 | 142.250.181.68 |
Dec 23, 2024 15:09:28.059171915 CET | 443 | 49805 | 142.250.181.68 | 192.168.2.6 |
Dec 23, 2024 15:09:28.911557913 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:28.911890984 CET | 49801 | 443 | 192.168.2.6 | 3.5.29.153 |
Dec 23, 2024 15:09:28.911925077 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:28.912992954 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:28.913070917 CET | 49801 | 443 | 192.168.2.6 | 3.5.29.153 |
Dec 23, 2024 15:09:28.916189909 CET | 49801 | 443 | 192.168.2.6 | 3.5.29.153 |
Dec 23, 2024 15:09:28.916305065 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:28.916563988 CET | 49801 | 443 | 192.168.2.6 | 3.5.29.153 |
Dec 23, 2024 15:09:28.916583061 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.061300993 CET | 49801 | 443 | 192.168.2.6 | 3.5.29.153 |
Dec 23, 2024 15:09:29.408417940 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.454354048 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.454381943 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.454412937 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.454438925 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.454442978 CET | 49801 | 443 | 192.168.2.6 | 3.5.29.153 |
Dec 23, 2024 15:09:29.454479933 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.454510927 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.454515934 CET | 49801 | 443 | 192.168.2.6 | 3.5.29.153 |
Dec 23, 2024 15:09:29.454541922 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.454562902 CET | 49801 | 443 | 192.168.2.6 | 3.5.29.153 |
Dec 23, 2024 15:09:29.454562902 CET | 49801 | 443 | 192.168.2.6 | 3.5.29.153 |
Dec 23, 2024 15:09:29.562866926 CET | 49801 | 443 | 192.168.2.6 | 3.5.29.153 |
Dec 23, 2024 15:09:29.562899113 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.634284973 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.634300947 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.634330988 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.634351969 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.634361029 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.634370089 CET | 49801 | 443 | 192.168.2.6 | 3.5.29.153 |
Dec 23, 2024 15:09:29.634383917 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.634427071 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.634464979 CET | 49801 | 443 | 192.168.2.6 | 3.5.29.153 |
Dec 23, 2024 15:09:29.634465933 CET | 49801 | 443 | 192.168.2.6 | 3.5.29.153 |
Dec 23, 2024 15:09:29.634465933 CET | 49801 | 443 | 192.168.2.6 | 3.5.29.153 |
Dec 23, 2024 15:09:29.687730074 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.687767982 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.687789917 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.687808990 CET | 49801 | 443 | 192.168.2.6 | 3.5.29.153 |
Dec 23, 2024 15:09:29.687823057 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.687841892 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.687855959 CET | 49801 | 443 | 192.168.2.6 | 3.5.29.153 |
Dec 23, 2024 15:09:29.687864065 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.687884092 CET | 49801 | 443 | 192.168.2.6 | 3.5.29.153 |
Dec 23, 2024 15:09:29.687886000 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.687896967 CET | 49801 | 443 | 192.168.2.6 | 3.5.29.153 |
Dec 23, 2024 15:09:29.687917948 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.687937021 CET | 49801 | 443 | 192.168.2.6 | 3.5.29.153 |
Dec 23, 2024 15:09:29.688036919 CET | 49801 | 443 | 192.168.2.6 | 3.5.29.153 |
Dec 23, 2024 15:09:29.695139885 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.750365019 CET | 49801 | 443 | 192.168.2.6 | 3.5.29.153 |
Dec 23, 2024 15:09:29.756572008 CET | 443 | 49805 | 142.250.181.68 | 192.168.2.6 |
Dec 23, 2024 15:09:29.756834984 CET | 49805 | 443 | 192.168.2.6 | 142.250.181.68 |
Dec 23, 2024 15:09:29.756860971 CET | 443 | 49805 | 142.250.181.68 | 192.168.2.6 |
Dec 23, 2024 15:09:29.757915974 CET | 443 | 49805 | 142.250.181.68 | 192.168.2.6 |
Dec 23, 2024 15:09:29.757977009 CET | 49805 | 443 | 192.168.2.6 | 142.250.181.68 |
Dec 23, 2024 15:09:29.759121895 CET | 49805 | 443 | 192.168.2.6 | 142.250.181.68 |
Dec 23, 2024 15:09:29.759190083 CET | 443 | 49805 | 142.250.181.68 | 192.168.2.6 |
Dec 23, 2024 15:09:29.795011044 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.795043945 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.795062065 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.795088053 CET | 49801 | 443 | 192.168.2.6 | 3.5.29.153 |
Dec 23, 2024 15:09:29.795105934 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.795136929 CET | 49801 | 443 | 192.168.2.6 | 3.5.29.153 |
Dec 23, 2024 15:09:29.795147896 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.795191050 CET | 49801 | 443 | 192.168.2.6 | 3.5.29.153 |
Dec 23, 2024 15:09:29.827270031 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.827292919 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.827358007 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.827362061 CET | 49801 | 443 | 192.168.2.6 | 3.5.29.153 |
Dec 23, 2024 15:09:29.827389002 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.827478886 CET | 49801 | 443 | 192.168.2.6 | 3.5.29.153 |
Dec 23, 2024 15:09:29.827490091 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.827538967 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.827605009 CET | 49801 | 443 | 192.168.2.6 | 3.5.29.153 |
Dec 23, 2024 15:09:29.829957962 CET | 49801 | 443 | 192.168.2.6 | 3.5.29.153 |
Dec 23, 2024 15:09:29.829977036 CET | 443 | 49801 | 3.5.29.153 | 192.168.2.6 |
Dec 23, 2024 15:09:29.851011038 CET | 49805 | 443 | 192.168.2.6 | 142.250.181.68 |
Dec 23, 2024 15:09:29.851023912 CET | 443 | 49805 | 142.250.181.68 | 192.168.2.6 |
Dec 23, 2024 15:09:29.891350985 CET | 49805 | 443 | 192.168.2.6 | 142.250.181.68 |
Dec 23, 2024 15:09:39.462222099 CET | 443 | 49805 | 142.250.181.68 | 192.168.2.6 |
Dec 23, 2024 15:09:39.462279081 CET | 443 | 49805 | 142.250.181.68 | 192.168.2.6 |
Dec 23, 2024 15:09:39.462546110 CET | 49805 | 443 | 192.168.2.6 | 142.250.181.68 |
Dec 23, 2024 15:09:39.775191069 CET | 49805 | 443 | 192.168.2.6 | 142.250.181.68 |
Dec 23, 2024 15:09:39.775209904 CET | 443 | 49805 | 142.250.181.68 | 192.168.2.6 |
Dec 23, 2024 15:09:51.508141994 CET | 49916 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:09:51.508191109 CET | 443 | 49916 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:09:51.508282900 CET | 49916 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:09:51.508827925 CET | 49916 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:09:51.508841991 CET | 443 | 49916 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:09:53.721137047 CET | 443 | 49916 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:09:53.721210003 CET | 49916 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:09:53.723290920 CET | 49916 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:09:53.723310947 CET | 443 | 49916 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:09:53.723644018 CET | 443 | 49916 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:09:53.725538969 CET | 49916 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:09:53.725599051 CET | 49916 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:09:53.725608110 CET | 443 | 49916 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:09:53.725734949 CET | 49916 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:09:53.771327972 CET | 443 | 49916 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:09:54.267864943 CET | 443 | 49916 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:09:54.267963886 CET | 443 | 49916 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:09:54.268371105 CET | 49916 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:09:54.268486023 CET | 49916 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:09:54.268502951 CET | 443 | 49916 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:09:54.268513918 CET | 49916 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:10:24.728059053 CET | 50001 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:10:24.728107929 CET | 443 | 50001 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:10:24.728187084 CET | 50001 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:10:24.728924036 CET | 50001 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:10:24.728941917 CET | 443 | 50001 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:10:26.961215019 CET | 443 | 50001 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:10:26.961302996 CET | 50001 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:10:26.965759993 CET | 50001 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:10:26.965776920 CET | 443 | 50001 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:10:26.966557980 CET | 443 | 50001 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:10:26.971230030 CET | 50001 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:10:26.971349955 CET | 50001 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:10:26.971507072 CET | 443 | 50001 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:10:26.971524000 CET | 50001 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:10:27.015374899 CET | 443 | 50001 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:10:27.516504049 CET | 443 | 50001 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:10:27.516693115 CET | 443 | 50001 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:10:27.516868114 CET | 50001 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:10:27.516943932 CET | 50001 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:10:27.516995907 CET | 443 | 50001 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:10:27.986474991 CET | 50011 | 443 | 192.168.2.6 | 142.250.181.68 |
Dec 23, 2024 15:10:27.986548901 CET | 443 | 50011 | 142.250.181.68 | 192.168.2.6 |
Dec 23, 2024 15:10:27.986685991 CET | 50011 | 443 | 192.168.2.6 | 142.250.181.68 |
Dec 23, 2024 15:10:27.987786055 CET | 50011 | 443 | 192.168.2.6 | 142.250.181.68 |
Dec 23, 2024 15:10:27.987817049 CET | 443 | 50011 | 142.250.181.68 | 192.168.2.6 |
Dec 23, 2024 15:10:29.677397966 CET | 443 | 50011 | 142.250.181.68 | 192.168.2.6 |
Dec 23, 2024 15:10:29.677772999 CET | 50011 | 443 | 192.168.2.6 | 142.250.181.68 |
Dec 23, 2024 15:10:29.677864075 CET | 443 | 50011 | 142.250.181.68 | 192.168.2.6 |
Dec 23, 2024 15:10:29.678293943 CET | 443 | 50011 | 142.250.181.68 | 192.168.2.6 |
Dec 23, 2024 15:10:29.678703070 CET | 50011 | 443 | 192.168.2.6 | 142.250.181.68 |
Dec 23, 2024 15:10:29.678797007 CET | 443 | 50011 | 142.250.181.68 | 192.168.2.6 |
Dec 23, 2024 15:10:29.719384909 CET | 50011 | 443 | 192.168.2.6 | 142.250.181.68 |
Dec 23, 2024 15:10:30.484705925 CET | 49703 | 80 | 192.168.2.6 | 199.232.214.172 |
Dec 23, 2024 15:10:30.484858036 CET | 49702 | 443 | 192.168.2.6 | 20.190.147.2 |
Dec 23, 2024 15:10:30.605237007 CET | 80 | 49703 | 199.232.214.172 | 192.168.2.6 |
Dec 23, 2024 15:10:30.605293989 CET | 49703 | 80 | 192.168.2.6 | 199.232.214.172 |
Dec 23, 2024 15:10:30.605297089 CET | 443 | 49702 | 20.190.147.2 | 192.168.2.6 |
Dec 23, 2024 15:10:30.605355024 CET | 49702 | 443 | 192.168.2.6 | 20.190.147.2 |
Dec 23, 2024 15:10:36.108962059 CET | 49706 | 443 | 192.168.2.6 | 20.190.147.2 |
Dec 23, 2024 15:10:36.109020948 CET | 49708 | 443 | 192.168.2.6 | 20.190.147.2 |
Dec 23, 2024 15:10:36.229244947 CET | 443 | 49706 | 20.190.147.2 | 192.168.2.6 |
Dec 23, 2024 15:10:36.229357004 CET | 49706 | 443 | 192.168.2.6 | 20.190.147.2 |
Dec 23, 2024 15:10:36.230022907 CET | 443 | 49708 | 20.190.147.2 | 192.168.2.6 |
Dec 23, 2024 15:10:36.230128050 CET | 49708 | 443 | 192.168.2.6 | 20.190.147.2 |
Dec 23, 2024 15:10:39.409245014 CET | 443 | 50011 | 142.250.181.68 | 192.168.2.6 |
Dec 23, 2024 15:10:39.409315109 CET | 443 | 50011 | 142.250.181.68 | 192.168.2.6 |
Dec 23, 2024 15:10:39.409559965 CET | 50011 | 443 | 192.168.2.6 | 142.250.181.68 |
Dec 23, 2024 15:10:41.001321077 CET | 50011 | 443 | 192.168.2.6 | 142.250.181.68 |
Dec 23, 2024 15:10:41.001353025 CET | 443 | 50011 | 142.250.181.68 | 192.168.2.6 |
Dec 23, 2024 15:11:06.679886103 CET | 50082 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:11:06.679944992 CET | 443 | 50082 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:11:06.680033922 CET | 50082 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:11:06.680684090 CET | 50082 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:11:06.680701971 CET | 443 | 50082 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:11:08.928355932 CET | 443 | 50082 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:11:08.928527117 CET | 50082 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:11:08.935956001 CET | 50082 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:11:08.935978889 CET | 443 | 50082 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:11:08.936861038 CET | 443 | 50082 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:11:08.939362049 CET | 50082 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:11:08.939471960 CET | 50082 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:11:08.939479113 CET | 443 | 50082 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:11:08.939646959 CET | 50082 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:11:08.987330914 CET | 443 | 50082 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:11:09.742754936 CET | 443 | 50082 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:11:09.743887901 CET | 443 | 50082 | 20.198.118.190 | 192.168.2.6 |
Dec 23, 2024 15:11:09.744097948 CET | 50082 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:11:09.744097948 CET | 50082 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:11:09.744097948 CET | 50082 | 443 | 192.168.2.6 | 20.198.118.190 |
Dec 23, 2024 15:11:28.048944950 CET | 50083 | 443 | 192.168.2.6 | 142.250.181.68 |
Dec 23, 2024 15:11:28.049017906 CET | 443 | 50083 | 142.250.181.68 | 192.168.2.6 |
Dec 23, 2024 15:11:28.049205065 CET | 50083 | 443 | 192.168.2.6 | 142.250.181.68 |
Dec 23, 2024 15:11:28.049607992 CET | 50083 | 443 | 192.168.2.6 | 142.250.181.68 |
Dec 23, 2024 15:11:28.049628019 CET | 443 | 50083 | 142.250.181.68 | 192.168.2.6 |
Dec 23, 2024 15:11:29.748528004 CET | 443 | 50083 | 142.250.181.68 | 192.168.2.6 |
Dec 23, 2024 15:11:29.749187946 CET | 50083 | 443 | 192.168.2.6 | 142.250.181.68 |
Dec 23, 2024 15:11:29.749229908 CET | 443 | 50083 | 142.250.181.68 | 192.168.2.6 |
Dec 23, 2024 15:11:29.750410080 CET | 443 | 50083 | 142.250.181.68 | 192.168.2.6 |
Dec 23, 2024 15:11:29.751354933 CET | 50083 | 443 | 192.168.2.6 | 142.250.181.68 |
Dec 23, 2024 15:11:29.751430035 CET | 443 | 50083 | 142.250.181.68 | 192.168.2.6 |
Dec 23, 2024 15:11:29.796514988 CET | 50083 | 443 | 192.168.2.6 | 142.250.181.68 |
Dec 23, 2024 15:11:39.451685905 CET | 443 | 50083 | 142.250.181.68 | 192.168.2.6 |
Dec 23, 2024 15:11:39.451850891 CET | 443 | 50083 | 142.250.181.68 | 192.168.2.6 |
Dec 23, 2024 15:11:39.452038050 CET | 50083 | 443 | 192.168.2.6 | 142.250.181.68 |
Dec 23, 2024 15:11:41.003846884 CET | 50083 | 443 | 192.168.2.6 | 142.250.181.68 |
Dec 23, 2024 15:11:41.003916025 CET | 443 | 50083 | 142.250.181.68 | 192.168.2.6 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 23, 2024 15:09:11.207539082 CET | 50279 | 53 | 192.168.2.6 | 1.1.1.1 |
Dec 23, 2024 15:09:24.573920012 CET | 57650 | 53 | 192.168.2.6 | 1.1.1.1 |
Dec 23, 2024 15:09:24.574134111 CET | 53789 | 53 | 192.168.2.6 | 1.1.1.1 |
Dec 23, 2024 15:09:24.709368944 CET | 53 | 61130 | 1.1.1.1 | 192.168.2.6 |
Dec 23, 2024 15:09:24.710558891 CET | 53 | 57650 | 1.1.1.1 | 192.168.2.6 |
Dec 23, 2024 15:09:24.871395111 CET | 53 | 53789 | 1.1.1.1 | 192.168.2.6 |
Dec 23, 2024 15:09:24.946563959 CET | 53 | 52134 | 1.1.1.1 | 192.168.2.6 |
Dec 23, 2024 15:09:27.110199928 CET | 53161 | 53 | 192.168.2.6 | 1.1.1.1 |
Dec 23, 2024 15:09:27.110378027 CET | 53344 | 53 | 192.168.2.6 | 1.1.1.1 |
Dec 23, 2024 15:09:27.468934059 CET | 53 | 53344 | 1.1.1.1 | 192.168.2.6 |
Dec 23, 2024 15:09:27.496752024 CET | 53 | 53161 | 1.1.1.1 | 192.168.2.6 |
Dec 23, 2024 15:09:27.749456882 CET | 53 | 54155 | 1.1.1.1 | 192.168.2.6 |
Dec 23, 2024 15:09:27.920342922 CET | 59438 | 53 | 192.168.2.6 | 1.1.1.1 |
Dec 23, 2024 15:09:27.920602083 CET | 52986 | 53 | 192.168.2.6 | 1.1.1.1 |
Dec 23, 2024 15:09:28.057430029 CET | 53 | 59438 | 1.1.1.1 | 192.168.2.6 |
Dec 23, 2024 15:09:28.057503939 CET | 53 | 52986 | 1.1.1.1 | 192.168.2.6 |
Dec 23, 2024 15:09:29.451349020 CET | 53 | 62162 | 1.1.1.1 | 192.168.2.6 |
Dec 23, 2024 15:09:44.580348015 CET | 53 | 56326 | 1.1.1.1 | 192.168.2.6 |
Dec 23, 2024 15:10:03.342719078 CET | 53 | 49680 | 1.1.1.1 | 192.168.2.6 |
Dec 23, 2024 15:10:23.828464031 CET | 53 | 65347 | 1.1.1.1 | 192.168.2.6 |
Dec 23, 2024 15:10:26.044831991 CET | 53 | 51597 | 1.1.1.1 | 192.168.2.6 |
Dec 23, 2024 15:10:56.358313084 CET | 53 | 61422 | 1.1.1.1 | 192.168.2.6 |
Dec 23, 2024 15:11:42.717803955 CET | 53 | 53372 | 1.1.1.1 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Dec 23, 2024 15:09:24.871481895 CET | 192.168.2.6 | 1.1.1.1 | c239 | (Port unreachable) | Destination Unreachable |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Dec 23, 2024 15:09:11.207539082 CET | 192.168.2.6 | 1.1.1.1 | 0xcc28 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 23, 2024 15:09:24.573920012 CET | 192.168.2.6 | 1.1.1.1 | 0x21c3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 23, 2024 15:09:24.574134111 CET | 192.168.2.6 | 1.1.1.1 | 0x9e69 | Standard query (0) | 65 | IN (0x0001) | false | |
Dec 23, 2024 15:09:27.110199928 CET | 192.168.2.6 | 1.1.1.1 | 0x364f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 23, 2024 15:09:27.110378027 CET | 192.168.2.6 | 1.1.1.1 | 0xaebe | Standard query (0) | 65 | IN (0x0001) | false | |
Dec 23, 2024 15:09:27.920342922 CET | 192.168.2.6 | 1.1.1.1 | 0xc17e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 23, 2024 15:09:27.920602083 CET | 192.168.2.6 | 1.1.1.1 | 0xb4c3 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Dec 23, 2024 15:09:11.432585955 CET | 1.1.1.1 | 192.168.2.6 | 0xcc28 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Dec 23, 2024 15:09:24.710558891 CET | 1.1.1.1 | 192.168.2.6 | 0x21c3 | No error (0) | 185.166.143.48 | A (IP address) | IN (0x0001) | false | ||
Dec 23, 2024 15:09:24.710558891 CET | 1.1.1.1 | 192.168.2.6 | 0x21c3 | No error (0) | 185.166.143.50 | A (IP address) | IN (0x0001) | false | ||
Dec 23, 2024 15:09:24.710558891 CET | 1.1.1.1 | 192.168.2.6 | 0x21c3 | No error (0) | 185.166.143.49 | A (IP address) | IN (0x0001) | false | ||
Dec 23, 2024 15:09:27.468934059 CET | 1.1.1.1 | 192.168.2.6 | 0xaebe | No error (0) | s3-1-w.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Dec 23, 2024 15:09:27.468934059 CET | 1.1.1.1 | 192.168.2.6 | 0xaebe | No error (0) | s3-w.us-east-1.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Dec 23, 2024 15:09:27.496752024 CET | 1.1.1.1 | 192.168.2.6 | 0x364f | No error (0) | s3-1-w.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Dec 23, 2024 15:09:27.496752024 CET | 1.1.1.1 | 192.168.2.6 | 0x364f | No error (0) | s3-w.us-east-1.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Dec 23, 2024 15:09:27.496752024 CET | 1.1.1.1 | 192.168.2.6 | 0x364f | No error (0) | 3.5.29.153 | A (IP address) | IN (0x0001) | false | ||
Dec 23, 2024 15:09:27.496752024 CET | 1.1.1.1 | 192.168.2.6 | 0x364f | No error (0) | 52.217.197.129 | A (IP address) | IN (0x0001) | false | ||
Dec 23, 2024 15:09:27.496752024 CET | 1.1.1.1 | 192.168.2.6 | 0x364f | No error (0) | 3.5.25.157 | A (IP address) | IN (0x0001) | false | ||
Dec 23, 2024 15:09:27.496752024 CET | 1.1.1.1 | 192.168.2.6 | 0x364f | No error (0) | 3.5.25.52 | A (IP address) | IN (0x0001) | false | ||
Dec 23, 2024 15:09:27.496752024 CET | 1.1.1.1 | 192.168.2.6 | 0x364f | No error (0) | 16.182.105.65 | A (IP address) | IN (0x0001) | false | ||
Dec 23, 2024 15:09:27.496752024 CET | 1.1.1.1 | 192.168.2.6 | 0x364f | No error (0) | 52.216.89.59 | A (IP address) | IN (0x0001) | false | ||
Dec 23, 2024 15:09:27.496752024 CET | 1.1.1.1 | 192.168.2.6 | 0x364f | No error (0) | 52.217.112.1 | A (IP address) | IN (0x0001) | false | ||
Dec 23, 2024 15:09:27.496752024 CET | 1.1.1.1 | 192.168.2.6 | 0x364f | No error (0) | 3.5.25.54 | A (IP address) | IN (0x0001) | false | ||
Dec 23, 2024 15:09:28.057430029 CET | 1.1.1.1 | 192.168.2.6 | 0xc17e | No error (0) | 142.250.181.68 | A (IP address) | IN (0x0001) | false | ||
Dec 23, 2024 15:09:28.057503939 CET | 1.1.1.1 | 192.168.2.6 | 0xb4c3 | No error (0) | 65 | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
0 | 192.168.2.6 | 49710 | 20.198.119.84 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-23 14:08:53 UTC | 71 | OUT | |
2024-12-23 14:08:53 UTC | 249 | OUT | |
2024-12-23 14:08:53 UTC | 1076 | OUT | |
2024-12-23 14:08:53 UTC | 218 | OUT | |
2024-12-23 14:08:54 UTC | 14 | IN | |
2024-12-23 14:08:54 UTC | 58 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
1 | 192.168.2.6 | 49712 | 20.198.119.84 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-23 14:08:57 UTC | 71 | OUT | |
2024-12-23 14:08:57 UTC | 249 | OUT | |
2024-12-23 14:08:57 UTC | 1084 | OUT | |
2024-12-23 14:08:57 UTC | 218 | OUT | |
2024-12-23 14:08:57 UTC | 14 | IN | |
2024-12-23 14:08:57 UTC | 58 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
2 | 192.168.2.6 | 49777 | 20.198.118.190 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-23 14:09:22 UTC | 71 | OUT | |
2024-12-23 14:09:22 UTC | 249 | OUT | |
2024-12-23 14:09:22 UTC | 1084 | OUT | |
2024-12-23 14:09:22 UTC | 218 | OUT | |
2024-12-23 14:09:23 UTC | 14 | IN | |
2024-12-23 14:09:23 UTC | 58 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.6 | 49788 | 185.166.143.48 | 443 | 7924 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-23 14:09:26 UTC | 853 | OUT | |
2024-12-23 14:09:27 UTC | 6357 | IN |