Edit tour
Windows
Analysis Report
Visix Digital Signage.pdf
Overview
General Information
Detection
Score: | 52 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Antivirus detection for URL or domain
Suspicious PDF detected (based on various text indicators)
Detected non-DNS traffic on DNS port
Detected suspicious crossdomain redirect
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Classification
- System is w10x64
- Acrobat.exe (PID: 2944 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\V isix Digit al Signage .pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 5284 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7244 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 84 --field -trial-han dle=1628,i ,376244652 4523621955 ,141402933 5647064530 5,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- chrome.exe (PID: 7288 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "https ://docsend .com/view/ 6bkxyed8jn 8y29xw" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 1868 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2028 --fi eld-trial- handle=200 4,i,908554 0079256255 740,348082 7009133672 095,262144 /prefetch :8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | SlashNext: |
Phishing |
---|
Source: | OCR Text: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic: |
Source: | HTTP traffic: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | Initial sample: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 1 Spearphishing Link | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 3 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
11% | ReversingLabs | Document-PDF.Phishing.Generic |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | SlashNext | Credential Stealing type: Phishing & Social Engineering | ||
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | unknown | |
dianemccabe.com | 217.115.114.114 | true | false | unknown | |
www.google.com | 142.250.185.100 | true | false | unknown | |
docsend.com | 18.173.205.62 | true | false | unknown | |
x1.i.lencr.org | unknown | unknown | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown | ||
false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | unknown | |||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.185.100 | www.google.com | United States | 15169 | GOOGLEUS | false | |
18.173.205.62 | docsend.com | United States | 3 | MIT-GATEWAYSUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
23.203.104.175 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
217.115.114.114 | dianemccabe.com | Ireland | 30900 | WEBWORLD-AStaWebWorldIrelandIE | false |
IP |
---|
192.168.2.4 |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1524439 |
Start date and time: | 2024-10-02 19:51:31 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 41s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 13 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Visix Digital Signage.pdf |
Detection: | MAL |
Classification: | mal52.phis.winPDF@44/51@7/6 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 52.202.204.11, 52.5.13.197, 23.22.254.206, 54.227.187.23, 2.19.126.149, 2.19.126.143, 172.64.41.3, 162.159.61.3, 2.23.197.184, 199.232.210.172, 192.229.221.95, 142.250.186.67, 142.250.184.238, 74.125.71.84, 34.104.35.123, 216.58.206.74, 142.250.186.106, 142.250.186.170, 216.58.212.170, 142.250.184.234, 142.250.186.138, 142.250.186.74, 142.250.186.42, 172.217.16.138, 172.217.18.10, 142.250.184.202, 142.250.185.234, 142.250.74.202, 216.58.206.42, 172.217.16.202, 142.250.181.234, 216.58.206.35, 142.250.186.174
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, clientservices.googleapis.com, acroipm2.adobe.com, clients2.google.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net, optimizationguide-pa.googleapis.com, clients1.google.com, fs.microsoft.com, accounts.google.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: Visix Digital Signage.pdf
Time | Type | Description |
---|---|---|
13:52:38 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
239.255.255.250 | Get hash | malicious | Credential Flusher | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
23.203.104.175 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
217.115.114.114 | Get hash | malicious | HTMLPhisher | Browse | ||
Get hash | malicious | HTMLPhisher | Browse | |||
18.173.205.62 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | PayPal Phisher | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
dianemccabe.com | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
docsend.com | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
bg.microsoft.map.fastly.net | Get hash | malicious | Rhysida | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | EvilProxy | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | Mirai, Moobot | Browse |
| |
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Rhysida | Browse |
| ||
Get hash | malicious | LummaC, MicroClip | Browse |
| ||
Get hash | malicious | LummaC, PrivateLoader, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Babadeda | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
WEBWORLD-AStaWebWorldIrelandIE | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Moobot | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | FormBook, GuLoader | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
MIT-GATEWAYSUS | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
28a2c9bd18a11de089ef85a160da29e4 | Get hash | malicious | Credential Flusher | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
⊘No context
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.179899204999623 |
Encrypted: | false |
SSDEEP: | 6:W4UAskpQ+q2Pwkn2nKuAl9OmbnIFUt8B4UASqgZmw+B4UASqQVkwOwkn2nKuAl91:3EP+vYfHAahFUt8Co/+C4V5JfHAaSJ |
MD5: | A5596F9440520C8CC1914B9738E81C07 |
SHA1: | 7305CDE0DB5DCE072F4EB2A9A530D6FAF79C0CAC |
SHA-256: | DBE0A7766ACB0938C072BAF35D3D1B258D01AEED106888639C1B304AC6F6D5B7 |
SHA-512: | ADC22A7C70BF1A12107FF5060DB1178C1338F4851253B9E0693D33AECAA6E44F74A28925FFB3F6349D66B87A425E2A343C23067BF2445785F5FCAE4DBC2FCB87 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.179899204999623 |
Encrypted: | false |
SSDEEP: | 6:W4UAskpQ+q2Pwkn2nKuAl9OmbnIFUt8B4UASqgZmw+B4UASqQVkwOwkn2nKuAl91:3EP+vYfHAahFUt8Co/+C4V5JfHAaSJ |
MD5: | A5596F9440520C8CC1914B9738E81C07 |
SHA1: | 7305CDE0DB5DCE072F4EB2A9A530D6FAF79C0CAC |
SHA-256: | DBE0A7766ACB0938C072BAF35D3D1B258D01AEED106888639C1B304AC6F6D5B7 |
SHA-512: | ADC22A7C70BF1A12107FF5060DB1178C1338F4851253B9E0693D33AECAA6E44F74A28925FFB3F6349D66B87A425E2A343C23067BF2445785F5FCAE4DBC2FCB87 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.141985121325197 |
Encrypted: | false |
SSDEEP: | 6:W4UAmyq2Pwkn2nKuAl9Ombzo2jMGIFUt8B4UAmaZmw+B4UAm4GIzkwOwkn2nKuAv:3dvYfHAa8uFUt8Cd/+CtG05JfHAa8RJ |
MD5: | 3BE04182A46FEE10615322CF57646050 |
SHA1: | 00101C58E5EE6301B31077335F8E30F3CE9DB4AF |
SHA-256: | 4AD3B821098FA7F23998AD9CBEEA4E2D522D7EEDF2FF1F08428A4FC8FB0A7C82 |
SHA-512: | BA9075668D424F39E4BD56B4AEC722C58547B6EA9B585E6152EC9EA23BE352F5AD46E41E600BAA16E0145A0E1D2FA3DB7A134F2A1A40D98EDFD0DD49363C50F1 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 336 |
Entropy (8bit): | 5.141985121325197 |
Encrypted: | false |
SSDEEP: | 6:W4UAmyq2Pwkn2nKuAl9Ombzo2jMGIFUt8B4UAmaZmw+B4UAm4GIzkwOwkn2nKuAv:3dvYfHAa8uFUt8Cd/+CtG05JfHAa8RJ |
MD5: | 3BE04182A46FEE10615322CF57646050 |
SHA1: | 00101C58E5EE6301B31077335F8E30F3CE9DB4AF |
SHA-256: | 4AD3B821098FA7F23998AD9CBEEA4E2D522D7EEDF2FF1F08428A4FC8FB0A7C82 |
SHA-512: | BA9075668D424F39E4BD56B4AEC722C58547B6EA9B585E6152EC9EA23BE352F5AD46E41E600BAA16E0145A0E1D2FA3DB7A134F2A1A40D98EDFD0DD49363C50F1 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\3d382397-6b7e-4fcd-b1bb-899dacd911be.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.970895562327589 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqlBxsBdOg2H2hAcaq3QYiubInP7E4T3y:Y2sRdsrdMHw3QYhbG7nby |
MD5: | A3CC8DCDF798151BE958183963271CF5 |
SHA1: | 35567AFE5EC87C0D9BC1CA144955022928EF065B |
SHA-256: | 9A365C2800240A4E0CA83F39017D33DF37DCB73D8327E10FDEB732B9EC2C706D |
SHA-512: | 6CFC31790B2F64E625D4B45A37261486F5E32B89B31DB5D5B96DAD922A24AC34ABB92B92804E652E22D7E5EA346274F135D8FFC19924A8DC248FC301E4FEF822 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.970895562327589 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqlBxsBdOg2H2hAcaq3QYiubInP7E4T3y:Y2sRdsrdMHw3QYhbG7nby |
MD5: | A3CC8DCDF798151BE958183963271CF5 |
SHA1: | 35567AFE5EC87C0D9BC1CA144955022928EF065B |
SHA-256: | 9A365C2800240A4E0CA83F39017D33DF37DCB73D8327E10FDEB732B9EC2C706D |
SHA-512: | 6CFC31790B2F64E625D4B45A37261486F5E32B89B31DB5D5B96DAD922A24AC34ABB92B92804E652E22D7E5EA346274F135D8FFC19924A8DC248FC301E4FEF822 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.257666724510051 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7dV7OrM5VSZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goK |
MD5: | 94ED79EA6DBCC3612E699FD65B150CAB |
SHA1: | 198FE0972DE0A490389B4F577A115EFC01625A98 |
SHA-256: | 4AF6FE3827332ED5592BFF93A349AA99E018FE87DF126664BA39EA2D5BF4C528 |
SHA-512: | 69B7701685A992ADFFCF33290549F00AB7FA7CD42BB5A8459E6AF898B062C2F72714BC0840C1BCB1E0B08EF56F3674A519F7A525F418F62AAB04AD93393A4BB3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.16316676590871 |
Encrypted: | false |
SSDEEP: | 6:W4UAomXq2Pwkn2nKuAl9OmbzNMxIFUt8B4UX/wXZmw+B4UXzsPkwOwkn2nKuAl9c:3AmXvYfHAa8jFUt8COwX/+Cac5JfHAab |
MD5: | 3CABC7D60A939F47738B036A4479C641 |
SHA1: | 925D030F02CF3DAEC94C7AE545338EEDFD2E2597 |
SHA-256: | F10EB47074AA6467A0FC02AB70167E5AB3573E83283441990E771A9EA2C70695 |
SHA-512: | A9949D1C4DC6CDFB72D8FBFBD71624033F24B047DBDFC24A2B84F3F14AED2E3310ABD3AE7253BF1ED769C1449054EC77615746EE833A203D036B5B0012F8D321 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 324 |
Entropy (8bit): | 5.16316676590871 |
Encrypted: | false |
SSDEEP: | 6:W4UAomXq2Pwkn2nKuAl9OmbzNMxIFUt8B4UX/wXZmw+B4UXzsPkwOwkn2nKuAl9c:3AmXvYfHAa8jFUt8COwX/+Cac5JfHAab |
MD5: | 3CABC7D60A939F47738B036A4479C641 |
SHA1: | 925D030F02CF3DAEC94C7AE545338EEDFD2E2597 |
SHA-256: | F10EB47074AA6467A0FC02AB70167E5AB3573E83283441990E771A9EA2C70695 |
SHA-512: | A9949D1C4DC6CDFB72D8FBFBD71624033F24B047DBDFC24A2B84F3F14AED2E3310ABD3AE7253BF1ED769C1449054EC77615746EE833A203D036B5B0012F8D321 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241002175229Z-152.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 75494 |
Entropy (8bit): | 3.5365751369680654 |
Encrypted: | false |
SSDEEP: | 768:kqDueEF4Z9V0mKtyj22A222gTCbrsbkr/:zESZ6to22A222gTCbeq |
MD5: | 657351598782C1AE9BB156EC37DD7E98 |
SHA1: | E787B49CACB2ABC179E1459E75039D327BA45491 |
SHA-256: | 9FB0B3584CC88BC6C98335C3D80E1D231453749DFCE46E944EFF6C63707700DB |
SHA-512: | 4C636CE236A1426580FE4A8F13B3C4E1E7825459EE7C673EEAB67136D3B540A43E02EAB842E23D80EB5FD9EB4656629F299223590DFEBD9A4B69B63A73834749 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.444965091766289 |
Encrypted: | false |
SSDEEP: | 384:yezci5tMiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rrs3OazzU89UTTgUL |
MD5: | 8587A4E267D618645371706EE3C9FA2F |
SHA1: | 4EA52383E2576A48D1045C1B47DCAD0AEFE1D6AB |
SHA-256: | 5C11244A6B71130BC28281FF6B56D718CF5B6D06C034D347ECD215E8346E9C5B |
SHA-512: | B8E3CD7BBC844C6A413F737BD800927F2184BDADA4481D279503650449CD6CBF4D58778BDEC418955AFD8D9215E52D4E5C46206B66A24918F30C689146FDFDD5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.7754942169663015 |
Encrypted: | false |
SSDEEP: | 48:7MSp/E2ioyVoioy9oWoy1Cwoy14KOioy1noy1AYoy1Wioy1hioybioySoy1noy1M:7NpjuoFrXKQzGb9IVXEBodRBkn |
MD5: | 98A0AF9B7F129BC0BF3D53017A99E446 |
SHA1: | C6C869842C5581D383CFA396F1493034BA1B1A11 |
SHA-256: | 076BFCF7E1E2B258B69571D95D6A85D018EFD82E8858A3B54C4225052A20DA70 |
SHA-512: | FF415E8C59F8711DDAEFC0E7C2697214C3FC0EBEA8A3E87A2C01F5BACA212A0A7C5ACC69B843EF6BC68FDA6B50D7CECE87DDF3B6324C445350E9341405B1EA7C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.7673182398396405 |
Encrypted: | false |
SSDEEP: | 3:kkFkl8QvfllXlE/HT8kuiXNNX8RolJuRdxLlGB9lQRYwpDdt:kKlQQT8idNMa8RdWBwRd |
MD5: | FF4A6B1424A05A61E20E6C7BF1CE7722 |
SHA1: | 0F4166BB40BFED63E2A96658336AEF85F0C45964 |
SHA-256: | BF270E5F1B978112B3828A2FF05378D1E2B194299D18397B870AFC10A322140D |
SHA-512: | FA4A05F2B4D33D699FE62844D9E93AF30BF090FA4B746FF70A8E200CAE14821059BDC7269DD6B75656099CB19D4FF3A4F58B177E52D7CC464839670DF00135CB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.2418003062782916 |
Encrypted: | false |
SSDEEP: | 6:kKlT9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:kDImsLNkPlE99SNxAhUe/3 |
MD5: | E230D9F474E71FC4695E964C52A0CB55 |
SHA1: | 51ACA9306C53F703DB25C06C72C8940C28EF0345 |
SHA-256: | E189B272BA835BB5299016EB1C18A7F18D602B064F935A672A350433B94C2C33 |
SHA-512: | 480E98FF5C53CA605BAA478BD3FB34DA0952DDA68A2B0AA4F6019209548FA49BC754B1CEC5377AC39CA5AC60782FA841F1C6671289C11D3CA9632F15AF0E75D0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 244540 |
Entropy (8bit): | 3.3415042960460593 |
Encrypted: | false |
SSDEEP: | 1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwggErRo+RQn:yPClJ/3AYvYwgrFo+RQn |
MD5: | 758B42992DDFC41CB5E57069C621B54A |
SHA1: | D0C28AF6CF1BD2208DA97DEDE57F6C78CEC98DCD |
SHA-256: | 55DF75758DD6CA825ED2DC9380EDC8469351191308C34CACFC44205197ABD25D |
SHA-512: | 437918372167A402005A728DCBBEF7B3A9580B794AD6A948A435C9D57C1672ACC1B7376E2A09113B66600EF5049D23625174256565BC639125A2F2BD07928926 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.35763125086245 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX+ajyqVc9VoZcg1vRcR0YGVdXUoAvJM3g98kUwPeUkwRe9:YvXKX+ajykZc0vLGMbLUkee9 |
MD5: | 77E1B153D65E1794F6B6B551CC01E5E4 |
SHA1: | F479BE43D18C18CD7056E64492F19F0AB756F463 |
SHA-256: | A58F4180B1A3D7BDFFDF78BC843AD39B53969B8836D7D8190E66F17E037C3EE5 |
SHA-512: | A4F789FD45D25FECE0757C1169C4AEB2FE7DF0237E209127BA7B75AAEC80BFB68806A7C8F5FFC5CC54A3E40C5F60E25E04646F57DCC5B305A446F40387DE95B7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.305093187284576 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX+ajyqVc9VoZcg1vRcR0YGVdXUoAvJfBoTfXpnrPeUkwRe9:YvXKX+ajykZc0vLGWTfXcUkee9 |
MD5: | A066BF6F7DB17E5A7647E330CB795211 |
SHA1: | 13CF86279642431979D8CC7A827206BC39F33F61 |
SHA-256: | 4654F42D912ED334E7A227F4E626E07ADCE19AEDFD1A3580C77AE85A095139C0 |
SHA-512: | 129A5A1E6FBF8B00CF60CE53BAD63B60D739D3B24530A7CEAFD58734793F0F6783C0CDE3196F8C68F15729A7B8FF5E23F0781236115DC746EECAE23D86A27C84 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.284360981199245 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX+ajyqVc9VoZcg1vRcR0YGVdXUoAvJfBD2G6UpnrPeUkwRe9:YvXKX+ajykZc0vLGR22cUkee9 |
MD5: | A757B38EDC86ED2F1668DB35F72AA590 |
SHA1: | E1477405839579153D03DB7BC6017741E2C7EAB1 |
SHA-256: | 8C37B08263B2D873C198CBB266C8A7FE3D0C5FC475FF4C76E562E045EA97D5FC |
SHA-512: | 125F8F64A95E90BB38DB3C63D6CD322211729654741121720F0140E3D0E947749AC2ACE9B0631CF4C9B5F811F779B5F3A195B9ECD4485EA0EAAA613A687DAB07 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.344440629497794 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX+ajyqVc9VoZcg1vRcR0YGVdXUoAvJfPmwrPeUkwRe9:YvXKX+ajykZc0vLGH56Ukee9 |
MD5: | C2D9E46E69D5A45CB62627A26A6A86F1 |
SHA1: | 6B8B99FCCDC6AB11710E7C131A54EE7621926759 |
SHA-256: | 5BCFBFDC23EACC14831A166CB2D034D309F23D831372E04C04BDAF9A85075787 |
SHA-512: | 9641770D16B06E3590BE903AA0627C49B380C7606411F7065673C09B10B367B0FBBB60838795C2D83B1E275E64706D92AC999B19C3E6F1CE34CFA5EFFEC6F8CF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1063 |
Entropy (8bit): | 5.667403548880453 |
Encrypted: | false |
SSDEEP: | 24:Yv6X+AlzvApLgEFqciGennl0RCmK8czOCY4w2N:YvbIYhgLtaAh8cvYv6 |
MD5: | A68B85BABCCA0FD063C64FB9CDEC9870 |
SHA1: | B1B99F4C67ABBB5139E3D078F071B31D5C7A12A7 |
SHA-256: | C965EFFED9F310384F1FE241F33C2A7BC914210BFDF4B0CAA6E791C89A4B8A03 |
SHA-512: | 9CBBBFB59F085859BBB27FA945156898FF5B47C0218383EA8D5D20D28FAEE130F680B0A4C65B5E204B1E85079BF6A452B1B970FB30F300EA127305DB8174AFF8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.654452749449715 |
Encrypted: | false |
SSDEEP: | 24:Yv6X+AlzvSVLgEF0c7sbnl0RCmK8czOCYHflEpwiVN:YvbIKFg6sGAh8cvYHWpwI |
MD5: | 22D022A6DCAA015CE0EC801DE2F49A5B |
SHA1: | 5CD0685039384394942CECEBF120708E969E6151 |
SHA-256: | 5B0F6B0555D559BFD6962DE60FB1F18CD2E394EB74C22C2D82586114589F56CF |
SHA-512: | 3070F58E3D092933378538AFE0516ECB522095959E37C0C8545C958BDFDB27478878B3B6FEED2CC0160F284EF3C3D52032442B0A071690AEF1C2985799F1E56A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.296818437907712 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX+ajyqVc9VoZcg1vRcR0YGVdXUoAvJfQ1rPeUkwRe9:YvXKX+ajykZc0vLGY16Ukee9 |
MD5: | 2258551D7E4816766AA8360FDAEF70F4 |
SHA1: | A0969C4C52AE965526AB71C0AC69F0C465DE01BE |
SHA-256: | 525B57D69748F6803B0EE1D97827F4EEEA69E145C4A0484C046572D3E5E0C610 |
SHA-512: | D0F6B7EB8868039EACF8EF22AD64EDAC14B1A4B76ADD0A271B97D8AD9A308FCBEE83A16311DAF2C8AD2FAB3D626C3DC5FBB8F972A1EF1780B71638D1A6022B28 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1038 |
Entropy (8bit): | 5.649347262826427 |
Encrypted: | false |
SSDEEP: | 24:Yv6X+Alzv/2LgEF7cciAXs0nl0RCmK8czOCAPtciBN:YvbI3ogc8hAh8cvAz |
MD5: | 1D12568BDAEA09837115685B9C8B89A6 |
SHA1: | 0DAE5CEEC186B2946259422BF3B038A82EE379D7 |
SHA-256: | 33ED943C2CF683CADCDB7DC15ECD1A3A82BCC706E4DCDE1FC5330019A7B348D6 |
SHA-512: | 226D1AC2DC49E1F67CF3D90B86AAAE09A0D4FF20C8081A0941282AE8806E8E8DFA918DD95DD036E062663121B81F1FEC8B4219AB4F13602C5A256CA798250DC2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.702485118182417 |
Encrypted: | false |
SSDEEP: | 24:Yv6X+AlzvTKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5N:YvbIbEgqprtrS5OZjSlwTmAfSKH |
MD5: | BB05F162E5D05529BA5A25D7F096AD39 |
SHA1: | 19DA69EEA7FB3E2EC72C7EA229B20F8861E5467E |
SHA-256: | D0E1218CE41A7DA5DE06D2C5A75DA419C1E3F49EAA8414FAA9031F1E39FF5D45 |
SHA-512: | F5D04A93EE9681AFE239144FCAA2BDE40BB17340EABE4D1252DD4080B606D668303F8B2990357568439B604191B202654F74C87F0F8F379980612EC717BD3F2A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.298947132714304 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX+ajyqVc9VoZcg1vRcR0YGVdXUoAvJfYdPeUkwRe9:YvXKX+ajykZc0vLGg8Ukee9 |
MD5: | BAFC2A33D3A5E42DE498F0B2A904EFCA |
SHA1: | BE7DE98A093B07AF8C07EA9982ECB22BF604E43C |
SHA-256: | F3CA3630E451107C8633B8A4FFF4EBA0F5AF1E60D73A8EA82312BD768D938655 |
SHA-512: | 01C4008F21A671126D4BE31EDA234A96FFF85FA4E5CA9EB72A8D71F3D0A8D1C042D30A8215BA6BC99F46E9C299B2ED1382D3AD43D077CA60CDBBD08F4FC0DF11 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.7822680565672595 |
Encrypted: | false |
SSDEEP: | 24:Yv6X+AlzvurLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNV:YvbIGHgDv3W2aYQfgB5OUupHrQ9FJH |
MD5: | 5A100BB8F66ABB3CA85BE1D63F9E2E21 |
SHA1: | 3D2562DDAE009945B0B966175D47F28FD6A9CB39 |
SHA-256: | BABF79DBCE39BDFDD47D197E9FDF08A958CE1F85153C91509CF9A677DD959F27 |
SHA-512: | AEC9269B73FD2188A327E4C109A2FAC11899365EB774B2224BD9526651759DE050A93F7061A52D17E45C4A2221013CDDDDB7E13BFBB9B17D8700AE11E4DA1CDA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.282501466589443 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX+ajyqVc9VoZcg1vRcR0YGVdXUoAvJfbPtdPeUkwRe9:YvXKX+ajykZc0vLGDV8Ukee9 |
MD5: | 11DC8FC3BAD75EE815F398BACBF7EECB |
SHA1: | 01C04D173F34E6E705B385117F88780C1938610B |
SHA-256: | ABA8AFFEAC0848058AA9EF7F08DAE9477EAEBB7D462E3936F5E59F5006BA74CD |
SHA-512: | ADFC2F20ED4C98DB77A0C9A98E81C19F0A483CF6AFDDF5FE2BA6AA382D8600FB4F7CDAB85F8AEB6223F3C5E667AD64EEC5BE22AD232816031100A6B1F8A02518 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.286823965359043 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX+ajyqVc9VoZcg1vRcR0YGVdXUoAvJf21rPeUkwRe9:YvXKX+ajykZc0vLG+16Ukee9 |
MD5: | E6B1D4EDB2353D61B75596D90D87A482 |
SHA1: | 57F28676F9A0A0BE96B87E666F0DD5377B7DE416 |
SHA-256: | 9DB751078F05C8D4079A075B664A5C1FB5666E87AA94532F548A5CE5EE73D481 |
SHA-512: | 7FC2595F8DACE4B6C00BF6864287B41C3D68F7EB4EFB8E0E7DEDB997D171ECF27D0D676A2ECD7185C90BF5845150740F251D7EB395CBE4C6C406C47D393A94C6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1058 |
Entropy (8bit): | 5.6588930513998505 |
Encrypted: | false |
SSDEEP: | 24:Yv6X+AlzvkamXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8BN:YvbIKBguOAh8cv+NKS |
MD5: | 21BB0A9859C009766B8989A8C4B6203A |
SHA1: | C340005255A8C9DCA24B01BEB60FA18CD2C0729F |
SHA-256: | D54E5C1CE260592E1F667A7472C55A7A0AA525E169B6A6581D99A95CEDB18FFC |
SHA-512: | A71A0A209873742CA936B2E1B6B40322093DDAC8F21C44CC20595AF363E24E21B96E2C395C3D96E1DDB99F5D02ECADA706C9CFBBCBF5E80D8613724B6AFE997C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.265346659896378 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HX+ajyqVc9VoZcg1vRcR0YGVdXUoAvJfshHHrPeUkwRe9:YvXKX+ajykZc0vLGUUUkee9 |
MD5: | 750F8ED891E0A032068DDDBB11BD87FA |
SHA1: | EA1B2B99443AEAEE0A103D6C28B83922A1F45B15 |
SHA-256: | 53D9EFAAC86326F9909128029DA746E03113B3696F2DDB2224CB8870271E60C5 |
SHA-512: | 5F323B322BA6E1EB6B4E8396A7B84AFF8C55632B73EED0B5D6AB516E6AF51DB74C251DB08050C96BE19620352DC017E1ED07DCB191A32C94446224C2B6E09093 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.372161016249532 |
Encrypted: | false |
SSDEEP: | 12:YvXKX+ajykZc0vLGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWT1:Yv6X+Alzvr168CgEXX5kcIfANhI |
MD5: | FABB17C3FDA24B84660BC8699C35F201 |
SHA1: | 8362A8518B5268DBD9D496DD0715659F7B999A82 |
SHA-256: | 5DAB50E65B3CB37F160135FC50203781F246FA9C378B73301F5E2809B48DB371 |
SHA-512: | CAEECCB51027CB65488644D358B73E8BC653888A9291718876EA8D0F5747DCCDD691B6244EDFD684E6ABCB3AE134A0AC4B512FB942D0B1F728927255B28698A9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.134904563366145 |
Encrypted: | false |
SSDEEP: | 24:YmmaBOhayq7qe7E/2FzhC2hp34Eq11nvnjaPsj0Sp80cm92R2LSrlqbq5G9vNVu7:YYDXfN5r4Eq3e+OxiUtIqY9vk |
MD5: | 1B5107572E3BEDEAF12A6DE9AC26352D |
SHA1: | FA5DAFA8D8C366CECC78DA73730CD5BAD3874B4F |
SHA-256: | 005BDAA069B0CEBDC1D969AB189A1E9752712DF1D744D396846BB89671509161 |
SHA-512: | 3439B3075531502C55069BD41EA0FB029A4D6F46B3944387F0A845214D1B122EF88EBFFC741A8D6665359FE2AE997BEDD4B84A77B994C40A7292819B83AC3009 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.188437327607825 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUdcSvR9H9vxFGiDIAEkGVvppi:lNVmswUUUUUUUUS+FGSItU |
MD5: | 276811CC754A71046391B0ADEBA8C3A0 |
SHA1: | E1BEDCB0CB6F963E8F4B5DD1B335DBFB0DA7A820 |
SHA-256: | 9889F59948599DC975ADF8A83DADE8C65C90D22230BED0F2C3D1A6A203C6A72B |
SHA-512: | 7ED3A63A03447C0010151F4A0E8E4453A9A7024DE9AA74ADB2652B660702804589C66D3B5FAB213B1E97F1F6489185B018D9831B2A22204746F457993A20C384 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6077438800036894 |
Encrypted: | false |
SSDEEP: | 48:7MJKUUUUUUUUUUdOvR9H9vxFGiDIAEkGVvFqFl2GL7msf:7bUUUUUUUUUU4FGSIt7KVmsf |
MD5: | AB4226A7493D0A024840B178B91A2CAD |
SHA1: | 570AC38167FE5590944F300F5DE88717B16D45C1 |
SHA-256: | 66647FFD5700F4BB909A7EDED27E91497B6190138E7BE442B3C91B7A86911DAA |
SHA-512: | 84DEDC83380C3EEE53F0856434AA9E65CA263998FA31DB30730CA698A2E8E3982A82E308A7EF19E04CF0D75BC3E2801219A39F86ED09297B84662692F26850A1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5085442896850614 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8gjqA1flH:Qw946cPbiOxDlbYnuRKLhflH |
MD5: | 1F31ACF02A12EA45A2A0655E59BE09BA |
SHA1: | E837D79C32C0F4036F4B37FE3623DA7D4B7D13AA |
SHA-256: | A91919EB2972DDC350045639250D24A719218374F75833BCC2532B048FDC7C2F |
SHA-512: | C30197C347EC6C9D1D041ECB218BD5C96BE4045D61BF4D61E4C50F475A9E7F2BD7252DFFB9A0E3741C3911D9558C9C18CCE0439BCC08A8871323173FCF0EF950 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-02 13-52-27-857.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.3558911443977335 |
Encrypted: | false |
SSDEEP: | 384:dLPqXrbu3XYIpsLcJ4Eb14WX3oTGeUEzX0eMais4RLypbNIygxSFFIFYtsaV2l9c:p4/ |
MD5: | 419A100BD3D5F674CAB097E4993D1C61 |
SHA1: | 3A12CDCCC644ABB2A87C8119D77C84EA9D65394B |
SHA-256: | 9699779D35DB99BE0A5755040128B538F2C6A66820832CCAC9511BA2E8C3CF51 |
SHA-512: | 428D8ECAE5CA4AEC3F200092C10BFD447273FE4FCE8093B250DD094A99455FA886937192AD96030F827D204857CC2B552AF39A3593D52BB15E667D44CDA07101 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.3818998490806935 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rh:d |
MD5: | 5A1F35969DEB8E67757E37DE5933BD69 |
SHA1: | D8285F85760990621B1AB9EE9D01AA6DC7CD8C0A |
SHA-256: | 279C7BB37E16E01285FF380C656DBBD6A3ED37B3C5F4D6B580AA8B653F294CC0 |
SHA-512: | 2D0BE698EBCB2D7F7C4F66A1C32F58252A02F9D5A3EEF3AF98B8BE2880F5D361F2C6CDEAD820733BFA3D7236F1CB8B38E56E525BAC09A7DA2189844280309FC9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7ouWLaGZ7wYIGNPJxdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07c:JVuWLaGZ7wZGV3mlind9i4ufFXpAXkrj |
MD5: | CB3005DBED13F33D7F7EA7E227F8A141 |
SHA1: | 15E1DC8FB74151572E1CF67AD62F534A5C1E2214 |
SHA-256: | 64AE1E5231E631117B7D69BB0EB4369EC2153376C07FF6CA8A0A138051B65FC5 |
SHA-512: | 7D97AA765E55F1F3CA189F353FC78F9B23C262383A2710CC1FF8A8F2A35EA7B1E1DB2B78478D952B4EEE59BF2258E77114042EF219F575F8A5D722FFD85FF295 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07tOWLRGZtZwYIGNPS:RB3mlind9i4ufFXpAXkrfUs0kWLRGZt8 |
MD5: | 76D770656BCA5C50B47663BBA9CBBB1E |
SHA1: | 61F8515EB2EB04907C7E1F150922977F7709E230 |
SHA-256: | AA844E9DCAFD08C25B59663279A3F15C694947AAA8E7FF7B6F29E76865CFFD71 |
SHA-512: | 3D267C1BF4424E1FFB6B521A40AEF2BC4025626405150DD4288B0CCB75D6E1CEB89636620BF76F72824DC7875C2F0B5FBA68DB8604026B10B63928FDA30EF0DA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 315 |
Entropy (8bit): | 5.0572271090563765 |
Encrypted: | false |
SSDEEP: | 6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoFEHcLgabzjsKtgsg93wzRbKqD:J0+oxBeRmR9etdzRxGezZfCzjsKtgizR |
MD5: | A34AC19F4AFAE63ADC5D2F7BC970C07F |
SHA1: | A82190FC530C265AA40A045C21770D967F4767B8 |
SHA-256: | D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3 |
SHA-512: | 42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765 |
Malicious: | false |
URL: | https://dianemccabe.com/favicon.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:v:v |
MD5: | 68B329DA9893E34099C7D8AD5CB9C940 |
SHA1: | ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC |
SHA-256: | 01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B |
SHA-512: | BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09 |
Malicious: | false |
URL: | https://dianemccabe.com/n/?c3Y9bzM2NV8xX25vbSZyYW5kPVR6WXpVMjQ9JnVpZD1VU0VSMjMwOTIwMjRVMzMwOTIzMjU=N0123N[EMAIL] |
Preview: |
File type: | |
Entropy (8bit): | 7.622551597153199 |
TrID: |
|
File name: | Visix Digital Signage.pdf |
File size: | 51'778 bytes |
MD5: | ff383d05bf9b51eba7105b2a8e6a5719 |
SHA1: | df0d9d06c65cdcb9a9d53b6fe447157a7bfb2830 |
SHA256: | f60d8fda0e37f482dbc8cf3dc5029f5fad9d1ae1d326c2b1da4774fd0f18ef3d |
SHA512: | 69329aa0d1bfd50bc69f4e30d3baab0bc308bd19ea0afb6c5bb7bf3a796f719a1a42aca07b34b63280ad34d327107054cd45b75e6e1e08ee55a848060e5ab733 |
SSDEEP: | 768:y2ok3guTsU9ygQS2zm/qU+28kcwfaSc0j2qVJjF+c/6Bd3/sIJHgrWU6xXdIVltg:/+wygQlUb8vaaSMCFq/LZXd2F4bd |
TLSH: | 2233D2078E091BC2D51C86E83E536D9D6F55660ED8C46AEF38AF0E833B50B361D0E16E |
File Content Preview: | %PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 12 0 R/MarkInfo<</Marked true>>/Metadata 26 0 R/ViewerPreferences 27 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 1/Kids[ 4 0 R] >>..endobj..3 0 obj..<</MSIP_Label_ecc91b28-7e0e |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.622552 |
Total Bytes: | 51778 |
Stream Entropy: | 7.635788 |
Stream Bytes: | 48077 |
Entropy outside Streams: | 5.434644 |
Bytes outside Streams: | 3701 |
Number of EOF found: | 2 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 17 |
endobj | 17 |
stream | 6 |
endstream | 6 |
xref | 2 |
trailer | 2 |
startxref | 2 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 1 |
/URI | 2 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
7 | 96e8717169e9e402 | 4617e4548f34da86aba13587d48bec5c |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 2, 2024 19:52:32.194736004 CEST | 49739 | 443 | 192.168.2.4 | 184.28.90.27 |
Oct 2, 2024 19:52:32.194823980 CEST | 443 | 49739 | 184.28.90.27 | 192.168.2.4 |
Oct 2, 2024 19:52:32.194919109 CEST | 49739 | 443 | 192.168.2.4 | 184.28.90.27 |
Oct 2, 2024 19:52:32.196487904 CEST | 49739 | 443 | 192.168.2.4 | 184.28.90.27 |
Oct 2, 2024 19:52:32.196527004 CEST | 443 | 49739 | 184.28.90.27 | 192.168.2.4 |
Oct 2, 2024 19:52:33.053689003 CEST | 443 | 49739 | 184.28.90.27 | 192.168.2.4 |
Oct 2, 2024 19:52:33.053879976 CEST | 49739 | 443 | 192.168.2.4 | 184.28.90.27 |
Oct 2, 2024 19:52:33.058625937 CEST | 49739 | 443 | 192.168.2.4 | 184.28.90.27 |
Oct 2, 2024 19:52:33.058657885 CEST | 443 | 49739 | 184.28.90.27 | 192.168.2.4 |
Oct 2, 2024 19:52:33.058881998 CEST | 443 | 49739 | 184.28.90.27 | 192.168.2.4 |
Oct 2, 2024 19:52:33.103786945 CEST | 49739 | 443 | 192.168.2.4 | 184.28.90.27 |
Oct 2, 2024 19:52:33.133780956 CEST | 49739 | 443 | 192.168.2.4 | 184.28.90.27 |
Oct 2, 2024 19:52:33.175446987 CEST | 443 | 49739 | 184.28.90.27 | 192.168.2.4 |
Oct 2, 2024 19:52:33.325459003 CEST | 443 | 49739 | 184.28.90.27 | 192.168.2.4 |
Oct 2, 2024 19:52:33.325500965 CEST | 443 | 49739 | 184.28.90.27 | 192.168.2.4 |
Oct 2, 2024 19:52:33.325686932 CEST | 49739 | 443 | 192.168.2.4 | 184.28.90.27 |
Oct 2, 2024 19:52:33.325686932 CEST | 49739 | 443 | 192.168.2.4 | 184.28.90.27 |
Oct 2, 2024 19:52:33.325772047 CEST | 49739 | 443 | 192.168.2.4 | 184.28.90.27 |
Oct 2, 2024 19:52:33.325810909 CEST | 443 | 49739 | 184.28.90.27 | 192.168.2.4 |
Oct 2, 2024 19:52:33.359236956 CEST | 49740 | 443 | 192.168.2.4 | 184.28.90.27 |
Oct 2, 2024 19:52:33.359271049 CEST | 443 | 49740 | 184.28.90.27 | 192.168.2.4 |
Oct 2, 2024 19:52:33.359349966 CEST | 49740 | 443 | 192.168.2.4 | 184.28.90.27 |
Oct 2, 2024 19:52:33.359627962 CEST | 49740 | 443 | 192.168.2.4 | 184.28.90.27 |
Oct 2, 2024 19:52:33.359647036 CEST | 443 | 49740 | 184.28.90.27 | 192.168.2.4 |
Oct 2, 2024 19:52:34.025509119 CEST | 443 | 49740 | 184.28.90.27 | 192.168.2.4 |
Oct 2, 2024 19:52:34.025618076 CEST | 49740 | 443 | 192.168.2.4 | 184.28.90.27 |
Oct 2, 2024 19:52:34.072777987 CEST | 49740 | 443 | 192.168.2.4 | 184.28.90.27 |
Oct 2, 2024 19:52:34.072798014 CEST | 443 | 49740 | 184.28.90.27 | 192.168.2.4 |
Oct 2, 2024 19:52:34.073128939 CEST | 443 | 49740 | 184.28.90.27 | 192.168.2.4 |
Oct 2, 2024 19:52:34.074131966 CEST | 49740 | 443 | 192.168.2.4 | 184.28.90.27 |
Oct 2, 2024 19:52:34.119398117 CEST | 443 | 49740 | 184.28.90.27 | 192.168.2.4 |
Oct 2, 2024 19:52:34.309127092 CEST | 443 | 49740 | 184.28.90.27 | 192.168.2.4 |
Oct 2, 2024 19:52:34.309284925 CEST | 443 | 49740 | 184.28.90.27 | 192.168.2.4 |
Oct 2, 2024 19:52:34.309415102 CEST | 49740 | 443 | 192.168.2.4 | 184.28.90.27 |
Oct 2, 2024 19:52:34.310084105 CEST | 49740 | 443 | 192.168.2.4 | 184.28.90.27 |
Oct 2, 2024 19:52:34.310084105 CEST | 49740 | 443 | 192.168.2.4 | 184.28.90.27 |
Oct 2, 2024 19:52:34.310106993 CEST | 443 | 49740 | 184.28.90.27 | 192.168.2.4 |
Oct 2, 2024 19:52:34.310117960 CEST | 443 | 49740 | 184.28.90.27 | 192.168.2.4 |
Oct 2, 2024 19:52:38.864891052 CEST | 49743 | 443 | 192.168.2.4 | 23.203.104.175 |
Oct 2, 2024 19:52:38.864974976 CEST | 443 | 49743 | 23.203.104.175 | 192.168.2.4 |
Oct 2, 2024 19:52:38.865067959 CEST | 49743 | 443 | 192.168.2.4 | 23.203.104.175 |
Oct 2, 2024 19:52:38.865207911 CEST | 49743 | 443 | 192.168.2.4 | 23.203.104.175 |
Oct 2, 2024 19:52:38.865259886 CEST | 443 | 49743 | 23.203.104.175 | 192.168.2.4 |
Oct 2, 2024 19:52:38.938105106 CEST | 49744 | 443 | 192.168.2.4 | 20.114.59.183 |
Oct 2, 2024 19:52:38.938183069 CEST | 443 | 49744 | 20.114.59.183 | 192.168.2.4 |
Oct 2, 2024 19:52:38.938258886 CEST | 49744 | 443 | 192.168.2.4 | 20.114.59.183 |
Oct 2, 2024 19:52:38.939582109 CEST | 49744 | 443 | 192.168.2.4 | 20.114.59.183 |
Oct 2, 2024 19:52:38.939620018 CEST | 443 | 49744 | 20.114.59.183 | 192.168.2.4 |
Oct 2, 2024 19:52:39.486207008 CEST | 443 | 49743 | 23.203.104.175 | 192.168.2.4 |
Oct 2, 2024 19:52:39.486579895 CEST | 49743 | 443 | 192.168.2.4 | 23.203.104.175 |
Oct 2, 2024 19:52:39.486639023 CEST | 443 | 49743 | 23.203.104.175 | 192.168.2.4 |
Oct 2, 2024 19:52:39.488114119 CEST | 443 | 49743 | 23.203.104.175 | 192.168.2.4 |
Oct 2, 2024 19:52:39.488178968 CEST | 49743 | 443 | 192.168.2.4 | 23.203.104.175 |
Oct 2, 2024 19:52:39.490119934 CEST | 49743 | 443 | 192.168.2.4 | 23.203.104.175 |
Oct 2, 2024 19:52:39.490212917 CEST | 443 | 49743 | 23.203.104.175 | 192.168.2.4 |
Oct 2, 2024 19:52:39.490324020 CEST | 49743 | 443 | 192.168.2.4 | 23.203.104.175 |
Oct 2, 2024 19:52:39.532912970 CEST | 49743 | 443 | 192.168.2.4 | 23.203.104.175 |
Oct 2, 2024 19:52:39.532934904 CEST | 443 | 49743 | 23.203.104.175 | 192.168.2.4 |
Oct 2, 2024 19:52:39.579783916 CEST | 49743 | 443 | 192.168.2.4 | 23.203.104.175 |
Oct 2, 2024 19:52:39.593988895 CEST | 443 | 49743 | 23.203.104.175 | 192.168.2.4 |
Oct 2, 2024 19:52:39.594120026 CEST | 443 | 49743 | 23.203.104.175 | 192.168.2.4 |
Oct 2, 2024 19:52:39.594180107 CEST | 49743 | 443 | 192.168.2.4 | 23.203.104.175 |
Oct 2, 2024 19:52:39.594440937 CEST | 49743 | 443 | 192.168.2.4 | 23.203.104.175 |
Oct 2, 2024 19:52:39.594472885 CEST | 443 | 49743 | 23.203.104.175 | 192.168.2.4 |
Oct 2, 2024 19:52:39.594496965 CEST | 49743 | 443 | 192.168.2.4 | 23.203.104.175 |
Oct 2, 2024 19:52:39.594522953 CEST | 49743 | 443 | 192.168.2.4 | 23.203.104.175 |
Oct 2, 2024 19:52:39.741298914 CEST | 443 | 49744 | 20.114.59.183 | 192.168.2.4 |
Oct 2, 2024 19:52:39.741364002 CEST | 49744 | 443 | 192.168.2.4 | 20.114.59.183 |
Oct 2, 2024 19:52:39.743805885 CEST | 49744 | 443 | 192.168.2.4 | 20.114.59.183 |
Oct 2, 2024 19:52:39.743817091 CEST | 443 | 49744 | 20.114.59.183 | 192.168.2.4 |
Oct 2, 2024 19:52:39.744210005 CEST | 443 | 49744 | 20.114.59.183 | 192.168.2.4 |
Oct 2, 2024 19:52:39.798597097 CEST | 49744 | 443 | 192.168.2.4 | 20.114.59.183 |
Oct 2, 2024 19:52:40.466290951 CEST | 49744 | 443 | 192.168.2.4 | 20.114.59.183 |
Oct 2, 2024 19:52:40.507442951 CEST | 443 | 49744 | 20.114.59.183 | 192.168.2.4 |
Oct 2, 2024 19:52:40.725512028 CEST | 443 | 49744 | 20.114.59.183 | 192.168.2.4 |
Oct 2, 2024 19:52:40.725579977 CEST | 443 | 49744 | 20.114.59.183 | 192.168.2.4 |
Oct 2, 2024 19:52:40.725588083 CEST | 443 | 49744 | 20.114.59.183 | 192.168.2.4 |
Oct 2, 2024 19:52:40.725713968 CEST | 443 | 49744 | 20.114.59.183 | 192.168.2.4 |
Oct 2, 2024 19:52:40.725739956 CEST | 443 | 49744 | 20.114.59.183 | 192.168.2.4 |
Oct 2, 2024 19:52:40.725750923 CEST | 443 | 49744 | 20.114.59.183 | 192.168.2.4 |
Oct 2, 2024 19:52:40.725986004 CEST | 49744 | 443 | 192.168.2.4 | 20.114.59.183 |
Oct 2, 2024 19:52:40.726027012 CEST | 443 | 49744 | 20.114.59.183 | 192.168.2.4 |
Oct 2, 2024 19:52:40.726058960 CEST | 443 | 49744 | 20.114.59.183 | 192.168.2.4 |
Oct 2, 2024 19:52:40.726160049 CEST | 443 | 49744 | 20.114.59.183 | 192.168.2.4 |
Oct 2, 2024 19:52:40.726208925 CEST | 49744 | 443 | 192.168.2.4 | 20.114.59.183 |
Oct 2, 2024 19:52:40.726243973 CEST | 49744 | 443 | 192.168.2.4 | 20.114.59.183 |
Oct 2, 2024 19:52:41.205506086 CEST | 49744 | 443 | 192.168.2.4 | 20.114.59.183 |
Oct 2, 2024 19:52:41.205538988 CEST | 443 | 49744 | 20.114.59.183 | 192.168.2.4 |
Oct 2, 2024 19:52:41.205563068 CEST | 49744 | 443 | 192.168.2.4 | 20.114.59.183 |
Oct 2, 2024 19:52:41.205571890 CEST | 443 | 49744 | 20.114.59.183 | 192.168.2.4 |
Oct 2, 2024 19:52:52.116461039 CEST | 49752 | 443 | 192.168.2.4 | 18.173.205.62 |
Oct 2, 2024 19:52:52.116549969 CEST | 443 | 49752 | 18.173.205.62 | 192.168.2.4 |
Oct 2, 2024 19:52:52.116630077 CEST | 49752 | 443 | 192.168.2.4 | 18.173.205.62 |
Oct 2, 2024 19:52:52.117872000 CEST | 49752 | 443 | 192.168.2.4 | 18.173.205.62 |
Oct 2, 2024 19:52:52.117948055 CEST | 443 | 49752 | 18.173.205.62 | 192.168.2.4 |
Oct 2, 2024 19:52:52.872103930 CEST | 443 | 49752 | 18.173.205.62 | 192.168.2.4 |
Oct 2, 2024 19:52:52.872338057 CEST | 49752 | 443 | 192.168.2.4 | 18.173.205.62 |
Oct 2, 2024 19:52:52.872397900 CEST | 443 | 49752 | 18.173.205.62 | 192.168.2.4 |
Oct 2, 2024 19:52:52.873847961 CEST | 443 | 49752 | 18.173.205.62 | 192.168.2.4 |
Oct 2, 2024 19:52:52.873944998 CEST | 49752 | 443 | 192.168.2.4 | 18.173.205.62 |
Oct 2, 2024 19:52:52.874638081 CEST | 49752 | 443 | 192.168.2.4 | 18.173.205.62 |
Oct 2, 2024 19:52:52.874780893 CEST | 49752 | 443 | 192.168.2.4 | 18.173.205.62 |
Oct 2, 2024 19:52:52.874794960 CEST | 443 | 49752 | 18.173.205.62 | 192.168.2.4 |
Oct 2, 2024 19:52:52.874919891 CEST | 443 | 49752 | 18.173.205.62 | 192.168.2.4 |
Oct 2, 2024 19:52:52.914810896 CEST | 49752 | 443 | 192.168.2.4 | 18.173.205.62 |
Oct 2, 2024 19:52:52.914832115 CEST | 443 | 49752 | 18.173.205.62 | 192.168.2.4 |
Oct 2, 2024 19:52:52.963181973 CEST | 49752 | 443 | 192.168.2.4 | 18.173.205.62 |
Oct 2, 2024 19:52:53.354691029 CEST | 443 | 49752 | 18.173.205.62 | 192.168.2.4 |
Oct 2, 2024 19:52:53.354716063 CEST | 443 | 49752 | 18.173.205.62 | 192.168.2.4 |
Oct 2, 2024 19:52:53.354743958 CEST | 443 | 49752 | 18.173.205.62 | 192.168.2.4 |
Oct 2, 2024 19:52:53.354895115 CEST | 443 | 49752 | 18.173.205.62 | 192.168.2.4 |
Oct 2, 2024 19:52:53.354918957 CEST | 49752 | 443 | 192.168.2.4 | 18.173.205.62 |
Oct 2, 2024 19:52:53.354991913 CEST | 49752 | 443 | 192.168.2.4 | 18.173.205.62 |
Oct 2, 2024 19:52:53.356132984 CEST | 49752 | 443 | 192.168.2.4 | 18.173.205.62 |
Oct 2, 2024 19:52:53.356199026 CEST | 443 | 49752 | 18.173.205.62 | 192.168.2.4 |
Oct 2, 2024 19:52:53.393409014 CEST | 49755 | 443 | 192.168.2.4 | 217.115.114.114 |
Oct 2, 2024 19:52:53.393457890 CEST | 443 | 49755 | 217.115.114.114 | 192.168.2.4 |
Oct 2, 2024 19:52:53.393707037 CEST | 49755 | 443 | 192.168.2.4 | 217.115.114.114 |
Oct 2, 2024 19:52:53.393764019 CEST | 49755 | 443 | 192.168.2.4 | 217.115.114.114 |
Oct 2, 2024 19:52:53.393779039 CEST | 443 | 49755 | 217.115.114.114 | 192.168.2.4 |
Oct 2, 2024 19:52:54.194492102 CEST | 443 | 49755 | 217.115.114.114 | 192.168.2.4 |
Oct 2, 2024 19:52:54.194794893 CEST | 49755 | 443 | 192.168.2.4 | 217.115.114.114 |
Oct 2, 2024 19:52:54.194828987 CEST | 443 | 49755 | 217.115.114.114 | 192.168.2.4 |
Oct 2, 2024 19:52:54.196510077 CEST | 443 | 49755 | 217.115.114.114 | 192.168.2.4 |
Oct 2, 2024 19:52:54.196599960 CEST | 49755 | 443 | 192.168.2.4 | 217.115.114.114 |
Oct 2, 2024 19:52:54.198762894 CEST | 49755 | 443 | 192.168.2.4 | 217.115.114.114 |
Oct 2, 2024 19:52:54.198868036 CEST | 443 | 49755 | 217.115.114.114 | 192.168.2.4 |
Oct 2, 2024 19:52:54.198980093 CEST | 49755 | 443 | 192.168.2.4 | 217.115.114.114 |
Oct 2, 2024 19:52:54.199001074 CEST | 443 | 49755 | 217.115.114.114 | 192.168.2.4 |
Oct 2, 2024 19:52:54.238876104 CEST | 49755 | 443 | 192.168.2.4 | 217.115.114.114 |
Oct 2, 2024 19:52:54.609555006 CEST | 443 | 49755 | 217.115.114.114 | 192.168.2.4 |
Oct 2, 2024 19:52:54.611840010 CEST | 443 | 49755 | 217.115.114.114 | 192.168.2.4 |
Oct 2, 2024 19:52:54.611923933 CEST | 49755 | 443 | 192.168.2.4 | 217.115.114.114 |
Oct 2, 2024 19:52:54.614845037 CEST | 49755 | 443 | 192.168.2.4 | 217.115.114.114 |
Oct 2, 2024 19:52:54.614866972 CEST | 443 | 49755 | 217.115.114.114 | 192.168.2.4 |
Oct 2, 2024 19:52:54.658958912 CEST | 49757 | 443 | 192.168.2.4 | 217.115.114.114 |
Oct 2, 2024 19:52:54.659060001 CEST | 443 | 49757 | 217.115.114.114 | 192.168.2.4 |
Oct 2, 2024 19:52:54.659151077 CEST | 49757 | 443 | 192.168.2.4 | 217.115.114.114 |
Oct 2, 2024 19:52:54.659342051 CEST | 49757 | 443 | 192.168.2.4 | 217.115.114.114 |
Oct 2, 2024 19:52:54.659367085 CEST | 443 | 49757 | 217.115.114.114 | 192.168.2.4 |
Oct 2, 2024 19:52:55.357754946 CEST | 443 | 49757 | 217.115.114.114 | 192.168.2.4 |
Oct 2, 2024 19:52:55.358195066 CEST | 49757 | 443 | 192.168.2.4 | 217.115.114.114 |
Oct 2, 2024 19:52:55.358258009 CEST | 443 | 49757 | 217.115.114.114 | 192.168.2.4 |
Oct 2, 2024 19:52:55.359458923 CEST | 443 | 49757 | 217.115.114.114 | 192.168.2.4 |
Oct 2, 2024 19:52:55.359793901 CEST | 49757 | 443 | 192.168.2.4 | 217.115.114.114 |
Oct 2, 2024 19:52:55.359972000 CEST | 443 | 49757 | 217.115.114.114 | 192.168.2.4 |
Oct 2, 2024 19:52:55.360043049 CEST | 49757 | 443 | 192.168.2.4 | 217.115.114.114 |
Oct 2, 2024 19:52:55.403424978 CEST | 443 | 49757 | 217.115.114.114 | 192.168.2.4 |
Oct 2, 2024 19:52:55.670417070 CEST | 443 | 49757 | 217.115.114.114 | 192.168.2.4 |
Oct 2, 2024 19:52:55.670588017 CEST | 443 | 49757 | 217.115.114.114 | 192.168.2.4 |
Oct 2, 2024 19:52:55.670902014 CEST | 49757 | 443 | 192.168.2.4 | 217.115.114.114 |
Oct 2, 2024 19:52:55.672090054 CEST | 49757 | 443 | 192.168.2.4 | 217.115.114.114 |
Oct 2, 2024 19:52:55.672133923 CEST | 443 | 49757 | 217.115.114.114 | 192.168.2.4 |
Oct 2, 2024 19:52:57.083703995 CEST | 49758 | 443 | 192.168.2.4 | 142.250.185.100 |
Oct 2, 2024 19:52:57.083754063 CEST | 443 | 49758 | 142.250.185.100 | 192.168.2.4 |
Oct 2, 2024 19:52:57.084023952 CEST | 49758 | 443 | 192.168.2.4 | 142.250.185.100 |
Oct 2, 2024 19:52:57.084023952 CEST | 49758 | 443 | 192.168.2.4 | 142.250.185.100 |
Oct 2, 2024 19:52:57.084090948 CEST | 443 | 49758 | 142.250.185.100 | 192.168.2.4 |
Oct 2, 2024 19:52:57.157190084 CEST | 61245 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 19:52:57.162261009 CEST | 53 | 61245 | 1.1.1.1 | 192.168.2.4 |
Oct 2, 2024 19:52:57.162390947 CEST | 61245 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 19:52:57.162390947 CEST | 61245 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 19:52:57.167464972 CEST | 53 | 61245 | 1.1.1.1 | 192.168.2.4 |
Oct 2, 2024 19:52:57.604465961 CEST | 53 | 61245 | 1.1.1.1 | 192.168.2.4 |
Oct 2, 2024 19:52:57.605525017 CEST | 61245 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 19:52:57.611069918 CEST | 53 | 61245 | 1.1.1.1 | 192.168.2.4 |
Oct 2, 2024 19:52:57.611258984 CEST | 61245 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 19:52:57.748852015 CEST | 443 | 49758 | 142.250.185.100 | 192.168.2.4 |
Oct 2, 2024 19:52:57.749243975 CEST | 49758 | 443 | 192.168.2.4 | 142.250.185.100 |
Oct 2, 2024 19:52:57.749265909 CEST | 443 | 49758 | 142.250.185.100 | 192.168.2.4 |
Oct 2, 2024 19:52:57.750916958 CEST | 443 | 49758 | 142.250.185.100 | 192.168.2.4 |
Oct 2, 2024 19:52:57.750992060 CEST | 49758 | 443 | 192.168.2.4 | 142.250.185.100 |
Oct 2, 2024 19:52:57.752047062 CEST | 49758 | 443 | 192.168.2.4 | 142.250.185.100 |
Oct 2, 2024 19:52:57.752130985 CEST | 443 | 49758 | 142.250.185.100 | 192.168.2.4 |
Oct 2, 2024 19:52:57.805018902 CEST | 49758 | 443 | 192.168.2.4 | 142.250.185.100 |
Oct 2, 2024 19:52:57.805037022 CEST | 443 | 49758 | 142.250.185.100 | 192.168.2.4 |
Oct 2, 2024 19:52:57.851890087 CEST | 49758 | 443 | 192.168.2.4 | 142.250.185.100 |
Oct 2, 2024 19:53:07.635965109 CEST | 443 | 49758 | 142.250.185.100 | 192.168.2.4 |
Oct 2, 2024 19:53:07.636089087 CEST | 443 | 49758 | 142.250.185.100 | 192.168.2.4 |
Oct 2, 2024 19:53:07.636147976 CEST | 49758 | 443 | 192.168.2.4 | 142.250.185.100 |
Oct 2, 2024 19:53:08.260025978 CEST | 49758 | 443 | 192.168.2.4 | 142.250.185.100 |
Oct 2, 2024 19:53:08.260060072 CEST | 443 | 49758 | 142.250.185.100 | 192.168.2.4 |
Oct 2, 2024 19:53:17.590647936 CEST | 61253 | 443 | 192.168.2.4 | 20.114.59.183 |
Oct 2, 2024 19:53:17.590739012 CEST | 443 | 61253 | 20.114.59.183 | 192.168.2.4 |
Oct 2, 2024 19:53:17.590837002 CEST | 61253 | 443 | 192.168.2.4 | 20.114.59.183 |
Oct 2, 2024 19:53:17.591176033 CEST | 61253 | 443 | 192.168.2.4 | 20.114.59.183 |
Oct 2, 2024 19:53:17.591213942 CEST | 443 | 61253 | 20.114.59.183 | 192.168.2.4 |
Oct 2, 2024 19:53:18.384922028 CEST | 443 | 61253 | 20.114.59.183 | 192.168.2.4 |
Oct 2, 2024 19:53:18.385277987 CEST | 61253 | 443 | 192.168.2.4 | 20.114.59.183 |
Oct 2, 2024 19:53:18.388892889 CEST | 61253 | 443 | 192.168.2.4 | 20.114.59.183 |
Oct 2, 2024 19:53:18.388946056 CEST | 443 | 61253 | 20.114.59.183 | 192.168.2.4 |
Oct 2, 2024 19:53:18.389369011 CEST | 443 | 61253 | 20.114.59.183 | 192.168.2.4 |
Oct 2, 2024 19:53:18.395771027 CEST | 61253 | 443 | 192.168.2.4 | 20.114.59.183 |
Oct 2, 2024 19:53:18.443442106 CEST | 443 | 61253 | 20.114.59.183 | 192.168.2.4 |
Oct 2, 2024 19:53:18.718439102 CEST | 443 | 61253 | 20.114.59.183 | 192.168.2.4 |
Oct 2, 2024 19:53:18.718497038 CEST | 443 | 61253 | 20.114.59.183 | 192.168.2.4 |
Oct 2, 2024 19:53:18.718539000 CEST | 443 | 61253 | 20.114.59.183 | 192.168.2.4 |
Oct 2, 2024 19:53:18.718714952 CEST | 61253 | 443 | 192.168.2.4 | 20.114.59.183 |
Oct 2, 2024 19:53:18.718781948 CEST | 443 | 61253 | 20.114.59.183 | 192.168.2.4 |
Oct 2, 2024 19:53:18.718826056 CEST | 443 | 61253 | 20.114.59.183 | 192.168.2.4 |
Oct 2, 2024 19:53:18.718868017 CEST | 61253 | 443 | 192.168.2.4 | 20.114.59.183 |
Oct 2, 2024 19:53:18.718884945 CEST | 443 | 61253 | 20.114.59.183 | 192.168.2.4 |
Oct 2, 2024 19:53:18.718919039 CEST | 61253 | 443 | 192.168.2.4 | 20.114.59.183 |
Oct 2, 2024 19:53:18.718959093 CEST | 61253 | 443 | 192.168.2.4 | 20.114.59.183 |
Oct 2, 2024 19:53:18.718972921 CEST | 443 | 61253 | 20.114.59.183 | 192.168.2.4 |
Oct 2, 2024 19:53:18.718998909 CEST | 443 | 61253 | 20.114.59.183 | 192.168.2.4 |
Oct 2, 2024 19:53:18.719055891 CEST | 61253 | 443 | 192.168.2.4 | 20.114.59.183 |
Oct 2, 2024 19:53:18.723881960 CEST | 61253 | 443 | 192.168.2.4 | 20.114.59.183 |
Oct 2, 2024 19:53:18.723911047 CEST | 443 | 61253 | 20.114.59.183 | 192.168.2.4 |
Oct 2, 2024 19:53:18.723959923 CEST | 61253 | 443 | 192.168.2.4 | 20.114.59.183 |
Oct 2, 2024 19:53:18.723974943 CEST | 443 | 61253 | 20.114.59.183 | 192.168.2.4 |
Oct 2, 2024 19:53:56.668165922 CEST | 61255 | 443 | 192.168.2.4 | 142.250.185.100 |
Oct 2, 2024 19:53:56.668282032 CEST | 443 | 61255 | 142.250.185.100 | 192.168.2.4 |
Oct 2, 2024 19:53:56.668802977 CEST | 61255 | 443 | 192.168.2.4 | 142.250.185.100 |
Oct 2, 2024 19:53:56.669523001 CEST | 61255 | 443 | 192.168.2.4 | 142.250.185.100 |
Oct 2, 2024 19:53:56.669631004 CEST | 443 | 61255 | 142.250.185.100 | 192.168.2.4 |
Oct 2, 2024 19:53:57.319056034 CEST | 443 | 61255 | 142.250.185.100 | 192.168.2.4 |
Oct 2, 2024 19:53:57.319864988 CEST | 61255 | 443 | 192.168.2.4 | 142.250.185.100 |
Oct 2, 2024 19:53:57.319945097 CEST | 443 | 61255 | 142.250.185.100 | 192.168.2.4 |
Oct 2, 2024 19:53:57.321168900 CEST | 443 | 61255 | 142.250.185.100 | 192.168.2.4 |
Oct 2, 2024 19:53:57.321765900 CEST | 61255 | 443 | 192.168.2.4 | 142.250.185.100 |
Oct 2, 2024 19:53:57.322143078 CEST | 443 | 61255 | 142.250.185.100 | 192.168.2.4 |
Oct 2, 2024 19:53:57.368436098 CEST | 61255 | 443 | 192.168.2.4 | 142.250.185.100 |
Oct 2, 2024 19:54:07.245765924 CEST | 443 | 61255 | 142.250.185.100 | 192.168.2.4 |
Oct 2, 2024 19:54:07.245939970 CEST | 443 | 61255 | 142.250.185.100 | 192.168.2.4 |
Oct 2, 2024 19:54:07.246119976 CEST | 61255 | 443 | 192.168.2.4 | 142.250.185.100 |
Oct 2, 2024 19:54:08.265064001 CEST | 61255 | 443 | 192.168.2.4 | 142.250.185.100 |
Oct 2, 2024 19:54:08.265146971 CEST | 443 | 61255 | 142.250.185.100 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 2, 2024 19:52:38.465616941 CEST | 55081 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 19:52:44.828365088 CEST | 138 | 138 | 192.168.2.4 | 192.168.2.255 |
Oct 2, 2024 19:52:52.076915979 CEST | 53 | 55301 | 1.1.1.1 | 192.168.2.4 |
Oct 2, 2024 19:52:52.077403069 CEST | 59898 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 19:52:52.077543020 CEST | 52931 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 19:52:52.084429979 CEST | 53 | 59898 | 1.1.1.1 | 192.168.2.4 |
Oct 2, 2024 19:52:52.095078945 CEST | 53 | 52931 | 1.1.1.1 | 192.168.2.4 |
Oct 2, 2024 19:52:52.125418901 CEST | 53 | 50961 | 1.1.1.1 | 192.168.2.4 |
Oct 2, 2024 19:52:53.099248886 CEST | 53 | 51523 | 1.1.1.1 | 192.168.2.4 |
Oct 2, 2024 19:52:53.363035917 CEST | 56065 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 19:52:53.363348961 CEST | 64503 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 19:52:53.392182112 CEST | 53 | 64503 | 1.1.1.1 | 192.168.2.4 |
Oct 2, 2024 19:52:53.392848015 CEST | 53 | 56065 | 1.1.1.1 | 192.168.2.4 |
Oct 2, 2024 19:52:56.602639914 CEST | 49716 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 19:52:56.602742910 CEST | 62991 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 2, 2024 19:52:57.082344055 CEST | 53 | 49716 | 1.1.1.1 | 192.168.2.4 |
Oct 2, 2024 19:52:57.082443953 CEST | 53 | 62991 | 1.1.1.1 | 192.168.2.4 |
Oct 2, 2024 19:52:57.156584978 CEST | 53 | 62918 | 1.1.1.1 | 192.168.2.4 |
Oct 2, 2024 19:53:04.313962936 CEST | 53 | 62232 | 1.1.1.1 | 192.168.2.4 |
Oct 2, 2024 19:53:51.823376894 CEST | 53 | 55750 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 2, 2024 19:52:38.465616941 CEST | 192.168.2.4 | 1.1.1.1 | 0xb705 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 19:52:52.077403069 CEST | 192.168.2.4 | 1.1.1.1 | 0x8371 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 19:52:52.077543020 CEST | 192.168.2.4 | 1.1.1.1 | 0xc9c6 | Standard query (0) | 65 | IN (0x0001) | false | |
Oct 2, 2024 19:52:53.363035917 CEST | 192.168.2.4 | 1.1.1.1 | 0xacd8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 19:52:53.363348961 CEST | 192.168.2.4 | 1.1.1.1 | 0xb09d | Standard query (0) | 65 | IN (0x0001) | false | |
Oct 2, 2024 19:52:56.602639914 CEST | 192.168.2.4 | 1.1.1.1 | 0x7fef | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 19:52:56.602742910 CEST | 192.168.2.4 | 1.1.1.1 | 0xc572 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 2, 2024 19:52:38.475445986 CEST | 1.1.1.1 | 192.168.2.4 | 0xb705 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 2, 2024 19:52:39.151161909 CEST | 1.1.1.1 | 192.168.2.4 | 0x1626 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 19:52:39.151161909 CEST | 1.1.1.1 | 192.168.2.4 | 0x1626 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 19:52:52.084429979 CEST | 1.1.1.1 | 192.168.2.4 | 0x8371 | No error (0) | 18.173.205.62 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 19:52:52.084429979 CEST | 1.1.1.1 | 192.168.2.4 | 0x8371 | No error (0) | 18.173.205.79 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 19:52:52.084429979 CEST | 1.1.1.1 | 192.168.2.4 | 0x8371 | No error (0) | 18.173.205.86 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 19:52:52.084429979 CEST | 1.1.1.1 | 192.168.2.4 | 0x8371 | No error (0) | 18.173.205.125 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 19:52:53.392848015 CEST | 1.1.1.1 | 192.168.2.4 | 0xacd8 | No error (0) | 217.115.114.114 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 19:52:57.082344055 CEST | 1.1.1.1 | 192.168.2.4 | 0x7fef | No error (0) | 142.250.185.100 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 19:52:57.082443953 CEST | 1.1.1.1 | 192.168.2.4 | 0xc572 | No error (0) | 65 | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49739 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-02 17:52:33 UTC | 161 | OUT | |
2024-10-02 17:52:33 UTC | 466 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49740 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-02 17:52:34 UTC | 239 | OUT | |
2024-10-02 17:52:34 UTC | 514 | IN | |
2024-10-02 17:52:34 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49743 | 23.203.104.175 | 443 | 7244 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-02 17:52:39 UTC | 475 | OUT | |
2024-10-02 17:52:39 UTC | 198 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49744 | 20.114.59.183 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-02 17:52:40 UTC | 306 | OUT | |
2024-10-02 17:52:40 UTC | 560 | IN | |
2024-10-02 17:52:40 UTC | 15824 | IN | |
2024-10-02 17:52:40 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49752 | 18.173.205.62 | 443 | 1868 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-02 17:52:52 UTC | 675 | OUT | |
2024-10-02 17:52:53 UTC | 5860 | IN |