Edit tour
Windows
Analysis Report
Invoice Number INV132146-1.pdf
Overview
General Information
| Sample name: | Invoice Number INV132146-1.pdf |
| Analysis ID: | 1646469 |
| MD5: | 786bb21da0bc0a7a90278e99818d59a9 |
| SHA1: | 1b63a43223fa7a5d275d0b3631bee54fe8ca181c |
| SHA256: | 3f193b89c9274026c94b4da74272c7160f1c6f76d5a64594ebb66b103d1e38d2 |
| Infos: | |
 | |
Errors
| |
Detection
| Score: | 52 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
AI detected landing page (webpage, office document or email)
Creates files inside the system directory
Deletes files inside the Windows folder
Classification
- System is w10x64
Acrobat.exe (PID: 7980 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\I nvoice Num ber INV132 146-1.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) 
AcroCEF.exe (PID: 7392 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 5548 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=22 44 --field -trial-han dle=1544,i ,124532747 3292077556 ,165088628 1094348575 2,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
chrome.exe (PID: 9152 cmdline: "C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --s tart-maxim ized "abou t:blank" MD5: E81F54E6C1129887AEA47E7D092680BF) - chrome.exe (PID: 2260 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --no-pre-r ead-main-d ll --field -trial-han dle=1996,i ,562276446 6599029855 ,158099681 0609142038 6,262144 - -disable-f eatures=Op timization GuideModel Downloadin g,Optimiza tionHints, Optimizati onHintsFet ching,Opti mizationTa rgetPredic tion --var iations-se ed-version =20250306- 183004.429 000 --mojo -platform- channel-ha ndle=2244 /prefetch: 3 MD5: E81F54E6C1129887AEA47E7D092680BF)
- chrome.exe (PID: 7732 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://thera pyforhappi ness.co.uk /ra3.pdf" MD5: E81F54E6C1129887AEA47E7D092680BF)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Suricata rule has matched
- • AV Detection
- • Phishing
- • Compliance
- • Networking
- • System Summary
- • Hooking and other Techniques for Hiding and Protection
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
Phishing | |
|---|
| Source: | Joe Sandbox AI: | ||
| Source: | Joe Sandbox AI: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File deleted: | Jump to behavior | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Browser Extensions | 1 Process Injection | 11 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 File Deletion | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 11% | Virustotal | Browse | ||
| 18% | ReversingLabs | Document-PDF.Trojan.ScamX |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| bg.microsoft.map.fastly.net | 199.232.214.172 | true | false | high | |
| google.com | 142.251.40.142 | true | false | high | |
| e8652.dscx.akamaiedge.net | 23.48.144.248 | true | false | high | |
| www.google.com | 142.251.41.4 | true | false | high | |
| x1.i.lencr.org | unknown | unknown | false | high | |
| therapyforhappiness.co.uk | unknown | unknown | false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 23.48.144.248 | e8652.dscx.akamaiedge.net | United States | 20940 | AKAMAI-ASN1EU | false | |
| 142.251.41.4 | www.google.com | United States | 15169 | GOOGLEUS | false |
| IP |
|---|
| 192.168.2.4 |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1646469 |
| Start date and time: | 2025-03-24 02:57:53 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 37s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowspdfcookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 26 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Invoice Number INV132146-1.pdf |
| Detection: | MAL |
| Classification: | mal52.winPDF@41/47@34/3 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Corrupt sample or wrongly sele
cted analyzer.
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, a udiodg.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIA DAP.exe, SIHClient.exe, SgrmBr oker.exe, backgroundTaskHost.e xe, conhost.exe, svchost.exe - Excluded IPs from analysis (wh
itelisted): 23.51.56.185, 23.4 0.179.141, 23.40.179.192, 54.2 24.241.105, 50.16.47.176, 34.2 37.241.83, 18.213.11.84, 162.1 59.61.3, 172.64.41.3, 23.210.7 3.5, 23.52.159.218, 199.232.21 4.172, 23.219.36.136, 23.219.3 6.135, 142.250.80.3, 142.250.7 2.110, 142.251.40.238, 172.253 .115.84, 142.251.40.206, 142.2 51.32.110, 142.250.65.206, 142 .250.81.238, 142.250.65.174, 1 42.251.40.142, 142.251.40.195, 172.253.62.84, 142.250.80.99, 142.250.80.110, 142.250.80.78 , 142.250.80.46, 23.205.30.245 , 23.56.162.204, 4.245.163.56, 20.12.23.50 - Excluded domains from analysis
(whitelisted): clients1.googl e.com, e4578.dscg.akamaiedge.n et, chrome.cloudflare-dns.com, fs.microsoft.com, accounts.go ogle.com, slscr.update.microso ft.com, acroipm2.adobe.com.edg esuite.net, ctldl.windowsupdat e.com.delivery.microsoft.com, ctldl.windowsupdate.com, clien tservices.googleapis.com, p13n .adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.c om, clients2.google.com, ocsp. digicert.com, edgedl.me.gvt1.c om, redirector.gvt1.com, armmf .adobe.com, ssl-delivery.adobe .com.edgekey.net, a122.dscd.ak amai.net, update.googleapis.co m, clients.l.google.com, geo2. adobe.com, wu-b-net.trafficman ager.net - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtOpenFile calls found .
| Time | Type | Description |
|---|---|---|
| 21:59:06 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 23.48.144.248 | Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| google.com | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | XRed, XWorm | Browse |
| ||
| Get hash | malicious | XRed, XWorm | Browse |
| ||
| Get hash | malicious | XRed, XWorm | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| e8652.dscx.akamaiedge.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | DanaBot | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| ||
| Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| ||
| Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| bg.microsoft.map.fastly.net | Get hash | malicious | AgentTesla | Browse |
| |
| Get hash | malicious | Quasar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | DanaBot | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | PureCrypter, AsyncRAT | Browse |
| ||
| Get hash | malicious | SheetRat | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| AKAMAI-ASN1EU | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Credential Flusher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
|
⊘No context
⊘No context
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.1613984772314945 |
| Encrypted: | false |
| SSDEEP: | 6:iOsIE7cM+q2Pwkn2nKuAl9OmbnIFUtCIEDZmwgIE+MVkwOwkn2nKuAl9OmbjLJ:7pEx+vYfHAahFUtLED/NEzV5JfHAaSJ |
| MD5: | 3626AB84466D22D3697DD4BF121B1281 |
| SHA1: | 6A969BE03499FB77A43FD463E4146CDA1BA2CDB7 |
| SHA-256: | E6191175D1C54CD85DE29A62467C8B314184FF5532656945BEF0057F25F0E5CA |
| SHA-512: | ADD42488CF30E3E8C26A9E1BAD642296FF0C32AE7C7C053C2DB97184F6181898335EFA1E2926CB4452A764CDB3963DBCC7E483DF47C4A2B3DB24D5C834DFAD3C |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.1613984772314945 |
| Encrypted: | false |
| SSDEEP: | 6:iOsIE7cM+q2Pwkn2nKuAl9OmbnIFUtCIEDZmwgIE+MVkwOwkn2nKuAl9OmbjLJ:7pEx+vYfHAahFUtLED/NEzV5JfHAaSJ |
| MD5: | 3626AB84466D22D3697DD4BF121B1281 |
| SHA1: | 6A969BE03499FB77A43FD463E4146CDA1BA2CDB7 |
| SHA-256: | E6191175D1C54CD85DE29A62467C8B314184FF5532656945BEF0057F25F0E5CA |
| SHA-512: | ADD42488CF30E3E8C26A9E1BAD642296FF0C32AE7C7C053C2DB97184F6181898335EFA1E2926CB4452A764CDB3963DBCC7E483DF47C4A2B3DB24D5C834DFAD3C |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 336 |
| Entropy (8bit): | 5.156278221164801 |
| Encrypted: | false |
| SSDEEP: | 6:iOsIE/OL+q2Pwkn2nKuAl9Ombzo2jMGIFUtCIEeUVzzKWZmwgIEsLVkwOwkn2nK3:7pE/S+vYfHAa8uFUtLEeUVzKW/NE8V56 |
| MD5: | 05BF7FD14059AA06231A76F5FBD4E00A |
| SHA1: | FF2D5F3A9ACB069ABDF4FC9609A16CF05437244F |
| SHA-256: | 782902894AFBF78B93994C77C3C7B58D4A8CA7E69BB71A7AAB10D105C3B28B28 |
| SHA-512: | 1C9657E5595DDDB4C600A3A948B3A45732DF3135FDEDC71E0A314D3A6DFC3CCD96E0C3CF10D9D61A91ADF555FE1896153D69FBF0F928301758645BF1261DD604 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 336 |
| Entropy (8bit): | 5.156278221164801 |
| Encrypted: | false |
| SSDEEP: | 6:iOsIE/OL+q2Pwkn2nKuAl9Ombzo2jMGIFUtCIEeUVzzKWZmwgIEsLVkwOwkn2nK3:7pE/S+vYfHAa8uFUtLEeUVzKW/NE8V56 |
| MD5: | 05BF7FD14059AA06231A76F5FBD4E00A |
| SHA1: | FF2D5F3A9ACB069ABDF4FC9609A16CF05437244F |
| SHA-256: | 782902894AFBF78B93994C77C3C7B58D4A8CA7E69BB71A7AAB10D105C3B28B28 |
| SHA-512: | 1C9657E5595DDDB4C600A3A948B3A45732DF3135FDEDC71E0A314D3A6DFC3CCD96E0C3CF10D9D61A91ADF555FE1896153D69FBF0F928301758645BF1261DD604 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.963716805413449 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqKPsBdOg2Hwcaq3QYiubInP7E4T3y:Y2sRdszwdMH73QYhbG7nby |
| MD5: | 7581208F8505713DD2D4143FF53BE2EA |
| SHA1: | 79119E029A80728BDBAF086F55BF03E10A7EBEA8 |
| SHA-256: | 25D089DBDE08A646A71C4F3583E662001B298CDBBF99772E1A8F34BF3FBE8B34 |
| SHA-512: | 76268339453B88EB55D2A1A43809FB2AB68FB4A02851270F9CF502814AEA28E5DF261D89151B86CB79976220693CE8407C57E21B1E26DD616D86998010AEC11B |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.963716805413449 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqKPsBdOg2Hwcaq3QYiubInP7E4T3y:Y2sRdszwdMH73QYhbG7nby |
| MD5: | 7581208F8505713DD2D4143FF53BE2EA |
| SHA1: | 79119E029A80728BDBAF086F55BF03E10A7EBEA8 |
| SHA-256: | 25D089DBDE08A646A71C4F3583E662001B298CDBBF99772E1A8F34BF3FBE8B34 |
| SHA-512: | 76268339453B88EB55D2A1A43809FB2AB68FB4A02851270F9CF502814AEA28E5DF261D89151B86CB79976220693CE8407C57E21B1E26DD616D86998010AEC11B |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4730 |
| Entropy (8bit): | 5.256179011594042 |
| Encrypted: | false |
| SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7t4TCt+w3W7Z:etJCV4FiN/jTN/2r8Mta02fEhgO73gos |
| MD5: | EB34ABE1270938AEF6776774B4437DC8 |
| SHA1: | 3F8EB09C204373FCB11933EF4445BF2E42874A70 |
| SHA-256: | 872D0A33F3D8717F64FB642086D8019F2E409584EFB016157D9F86094669C06B |
| SHA-512: | E3E662F1ECB5D2FD15E74BE11850253AC7FA04DFB06153D9CAFF5BFBB65F42A681E5AF5675DD5C8D7A12EAEAD944F7242FC619EB21EB78FEF5BED0DB2A4A3DD1 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 324 |
| Entropy (8bit): | 5.156381279956224 |
| Encrypted: | false |
| SSDEEP: | 6:iOsIEzVW+L+q2Pwkn2nKuAl9OmbzNMxIFUtCIEVuXFzKWZmwgIEhLVkwOwkn2nKA:7pEzVWi+vYfHAa8jFUtLEVszKW/NEpVj |
| MD5: | C261FA259483BCF7B34A9FF535892A63 |
| SHA1: | 1B8C61136EA1AB44ECD547D9D405A7AE76DC0996 |
| SHA-256: | AFDC774709A032C40EBD361467887B82D2BA6AC61420A6545FF1ABA3E5F7BD33 |
| SHA-512: | 7F6F7F44883EC9DA11EC0BF6796AD635785E2796ED1A79B5935395F2C141A9892BADA98573C89B996AAAD9E8CAA84AE48E067690D6325384F391FCB50FC8679A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 324 |
| Entropy (8bit): | 5.156381279956224 |
| Encrypted: | false |
| SSDEEP: | 6:iOsIEzVW+L+q2Pwkn2nKuAl9OmbzNMxIFUtCIEVuXFzKWZmwgIEhLVkwOwkn2nKA:7pEzVWi+vYfHAa8jFUtLEVszKW/NEpVj |
| MD5: | C261FA259483BCF7B34A9FF535892A63 |
| SHA1: | 1B8C61136EA1AB44ECD547D9D405A7AE76DC0996 |
| SHA-256: | AFDC774709A032C40EBD361467887B82D2BA6AC61420A6545FF1ABA3E5F7BD33 |
| SHA-512: | 7F6F7F44883EC9DA11EC0BF6796AD635785E2796ED1A79B5935395F2C141A9892BADA98573C89B996AAAD9E8CAA84AE48E067690D6325384F391FCB50FC8679A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 82710 |
| Entropy (8bit): | 1.2272662388702138 |
| Encrypted: | false |
| SSDEEP: | 96:dxWKmN/c/uSE/M/zYzWKOG75+MPBofgv1vucmgeYymqAiGkkg:dxw1SuupHITGfW1vgge8+ |
| MD5: | 98F06D06F95BE5918A05315393F18BDF |
| SHA1: | 37E3683B0A201DB8E67E2341002E04152E145A9C |
| SHA-256: | DEBA64094F095542C8C7D2FD63C311A724D644802201B8CF3660B531CFCAE3F2 |
| SHA-512: | 80A45505F1B613B6172A32F52BC8C8AFE3DF8412499AD08116B356B8E081AA70F41A39144F4B91C10A5CD14F26943C34DF48E22A19AE1D0A6FEC63B42B255C01 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 86016 |
| Entropy (8bit): | 4.445132467936887 |
| Encrypted: | false |
| SSDEEP: | 384:yezci5tMiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rrs3OazzU89UTTgUL |
| MD5: | F1DCF1F991D60B8FB8B9DADD257610C7 |
| SHA1: | B2349E36FD74F7042B2E7069608117DC3D844F46 |
| SHA-256: | C8E0A450985699B8C7AF25913B52EC8B1282FC4401B866E17B668AA8702124F6 |
| SHA-512: | DDD25E3E82CA05BD17FCA680C7BAC3221752B1387CE0F36A457554C932FAFEB83B2B7E38B283D3B143440388ADE4479405AD3D13EFFC563DEFD7DF4387C040C4 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 3.7765984346443697 |
| Encrypted: | false |
| SSDEEP: | 48:7M6p/E2ioyV8ioy9oWoy1Cwoy1gKOioy1noy1AYoy1Wioy1hioybioyaoy1noy1T:7lpju8F3XKQ/Ob9IVXEBodRBkk |
| MD5: | 4DDF4AD5A9FCC5F0C97944E465FB4B6C |
| SHA1: | 67B5343866602838298C0693BDDC22DF69A6E9CD |
| SHA-256: | DA444127DF90ECC3557DE2BAED9A8561FB5043B7453CB70A7B279BDCEBC89A0D |
| SHA-512: | 0472CE942EE092DDE1F58187C9F4F4E6A58CB9D22C13DF37570446F79C9A75AED043BEEF698D27E1847C784378BDF504CFC16B19879928829E86D9DE33894F75 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1391 |
| Entropy (8bit): | 7.705940075877404 |
| Encrypted: | false |
| SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
| MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
| SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
| SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
| SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 73305 |
| Entropy (8bit): | 7.996028107841645 |
| Encrypted: | true |
| SSDEEP: | 1536:krha8mqJ7v3CeFMz/akys7nSTK7QMuK+C/Oh5:kAOFq+Mba9Ok7C/O/ |
| MD5: | 83142242E97B8953C386F988AA694E4A |
| SHA1: | 833ED12FC15B356136DCDD27C61A50F59C5C7D50 |
| SHA-256: | D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755 |
| SHA-512: | BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 192 |
| Entropy (8bit): | 2.7569015731729736 |
| Encrypted: | false |
| SSDEEP: | 3:kkFkl+6bVXfllXlE/HT8k3hvNNX8RolJuRdxLlGB9lQRYwpDdt:kKn6RIT8cVNMa8RdWBwRd |
| MD5: | 79CABD89DC83F11786351ECA2D9BBD84 |
| SHA1: | 5B523B4849C094AA50500695B824E7D2F959FA69 |
| SHA-256: | 85D07EC947800BE6FB157F0C8358584BBE3BB53552DB1A1217B33BE2BC73F789 |
| SHA-512: | 5BD4E80DD21F574BCB0AA6CA4648ABE32031608505F49FD205E8231C502AD6BA65BF065D9BDB01235D26E514828FCD50D4F962DC89AAB8004765CE3250928B30 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 330 |
| Entropy (8bit): | 3.261789238280868 |
| Encrypted: | false |
| SSDEEP: | 6:kKN8bVemcQRnSN+SkQlPlEGYRMY9z+4KlDA3RUeqpGVuys1:18smfZkPlE99SNxAhUeq8S |
| MD5: | 8B86096A1961C576B8456C6FC8386353 |
| SHA1: | A1AACCC98C6F0DF9047E9C580741E1F14D4E9DDF |
| SHA-256: | 6092C2CFF8BE3DA2D0CE3ADE3ADF5D2DC9345BE405A234878510515FC408CB8E |
| SHA-512: | A0E4B07817BA88FFD5938C5D8108FDFF129B2D2E729787C768C57CC7D15509003634B2CE43241BDB826F02A1EC457DA45D86EB438C24EBCD6CFCEE0314924AD5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 243196 |
| Entropy (8bit): | 3.3450692389394283 |
| Encrypted: | false |
| SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn |
| MD5: | F5567C4FF4AB049B696D3BE0DD72A793 |
| SHA1: | EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916 |
| SHA-256: | D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04 |
| SHA-512: | E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.351390866199335 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXBhk0QUuFHVoZcg1vRcR0YWtRZwoAvJM3g98kUwPeUkwRe9:YvXKXBhkpUuF2Zc0vBGMbLUkee9 |
| MD5: | BC85CE10536658C156BE54BE4C62C97D |
| SHA1: | 91373B15376C841437AC23AD6E436B47CC105B0B |
| SHA-256: | AF19AC02B01B644CBDE21278908C1199AA4912012F79098E42A3BD7CAC295F7A |
| SHA-512: | 5B379E7CB107A533A17FCBA595E57D7E91E1A409EF25DB17ED694AE8A133ECA1D4875F4C4AFB5CAFED6EE23F3BDE70D5F1D35C10B1AE5178256BC116575ACD89 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.2991870865465565 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXBhk0QUuFHVoZcg1vRcR0YWtRZwoAvJfBoTfXpnrPeUkwRe9:YvXKXBhkpUuF2Zc0vBGWTfXcUkee9 |
| MD5: | A9F925458BBBF9F2AE8E70433EE62CF8 |
| SHA1: | 96C72B018B1684234C25987F22C8BA75D25AF4F7 |
| SHA-256: | 024AE7930727DE879F368A2F04BA13D87D9189D9160C0571EF86A1FB00221EC4 |
| SHA-512: | 5339340BA3E4EF537F07CCAE2EB54F47752293C06CF2854469A5942386856A3A5E25928427BFDB5A1A05C4DCC068E19529C34CB677DC4E7E5176FF256F30430E |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.278713269620589 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXBhk0QUuFHVoZcg1vRcR0YWtRZwoAvJfBD2G6UpnrPeUkwRe9:YvXKXBhkpUuF2Zc0vBGR22cUkee9 |
| MD5: | 6D96529FFBE8CA7424DF5C60D14EDDF4 |
| SHA1: | D94B4862954BB8AD281F5BF820C917354C09D69D |
| SHA-256: | 2636B8028CCD784DFE6AF4EAE6A70BD9A46783996CDA13756C068D8C5D4F7C70 |
| SHA-512: | 25546BCC9F2BAEF3C4848F57222CEBDD1ECF052D517A381A181808540CD7D10BB7A637B89F2C607411123BF7BC2F076BA59A0258284CD14156BE8EB479B89186 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 285 |
| Entropy (8bit): | 5.337981283969306 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXBhk0QUuFHVoZcg1vRcR0YWtRZwoAvJfPmwrPeUkwRe9:YvXKXBhkpUuF2Zc0vBGH56Ukee9 |
| MD5: | 286A408CB8AA247AE1F98E73D2D7FE27 |
| SHA1: | 3B0832B5C5A5AB444A6D973E8786A2ED68F20D5F |
| SHA-256: | E706A410D24B6D0EA650A37A0FE6071E2FF3CBC1A3744C50B52C4098CA0ADA66 |
| SHA-512: | 6BD5358F88DA685A3E2F64815FB29D3F7B4BA5D7CA2D3D75BBA4FC650591943458E205B52DB4F5D0394AD930BFCADDACA9360B5461F366E8860DE358F8274921 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2129 |
| Entropy (8bit): | 5.844445461776531 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XBbuYzvmpLgEGycjycR84bNerISIedJGWQxiE5iODneLKnlYMfNcX5bpEsrAX:YvE6gehgly48Y/TWCjiOumNcXwKOpkUv |
| MD5: | 25A935C241EC88E407B7E6282A91AC32 |
| SHA1: | 72E93C4E3B3A1A402C2CBC53B2D639F9CD01FFA7 |
| SHA-256: | A4B81FF9B6A33D392B7020C79C1644215B6080664F2AB811262C7D4714B7BE84 |
| SHA-512: | 34A407FAEF18513414672B94F039E59A06DF024D521BAD45FED9E2A37FFBBF002581F99A6E7F5927183A7260A634A27E0B11E0136FFD3A0AAB8713FFA526A47C |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.285535270213641 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXBhk0QUuFHVoZcg1vRcR0YWtRZwoAvJf8dPeUkwRe9:YvXKXBhkpUuF2Zc0vBGU8Ukee9 |
| MD5: | 54FE5BAC77F3508B15219C68F322D12B |
| SHA1: | 5220961A47E27C5867A7A53A8B382FA6F40A88FB |
| SHA-256: | F713C3AECC379E45B1EB3C0013768E37F6184E463130C920268F9F64B726DE1C |
| SHA-512: | C1895DD04A2573D95B93E845B921CB647C7D7E6CFE6123115F6FBE6D6C1A8F5DE4B19D9ECB6FB0DA598D899F24ADD8D3770BF55A4360F997F3F833C893A44CDD |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.28904973039875 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXBhk0QUuFHVoZcg1vRcR0YWtRZwoAvJfQ1rPeUkwRe9:YvXKXBhkpUuF2Zc0vBGY16Ukee9 |
| MD5: | 219D68956845BEEC5E63C379E7A70DB2 |
| SHA1: | 42D0D07407CBD45FC7F6F92A1B2B15D9AFAC89C6 |
| SHA-256: | 232A087FFE3FC2C28E6DB67AAFE35ADD24C8DA4B5D25F4D33BF7526A66051BEA |
| SHA-512: | 00FF3A9E188CE8D50A5024E9AE38E944F59FCAEA5D1531D20ECEE99971FCF4834D61497ACD6B9792AE9F0BE9282B43A8401D23932F0EA2823CECA7B2059292E0 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2080 |
| Entropy (8bit): | 5.828545400713906 |
| Encrypted: | false |
| SSDEEP: | 48:YvE6gNogbN48l/GiyLVzyODVHKOkQLcSmjWAv:Gng54Y/IVO48OkQASmX |
| MD5: | 4990E9316C40B256C0A81F2C1DB99EB7 |
| SHA1: | E229E657C41BC0039E2AF3A0689BF61ACFF6F8FE |
| SHA-256: | 47AD5592F92BD16B38E888C95CB69FA750252B43CC31924A2390E2D1B70139A6 |
| SHA-512: | B8A27F98E7A3275B7E747561EEBA5DAD39AD1DA1BECAA49082D8AE060EE35A0FE6F9DEC1BE9436A1DEACD7992B0B98C7DA9EABC196C6FDA7A4C33EC01B91D71D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.3103293952215225 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXBhk0QUuFHVoZcg1vRcR0YWtRZwoAvJfzdPeUkwRe9:YvXKXBhkpUuF2Zc0vBGb8Ukee9 |
| MD5: | 70EEDDB635D629092E358E4656CF2635 |
| SHA1: | 6D6BF93FB4A9362388A83CFB99FAEB69F71CC82F |
| SHA-256: | 6177F45EE6ACC59B30A74C461B3DF37C4A66679844CA8D68569F0D3372E0C4A2 |
| SHA-512: | D1B01B0275A77001CF910F70AA7C8FD0FA63EB9CAD09DCCD531CA330CF555FD84FC93CE8576C16C38C9068ED33E241982EE911A46C261731BCF118C178DFA95C |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.290785576216033 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXBhk0QUuFHVoZcg1vRcR0YWtRZwoAvJfYdPeUkwRe9:YvXKXBhkpUuF2Zc0vBGg8Ukee9 |
| MD5: | 1CA568128CFF11A9EB0331186F392C83 |
| SHA1: | BC51C6A9A84AA625429D6EF840C905CE2EEE5AEA |
| SHA-256: | AE28FC37E2232DADE1B47F034D94A9F2D6DCF726C92EC1915CA1E0783B05B0F8 |
| SHA-512: | 04C253EB29AC6BBBF17CB1739BD9DF9C2A54AD8A3C52DDFC5CA5C6ADEF1888223FEFDD411891C27C385C86286D1D6A1093938F15BE6363982830D9D39D6465CE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 284 |
| Entropy (8bit): | 5.277522564257721 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXBhk0QUuFHVoZcg1vRcR0YWtRZwoAvJf+dPeUkwRe9:YvXKXBhkpUuF2Zc0vBG28Ukee9 |
| MD5: | D52DF04687C7A25EB2729D3E1785C0ED |
| SHA1: | DBDECBD352279016C0D43917B9AD97C949ABF4B7 |
| SHA-256: | 223484C11D6F12CC61A1CE15B30D101C824260BB753FA70AD1E2F458ABE92256 |
| SHA-512: | A83ABA4CA767FC6029DE86D69FB38F4DCA5ADAD23B75D9EEE5C8FF5C2166AB746A593096416B86288A098AB718A56218215867546E443051DDAA12DA7F1ABBF8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.274396003262981 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXBhk0QUuFHVoZcg1vRcR0YWtRZwoAvJfbPtdPeUkwRe9:YvXKXBhkpUuF2Zc0vBGDV8Ukee9 |
| MD5: | AE79B3365026B2EA001196C5D33E64EC |
| SHA1: | C61F15634133DE707639E9EF05E65B574CD5227D |
| SHA-256: | 3E766B9599B70AFE0795DE7570167EBD7708371BF0EEC326CA73E30D1EEFF6DF |
| SHA-512: | B2F7041FAB24D62E4DF9207B844D1CD512550BF9202C65C4F865761E467D11B4E01097C4B63653609F3847832A1C43F8F8793563157D55E61A392DA7A3F76E58 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.278919914513689 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXBhk0QUuFHVoZcg1vRcR0YWtRZwoAvJf21rPeUkwRe9:YvXKXBhkpUuF2Zc0vBG+16Ukee9 |
| MD5: | 4C50D0DA4E0E09D0BC6E5B0DFA3A8200 |
| SHA1: | D54F20B90B8507AE50FB973A899F454D07BCB8F3 |
| SHA-256: | 7CC6B4B4283101809761AEAB1CB9B908283B31F4DE4D759EF11502C1EEF9622A |
| SHA-512: | 50018C33E43E5584A63E80AD7FDFF7D1103232A34901ADB047A890CF4C4F2F34A86E5BA46B98222913C9674152621F28C49200B9CF7C550961E6E34ABC947A16 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2028 |
| Entropy (8bit): | 5.842522471896059 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XBbuYzv6amXayLgEdycgNaLcR84bqerISIQ1iyLPZYMWD8W3V1LFnU6QHlOB9:YvE6gcBgBG48j/SiyLVWOAlNkUv |
| MD5: | 2754DDD36FDEE4CC4C27234707635BA1 |
| SHA1: | 68ADD19B9DB3E917A27D4A312905BF4C8E21A0A0 |
| SHA-256: | 4F659C5B6E997AFE6A9F47B86D65BA446BBCA9056C06F70EEA7E0FF9BFA9CCF3 |
| SHA-512: | 220778A520210CB3B62E36FE86FFC8942FBD8A2383314B9EDB80B9E28F1E6C11E65B8B623F1ED4CD91E4B71F15360E3CD59786FC9A5D2675E7B40B5BF44F5266 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 5.257365109493761 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXBhk0QUuFHVoZcg1vRcR0YWtRZwoAvJfshHHrPeUkwRe9:YvXKXBhkpUuF2Zc0vBGUUUkee9 |
| MD5: | E75AE8DA96B556631FD5D3C148F5A45F |
| SHA1: | 4097AE7BDF4FBD9572D2FC2A8ECCE3713B67E06D |
| SHA-256: | A191C5DAB4F6E74EC89156877C41083A09A35B7C7D43C38F89BB97FC44A7A0BF |
| SHA-512: | 764284EB5B5A9721984BC5EDC8849A275E7A0A9DA7601F7921909C6F7DFB0260F564D9311DCE51F77C0C7532DFC58B62BCF6C79C72957148B0D6EC3222AEF1F8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 282 |
| Entropy (8bit): | 5.265533383642393 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXBhk0QUuFHVoZcg1vRcR0YWtRZwoAvJTqgFCrPeUkwRe9:YvXKXBhkpUuF2Zc0vBGTq16Ukee9 |
| MD5: | E17CFE559786F5E7993787CE701BB8E2 |
| SHA1: | 12EA6EFE16F559CF5702ABC0105CCE694230E672 |
| SHA-256: | 71E3565300D89AECC9A1BA8EF392B9DA7DFEBD21006EE8A112578D120C753C95 |
| SHA-512: | 6B3AFFE964560F3DB16A4EEA2461DDE9499BC3846D2F6162A1750AE6541613AB7E6661282D98ADC8D0C8C312028D4ADF8BC48C354A75FD48D653B2C0AB54D4D4 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | 3:e:e |
| MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
| SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
| SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
| SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2815 |
| Entropy (8bit): | 5.127247018293179 |
| Encrypted: | false |
| SSDEEP: | 48:Yt9zF76Rh76dTGhY7HyYGcLxw92Ug9gcN:sF76v76dTj7qKxzjrN |
| MD5: | 52537487A615F43E22214222F6979F8C |
| SHA1: | 0FDCAF023A643A4AB5112F02D9443E54193750B2 |
| SHA-256: | DA64062A39EE10D134FD03AD57F6F3348A8FBF8FB8DAE651040BC76E3E7688BF |
| SHA-512: | 2470F86B2F0E32D0D8974C17A2E5FF8AEC6B4D95F899A03B142BBA2918CB988B247B3A2D8E6506C2CEFFAAA8034CB24BC0418AD99A17883388B43D3AF956EB32 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 1.1886152720259133 |
| Encrypted: | false |
| SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUqtSSvR9H9vxFGiDIAEkGVvpetU:lNVmswUUUUUUUUgS+FGSItgU |
| MD5: | E194D8EBF52A92CEDD5EE6D66270377B |
| SHA1: | BF4F66949704A5AE5EE88B5EDB48F01D5DA4BB49 |
| SHA-256: | 1532B81010BBBD94E97BBC05D9CF15401C246182A725639E3CDCAD047D16ADCE |
| SHA-512: | 032BE139DF9DA868F558B8C5F67C72EE6D6197712DB3A2A5D90EF662217983CDE88E885B7C7121A5B38721D5CFD497A7450DCF29D20046018BABE79E88DEAC1F |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 1.6079834656718928 |
| Encrypted: | false |
| SSDEEP: | 48:7MgKUUUUUUUUUUqtAvR9H9vxFGiDIAEkGVvIqFl2GL7msd:7QUUUUUUUUUUg4FGSItmKVmsd |
| MD5: | 889DD20D28AC773E2DB81266265F695E |
| SHA1: | D1725FA55EB529D7A06C730C93FDF3877291FCC8 |
| SHA-256: | EB28216961611766FDC881D31ED585C0996BB9E830EFDBC19A2DA75281CF7A9C |
| SHA-512: | 3D915396C8872FA726B9E1E1274C813FF4585C161AFAF5C6D2571EE02BECC0589E71CF14AD0A5B8B1208D4BEEC7C61DDACF6C2793545A487CE1351B637A2726B |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.529459928009153 |
| Encrypted: | false |
| SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8r+lsL:Qw946cPbiOxDlbYnuRKC |
| MD5: | 59B81EB885A8454967990C1AFFF0AC36 |
| SHA1: | 0A6A43C1B2683908EDB8E15AFAA6B17C4B7E55AD |
| SHA-256: | EB65FD7C4B22F70D94FBF80199D4C7E2039BD38BEF84DF4C257E29931FD3ACBA |
| SHA-512: | EB505B13820A8B978959AFAD6ABE9E1550D3472B062C80B24BCB633E08F40B6B0F80FED99283B46C3214EE0B5D3EC4F72201D74A763784B5354954A38522D318 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16525 |
| Entropy (8bit): | 5.345946398610936 |
| Encrypted: | false |
| SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
| MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
| SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
| SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
| SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 15114 |
| Entropy (8bit): | 5.380592878585622 |
| Encrypted: | false |
| SSDEEP: | 384:/E6ByIgT7IxHY+9Qf5VPVSmnD4pXozzYmxLnFN9YjI335q5wQLhVGdz2vNr6/Wur:m0i |
| MD5: | B3E7EE5391620256C0E8C0785723E6C6 |
| SHA1: | 101320716F8EAD6CCEAC5EDB179C8D30693FC690 |
| SHA-256: | D68E1DC8EFEA9F2BE2B37E225341E25C8D3B027D122819D8EB874CCCA4A0CB41 |
| SHA-512: | 6EE2E4AA9996C687CB93B6DD897F9F6704DAF476CB8C57536EBCF02699BEFC83086B5B43B8F1AC08F25628740C89165A7688ABEB9403B82C30671B1B97A01893 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 29752 |
| Entropy (8bit): | 5.399516981624223 |
| Encrypted: | false |
| SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rt:R |
| MD5: | FD9D84496B66B2E515657880809234B8 |
| SHA1: | 8C5DF79C1AB1C3FCBF73AF931EA20AA88FAD6BD9 |
| SHA-256: | C98DDBA0CEA5671D02F928D6AB654FA199695F90523AF000807DFF4C8EA309DB |
| SHA-512: | 1E18C8C64D1857BA13DC47D0F9273552C50CEBE576421D558FC01C7F7CE86D93DFC3A77697240386C63F0EA66D50D81AA83DE4B0A974E1D02018F730CDE7687C |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 386528 |
| Entropy (8bit): | 7.9736851559892425 |
| Encrypted: | false |
| SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
| MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
| SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
| SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
| SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1407294 |
| Entropy (8bit): | 7.97605879016224 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw |
| MD5: | 8B9FA2EC5118087D19CFDB20DA7C4C26 |
| SHA1: | E32D6A1829B18717EF1455B73E88D36E0410EF93 |
| SHA-256: | 4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD |
| SHA-512: | 662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1419751 |
| Entropy (8bit): | 7.976496077007677 |
| Encrypted: | false |
| SSDEEP: | 24576:/VRmOWL07oXGZnYIGNP5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:tRbWLxXGZnZGT3mlind9i4ufFXpAXkru |
| MD5: | 655AAE90FDDC72648A5EE17F9D88E614 |
| SHA1: | 47C955B297DC126D9E876253A0C39A5B4F80D58B |
| SHA-256: | 4EB8A8AB8C820FA042CF74CD2E19AE3833EBEC36732EC1A041968A239C0E4844 |
| SHA-512: | 1959025E549134623DA3CC4EE0890AA81D89653CC4AC85A702351CD4E8841EB013D75A39A0D874A5E676D575F58B60B6813A56B19531F247E5B69F8D5138369D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 758601 |
| Entropy (8bit): | 7.98639316555857 |
| Encrypted: | false |
| SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
| MD5: | 3A49135134665364308390AC398006F1 |
| SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
| SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
| SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.929661539673598 |
| TrID: |
|
| File name: | Invoice Number INV132146-1.pdf |
| File size: | 52'893 bytes |
| MD5: | 786bb21da0bc0a7a90278e99818d59a9 |
| SHA1: | 1b63a43223fa7a5d275d0b3631bee54fe8ca181c |
| SHA256: | 3f193b89c9274026c94b4da74272c7160f1c6f76d5a64594ebb66b103d1e38d2 |
| SHA512: | 5a2eef7c1a61b777c644b15e38070b3ffe358e69785a235b9cfa440ddc403bd509c786c843eb0d60063d14d2a560badd8df12c9cd9c060891766a444d2a46649 |
| SSDEEP: | 1536:oaZC54j2Aup+lgekiqCAltX3/MCgPnTn9d6:HZCSaAusSi+XvjETn9d6 |
| TLSH: | DB3302BCA895CC9DDEA459F62440438E42DFAC379FD617312ECBE3419E8930AF584DA4 |
| File Content Preview: | %PDF-1.6.%.....2 0 obj.<<./Lang <FEFF0045004E002D00550053>./MarkInfo 4 0 R./Metadata 5 0 R./PageLayout /OneColumn./Pages 6 0 R./StructTreeRoot 7 0 R./Type /Catalog./AcroForm 8 0 R.>>.endobj.5 0 obj.<<./Subtype /XML./Type /Metadata./Filter /FlateDecode./Le |
 | |
| Icon Hash: | 62cc8caeb29e8ae0 |
General | |
|---|---|
| Header: | %PDF-1.6 |
| Total Entropy: | 7.929662 |
| Total Bytes: | 52893 |
| Stream Entropy: | 7.929453 |
| Stream Bytes: | 51803 |
| Entropy outside Streams: | 5.201380 |
| Bytes outside Streams: | 1090 |
| Number of EOF found: | 1 |
| Bytes after EOF: | |
| Name | Count |
|---|---|
| obj | 9 |
| endobj | 9 |
| stream | 7 |
| endstream | 7 |
| xref | 0 |
| trailer | 0 |
| startxref | 1 |
| /Page | 0 |
| /Encrypt | 0 |
| /ObjStm | 1 |
| /URI | 0 |
| /JS | 0 |
| /JavaScript | 0 |
| /AA | 0 |
| /OpenAction | 0 |
| /AcroForm | 1 |
| /JBIG2Decode | 0 |
| /RichMedia | 0 |
| /Launch | 0 |
| /EmbeddedFile | 0 |
| ID | DHASH | MD5 | Preview |
|---|---|---|---|
| 32 | 11313038394f3736 | 99a66323ff5e1bcbb778db6bfb3b60cf |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library NodeDownload Network PCAP: filtered – full
- Total Packets: 92
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 24, 2025 02:58:51.362715960 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
| Mar 24, 2025 02:58:51.674896955 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
| Mar 24, 2025 02:58:52.284333944 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
| Mar 24, 2025 02:58:53.487461090 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
| Mar 24, 2025 02:58:55.206155062 CET | 49680 | 443 | 192.168.2.4 | 204.79.197.222 |
| Mar 24, 2025 02:58:55.893656015 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
| Mar 24, 2025 02:59:00.144772053 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
| Mar 24, 2025 02:59:00.485313892 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
| Mar 24, 2025 02:59:00.875885963 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
| Mar 24, 2025 02:59:01.094625950 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
| Mar 24, 2025 02:59:02.309319019 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
| Mar 24, 2025 02:59:04.722491026 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
| Mar 24, 2025 02:59:04.909534931 CET | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
| Mar 24, 2025 02:59:05.205037117 CET | 49711 | 443 | 192.168.2.4 | 204.79.197.222 |
| Mar 24, 2025 02:59:05.205367088 CET | 49711 | 443 | 192.168.2.4 | 204.79.197.222 |
| Mar 24, 2025 02:59:05.205502987 CET | 49711 | 443 | 192.168.2.4 | 204.79.197.222 |
| Mar 24, 2025 02:59:05.206878901 CET | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
| Mar 24, 2025 02:59:05.295000076 CET | 443 | 49711 | 204.79.197.222 | 192.168.2.4 |
| Mar 24, 2025 02:59:05.295329094 CET | 443 | 49711 | 204.79.197.222 | 192.168.2.4 |
| Mar 24, 2025 02:59:05.296622038 CET | 443 | 49711 | 204.79.197.222 | 192.168.2.4 |
| Mar 24, 2025 02:59:05.296663046 CET | 443 | 49711 | 204.79.197.222 | 192.168.2.4 |
| Mar 24, 2025 02:59:05.296688080 CET | 49711 | 443 | 192.168.2.4 | 204.79.197.222 |
| Mar 24, 2025 02:59:05.296716928 CET | 49711 | 443 | 192.168.2.4 | 204.79.197.222 |
| Mar 24, 2025 02:59:05.297744989 CET | 49711 | 443 | 192.168.2.4 | 204.79.197.222 |
| Mar 24, 2025 02:59:05.298321009 CET | 443 | 49711 | 204.79.197.222 | 192.168.2.4 |
| Mar 24, 2025 02:59:05.298357964 CET | 443 | 49711 | 204.79.197.222 | 192.168.2.4 |
| Mar 24, 2025 02:59:05.298374891 CET | 49711 | 443 | 192.168.2.4 | 204.79.197.222 |
| Mar 24, 2025 02:59:05.298410892 CET | 49711 | 443 | 192.168.2.4 | 204.79.197.222 |
| Mar 24, 2025 02:59:05.387689114 CET | 443 | 49711 | 204.79.197.222 | 192.168.2.4 |
| Mar 24, 2025 02:59:05.816270113 CET | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
| Mar 24, 2025 02:59:06.807722092 CET | 49733 | 80 | 192.168.2.4 | 23.48.144.248 |
| Mar 24, 2025 02:59:06.897619963 CET | 80 | 49733 | 23.48.144.248 | 192.168.2.4 |
| Mar 24, 2025 02:59:06.897753954 CET | 49733 | 80 | 192.168.2.4 | 23.48.144.248 |
| Mar 24, 2025 02:59:06.898396015 CET | 49733 | 80 | 192.168.2.4 | 23.48.144.248 |
| Mar 24, 2025 02:59:06.988114119 CET | 80 | 49733 | 23.48.144.248 | 192.168.2.4 |
| Mar 24, 2025 02:59:06.989300013 CET | 80 | 49733 | 23.48.144.248 | 192.168.2.4 |
| Mar 24, 2025 02:59:06.989343882 CET | 80 | 49733 | 23.48.144.248 | 192.168.2.4 |
| Mar 24, 2025 02:59:06.989398956 CET | 49733 | 80 | 192.168.2.4 | 23.48.144.248 |
| Mar 24, 2025 02:59:07.025331020 CET | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
| Mar 24, 2025 02:59:09.425335884 CET | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
| Mar 24, 2025 02:59:09.534744024 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
| Mar 24, 2025 02:59:10.490314007 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
| Mar 24, 2025 02:59:14.231803894 CET | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
| Mar 24, 2025 02:59:18.758707047 CET | 49733 | 80 | 192.168.2.4 | 23.48.144.248 |
| Mar 24, 2025 02:59:19.140235901 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
| Mar 24, 2025 02:59:23.844691992 CET | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
| Mar 24, 2025 02:59:25.557769060 CET | 49745 | 443 | 192.168.2.4 | 142.251.41.4 |
| Mar 24, 2025 02:59:25.557862043 CET | 443 | 49745 | 142.251.41.4 | 192.168.2.4 |
| Mar 24, 2025 02:59:25.558113098 CET | 49745 | 443 | 192.168.2.4 | 142.251.41.4 |
| Mar 24, 2025 02:59:25.558113098 CET | 49745 | 443 | 192.168.2.4 | 142.251.41.4 |
| Mar 24, 2025 02:59:25.558212996 CET | 443 | 49745 | 142.251.41.4 | 192.168.2.4 |
| Mar 24, 2025 02:59:25.757455111 CET | 443 | 49745 | 142.251.41.4 | 192.168.2.4 |
| Mar 24, 2025 02:59:25.757787943 CET | 49745 | 443 | 192.168.2.4 | 142.251.41.4 |
| Mar 24, 2025 02:59:25.758739948 CET | 49745 | 443 | 192.168.2.4 | 142.251.41.4 |
| Mar 24, 2025 02:59:25.758771896 CET | 443 | 49745 | 142.251.41.4 | 192.168.2.4 |
| Mar 24, 2025 02:59:25.759155989 CET | 443 | 49745 | 142.251.41.4 | 192.168.2.4 |
| Mar 24, 2025 02:59:25.799710035 CET | 49745 | 443 | 192.168.2.4 | 142.251.41.4 |
| Mar 24, 2025 02:59:35.748125076 CET | 443 | 49745 | 142.251.41.4 | 192.168.2.4 |
| Mar 24, 2025 02:59:35.748205900 CET | 443 | 49745 | 142.251.41.4 | 192.168.2.4 |
| Mar 24, 2025 02:59:35.752425909 CET | 49745 | 443 | 192.168.2.4 | 142.251.41.4 |
| Mar 24, 2025 02:59:36.936404943 CET | 49745 | 443 | 192.168.2.4 | 142.251.41.4 |
| Mar 24, 2025 02:59:36.936429024 CET | 443 | 49745 | 142.251.41.4 | 192.168.2.4 |
| Mar 24, 2025 02:59:38.756993055 CET | 49717 | 443 | 192.168.2.4 | 104.126.116.105 |
| Mar 24, 2025 02:59:38.757221937 CET | 49720 | 80 | 192.168.2.4 | 23.203.176.221 |
| Mar 24, 2025 02:59:42.760226965 CET | 80 | 49714 | 23.203.176.221 | 192.168.2.4 |
| Mar 24, 2025 02:59:42.760401964 CET | 49714 | 80 | 192.168.2.4 | 23.203.176.221 |
| Mar 24, 2025 02:59:42.760452986 CET | 49714 | 80 | 192.168.2.4 | 23.203.176.221 |
| Mar 24, 2025 02:59:42.851272106 CET | 80 | 49714 | 23.203.176.221 | 192.168.2.4 |
| Mar 24, 2025 03:00:25.520267963 CET | 49754 | 443 | 192.168.2.4 | 142.251.41.4 |
| Mar 24, 2025 03:00:25.520369053 CET | 443 | 49754 | 142.251.41.4 | 192.168.2.4 |
| Mar 24, 2025 03:00:25.520467043 CET | 49754 | 443 | 192.168.2.4 | 142.251.41.4 |
| Mar 24, 2025 03:00:25.520611048 CET | 49754 | 443 | 192.168.2.4 | 142.251.41.4 |
| Mar 24, 2025 03:00:25.520631075 CET | 443 | 49754 | 142.251.41.4 | 192.168.2.4 |
| Mar 24, 2025 03:00:25.715941906 CET | 443 | 49754 | 142.251.41.4 | 192.168.2.4 |
| Mar 24, 2025 03:00:25.716320992 CET | 49754 | 443 | 192.168.2.4 | 142.251.41.4 |
| Mar 24, 2025 03:00:25.716387987 CET | 443 | 49754 | 142.251.41.4 | 192.168.2.4 |
| Mar 24, 2025 03:00:26.737417936 CET | 49712 | 443 | 192.168.2.4 | 40.126.28.23 |
| Mar 24, 2025 03:00:26.854259968 CET | 443 | 49712 | 40.126.28.23 | 192.168.2.4 |
| Mar 24, 2025 03:00:26.854336023 CET | 49712 | 443 | 192.168.2.4 | 40.126.28.23 |
| Mar 24, 2025 03:00:35.717235088 CET | 443 | 49754 | 142.251.41.4 | 192.168.2.4 |
| Mar 24, 2025 03:00:35.717307091 CET | 443 | 49754 | 142.251.41.4 | 192.168.2.4 |
| Mar 24, 2025 03:00:35.717380047 CET | 49754 | 443 | 192.168.2.4 | 142.251.41.4 |
| Mar 24, 2025 03:00:36.003144979 CET | 49708 | 443 | 192.168.2.4 | 52.113.196.254 |
| Mar 24, 2025 03:00:36.362488985 CET | 49709 | 443 | 192.168.2.4 | 131.253.33.254 |
| Mar 24, 2025 03:00:36.549998999 CET | 49710 | 443 | 192.168.2.4 | 204.79.197.222 |
| Mar 24, 2025 03:00:37.553385019 CET | 49754 | 443 | 192.168.2.4 | 142.251.41.4 |
| Mar 24, 2025 03:00:37.553440094 CET | 443 | 49754 | 142.251.41.4 | 192.168.2.4 |
| Mar 24, 2025 03:01:06.644526958 CET | 443 | 49711 | 204.79.197.222 | 192.168.2.4 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 24, 2025 02:59:06.695354939 CET | 54740 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 24, 2025 02:59:06.794332981 CET | 53 | 54740 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 02:59:21.412195921 CET | 53 | 56503 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 02:59:21.435370922 CET | 53 | 62180 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 02:59:22.044797897 CET | 53 | 61468 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 02:59:22.205826998 CET | 53 | 57662 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 02:59:25.457370043 CET | 64136 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 24, 2025 02:59:25.457370996 CET | 63320 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 24, 2025 02:59:25.556498051 CET | 53 | 64136 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 02:59:25.556818962 CET | 53 | 63320 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 02:59:26.473578930 CET | 56520 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 24, 2025 02:59:26.473579884 CET | 52764 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 24, 2025 02:59:27.015707016 CET | 53 | 56520 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 02:59:27.016237974 CET | 50448 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 24, 2025 02:59:27.020821095 CET | 53 | 52764 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 02:59:27.021126986 CET | 54500 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 24, 2025 02:59:27.561593056 CET | 53 | 50448 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 02:59:27.565200090 CET | 53 | 54500 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 02:59:27.586532116 CET | 52709 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 24, 2025 02:59:28.126410007 CET | 53 | 52709 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 02:59:28.163866997 CET | 61536 | 53 | 192.168.2.4 | 8.8.8.8 |
| Mar 24, 2025 02:59:28.164244890 CET | 51259 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 24, 2025 02:59:28.261518002 CET | 53 | 61536 | 8.8.8.8 | 192.168.2.4 |
| Mar 24, 2025 02:59:28.262506962 CET | 53 | 51259 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 02:59:29.176083088 CET | 57058 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 24, 2025 02:59:29.176296949 CET | 58228 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 24, 2025 02:59:29.727941990 CET | 53 | 58228 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 02:59:29.728390932 CET | 50556 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 24, 2025 02:59:29.800668955 CET | 53 | 57058 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 02:59:29.801644087 CET | 61879 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 24, 2025 02:59:30.344610929 CET | 53 | 61879 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 02:59:30.351742029 CET | 53 | 50556 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 02:59:35.379442930 CET | 49873 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 24, 2025 02:59:35.379673004 CET | 61836 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 24, 2025 02:59:35.919290066 CET | 53 | 49873 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 02:59:35.919830084 CET | 50636 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 24, 2025 02:59:35.920355082 CET | 53 | 61836 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 02:59:35.920738935 CET | 56689 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 24, 2025 02:59:36.155663967 CET | 53 | 56689 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 02:59:36.165739059 CET | 53 | 50636 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 02:59:36.166529894 CET | 53209 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 24, 2025 02:59:36.782571077 CET | 53 | 53209 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 02:59:39.338558912 CET | 53 | 55202 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 02:59:58.275749922 CET | 53 | 56115 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 02:59:59.499844074 CET | 138 | 138 | 192.168.2.4 | 192.168.2.255 |
| Mar 24, 2025 03:00:06.959877014 CET | 56449 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 24, 2025 03:00:06.960108995 CET | 52310 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 24, 2025 03:00:07.221239090 CET | 53 | 52310 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 03:00:07.223218918 CET | 58501 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 24, 2025 03:00:07.437357903 CET | 53 | 56449 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 03:00:07.437843084 CET | 51589 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 24, 2025 03:00:07.750468016 CET | 53 | 58501 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 03:00:07.820559978 CET | 53 | 51589 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 03:00:07.821472883 CET | 59128 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 24, 2025 03:00:08.216511965 CET | 53 | 59128 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 03:00:08.275202036 CET | 56907 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 24, 2025 03:00:08.275398016 CET | 54453 | 53 | 192.168.2.4 | 8.8.8.8 |
| Mar 24, 2025 03:00:08.373572111 CET | 53 | 56907 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 03:00:08.374234915 CET | 53 | 54453 | 8.8.8.8 | 192.168.2.4 |
| Mar 24, 2025 03:00:20.789330959 CET | 53 | 57265 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 03:00:20.854990959 CET | 53 | 52069 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 03:00:23.651091099 CET | 53 | 50253 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 03:00:23.742304087 CET | 53 | 56006 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 03:00:33.429110050 CET | 59284 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 24, 2025 03:00:33.969691992 CET | 53 | 59284 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 03:00:51.611099005 CET | 53 | 56075 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 03:01:06.582361937 CET | 56007 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 24, 2025 03:01:07.581460953 CET | 56007 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 24, 2025 03:01:07.681247950 CET | 53 | 56007 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 03:01:08.244021893 CET | 58483 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 24, 2025 03:01:08.244299889 CET | 58848 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 24, 2025 03:01:08.484265089 CET | 53 | 58483 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 03:01:08.484747887 CET | 56189 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 24, 2025 03:01:08.778060913 CET | 53 | 58848 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 03:01:08.778676987 CET | 62664 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 24, 2025 03:01:08.883187056 CET | 53 | 56189 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 03:01:08.890285015 CET | 63411 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 24, 2025 03:01:09.286472082 CET | 53 | 63411 | 1.1.1.1 | 192.168.2.4 |
| Mar 24, 2025 03:01:09.416773081 CET | 53 | 62664 | 1.1.1.1 | 192.168.2.4 |
| Timestamp | Source IP | Dest IP | Checksum | Code | Type |
|---|---|---|---|---|---|
| Mar 24, 2025 02:59:30.351820946 CET | 192.168.2.4 | 1.1.1.1 | c1ef | (Port unreachable) | Destination Unreachable |
| Mar 24, 2025 03:01:09.416850090 CET | 192.168.2.4 | 1.1.1.1 | c1ef | (Port unreachable) | Destination Unreachable |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Mar 24, 2025 02:59:06.695354939 CET | 192.168.2.4 | 1.1.1.1 | 0x6197 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 02:59:25.457370043 CET | 192.168.2.4 | 1.1.1.1 | 0xcc54 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 02:59:25.457370996 CET | 192.168.2.4 | 1.1.1.1 | 0x52aa | Standard query (0) | 65 | IN (0x0001) | false | |
| Mar 24, 2025 02:59:26.473578930 CET | 192.168.2.4 | 1.1.1.1 | 0x5eeb | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 02:59:26.473579884 CET | 192.168.2.4 | 1.1.1.1 | 0x1078 | Standard query (0) | 65 | IN (0x0001) | false | |
| Mar 24, 2025 02:59:27.016237974 CET | 192.168.2.4 | 1.1.1.1 | 0xa13f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 02:59:27.021126986 CET | 192.168.2.4 | 1.1.1.1 | 0x6f16 | Standard query (0) | 65 | IN (0x0001) | false | |
| Mar 24, 2025 02:59:27.586532116 CET | 192.168.2.4 | 1.1.1.1 | 0x5961 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 02:59:28.163866997 CET | 192.168.2.4 | 8.8.8.8 | 0x713d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 02:59:28.164244890 CET | 192.168.2.4 | 1.1.1.1 | 0x57a1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 02:59:29.176083088 CET | 192.168.2.4 | 1.1.1.1 | 0xdbc0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 02:59:29.176296949 CET | 192.168.2.4 | 1.1.1.1 | 0xb49d | Standard query (0) | 65 | IN (0x0001) | false | |
| Mar 24, 2025 02:59:29.728390932 CET | 192.168.2.4 | 1.1.1.1 | 0xe2c7 | Standard query (0) | 65 | IN (0x0001) | false | |
| Mar 24, 2025 02:59:29.801644087 CET | 192.168.2.4 | 1.1.1.1 | 0x9525 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 02:59:35.379442930 CET | 192.168.2.4 | 1.1.1.1 | 0x1362 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 02:59:35.379673004 CET | 192.168.2.4 | 1.1.1.1 | 0xe59a | Standard query (0) | 65 | IN (0x0001) | false | |
| Mar 24, 2025 02:59:35.919830084 CET | 192.168.2.4 | 1.1.1.1 | 0x374e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 02:59:35.920738935 CET | 192.168.2.4 | 1.1.1.1 | 0x4240 | Standard query (0) | 65 | IN (0x0001) | false | |
| Mar 24, 2025 02:59:36.166529894 CET | 192.168.2.4 | 1.1.1.1 | 0xee4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 03:00:06.959877014 CET | 192.168.2.4 | 1.1.1.1 | 0xbe31 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 03:00:06.960108995 CET | 192.168.2.4 | 1.1.1.1 | 0xe63 | Standard query (0) | 65 | IN (0x0001) | false | |
| Mar 24, 2025 03:00:07.223218918 CET | 192.168.2.4 | 1.1.1.1 | 0x8071 | Standard query (0) | 65 | IN (0x0001) | false | |
| Mar 24, 2025 03:00:07.437843084 CET | 192.168.2.4 | 1.1.1.1 | 0x1d4f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 03:00:07.821472883 CET | 192.168.2.4 | 1.1.1.1 | 0x6cbf | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 03:00:08.275202036 CET | 192.168.2.4 | 1.1.1.1 | 0x8646 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 03:00:08.275398016 CET | 192.168.2.4 | 8.8.8.8 | 0x5972 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 03:00:33.429110050 CET | 192.168.2.4 | 1.1.1.1 | 0x16fc | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 03:01:06.582361937 CET | 192.168.2.4 | 1.1.1.1 | 0x6f3f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 03:01:07.581460953 CET | 192.168.2.4 | 1.1.1.1 | 0x6f3f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 03:01:08.244021893 CET | 192.168.2.4 | 1.1.1.1 | 0x6d71 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 03:01:08.244299889 CET | 192.168.2.4 | 1.1.1.1 | 0xb7d1 | Standard query (0) | 65 | IN (0x0001) | false | |
| Mar 24, 2025 03:01:08.484747887 CET | 192.168.2.4 | 1.1.1.1 | 0xcbd5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 03:01:08.778676987 CET | 192.168.2.4 | 1.1.1.1 | 0xcc14 | Standard query (0) | 65 | IN (0x0001) | false | |
| Mar 24, 2025 03:01:08.890285015 CET | 192.168.2.4 | 1.1.1.1 | 0xa067 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Mar 24, 2025 02:59:06.794332981 CET | 1.1.1.1 | 192.168.2.4 | 0x6197 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 24, 2025 02:59:06.794332981 CET | 1.1.1.1 | 192.168.2.4 | 0x6197 | No error (0) | e8652.dscx.akamaiedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 24, 2025 02:59:06.794332981 CET | 1.1.1.1 | 192.168.2.4 | 0x6197 | No error (0) | 23.48.144.248 | A (IP address) | IN (0x0001) | false | ||
| Mar 24, 2025 02:59:07.239561081 CET | 1.1.1.1 | 192.168.2.4 | 0xb709 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
| Mar 24, 2025 02:59:07.239561081 CET | 1.1.1.1 | 192.168.2.4 | 0xb709 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
| Mar 24, 2025 02:59:25.556498051 CET | 1.1.1.1 | 192.168.2.4 | 0xcc54 | No error (0) | 142.251.41.4 | A (IP address) | IN (0x0001) | false | ||
| Mar 24, 2025 02:59:25.556818962 CET | 1.1.1.1 | 192.168.2.4 | 0x52aa | No error (0) | 65 | IN (0x0001) | false | |||
| Mar 24, 2025 02:59:27.015707016 CET | 1.1.1.1 | 192.168.2.4 | 0x5eeb | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 02:59:27.020821095 CET | 1.1.1.1 | 192.168.2.4 | 0x1078 | Server failure (2) | none | none | 65 | IN (0x0001) | false | |
| Mar 24, 2025 02:59:27.561593056 CET | 1.1.1.1 | 192.168.2.4 | 0xa13f | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 02:59:27.565200090 CET | 1.1.1.1 | 192.168.2.4 | 0x6f16 | Server failure (2) | none | none | 65 | IN (0x0001) | false | |
| Mar 24, 2025 02:59:28.126410007 CET | 1.1.1.1 | 192.168.2.4 | 0x5961 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 02:59:28.261518002 CET | 8.8.8.8 | 192.168.2.4 | 0x713d | No error (0) | 142.251.40.142 | A (IP address) | IN (0x0001) | false | ||
| Mar 24, 2025 02:59:28.262506962 CET | 1.1.1.1 | 192.168.2.4 | 0x57a1 | No error (0) | 142.250.65.174 | A (IP address) | IN (0x0001) | false | ||
| Mar 24, 2025 02:59:29.727941990 CET | 1.1.1.1 | 192.168.2.4 | 0xb49d | Server failure (2) | none | none | 65 | IN (0x0001) | false | |
| Mar 24, 2025 02:59:29.800668955 CET | 1.1.1.1 | 192.168.2.4 | 0xdbc0 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 02:59:30.344610929 CET | 1.1.1.1 | 192.168.2.4 | 0x9525 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 02:59:30.351742029 CET | 1.1.1.1 | 192.168.2.4 | 0xe2c7 | Server failure (2) | none | none | 65 | IN (0x0001) | false | |
| Mar 24, 2025 02:59:35.919290066 CET | 1.1.1.1 | 192.168.2.4 | 0x1362 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 02:59:35.920355082 CET | 1.1.1.1 | 192.168.2.4 | 0xe59a | Server failure (2) | none | none | 65 | IN (0x0001) | false | |
| Mar 24, 2025 02:59:36.155663967 CET | 1.1.1.1 | 192.168.2.4 | 0x4240 | Server failure (2) | none | none | 65 | IN (0x0001) | false | |
| Mar 24, 2025 02:59:36.165739059 CET | 1.1.1.1 | 192.168.2.4 | 0x374e | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 02:59:36.782571077 CET | 1.1.1.1 | 192.168.2.4 | 0xee4 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 03:00:07.221239090 CET | 1.1.1.1 | 192.168.2.4 | 0xe63 | Server failure (2) | none | none | 65 | IN (0x0001) | false | |
| Mar 24, 2025 03:00:07.437357903 CET | 1.1.1.1 | 192.168.2.4 | 0xbe31 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 03:00:07.750468016 CET | 1.1.1.1 | 192.168.2.4 | 0x8071 | Server failure (2) | none | none | 65 | IN (0x0001) | false | |
| Mar 24, 2025 03:00:07.820559978 CET | 1.1.1.1 | 192.168.2.4 | 0x1d4f | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 03:00:08.216511965 CET | 1.1.1.1 | 192.168.2.4 | 0x6cbf | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 03:00:08.373572111 CET | 1.1.1.1 | 192.168.2.4 | 0x8646 | No error (0) | 142.251.32.110 | A (IP address) | IN (0x0001) | false | ||
| Mar 24, 2025 03:00:08.374234915 CET | 8.8.8.8 | 192.168.2.4 | 0x5972 | No error (0) | 142.251.40.142 | A (IP address) | IN (0x0001) | false | ||
| Mar 24, 2025 03:00:33.969691992 CET | 1.1.1.1 | 192.168.2.4 | 0x16fc | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 03:01:07.681247950 CET | 1.1.1.1 | 192.168.2.4 | 0x6f3f | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 03:01:08.484265089 CET | 1.1.1.1 | 192.168.2.4 | 0x6d71 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 03:01:08.778060913 CET | 1.1.1.1 | 192.168.2.4 | 0xb7d1 | Server failure (2) | none | none | 65 | IN (0x0001) | false | |
| Mar 24, 2025 03:01:08.883187056 CET | 1.1.1.1 | 192.168.2.4 | 0xcbd5 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 03:01:09.286472082 CET | 1.1.1.1 | 192.168.2.4 | 0xa067 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
| Mar 24, 2025 03:01:09.416773081 CET | 1.1.1.1 | 192.168.2.4 | 0xcc14 | Server failure (2) | none | none | 65 | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49733 | 23.48.144.248 | 80 | 7392 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 24, 2025 02:59:06.898396015 CET | 115 | OUT | |
| Mar 24, 2025 02:59:06.989300013 CET | 1254 | IN | |
| Mar 24, 2025 02:59:06.989343882 CET | 491 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 21:58:52 |
| Start date: | 23/03/2025 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff737680000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 2 |
| Start time: | 21:58:53 |
| Start date: | 23/03/2025 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff691900000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 3 |
| Start time: | 21:58:55 |
| Start date: | 23/03/2025 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff691900000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 20 |
| Start time: | 21:59:18 |
| Start date: | 23/03/2025 |
| Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff786830000 |
| File size: | 3'388'000 bytes |
| MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 21 |
| Start time: | 21:59:20 |
| Start date: | 23/03/2025 |
| Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff786830000 |
| File size: | 3'388'000 bytes |
| MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 22 |
| Start time: | 21:59:25 |
| Start date: | 23/03/2025 |
| Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff786830000 |
| File size: | 3'388'000 bytes |
| MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
⊘No disassembly
