Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://res.cloudinary.com/dkqffqmhj/image/upload/v1711648081/%282%29%20New%20Doc.pdf

Overview

General Information

Sample URL:https://res.cloudinary.com/dkqffqmhj/image/upload/v1711648081/%282%29%20New%20Doc.pdf
Analysis ID:1417311
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Drops files with a non-matching file extension (content does not match file extension)
Stores files to the Windows start menu directory
Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 6004 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 2128 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2012,i,7360897489061024423,9905447035876370478,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 5784 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://res.cloudinary.com/dkqffqmhj/image/upload/v1711648081/%282%29%20New%20Doc.pdf" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • Acrobat.exe (PID: 5972 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\downloaded.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 4112 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 5444 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1620,i,8969369785409778150,18068494573306022805,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://res.cloudinary.com/dkqffqmhj/image/upload/v1711648081/%282%29%20New%20Doc.pdfHTTP Parser: No favicon
Source: file:///C:/Users/user/Downloads/downloaded.pdfHTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49724 version: TLS 1.0
Source: unknownHTTPS traffic detected: 23.41.168.93:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.41.168.93:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.5:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.5:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49724 version: TLS 1.0
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Mz7pEoCWOxsfYor&MD=9sovUM1Z HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Mz7pEoCWOxsfYor&MD=9sovUM1Z HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownDNS traffic detected: queries for: res.cloudinary.com
Source: unknownHTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A410900D492X-BM-CBT: 1696428841X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A410900D492X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticshX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 2484Connection: Keep-AliveCache-Control: no-cacheCookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1711663871039&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownHTTPS traffic detected: 23.41.168.93:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.41.168.93:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.5:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.5:49727 version: TLS 1.2
Source: classification engineClassification label: clean1.win@35/56@8/5
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-03-28 23-12-46-180.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2012,i,7360897489061024423,9905447035876370478,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://res.cloudinary.com/dkqffqmhj/image/upload/v1711648081/%282%29%20New%20Doc.pdf"
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\downloaded.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1620,i,8969369785409778150,18068494573306022805,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2012,i,7360897489061024423,9905447035876370478,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1620,i,8969369785409778150,18068494573306022805,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\crash_reporter.cfgJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: Chrome Cache Entry: 163
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: Chrome Cache Entry: 163Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		11
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1417311 URL: https://res.cloudinary.com/... Startdate: 28/03/2024 Architecture: WINDOWS Score: 1 22 chrome.cloudflare-dns.com 2->22 7 chrome.exe 20 2->7         started        10 Acrobat.exe 20 66 2->10         started        12 chrome.exe 2->12         started        process3 dnsIp4 28 192.168.2.5, 443, 49217, 49703 unknown unknown 7->28 30 239.255.255.250 unknown Reserved 7->30 14 chrome.exe 7->14         started        17 AcroCEF.exe 104 10->17         started        process5 dnsIp6 32 www.google.com 142.251.167.105, 443, 49717, 49729 GOOGLEUS United States 14->32 34 res.cloudinary.com 14->34 19 AcroCEF.exe 17->19         started        process7 dnsIp8 24 chrome.cloudflare-dns.com 162.159.61.3, 443, 49734, 49735 CLOUDFLARENETUS United States 19->24 26 23.47.168.24, 443, 49737 AKAMAI-ASUS United States 19->26

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://res.cloudinary.com/dkqffqmhj/image/upload/v1711648081/%282%29%20New%20Doc.pdf0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://chrome.cloudflare-dns.com/dns-query0%URL Reputationsafe
file:///C:/Users/user/Downloads/downloaded.pdf0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
chrome.cloudflare-dns.com
162.159.61.3
truefalse
    		unknown
    www.google.com
    		142.251.167.105
    		truefalse
      		high
      res.cloudinary.com
      		unknown
      		unknownfalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://chrome.cloudflare-dns.com/dns-queryfalse
        • URL Reputation: safe
        		unknown
        https://res.cloudinary.com/dkqffqmhj/image/upload/v1711648081/%282%29%20New%20Doc.pdffalse
          		high
          file:///C:/Users/user/Downloads/downloaded.pdffalse
          • Avira URL Cloud: safe
          		low

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          142.251.167.105
          		www.google.comUnited States
          		15169GOOGLEUSfalse
          162.159.61.3
          		chrome.cloudflare-dns.comUnited States
          		13335CLOUDFLARENETUSfalse
          23.47.168.24
          		unknownUnited States
          		16625AKAMAI-ASUSfalse
          239.255.255.250
          		unknownReserved
          		unknownunknownfalse

          Private

          IP
          192.168.2.5

          General Information

          Joe Sandbox version:40.0.0 Tourmaline
          Analysis ID:1417311
          Start date and time:2024-03-28 23:10:39 +01:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 3m 34s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:browseurl.jbs
          Sample URL:https://res.cloudinary.com/dkqffqmhj/image/upload/v1711648081/%282%29%20New%20Doc.pdf
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:12
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Detection:CLEAN
          Classification:clean1.win@35/56@8/5
          EGA Information:Failed
          HCA Information:
          • Successful, ratio: 100%
          • Number of executed functions: 0
          • Number of non-executed functions: 0

          Warnings

          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 172.253.115.94, 172.253.63.100, 172.253.63.102, 172.253.63.138, 172.253.63.139, 172.253.63.101, 172.253.63.113, 172.253.62.84, 34.104.35.123, 104.19.167.65, 104.19.166.65, 69.164.0.128, 23.221.227.66, 192.229.211.108, 142.251.163.94, 23.40.62.43, 23.221.240.182, 18.213.11.84, 50.16.47.176, 54.224.241.105, 34.237.241.83, 142.251.16.138, 142.251.16.101, 142.251.16.100, 142.251.16.139, 142.251.16.102, 142.251.16.113, 23.40.179.161, 23.40.179.182, 23.40.179.196, 23.40.179.155, 23.40.179.200, 23.40.179.198, 23.40.179.140, 23.40.179.204, 23.40.179.133, 23.40.179.136, 23.40.179.141, 23.40.179.147, 23.40.179.152, 23.40.179.149, 23.40.179.145, 23.40.179.137, 23.40.179.160, 23.40.179.159, 142.251.167.94
          • Excluded domains from analysis (whitelisted): clients1.google.com, e4578.dscg.akamaiedge.net, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, clientservices.googleapis.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, resc.cloudinary.com.cdn.cloudflare.net, ion.cloudinary.com.edgekey.net, update.googleapis.com, clients.l.google.com, www.gstatic.com, geo2.adobe.com
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtSetInformationFile calls found.
          • VT rate limit hit for: https://res.cloudinary.com/dkqffqmhj/image/upload/v1711648081/%282%29%20New%20Doc.pdf

          Simulations

          Behavior and APIs

          No simulations

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASNs

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):291
          Entropy (8bit):5.137601053695916
          Encrypted:false
          SSDEEP:6:FHDBS3AQ+q2P92nKuAl9OmbnIFUt88HDBS3AdWZmw+8HDBS3AQVkwO92nKuAl9Oe:5DwwQ+v4HAahFUt8QDwwdW/+QDwwQV5G
          MD5:DB36241418CFADCAF1CBCAE5087A1CDB
          SHA1:1BAE255ED3E27A0200065F9BA090B87854A3CE78
          SHA-256:AC1ABE9FD433252CBBBFCFC1C5C9E4B865CBFD907CD39F51A15186B59CEC0DAA
          SHA-512:52237E8527FC6E8A2BB8617D5896620DDF8699DED26DE98B97A1703C69BF50FD1431924863424738794450956F8257218C1AC45235BBB64E18CA4C2F9AFDD136
          Malicious:false
          Reputation:low
          Preview:2024/03/28-23:12:44.039 33c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/03/28-23:12:44.039 33c Recovering log #3.2024/03/28-23:12:44.039 33c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):291
          Entropy (8bit):5.137601053695916
          Encrypted:false
          SSDEEP:6:FHDBS3AQ+q2P92nKuAl9OmbnIFUt88HDBS3AdWZmw+8HDBS3AQVkwO92nKuAl9Oe:5DwwQ+v4HAahFUt8QDwwdW/+QDwwQV5G
          MD5:DB36241418CFADCAF1CBCAE5087A1CDB
          SHA1:1BAE255ED3E27A0200065F9BA090B87854A3CE78
          SHA-256:AC1ABE9FD433252CBBBFCFC1C5C9E4B865CBFD907CD39F51A15186B59CEC0DAA
          SHA-512:52237E8527FC6E8A2BB8617D5896620DDF8699DED26DE98B97A1703C69BF50FD1431924863424738794450956F8257218C1AC45235BBB64E18CA4C2F9AFDD136
          Malicious:false
          Reputation:low
          Preview:2024/03/28-23:12:44.039 33c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/03/28-23:12:44.039 33c Recovering log #3.2024/03/28-23:12:44.039 33c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):338
          Entropy (8bit):5.113157679551548
          Encrypted:false
          SSDEEP:6:FHDWbIq2P92nKuAl9Ombzo2jMGIFUt88HDuWXZmw+8HD0zkwO92nKuAl9Ombzo23:5DW0v4HAa8uFUt8QDuW/+QDQ5LHAa8RJ
          MD5:10D04AA71AE7D7CABF6D51D1428C12E3
          SHA1:AECC8995249839D8322D5D2815FF5B7644087162
          SHA-256:F4C5B3A0930BCA8A7BB05092483A33E8D5E0904F08A5E4448AE70747B56D7A8F
          SHA-512:AD1177C4E5ABB519395D02DE4C6D72E0B7BDF06EDD15627ECD29B8B0ED51FF38186C1BF9201165D6B2980F12D9B0EEC6D96BEBB6C215A1577B1DD4546E011BD5
          Malicious:false
          Reputation:low
          Preview:2024/03/28-23:12:44.200 17e0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/03/28-23:12:44.201 17e0 Recovering log #3.2024/03/28-23:12:44.202 17e0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):338
          Entropy (8bit):5.113157679551548
          Encrypted:false
          SSDEEP:6:FHDWbIq2P92nKuAl9Ombzo2jMGIFUt88HDuWXZmw+8HD0zkwO92nKuAl9Ombzo23:5DW0v4HAa8uFUt8QDuW/+QDQ5LHAa8RJ
          MD5:10D04AA71AE7D7CABF6D51D1428C12E3
          SHA1:AECC8995249839D8322D5D2815FF5B7644087162
          SHA-256:F4C5B3A0930BCA8A7BB05092483A33E8D5E0904F08A5E4448AE70747B56D7A8F
          SHA-512:AD1177C4E5ABB519395D02DE4C6D72E0B7BDF06EDD15627ECD29B8B0ED51FF38186C1BF9201165D6B2980F12D9B0EEC6D96BEBB6C215A1577B1DD4546E011BD5
          Malicious:false
          Reputation:low
          Preview:2024/03/28-23:12:44.200 17e0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/03/28-23:12:44.201 17e0 Recovering log #3.2024/03/28-23:12:44.202 17e0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):4099
          Entropy (8bit):5.234570246053455
          Encrypted:false
          SSDEEP:96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUSOxdO2:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLS
          MD5:74B139B4FD5D10106007F9DD5BAB88F4
          SHA1:41D4515CA12E556B4291E92E3295655A08E075D8
          SHA-256:B53C18C2183FE37BE6FC4652DCB5D3C8F68B820A3F851845AE5356D8025552CD
          SHA-512:DEF644A9E13F05E24BA98798AD0185D9AD0981E9622255C2E796763186397694A18CA79C4D81161C57556E68D2379A8E78A6EFA18F4852900A330235635CC270
          Malicious:false
          Reputation:low
          Preview:*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):326
          Entropy (8bit):5.170833997418473
          Encrypted:false
          SSDEEP:6:FHDcq2P92nKuAl9OmbzNMxIFUt88HDlcZmw+8HDlckwO92nKuAl9OmbzNMFLJ:5Dcv4HAa8jFUt8QDO/+QDi5LHAa84J
          MD5:90FE977DB470258A83692D2EC02D5CC1
          SHA1:808D3A78D8E4FD7F964AB8C470E40DFC28DE9AA7
          SHA-256:B8C3481D4E974266EE3590A5CB29A4E9074E31A0C9D4BCBE2E40E4B41A670535
          SHA-512:1350D1E723E326676483AD8AAB0677C8D2569C27A8B7A97ED57A0D7B5CE378CE3CFEBDE4BB472486E0436AD5FB05AB7A5E0DA424F950C1FDA9C70FC52EB74CBC
          Malicious:false
          Reputation:low
          Preview:2024/03/28-23:12:44.278 17e0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/03/28-23:12:44.279 17e0 Recovering log #3.2024/03/28-23:12:44.279 17e0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):326
          Entropy (8bit):5.170833997418473
          Encrypted:false
          SSDEEP:6:FHDcq2P92nKuAl9OmbzNMxIFUt88HDlcZmw+8HDlckwO92nKuAl9OmbzNMFLJ:5Dcv4HAa8jFUt8QDO/+QDi5LHAa84J
          MD5:90FE977DB470258A83692D2EC02D5CC1
          SHA1:808D3A78D8E4FD7F964AB8C470E40DFC28DE9AA7
          SHA-256:B8C3481D4E974266EE3590A5CB29A4E9074E31A0C9D4BCBE2E40E4B41A670535
          SHA-512:1350D1E723E326676483AD8AAB0677C8D2569C27A8B7A97ED57A0D7B5CE378CE3CFEBDE4BB472486E0436AD5FB05AB7A5E0DA424F950C1FDA9C70FC52EB74CBC
          Malicious:false
          Reputation:low
          Preview:2024/03/28-23:12:44.278 17e0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/03/28-23:12:44.279 17e0 Recovering log #3.2024/03/28-23:12:44.279 17e0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240328221248Z-154.bmp

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
          Category:dropped
          Size (bytes):65110
          Entropy (8bit):1.4419087678787408
          Encrypted:false
          SSDEEP:192:tE9Nuz2BjAy+6qjJ68LHdnWl3ucZGdFeeXZKjHR:W9NM29Ay+6qjYSnu3ucgd84Y
          MD5:219BA4DB110E1B90FAAAEFA9CFAD50DC
          SHA1:B6B34429D7275FF9B59D70054D97FFFB2C4F9A52
          SHA-256:2EBC057BE9DE34EAD4941657783104F4D8DB2CA80A08F1D756C108DD35F00D47
          SHA-512:9892DA540B5AB933FB549A5EDDB778412F042C9CEA4203C89B15825E5FA811959BB8D35849195B1F23388BD9FE0FD7DA9AAF6D073B8D30A957A2B48DAC9B5059
          Malicious:false
          Reputation:low
          Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:PostScript document text
          Category:dropped
          Size (bytes):1233
          Entropy (8bit):5.233980037532449
          Encrypted:false
          SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
          MD5:8BA9D8BEBA42C23A5DB405994B54903F
          SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
          SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
          SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
          Malicious:false
          Reputation:low
          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.3408

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:PostScript document text
          Category:dropped
          Size (bytes):1233
          Entropy (8bit):5.233980037532449
          Encrypted:false
          SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
          MD5:8BA9D8BEBA42C23A5DB405994B54903F
          SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
          SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
          SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
          Malicious:false
          Reputation:low
          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:PostScript document text
          Category:dropped
          Size (bytes):1233
          Entropy (8bit):5.233980037532449
          Encrypted:false
          SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
          MD5:8BA9D8BEBA42C23A5DB405994B54903F
          SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
          SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
          SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
          Malicious:false
          Reputation:low
          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:PostScript document text
          Category:dropped
          Size (bytes):10880
          Entropy (8bit):5.214360287289079
          Encrypted:false
          SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
          MD5:B60EE534029885BD6DECA42D1263BDC0
          SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
          SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
          SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
          Malicious:false
          Reputation:low
          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.3408

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:PostScript document text
          Category:dropped
          Size (bytes):10880
          Entropy (8bit):5.214360287289079
          Encrypted:false
          SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
          MD5:B60EE534029885BD6DECA42D1263BDC0
          SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
          SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
          SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
          Malicious:false
          Reputation:low
          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):295
          Entropy (8bit):5.363548672599784
          Encrypted:false
          SSDEEP:6:YEQXJ2HXw+zcGo28R+FIbRI6XVW7+0YhnoAvJM3g98kUwPeUkwRe9:YvXKXw+w280YpW7MoGMbLUkee9
          MD5:170FCB1E1DD06C2120FDEC5C18F0F183
          SHA1:DBB3FD54DE8D64C33489CC9EDB65F223338EB7B7
          SHA-256:6484F38642EF939C80770D6CB449EEF6E7D0BD3CB63061AA94C90194844C4187
          SHA-512:97DD860C18D0973691E289C48B989932771776BCB1EF4BEE3A6BC4C352B5E343195AC050C9EE527B127FD7861C4198C3A188503FFE6ACAB610B36983A1A14393
          Malicious:false
          Reputation:low
          Preview:{"analyticsData":{"responseGUID":"fb387a49-d3b5-4904-9a40-62dd713ab350","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1711836964998,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):294
          Entropy (8bit):5.305620807118173
          Encrypted:false
          SSDEEP:6:YEQXJ2HXw+zcGo28R+FIbRI6XVW7+0YhnoAvJfBoTfXpnrPeUkwRe9:YvXKXw+w280YpW7MoGWTfXcUkee9
          MD5:E8D8D548996FB34D9AB15632B2D7D977
          SHA1:7A03E18C0DB27BA099370B791DC38F66A8E914B1
          SHA-256:27BD8874346D05AE468583180B5CCF4874AF0ACCAAA85ACC3DC1D013DC44E382
          SHA-512:1A9179C883A316DEEA1C9AC9FC7AB3F9E8F90421227272621D7C2F750AF844C6975017DAB33F771CB9D14FA2855342440F078085CECCC344AA3D30552C846AF2
          Malicious:false
          Reputation:low
          Preview:{"analyticsData":{"responseGUID":"fb387a49-d3b5-4904-9a40-62dd713ab350","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1711836964998,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):294
          Entropy (8bit):5.28451165972893
          Encrypted:false
          SSDEEP:6:YEQXJ2HXw+zcGo28R+FIbRI6XVW7+0YhnoAvJfBD2G6UpnrPeUkwRe9:YvXKXw+w280YpW7MoGR22cUkee9
          MD5:96F1B9AE72213E4D884D1C8920DE02F1
          SHA1:178A73BF2CA6861D80B03805D3201281AC4307BE
          SHA-256:5C182E55CEEA9DC69AFE7594552AB536E6143B3717C816B929A7E5F3C3946500
          SHA-512:637903C3CE049CCE9F7EB08BE20104744AFADC5E3619D09626A7606E3EC138B4C30BDF78C0B708E653C4E2D1D117552BB32873E1A1D8E1BEB8FFAC631F7B93F1
          Malicious:false
          Reputation:low
          Preview:{"analyticsData":{"responseGUID":"fb387a49-d3b5-4904-9a40-62dd713ab350","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1711836964998,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):285
          Entropy (8bit):5.342448051526794
          Encrypted:false
          SSDEEP:6:YEQXJ2HXw+zcGo28R+FIbRI6XVW7+0YhnoAvJfPmwrPeUkwRe9:YvXKXw+w280YpW7MoGH56Ukee9
          MD5:5764B588CD9AA0A39433D31448481EDC
          SHA1:C715E70C8CDCFE376153A2B00660788DDD33D048
          SHA-256:B5F2FDFD13E1155EF39F3DCCDB7FA5C24009AA900DCEE8656BBCB3FFD7756EC2
          SHA-512:42D7BE0F27F4460E973F1E00B2B26D0206C7542AFD8990749853504F1FAD6D71F73670639321108E67A066A2B918E679FF8D50B5D5AD7259D3660AC56AF0CD10
          Malicious:false
          Reputation:low
          Preview:{"analyticsData":{"responseGUID":"fb387a49-d3b5-4904-9a40-62dd713ab350","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1711836964998,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):292
          Entropy (8bit):5.301382977821694
          Encrypted:false
          SSDEEP:6:YEQXJ2HXw+zcGo28R+FIbRI6XVW7+0YhnoAvJfJWCtMdPeUkwRe9:YvXKXw+w280YpW7MoGBS8Ukee9
          MD5:4187F613287B14E79533207EAB7A355B
          SHA1:4EDAA6640222F9AD3C3687AF4AF255DDAA679CBA
          SHA-256:F549A05E5456B991E24B465C855B8FE11D64D3DB28BEA72E4D923A3A5B7A2197
          SHA-512:A48FAE2342C99D8FF3A189AEC576CC7BE1F9F268612761A8CDF4838417568D13D027C64505F4E3C8370A452E95412E641C7BF31C389258967315DA2EB63A0264
          Malicious:false
          Reputation:low
          Preview:{"analyticsData":{"responseGUID":"fb387a49-d3b5-4904-9a40-62dd713ab350","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1711836964998,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):289
          Entropy (8bit):5.287953460463347
          Encrypted:false
          SSDEEP:6:YEQXJ2HXw+zcGo28R+FIbRI6XVW7+0YhnoAvJf8dPeUkwRe9:YvXKXw+w280YpW7MoGU8Ukee9
          MD5:53A269A9F0CBB745FCEEDD16B903D008
          SHA1:18D38F67731D01D16E8F427D930310481CE667F9
          SHA-256:FAFB7F639B8FA77A2717B96362AB6BA06D717B89DB94F333661C55B04F9F3849
          SHA-512:17BC0C11AC7D14EAAE4D88777462FCE4024770D7C4E40611698EAC126A8C7001D287F4CA21FE08D91EF82283995F7DD6305A24B8FCFC0130608F97BD61F3FA3A
          Malicious:false
          Reputation:low
          Preview:{"analyticsData":{"responseGUID":"fb387a49-d3b5-4904-9a40-62dd713ab350","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1711836964998,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):292
          Entropy (8bit):5.289941221870629
          Encrypted:false
          SSDEEP:6:YEQXJ2HXw+zcGo28R+FIbRI6XVW7+0YhnoAvJfQ1rPeUkwRe9:YvXKXw+w280YpW7MoGY16Ukee9
          MD5:8FC5D383C7BA39FF2F469AF4F4AA2E37
          SHA1:C540F25AE0AEE948D24294FE940D621756981CE7
          SHA-256:A8DE57E95AA869F72C145D3D3AAA46EFC13548AB1B9D8FD8287DD1B105B1AD47
          SHA-512:2E7954B0A054082E170822AE3342D1226D47AEA0F3AD4D5793A04513363FCAD8D17287EA9589525E4CF208B9F8860AEB2F522C7FAB9C42CD27C1D6229CBC05C6
          Malicious:false
          Reputation:low
          Preview:{"analyticsData":{"responseGUID":"fb387a49-d3b5-4904-9a40-62dd713ab350","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1711836964998,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):289
          Entropy (8bit):5.306578766144846
          Encrypted:false
          SSDEEP:6:YEQXJ2HXw+zcGo28R+FIbRI6XVW7+0YhnoAvJfFldPeUkwRe9:YvXKXw+w280YpW7MoGz8Ukee9
          MD5:C9A994C7FE4BA6A232734D4A836511FC
          SHA1:C428CBF90D054F15826FF5562B95A4C31E124DD9
          SHA-256:101809C6AF2128C3657930B3CDB5A39185210F6EE0E7D34B6209A20B89319E61
          SHA-512:E9A2D07C2F06D4E09A6C42FA07EE49ECDA63F5149BEA82EF6B5ADD48E6B2728B43FE7F10C080A3924C0778D1AF14EDB3472787ECD99094F4B8512D990DA78C7C
          Malicious:false
          Reputation:low
          Preview:{"analyticsData":{"responseGUID":"fb387a49-d3b5-4904-9a40-62dd713ab350","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1711836964998,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):295
          Entropy (8bit):5.314652393328233
          Encrypted:false
          SSDEEP:6:YEQXJ2HXw+zcGo28R+FIbRI6XVW7+0YhnoAvJfzdPeUkwRe9:YvXKXw+w280YpW7MoGb8Ukee9
          MD5:83FCDCA212E88AFB42339F9DA45F4B52
          SHA1:2120F049D94104133D5FAD0CBCEC7E02358369F2
          SHA-256:6E85F94C21C36F4551EE76A2972DDA9128A9576C805FF2B5114C96311EAFC6D2
          SHA-512:F292331B21221FDFA060975DD1FC17EE4B02C988AC6CDDA8BA03BA0A0292F593D9AA0A66F177AE1BA0B40164A31DE279AE61952E13C2C9947BFD11B278E12FCC
          Malicious:false
          Reputation:low
          Preview:{"analyticsData":{"responseGUID":"fb387a49-d3b5-4904-9a40-62dd713ab350","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1711836964998,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):289
          Entropy (8bit):5.29547580267361
          Encrypted:false
          SSDEEP:6:YEQXJ2HXw+zcGo28R+FIbRI6XVW7+0YhnoAvJfYdPeUkwRe9:YvXKXw+w280YpW7MoGg8Ukee9
          MD5:3B26C95432B2100641CF1CFE46C838B1
          SHA1:772CBBC7D95F8364B5DB7E325C28116B36A0EEAF
          SHA-256:756063D2F231DDF9E744F8BCDA40ED157E8D0B48304ABBB67AF51CA6CD507B4E
          SHA-512:7AA800D57A3E1DDFD10DA7626CC06DAA4DF41078C7C1FD106DB64BB27FDCF860D0C9EF92C3A23751FC37EEA1C608A5C2296ED5B1125372675483F0C25C166532
          Malicious:false
          Reputation:low
          Preview:{"analyticsData":{"responseGUID":"fb387a49-d3b5-4904-9a40-62dd713ab350","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1711836964998,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):1395
          Entropy (8bit):5.772185629997473
          Encrypted:false
          SSDEEP:24:Yv6Xy2aiMfrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNR:Yv81MfHgDv3W2aYQfgB5OUupHrQ9FJ/
          MD5:DD90AAC93B0EFB194EDC86B7CD501557
          SHA1:60FE9974DEAB121EAA230F2CECC8B65680AEEFEF
          SHA-256:01A97B85CE3BC71A00199F2A7AF8F1BDAB8A03D5B50398FFFFB208699DF5ECCC
          SHA-512:520254FB18754E93957D38AD8160C3EB85EFEA25425E887D5084B1457619EC925C4FC17CA2A7D6572FE08295C9A46D30E00F5ED3F5B31A6BCF2F36EA6C5AC074
          Malicious:false
          Reputation:low
          Preview:{"analyticsData":{"responseGUID":"fb387a49-d3b5-4904-9a40-62dd713ab350","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1711836964998,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):291
          Entropy (8bit):5.279053994487174
          Encrypted:false
          SSDEEP:6:YEQXJ2HXw+zcGo28R+FIbRI6XVW7+0YhnoAvJfbPtdPeUkwRe9:YvXKXw+w280YpW7MoGDV8Ukee9
          MD5:2002939ED5CAE5E59F85E474DBB4D30A
          SHA1:872940346BA1D89455784D60943434F9AED80DA3
          SHA-256:784CE8BF42DF5FBF6F6E6D0A114F4E139C470CD777CABD1A0517765F628E8F69
          SHA-512:D72F8FD862BD0C0070726A2B68F7C1C5BA7C41AC86E222C7D0BD20FFF8CE4E5E9D54336709A32F205EEA337CB23EE18E99868A974422769E40F00ABCAFC71A5B
          Malicious:false
          Reputation:low
          Preview:{"analyticsData":{"responseGUID":"fb387a49-d3b5-4904-9a40-62dd713ab350","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1711836964998,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):287
          Entropy (8bit):5.280960457710262
          Encrypted:false
          SSDEEP:6:YEQXJ2HXw+zcGo28R+FIbRI6XVW7+0YhnoAvJf21rPeUkwRe9:YvXKXw+w280YpW7MoG+16Ukee9
          MD5:160571A0F91CC60A77D49E7F14BD9969
          SHA1:B75ED1ED6EFC8CC6DC035D3966B3DAA3CCF42364
          SHA-256:BEB3D5C50A0034A0C34D9078400A3B295D45D984935D260E2A0C57DF05A31AE7
          SHA-512:D4E8A3A17D9E1A45777DD2F339320134849FB08506E1BB61D97151845DDF690C5896F5399AA7FAF7BE87E1E6B8ED93B24D8EFD14776F8B7ED6BB3771EC57EDAA
          Malicious:false
          Reputation:low
          Preview:{"analyticsData":{"responseGUID":"fb387a49-d3b5-4904-9a40-62dd713ab350","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1711836964998,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):289
          Entropy (8bit):5.301704908390811
          Encrypted:false
          SSDEEP:6:YEQXJ2HXw+zcGo28R+FIbRI6XVW7+0YhnoAvJfbpatdPeUkwRe9:YvXKXw+w280YpW7MoGVat8Ukee9
          MD5:ECCB5077151D596CE57BB074F6DC9BE2
          SHA1:8DA5F282B2EF328AFAA4B85F6DA9DD481D553FF3
          SHA-256:5EE7BBD785B236C1D0F8B2EBA1B6DD2C382DACC3CE88E21312894A895C30D52D
          SHA-512:DDD5A7EEB24DD8460F68A1F0079C370AA52A4CB9EB807756FE39DC740A2D5D590E4FE96BAC39E0E3C3174EE9BD7FDE9D5A4C33BEA7C0D188FD3143C1D08C9C34
          Malicious:false
          Reputation:low
          Preview:{"analyticsData":{"responseGUID":"fb387a49-d3b5-4904-9a40-62dd713ab350","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1711836964998,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):286
          Entropy (8bit):5.253806834633015
          Encrypted:false
          SSDEEP:6:YEQXJ2HXw+zcGo28R+FIbRI6XVW7+0YhnoAvJfshHHrPeUkwRe9:YvXKXw+w280YpW7MoGUUUkee9
          MD5:A78EC3D8689D5A3C3011878B67A48234
          SHA1:92386F94DA2C301FBA8C0E26ABB640BDB9EA87E5
          SHA-256:6883D7AE61C0AA9484984F24614C9F9A3AA8CD35EB368813CAAF1EF5DF6C5DF3
          SHA-512:E2676A5B6EB07FBE9E98AD4862B1D8742E302F92DA67789EE7F8D7BC3A6599EDA2319D9AE2DE3FD50E2A7EB7B64F3660FD7D04B18ABB932A7846A2CB56B79D25
          Malicious:false
          Reputation:low
          Preview:{"analyticsData":{"responseGUID":"fb387a49-d3b5-4904-9a40-62dd713ab350","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1711836964998,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):782
          Entropy (8bit):5.365848989721799
          Encrypted:false
          SSDEEP:12:YvXKXw+w280YpW7MoGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWAY1:Yv6Xy2aiMO168CgEXX5kcIfANhk
          MD5:0804805DC92F1320B67B9B572DA0ABAA
          SHA1:8F58C695023104F68B4E628629C9A0A9C07E80F2
          SHA-256:EF88A0F5989AA8DABB1FFAF8244E596D9635466912DF3B8CA71C65067FB0915D
          SHA-512:DECBD9418CF9FEB3651C4EB9AA42FE722BCDF7CCAD3C8AB08E951977ABE19B7C984B9010F29D953E24AB64C03A55D665111DC7F94C06E38B6E7446DCC076079B
          Malicious:false
          Reputation:low
          Preview:{"analyticsData":{"responseGUID":"fb387a49-d3b5-4904-9a40-62dd713ab350","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1711836964998,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1711663970056}}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:data
          Category:dropped
          Size (bytes):4
          Entropy (8bit):0.8112781244591328
          Encrypted:false
          SSDEEP:3:e:e
          MD5:DC84B0D741E5BEAE8070013ADDCC8C28
          SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
          SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
          SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
          Malicious:false
          Reputation:low
          Preview:....

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):2813
          Entropy (8bit):5.143745692171728
          Encrypted:false
          SSDEEP:24:Yl+sFRCFkE60MK4eJ8T46X0FGaiVayFmhCF0yPj5WAj0SEfBnA5C2l2LSE5HyM0S:Yl+sCs4f8cON5WSCnRQUSLSM9Kf
          MD5:1BE85A186D1BC8C60A492B250A41ADB2
          SHA1:1DC9021719D554CCA09ADA52B2329C8501CEAB70
          SHA-256:DCC5E50A3180C71C314893A15B52BF18E8458F608503A9FB2EEB94702ABDD720
          SHA-512:DCE4A49D34D4B595E6D25229F0E9DBAAAEC29816E06C7B7D2164B09F20FF33F593FA8B31B4AE750CF5407A319423E930EE929F0D4192E29908522008E140E6BE
          Malicious:false
          Reputation:low
          Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"1fcc2d816913053c16a02a668ecdcf94","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1711663969000},{"id":"Edit_InApp_Aug2020","info":{"dg":"226c804f93cca989eb06bdc2344e2c5f","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1711663969000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"ceb9d49829ed4b6a2011071fd1bc31fd","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1711663969000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"e7b403f0af0194bfb05296746941503a","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1711663969000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"ecc15da814b84ae44bd384a3435b5343","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1711663969000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"8f4542b60d9248e28b40a252e27398f4","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1711663969000},{

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
          Category:dropped
          Size (bytes):12288
          Entropy (8bit):0.9846367056580613
          Encrypted:false
          SSDEEP:24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/Splo4zJwtNBwtNbRZ6bRZ4uoF:TVl2GL7ms6ggOVpNzutYtp6PE
          MD5:61B5B31E2A8CF48DEFB33A3BDEDEA7E8
          SHA1:C017AED996E68D482AAF7DD7118993C6CC105E9C
          SHA-256:20E3C7C1228BDAED554F2B223A3263D7C8C7ADAFB6605FAF81DFDD7A0062938F
          SHA-512:F17D025832E423C293FE279ACC97258C266BA43EACC0D510C9E6C9181EAC07B7BDB1AD21ACFC6A32B4E9B31427A41942D9381FBF59930948107E1D30F76112DF
          Malicious:false
          Reputation:low
          Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:SQLite Rollback Journal
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):1.339413646460343
          Encrypted:false
          SSDEEP:24:7+tIAD1RZKHs/Ds/SploPzJwtNBwtNbRZ6bRZWf1RZKKRqLBx/XYKQvGJF7ursJ:7MIGgOVpWzutYtp6PMbqll2GL7msJ
          MD5:034BAFE4D5EA53447AC6A26AC0A5C67A
          SHA1:A1638750B7AE57FC2F2A5C5EC7E9E503FA62B4C7
          SHA-256:E5EF20DEB6A01FB537A55C3EEA7BE85DB88B4057A2DCC729EAD22EFF5DE1EF86
          SHA-512:25DD3669C1FD3C9A1E5BCB5220A8DE46F47209BE11CEA553B6DBD5EBE952DF323C4AC5B4AAA6AB82F36E8FD06B9734B4B9BB9C8B1AABA1B1CF3B49DDF30C0199
          Malicious:false
          Reputation:low
          Preview:.... .c........n......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:data
          Category:dropped
          Size (bytes):66726
          Entropy (8bit):5.392739213842091
          Encrypted:false
          SSDEEP:768:RNOpblrU6TBH44ADKZEgLXy6JbzOcoY0Uk4J/9u3P0/fc2Yyu:6a6TZ44ADELXyJ5Y7kkVu/0RK
          MD5:D3C79EA13769BBF5A1E3E4333E15E1AD
          SHA1:49FBB82A3A2035B34190F44ADC7B49798A05ABEB
          SHA-256:C2BE0A5C59F4CBC416DEAC7F81337A92AA01F9B26E520DAECF55C54F1A74DC5B
          SHA-512:438215A5F56E9DE066B1D4365D246B68C75AE7D59127CCF6214F51C25EC4234EF155F52DC181BD7EA08F6C24CF0AE92BF049193230623E44F8B5CFE8A3482B4E
          Malicious:false
          Reputation:low
          Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

          C:\Users\user\AppData\Local\Temp\MSI9b71a.LOG

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
          Category:dropped
          Size (bytes):246
          Entropy (8bit):3.5197430193686525
          Encrypted:false
          SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8rDlMH:Qw946cPbiOxDlbYnuRKCDl6
          MD5:5B2761C1C997F276AF8F84EE49EA0E67
          SHA1:AED13865CDC191F4C77130BD731FF21492CD141E
          SHA-256:FFCF4C1098BE7B0D06B8D1D5FF5DF306331D1F8486F1369B5E05D4B26E678A3A
          SHA-512:78BD62291877AAE267A269825B16CE176B699B80C9213877A5DD7F5DDBC7CF6F5C2A1D0971177C6E6F774AB0B2A7AD82A03AF354E9F1C386984B40C5717D8293
          Malicious:false
          Reputation:low
          Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.8./.0.3./.2.0.2.4. . .2.3.:.1.2.:.5.1. .=.=.=.....

          C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-03-28 23-12-46-180.log

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:ASCII text, with very long lines (393)
          Category:dropped
          Size (bytes):16525
          Entropy (8bit):5.376360055978702
          Encrypted:false
          SSDEEP:384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
          MD5:1336667A75083BF81E2632FABAA88B67
          SHA1:46E40800B27D95DAED0DBB830E0D0BA85C031D40
          SHA-256:F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
          SHA-512:D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
          Malicious:false
          Reputation:low
          Preview:SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

          C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:ASCII text, with very long lines (393), with CRLF line terminators
          Category:dropped
          Size (bytes):15092
          Entropy (8bit):5.385139013996308
          Encrypted:false
          SSDEEP:384:Id50RFA5MTrG/uhQOUnICzqCJm6zhCMwzlnB5Hyz9uMw4I3shuh8pyQII525GWeO:vj
          MD5:783B079E9B4B27F4B49CC7C406CA923F
          SHA1:C54030A90EC2C49B376348D3FCE35C0DFE84F2CB
          SHA-256:4AB5F89CDDD23EA02EDD71554612F9B015F1072745838AE0125D099E1977E8CF
          SHA-512:BA1596C712DA5A71CFFCFAF3FCFA862E0F625F657409F5F33CF3D40BD01CA95E711F19A7CC2F4D31EE58B7CA620B5056A6647AD9B69406ACF6C5078CFF75B844
          Malicious:false
          Reputation:low
          Preview:SessionID=4d9fecb9-8c73-4b8f-8fc9-e0533536e1ae.1711663966200 Timestamp=2024-03-28T23:12:46:200+0100 ThreadID=344 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=4d9fecb9-8c73-4b8f-8fc9-e0533536e1ae.1711663966200 Timestamp=2024-03-28T23:12:46:201+0100 ThreadID=344 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=4d9fecb9-8c73-4b8f-8fc9-e0533536e1ae.1711663966200 Timestamp=2024-03-28T23:12:46:201+0100 ThreadID=344 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=4d9fecb9-8c73-4b8f-8fc9-e0533536e1ae.1711663966200 Timestamp=2024-03-28T23:12:46:201+0100 ThreadID=344 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=4d9fecb9-8c73-4b8f-8fc9-e0533536e1ae.1711663966200 Timestamp=2024-03-28T23:12:46:201+0100 ThreadID=344 Component=ngl-lib_NglAppLib Description="SetConfig: N

          C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):29752
          Entropy (8bit):5.399652726025891
          Encrypted:false
          SSDEEP:768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbh:uqUBJ/bbCCguK
          MD5:C35793D06F54810F884671FD4B642357
          SHA1:A5AD7778FECB5872130CBCA1E458C7ACA17D622E
          SHA-256:7DD35DB81E1B2AD440AE76EBFD9816D0654EB7761D5FB82E69DF253B50E05F2E
          SHA-512:65BFDADB611DEBB56CBFE42E0B0C0A7151271924DF8DACA31DC3566EDFFC8F7E445771FCE512A0A53A52DAB1BC5027A81A55A4B4E629B4C39F7BA8A8F81E64D5
          Malicious:false
          Reputation:low
          Preview:04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

          C:\Users\user\AppData\Local\Temp\acrocef_low\01d3e5a7-78b5-48be-9ef5-9bbc63657807.tmp

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
          Category:dropped
          Size (bytes):1407294
          Entropy (8bit):7.97605879016224
          Encrypted:false
          SSDEEP:24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZjZwYIGNPJe:RB3mlind9i4ufFXpAXkrfUs03WLaGZje
          MD5:716C2C392DCD15C95BBD760EEBABFCD0
          SHA1:4B4CE9C6AED6A7F809236B2DAFA9987CA886E603
          SHA-256:DD3E6CFC38DA1B30D5250B132388EF73536D00628267E7F9C7E21603388724D8
          SHA-512:E164702386F24FF72111A53DA48DC57866D10DAE50A21D4737B5687E149FF9D673729C5D2F2B8DA9EB76A2E5727A2AFCFA5DE6CC0EEEF7D6EBADE784385460AF
          Malicious:false
          Reputation:low
          Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

          C:\Users\user\AppData\Local\Temp\acrocef_low\4df244c8-a0fd-4d5a-a140-73e41ca91a2a.tmp

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
          Category:dropped
          Size (bytes):1419751
          Entropy (8bit):7.976496077007677
          Encrypted:false
          SSDEEP:24576:/xA7owWLkwYIGNPMGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLkwZGuGZn3mlind9i4ufFXpAXkru
          MD5:CA6B0D9F8DDC295DACE8157B69CA7CF6
          SHA1:6299B4A49AB28786E7BF75E1481D8011E6022AF4
          SHA-256:A933C727CE6547310A0D7DAD8704B0F16DB90E024218ACE2C39E46B8329409C7
          SHA-512:9F150CDA866D433BD595F23124E369D2B797A0CA76A69BA98D30DF462F0A95D13E3B0834887B5CD2A032A55161A0DC8BB30C16AA89663939D6DCF83FAC056D34
          Malicious:false
          Reputation:low
          Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

          C:\Users\user\AppData\Local\Temp\acrocef_low\5c5d45da-168f-4f25-878d-9accfe2b2672.tmp

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
          Category:dropped
          Size (bytes):758601
          Entropy (8bit):7.98639316555857
          Encrypted:false
          SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
          MD5:3A49135134665364308390AC398006F1
          SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
          SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
          SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
          Malicious:false
          Reputation:low
          Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

          C:\Users\user\AppData\Local\Temp\acrocef_low\6b209543-0cc3-4c80-82e8-8f0083abf247.tmp

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
          Category:dropped
          Size (bytes):386528
          Entropy (8bit):7.9736851559892425
          Encrypted:false
          SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
          MD5:5C48B0AD2FEF800949466AE872E1F1E2
          SHA1:337D617AE142815EDDACB48484628C1F16692A2F
          SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
          SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
          Malicious:false
          Reputation:low
          Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 21:11:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2677
          Entropy (8bit):3.974922538463976
          Encrypted:false
          SSDEEP:48:8bkdmWTGyJpSHAidAKZdA19ehwiZUklqehZy+3:8b9WaApV6y
          MD5:EBEF217890AB56F789592656D4EA0BE7
          SHA1:D8656FF342B6F2F8DACCCE1E1B356583F782E9AB
          SHA-256:FD1C63D6F55B625AEB07F6E6313F1AB8F63429CDB67855F6CA2C79C9409F5BD9
          SHA-512:AB0506A112E32BA330633A1A35B18FD6C281C85732ABA48E51BC482EC56A48C3C09C4DA23EF1A1E1EFCE05C99FC5739227D410686E3DC649ECDDE86B5E459BD1
          Malicious:false
          Reputation:low
          Preview:L..................F.@.. ...$+.,.....Fn.\...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I|Xk.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V|Xk.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V|Xk.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V|Xk............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V|Xn............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........].dq.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 21:11:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2679
          Entropy (8bit):3.9890437945803403
          Encrypted:false
          SSDEEP:48:8tdmWTGyJpSHAidAKZdA1weh/iZUkAQkqehqy+2:8GWaApP9Qry
          MD5:46A460BBB5AE8B5D8B11EE977EF41DD9
          SHA1:144E2F8EE514ED0DF828276B7BAEACF83B509751
          SHA-256:85C8282F9C9A1E768C46096D80C61E87929F00ED0F6A3F2E55DDE96ABFE7D796
          SHA-512:9651F0C351B5DB35A47C58144173AFECD378672898A1E1B0C5F3DD207AE41A21CFE8816CB8F98D9495CC0E91E755C9B9D49D2021EF124A0C6D6D8090BC1FA3F9
          Malicious:false
          Reputation:low
          Preview:L..................F.@.. ...$+.,....k4c.\...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I|Xk.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V|Xk.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V|Xk.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V|Xk............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V|Xn............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........].dq.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2693
          Entropy (8bit):4.005431411220057
          Encrypted:false
          SSDEEP:48:8xgdmWTGyJpsHAidAKZdA14tseh7sFiZUkmgqeh7s8y+BX:8xJWaAp5ney
          MD5:4B7706EE555105F1DD58797AB7930D31
          SHA1:74B8965E61BD5E1832B4FBE35257C6DC961837CB
          SHA-256:8B98939A72700B1786370996FAD022540080051EA86F5CD0B46B521B9A13513B
          SHA-512:C292626BF15608DF21A42F18D33A8EF2AFDCA77E48BFFA415645648BB11FF015D7FB0608156B17508BE252D7686BA65B1EA127DF492825B508AFEDCBB1A9E8F0
          Malicious:false
          Reputation:low
          Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I|Xk.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V|Xk.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V|Xk.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V|Xk............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........].dq.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 21:11:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2681
          Entropy (8bit):3.989558655694192
          Encrypted:false
          SSDEEP:48:8HndmWTGyJpSHAidAKZdA1vehDiZUkwqehmy+R:8HoWaApsEy
          MD5:E6AE365DB928CC5FFFBE05F7467C5742
          SHA1:147BD953CF7668A94B2BE054708DB6930DA650F5
          SHA-256:03E4199B7C5969CAFF79B2BCC617DDCF1DBA64840156802B8255A871FA434BE1
          SHA-512:F2295B79C41F7229A3C0E55E781D51D7A45D3C233A34BC00D0272FBF9F684AE50BBC5539F21B4AD367E1252D9DF5B58CB11BCC00689F092AF4410C302DB6526D
          Malicious:false
          Reputation:low
          Preview:L..................F.@.. ...$+.,....o.].\...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I|Xk.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V|Xk.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V|Xk.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V|Xk............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V|Xn............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........].dq.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 21:11:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2681
          Entropy (8bit):3.9790682180877455
          Encrypted:false
          SSDEEP:48:8kdmWTGyJpSHAidAKZdA1hehBiZUk1W1qehwy+C:89WaApc9Qy
          MD5:AA2A17354235638B411D4343F9B5113B
          SHA1:1520262762395B7463FD1A3D558D82BE1DA10B2C
          SHA-256:C3E1B3D6E7F43E5E97261224AFBEBE75D90217F5FA7E8259AEB7957000C987D6
          SHA-512:F64DA96BFE7C10C59F404F8D70C12C6F883EC24B6DBA3BBB25E4A549E64F28929CC8E7443E8BB2A8673D5EC12C4BD747A1B3774A6E80CAE4C789F9BD01CC84D2
          Malicious:false
          Reputation:low
          Preview:L..................F.@.. ...$+.,.....Nh.\...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I|Xk.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V|Xk.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V|Xk.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V|Xk............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V|Xn............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........].dq.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 21:11:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2683
          Entropy (8bit):3.990941738779614
          Encrypted:false
          SSDEEP:48:8LdmWTGyJpSHAidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbey+yT+:88WaApyT/TbxWOvTbey7T
          MD5:A1385797086DD9A72A59AA49641206FA
          SHA1:AD7937E88C8E692251550476A7A672B3471B607A
          SHA-256:DE975BD1C225FADE08F2D89A0785D62C50EFF6AB86FE77BCAD0CA770EA8D15E8
          SHA-512:FBFFFE6CF5CCEFFFDF86CAD5A7A360A387902EBB51F4B45A8568EA25CFA2E9641AC3A249ACA7FD8B6DDEC3E086E92C70BABC5EC5B8903ECBE7C3CE54F5992470
          Malicious:false
          Reputation:low
          Preview:L..................F.@.. ...$+.,.....QU.\...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I|Xk.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V|Xk.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V|Xk.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V|Xk............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V|Xn............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........].dq.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\Downloads\downloaded.pdf (copy)

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:PDF document, version 2.0 (zip deflate encoded)
          Category:dropped
          Size (bytes):55208
          Entropy (8bit):7.994022764704304
          Encrypted:true
          SSDEEP:1536:gUxOcUoJVqwAcTlDu8tbqpzMAuRO/HG29G:d0cOwAKDFdCear9G
          MD5:5D51AEB14FCB57AA856B890378078CDD
          SHA1:80BAC1D83C6DFB55F5EEEA89BB127FCA89123A98
          SHA-256:C440AB776A9FAD8C97DECFD95241E5D2BA0EEAF0D1BFFC8DD332DE0BAB1036F7
          SHA-512:B0CF307F1D964052E560906F83326982B0AD5F08A2A1503B33CB2161DE248E28A9FC9A03BCFB7F2889525A4E44DA305945702233CC2CC841E3890531EE28FDC7
          Malicious:false
          Reputation:low
          Preview:%PDF-2.0.%.....1 0 obj<</Type/Catalog/Pages 3 0 R>>.endobj.2 0 obj<</Type/ObjStm/N 5/First 27/Filter/FlateDecode/Length 355>>stream.x.mOkO.0..+.....n...B.#D#..M.c..(0......n...I...s.....|.]...>. .1..}..;*..*.:..Y.".....`.[.s...H..... ..p.J].RUZ..m.RS......c....SB....."..0,.m.....64....h..;......+...cK..Q....L....Q.........ph[.Q.fq..%..].g...V.p).^.3.....}...."....w....%>,...l.9.=.5!.M.t...w.P7..\.{..~....3...F.Z.t...WN..;.j..9.[MHp.Y.......&...u6..r&=J(#>.^.J.........endstream.endobj.5 0 obj<</Type/XObject/Subtype/Image/Width 1240/Height 1192/BitsPerComponent 8/ColorSpace/DeviceRGB/Filter[/FlateDecode/DCTDecode]/DecodeParms[null<</Quality 60>>]/Length 54082>>stream.x...X.].&Xxpw.....'xpw...K...=....Cp.....e.....kvfw{zf.......G..<.}.T....2..@.G@Dx.........I.....IMD.K.D...D....'-..%...(..".ENIY.MP......._.@...`.cRacS.s2r..w/.]..;.".E(.r........ ...........H(h.X.wo.~;..............~;..v..F..x.*.........- &...hu7...9%..c <....>..*j.Z:.N.n.^.O...%$...UT..54...ML..-,..

          C:\Users\user\Downloads\downloaded.pdf.crdownload

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:PDF document, version 2.0 (zip deflate encoded)
          Category:dropped
          Size (bytes):55208
          Entropy (8bit):7.994022764704304
          Encrypted:true
          SSDEEP:1536:gUxOcUoJVqwAcTlDu8tbqpzMAuRO/HG29G:d0cOwAKDFdCear9G
          MD5:5D51AEB14FCB57AA856B890378078CDD
          SHA1:80BAC1D83C6DFB55F5EEEA89BB127FCA89123A98
          SHA-256:C440AB776A9FAD8C97DECFD95241E5D2BA0EEAF0D1BFFC8DD332DE0BAB1036F7
          SHA-512:B0CF307F1D964052E560906F83326982B0AD5F08A2A1503B33CB2161DE248E28A9FC9A03BCFB7F2889525A4E44DA305945702233CC2CC841E3890531EE28FDC7
          Malicious:false
          Reputation:low
          Preview:%PDF-2.0.%.....1 0 obj<</Type/Catalog/Pages 3 0 R>>.endobj.2 0 obj<</Type/ObjStm/N 5/First 27/Filter/FlateDecode/Length 355>>stream.x.mOkO.0..+.....n...B.#D#..M.c..(0......n...I...s.....|.]...>. .1..}..;*..*.:..Y.".....`.[.s...H..... ..p.J].RUZ..m.RS......c....SB....."..0,.m.....64....h..;......+...cK..Q....L....Q.........ph[.Q.fq..%..].g...V.p).^.3.....}...."....w....%>,...l.9.=.5!.M.t...w.P7..\.{..~....3...F.Z.t...WN..;.j..9.[MHp.Y.......&...u6..r&=J(#>.^.J.........endstream.endobj.5 0 obj<</Type/XObject/Subtype/Image/Width 1240/Height 1192/BitsPerComponent 8/ColorSpace/DeviceRGB/Filter[/FlateDecode/DCTDecode]/DecodeParms[null<</Quality 60>>]/Length 54082>>stream.x...X.].&Xxpw.....'xpw...K...=....Cp.....e.....kvfw{zf.......G..<.}.T....2..@.G@Dx.........I.....IMD.K.D...D....'-..%...(..".ENIY.MP......._.@...`.cRacS.s2r..w/.]..;.".E(.r........ ...........H(h.X.wo.~;..............~;..v..F..x.*.........- &...hu7...9%..c <....>..*j.Z:.N.n.^.O...%$...UT..54...ML..-,..

          C:\Users\user\Downloads\faac17d1-b56c-45d3-9311-0a820fb1cc03.tmp

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:PDF document, version 2.0 (zip deflate encoded)
          Category:dropped
          Size (bytes):3381
          Entropy (8bit):7.914595593671094
          Encrypted:false
          SSDEEP:48:Zdh1DBWMXC6RJUNkG/RhvJLh4g05YxcyD9+9AOxoC4xnl+bnbVdCzEYv0WW5r+yA:ZdbDQxDJLh4g6scog9rofl+bb/CHdT
          MD5:0F918115E071102742346D7C5C6C1EC8
          SHA1:B8F3606876BB00B1DB4A7A14BBD1B262449FF235
          SHA-256:6183A789E827838BA2D3A2DCAE4A03B2100FCD9C426B524091BE7C1240AC6D3F
          SHA-512:EC96E4DC081D6FE472010174A357C4E50AC8B226846F5E14DC075501FB1422C206FCA7F168CD7BF7E57B8269FABE6D5BFDE36F8107171ACCF6BAB2623A80B5BD
          Malicious:false
          Reputation:low
          Preview:%PDF-2.0.%.....1 0 obj<</Type/Catalog/Pages 3 0 R>>.endobj.2 0 obj<</Type/ObjStm/N 5/First 27/Filter/FlateDecode/Length 355>>stream.x.mOkO.0..+.....n...B.#D#..M.c..(0......n...I...s.....|.]...>. .1..}..;*..*.:..Y.".....`.[.s...H..... ..p.J].RUZ..m.RS......c....SB....."..0,.m.....64....h..;......+...cK..Q....L....Q.........ph[.Q.fq..%..].g...V.p).^.3.....}...."....w....%>,...l.9.=.5!.M.t...w.P7..\.{..~....3...F.Z.t...WN..;.j..9.[MHp.Y.......&...u6..r&=J(#>.^.J.........endstream.endobj.5 0 obj<</Type/XObject/Subtype/Image/Width 1240/Height 1192/BitsPerComponent 8/ColorSpace/DeviceRGB/Filter[/FlateDecode/DCTDecode]/DecodeParms[null<</Quality 60>>]/Length 54082>>stream.x...X.].&Xxpw.....'xpw...K...=....Cp.....e.....kvfw{zf.......G..<.}.T....2..@.G@Dx.........I.....IMD.K.D...D....'-..%...(..".ENIY.MP......._.@...`.cRacS.s2r..w/.]..;.".E(.r........ ...........H(h.X.wo.~;..............~;..v..F..x.*.........- &...hu7...9%..c <....>..*j.Z:.N.n.^.O...%$...UT..54...ML..-,..

          Chrome Cache Entry: 162

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows icon resource - 3 icons, 16x16, 8 bits/pixel, 32x32, 8 bits/pixel
          Category:downloaded
          Size (bytes):13294
          Entropy (8bit):4.175578761210609
          Encrypted:false
          SSDEEP:96:HMH+O1hKVXVAQUmaZ8PNfNNF7yS0wNBupelswk826v5:HM3hKVv3aZ8PN/vzfCjkv
          MD5:87A8B6CADDB0FE093E46BF24FC80F155
          SHA1:E1E44B9A1A1D8ACC06B1FCB75207ED3CD0082713
          SHA-256:6921180D2F5AA10F464C8DAEE904D5ADFAB0765F0BB763EDBDD323017FB11204
          SHA-512:D427445AA888587CB9678A8B24070BE1F8370B887823C0C9E43DA70AE93675238A4A1B9BFE1D9BD625A0DE50EE922A23A0943D19BA998B68951611A408B03F1E
          Malicious:false
          Reputation:low
          URL:https://res.cloudinary.com/favicon.ico
          Preview:..............h...6... ..............00.... ..%..F...(....... ................................H4..TA..Q>...q..............o`..v......VC..`N......WD..........S@......R?......|n..l[........|..iX...........xj..w..zk..J7..N;......VD...........{m..........m]......k[....td..L9......]L..te......~.....UB..m^........q..........|m.......}n..I5..YG..P=..K7..XF...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          Chrome Cache Entry: 163

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:PDF document, version 2.0 (zip deflate encoded)
          Category:downloaded
          Size (bytes):55208
          Entropy (8bit):7.994022764704304
          Encrypted:true
          SSDEEP:1536:gUxOcUoJVqwAcTlDu8tbqpzMAuRO/HG29G:d0cOwAKDFdCear9G
          MD5:5D51AEB14FCB57AA856B890378078CDD
          SHA1:80BAC1D83C6DFB55F5EEEA89BB127FCA89123A98
          SHA-256:C440AB776A9FAD8C97DECFD95241E5D2BA0EEAF0D1BFFC8DD332DE0BAB1036F7
          SHA-512:B0CF307F1D964052E560906F83326982B0AD5F08A2A1503B33CB2161DE248E28A9FC9A03BCFB7F2889525A4E44DA305945702233CC2CC841E3890531EE28FDC7
          Malicious:false
          Reputation:low
          URL:https://res.cloudinary.com/dkqffqmhj/image/upload/v1711648081/%282%29%20New%20Doc.pdf
          Preview:%PDF-2.0.%.....1 0 obj<</Type/Catalog/Pages 3 0 R>>.endobj.2 0 obj<</Type/ObjStm/N 5/First 27/Filter/FlateDecode/Length 355>>stream.x.mOkO.0..+.....n...B.#D#..M.c..(0......n...I...s.....|.]...>. .1..}..;*..*.:..Y.".....`.[.s...H..... ..p.J].RUZ..m.RS......c....SB....."..0,.m.....64....h..;......+...cK..Q....L....Q.........ph[.Q.fq..%..].g...V.p).^.3.....}...."....w....%>,...l.9.=.5!.M.t...w.P7..\.{..~....3...F.Z.t...WN..;.j..9.[MHp.Y.......&...u6..r&=J(#>.^.J.........endstream.endobj.5 0 obj<</Type/XObject/Subtype/Image/Width 1240/Height 1192/BitsPerComponent 8/ColorSpace/DeviceRGB/Filter[/FlateDecode/DCTDecode]/DecodeParms[null<</Quality 60>>]/Length 54082>>stream.x...X.].&Xxpw.....'xpw...K...=....Cp.....e.....kvfw{zf.......G..<.}.T....2..@.G@Dx.........I.....IMD.K.D...D....'-..%...(..".ENIY.MP......._.@...`.cRacS.s2r..w/.]..;.".E(.r........ ...........H(h.X.wo.~;..............~;..v..F..x.*.........- &...hu7...9%..c <....>..*j.Z:.N.n.^.O...%$...UT..54...ML..-,..

          Chrome Cache Entry: 164

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows icon resource - 3 icons, 16x16, 8 bits/pixel, 32x32, 8 bits/pixel
          Category:dropped
          Size (bytes):13294
          Entropy (8bit):4.175578761210609
          Encrypted:false
          SSDEEP:96:HMH+O1hKVXVAQUmaZ8PNfNNF7yS0wNBupelswk826v5:HM3hKVv3aZ8PN/vzfCjkv
          MD5:87A8B6CADDB0FE093E46BF24FC80F155
          SHA1:E1E44B9A1A1D8ACC06B1FCB75207ED3CD0082713
          SHA-256:6921180D2F5AA10F464C8DAEE904D5ADFAB0765F0BB763EDBDD323017FB11204
          SHA-512:D427445AA888587CB9678A8B24070BE1F8370B887823C0C9E43DA70AE93675238A4A1B9BFE1D9BD625A0DE50EE922A23A0943D19BA998B68951611A408B03F1E
          Malicious:false
          Reputation:low
          Preview:..............h...6... ..............00.... ..%..F...(....... ................................H4..TA..Q>...q..............o`..v......VC..`N......WD..........S@......R?......|n..l[........|..iX...........xj..w..zk..J7..N;......VD...........{m..........m]......k[....td..L9......]L..te......~.....UB..m^........q..........|m.......}n..I5..YG..P=..K7..XF...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          Static File Info

          No static file info

          File Icon

          Icon Hash:00b29a8e86828200

          Network Behavior

          Network Port Distribution

          TCP Packets

          TimestampSource PortDest PortSource IPDest IP
          Mar 28, 2024 23:11:21.249185085 CET49674443192.168.2.523.1.237.91
          Mar 28, 2024 23:11:21.249191999 CET49675443192.168.2.523.1.237.91
          Mar 28, 2024 23:11:21.374295950 CET49673443192.168.2.523.1.237.91
          Mar 28, 2024 23:11:28.977720022 CET49717443192.168.2.5142.251.167.105
          Mar 28, 2024 23:11:28.977744102 CET44349717142.251.167.105192.168.2.5
          Mar 28, 2024 23:11:28.977845907 CET49717443192.168.2.5142.251.167.105
          Mar 28, 2024 23:11:28.979027033 CET49717443192.168.2.5142.251.167.105
          Mar 28, 2024 23:11:28.979038000 CET44349717142.251.167.105192.168.2.5
          Mar 28, 2024 23:11:29.256728888 CET44349717142.251.167.105192.168.2.5
          Mar 28, 2024 23:11:29.258759975 CET49717443192.168.2.5142.251.167.105
          Mar 28, 2024 23:11:29.258775949 CET44349717142.251.167.105192.168.2.5
          Mar 28, 2024 23:11:29.259673119 CET44349717142.251.167.105192.168.2.5
          Mar 28, 2024 23:11:29.259743929 CET49717443192.168.2.5142.251.167.105
          Mar 28, 2024 23:11:29.655538082 CET49717443192.168.2.5142.251.167.105
          Mar 28, 2024 23:11:29.655659914 CET44349717142.251.167.105192.168.2.5
          Mar 28, 2024 23:11:29.696796894 CET49717443192.168.2.5142.251.167.105
          Mar 28, 2024 23:11:29.696805954 CET44349717142.251.167.105192.168.2.5
          Mar 28, 2024 23:11:29.739357948 CET49717443192.168.2.5142.251.167.105
          Mar 28, 2024 23:11:30.862308979 CET49675443192.168.2.523.1.237.91
          Mar 28, 2024 23:11:30.862309933 CET49674443192.168.2.523.1.237.91
          Mar 28, 2024 23:11:30.948415995 CET49718443192.168.2.523.41.168.93
          Mar 28, 2024 23:11:30.948453903 CET4434971823.41.168.93192.168.2.5
          Mar 28, 2024 23:11:30.948662996 CET49718443192.168.2.523.41.168.93
          Mar 28, 2024 23:11:30.950694084 CET49718443192.168.2.523.41.168.93
          Mar 28, 2024 23:11:30.950710058 CET4434971823.41.168.93192.168.2.5
          Mar 28, 2024 23:11:30.977252007 CET49673443192.168.2.523.1.237.91
          Mar 28, 2024 23:11:31.160254002 CET4434971823.41.168.93192.168.2.5
          Mar 28, 2024 23:11:31.160353899 CET49718443192.168.2.523.41.168.93
          Mar 28, 2024 23:11:31.165237904 CET49718443192.168.2.523.41.168.93
          Mar 28, 2024 23:11:31.165251017 CET4434971823.41.168.93192.168.2.5
          Mar 28, 2024 23:11:31.165493965 CET4434971823.41.168.93192.168.2.5
          Mar 28, 2024 23:11:31.205981970 CET49718443192.168.2.523.41.168.93
          Mar 28, 2024 23:11:31.278944016 CET49718443192.168.2.523.41.168.93
          Mar 28, 2024 23:11:31.320244074 CET4434971823.41.168.93192.168.2.5
          Mar 28, 2024 23:11:31.379782915 CET4434971823.41.168.93192.168.2.5
          Mar 28, 2024 23:11:31.379981995 CET4434971823.41.168.93192.168.2.5
          Mar 28, 2024 23:11:31.379987955 CET49718443192.168.2.523.41.168.93
          Mar 28, 2024 23:11:31.380039930 CET4434971823.41.168.93192.168.2.5
          Mar 28, 2024 23:11:31.380059958 CET49718443192.168.2.523.41.168.93
          Mar 28, 2024 23:11:31.380059958 CET49718443192.168.2.523.41.168.93
          Mar 28, 2024 23:11:31.380072117 CET4434971823.41.168.93192.168.2.5
          Mar 28, 2024 23:11:31.380079985 CET4434971823.41.168.93192.168.2.5
          Mar 28, 2024 23:11:31.413157940 CET49719443192.168.2.523.41.168.93
          Mar 28, 2024 23:11:31.413204908 CET4434971923.41.168.93192.168.2.5
          Mar 28, 2024 23:11:31.413306952 CET49719443192.168.2.523.41.168.93
          Mar 28, 2024 23:11:31.413568020 CET49719443192.168.2.523.41.168.93
          Mar 28, 2024 23:11:31.413585901 CET4434971923.41.168.93192.168.2.5
          Mar 28, 2024 23:11:31.621433020 CET4434971923.41.168.93192.168.2.5
          Mar 28, 2024 23:11:31.621505022 CET49719443192.168.2.523.41.168.93
          Mar 28, 2024 23:11:31.622785091 CET49719443192.168.2.523.41.168.93
          Mar 28, 2024 23:11:31.622792959 CET4434971923.41.168.93192.168.2.5
          Mar 28, 2024 23:11:31.623023033 CET4434971923.41.168.93192.168.2.5
          Mar 28, 2024 23:11:31.624109030 CET49719443192.168.2.523.41.168.93
          Mar 28, 2024 23:11:31.664233923 CET4434971923.41.168.93192.168.2.5
          Mar 28, 2024 23:11:31.823926926 CET4434971923.41.168.93192.168.2.5
          Mar 28, 2024 23:11:31.824122906 CET4434971923.41.168.93192.168.2.5
          Mar 28, 2024 23:11:31.824224949 CET49719443192.168.2.523.41.168.93
          Mar 28, 2024 23:11:31.826059103 CET49719443192.168.2.523.41.168.93
          Mar 28, 2024 23:11:31.826077938 CET4434971923.41.168.93192.168.2.5
          Mar 28, 2024 23:11:31.826088905 CET49719443192.168.2.523.41.168.93
          Mar 28, 2024 23:11:31.826093912 CET4434971923.41.168.93192.168.2.5
          Mar 28, 2024 23:11:32.340230942 CET4434970323.1.237.91192.168.2.5
          Mar 28, 2024 23:11:32.340317965 CET49703443192.168.2.523.1.237.91
          Mar 28, 2024 23:11:39.256356955 CET44349717142.251.167.105192.168.2.5
          Mar 28, 2024 23:11:39.256413937 CET44349717142.251.167.105192.168.2.5
          Mar 28, 2024 23:11:39.256658077 CET49717443192.168.2.5142.251.167.105
          Mar 28, 2024 23:11:39.293801069 CET49717443192.168.2.5142.251.167.105
          Mar 28, 2024 23:11:39.293818951 CET44349717142.251.167.105192.168.2.5
          Mar 28, 2024 23:11:41.303649902 CET49720443192.168.2.540.68.123.157
          Mar 28, 2024 23:11:41.303694010 CET4434972040.68.123.157192.168.2.5
          Mar 28, 2024 23:11:41.303827047 CET49720443192.168.2.540.68.123.157
          Mar 28, 2024 23:11:41.304909945 CET49720443192.168.2.540.68.123.157
          Mar 28, 2024 23:11:41.304922104 CET4434972040.68.123.157192.168.2.5
          Mar 28, 2024 23:11:41.872323990 CET4434972040.68.123.157192.168.2.5
          Mar 28, 2024 23:11:41.872392893 CET49720443192.168.2.540.68.123.157
          Mar 28, 2024 23:11:41.885647058 CET49720443192.168.2.540.68.123.157
          Mar 28, 2024 23:11:41.885658979 CET4434972040.68.123.157192.168.2.5
          Mar 28, 2024 23:11:41.885921955 CET4434972040.68.123.157192.168.2.5
          Mar 28, 2024 23:11:41.938138962 CET49720443192.168.2.540.68.123.157
          Mar 28, 2024 23:11:42.415951014 CET49720443192.168.2.540.68.123.157
          Mar 28, 2024 23:11:42.456244946 CET4434972040.68.123.157192.168.2.5
          Mar 28, 2024 23:11:42.544570923 CET49703443192.168.2.523.1.237.91
          Mar 28, 2024 23:11:42.544732094 CET49703443192.168.2.523.1.237.91
          Mar 28, 2024 23:11:42.545008898 CET49724443192.168.2.523.1.237.91
          Mar 28, 2024 23:11:42.545044899 CET4434972423.1.237.91192.168.2.5
          Mar 28, 2024 23:11:42.545252085 CET49724443192.168.2.523.1.237.91
          Mar 28, 2024 23:11:42.546194077 CET49724443192.168.2.523.1.237.91
          Mar 28, 2024 23:11:42.546207905 CET4434972423.1.237.91192.168.2.5
          Mar 28, 2024 23:11:42.702155113 CET4434970323.1.237.91192.168.2.5
          Mar 28, 2024 23:11:42.702275991 CET4434970323.1.237.91192.168.2.5
          Mar 28, 2024 23:11:42.784523964 CET4434972040.68.123.157192.168.2.5
          Mar 28, 2024 23:11:42.784549952 CET4434972040.68.123.157192.168.2.5
          Mar 28, 2024 23:11:42.784557104 CET4434972040.68.123.157192.168.2.5
          Mar 28, 2024 23:11:42.784584999 CET4434972040.68.123.157192.168.2.5
          Mar 28, 2024 23:11:42.784596920 CET4434972040.68.123.157192.168.2.5
          Mar 28, 2024 23:11:42.784607887 CET4434972040.68.123.157192.168.2.5
          Mar 28, 2024 23:11:42.784620047 CET49720443192.168.2.540.68.123.157
          Mar 28, 2024 23:11:42.784650087 CET4434972040.68.123.157192.168.2.5
          Mar 28, 2024 23:11:42.784670115 CET49720443192.168.2.540.68.123.157
          Mar 28, 2024 23:11:42.784706116 CET49720443192.168.2.540.68.123.157
          Mar 28, 2024 23:11:42.784918070 CET4434972040.68.123.157192.168.2.5
          Mar 28, 2024 23:11:42.784981966 CET49720443192.168.2.540.68.123.157
          Mar 28, 2024 23:11:42.784995079 CET4434972040.68.123.157192.168.2.5
          Mar 28, 2024 23:11:42.785005093 CET4434972040.68.123.157192.168.2.5
          Mar 28, 2024 23:11:42.785070896 CET49720443192.168.2.540.68.123.157
          Mar 28, 2024 23:11:42.877002954 CET4434972423.1.237.91192.168.2.5
          Mar 28, 2024 23:11:42.877078056 CET49724443192.168.2.523.1.237.91
          Mar 28, 2024 23:11:42.893742085 CET49724443192.168.2.523.1.237.91
          Mar 28, 2024 23:11:42.893753052 CET4434972423.1.237.91192.168.2.5
          Mar 28, 2024 23:11:42.894032001 CET4434972423.1.237.91192.168.2.5
          Mar 28, 2024 23:11:42.894103050 CET49724443192.168.2.523.1.237.91
          Mar 28, 2024 23:11:42.894491911 CET49724443192.168.2.523.1.237.91
          Mar 28, 2024 23:11:42.894519091 CET4434972423.1.237.91192.168.2.5
          Mar 28, 2024 23:11:42.894707918 CET49724443192.168.2.523.1.237.91
          Mar 28, 2024 23:11:42.894715071 CET4434972423.1.237.91192.168.2.5
          Mar 28, 2024 23:11:43.012996912 CET49720443192.168.2.540.68.123.157
          Mar 28, 2024 23:11:43.013026953 CET4434972040.68.123.157192.168.2.5
          Mar 28, 2024 23:11:43.013036966 CET49720443192.168.2.540.68.123.157
          Mar 28, 2024 23:11:43.013047934 CET4434972040.68.123.157192.168.2.5
          Mar 28, 2024 23:11:43.317157030 CET4434972423.1.237.91192.168.2.5
          Mar 28, 2024 23:11:43.317229986 CET49724443192.168.2.523.1.237.91
          Mar 28, 2024 23:11:43.317765951 CET4434972423.1.237.91192.168.2.5
          Mar 28, 2024 23:11:43.317812920 CET4434972423.1.237.91192.168.2.5
          Mar 28, 2024 23:11:43.317826986 CET49724443192.168.2.523.1.237.91
          Mar 28, 2024 23:11:43.317861080 CET49724443192.168.2.523.1.237.91
          Mar 28, 2024 23:12:19.473000050 CET49727443192.168.2.540.68.123.157
          Mar 28, 2024 23:12:19.473025084 CET4434972740.68.123.157192.168.2.5
          Mar 28, 2024 23:12:19.473170042 CET49727443192.168.2.540.68.123.157
          Mar 28, 2024 23:12:19.473500013 CET49727443192.168.2.540.68.123.157
          Mar 28, 2024 23:12:19.473512888 CET4434972740.68.123.157192.168.2.5
          Mar 28, 2024 23:12:20.014621019 CET4434972740.68.123.157192.168.2.5
          Mar 28, 2024 23:12:20.014774084 CET49727443192.168.2.540.68.123.157
          Mar 28, 2024 23:12:20.018198013 CET49727443192.168.2.540.68.123.157
          Mar 28, 2024 23:12:20.018207073 CET4434972740.68.123.157192.168.2.5
          Mar 28, 2024 23:12:20.018433094 CET4434972740.68.123.157192.168.2.5
          Mar 28, 2024 23:12:20.026515007 CET49727443192.168.2.540.68.123.157
          Mar 28, 2024 23:12:20.072230101 CET4434972740.68.123.157192.168.2.5
          Mar 28, 2024 23:12:20.542064905 CET4434972740.68.123.157192.168.2.5
          Mar 28, 2024 23:12:20.542088032 CET4434972740.68.123.157192.168.2.5
          Mar 28, 2024 23:12:20.542100906 CET4434972740.68.123.157192.168.2.5
          Mar 28, 2024 23:12:20.542156935 CET49727443192.168.2.540.68.123.157
          Mar 28, 2024 23:12:20.542174101 CET4434972740.68.123.157192.168.2.5
          Mar 28, 2024 23:12:20.542234898 CET49727443192.168.2.540.68.123.157
          Mar 28, 2024 23:12:20.542435884 CET4434972740.68.123.157192.168.2.5
          Mar 28, 2024 23:12:20.542465925 CET4434972740.68.123.157192.168.2.5
          Mar 28, 2024 23:12:20.542514086 CET4434972740.68.123.157192.168.2.5
          Mar 28, 2024 23:12:20.542545080 CET49727443192.168.2.540.68.123.157
          Mar 28, 2024 23:12:20.544058084 CET49727443192.168.2.540.68.123.157
          Mar 28, 2024 23:12:20.546104908 CET49727443192.168.2.540.68.123.157
          Mar 28, 2024 23:12:20.546124935 CET4434972740.68.123.157192.168.2.5
          Mar 28, 2024 23:12:20.546176910 CET49727443192.168.2.540.68.123.157
          Mar 28, 2024 23:12:20.546181917 CET4434972740.68.123.157192.168.2.5
          Mar 28, 2024 23:12:28.928225040 CET49729443192.168.2.5142.251.167.105
          Mar 28, 2024 23:12:28.928253889 CET44349729142.251.167.105192.168.2.5
          Mar 28, 2024 23:12:28.932789087 CET49729443192.168.2.5142.251.167.105
          Mar 28, 2024 23:12:28.933048010 CET49729443192.168.2.5142.251.167.105
          Mar 28, 2024 23:12:28.933064938 CET44349729142.251.167.105192.168.2.5
          Mar 28, 2024 23:12:29.205267906 CET44349729142.251.167.105192.168.2.5
          Mar 28, 2024 23:12:29.205645084 CET49729443192.168.2.5142.251.167.105
          Mar 28, 2024 23:12:29.205665112 CET44349729142.251.167.105192.168.2.5
          Mar 28, 2024 23:12:29.205959082 CET44349729142.251.167.105192.168.2.5
          Mar 28, 2024 23:12:29.206372976 CET49729443192.168.2.5142.251.167.105
          Mar 28, 2024 23:12:29.206422091 CET44349729142.251.167.105192.168.2.5
          Mar 28, 2024 23:12:29.252398968 CET49729443192.168.2.5142.251.167.105
          Mar 28, 2024 23:12:39.210418940 CET44349729142.251.167.105192.168.2.5
          Mar 28, 2024 23:12:39.210484982 CET44349729142.251.167.105192.168.2.5
          Mar 28, 2024 23:12:39.210715055 CET49729443192.168.2.5142.251.167.105
          Mar 28, 2024 23:12:39.278378963 CET49729443192.168.2.5142.251.167.105
          Mar 28, 2024 23:12:39.278398037 CET44349729142.251.167.105192.168.2.5
          Mar 28, 2024 23:12:50.240839005 CET49734443192.168.2.5162.159.61.3
          Mar 28, 2024 23:12:50.240885973 CET44349734162.159.61.3192.168.2.5
          Mar 28, 2024 23:12:50.241123915 CET49734443192.168.2.5162.159.61.3
          Mar 28, 2024 23:12:50.241399050 CET49735443192.168.2.5162.159.61.3
          Mar 28, 2024 23:12:50.241439104 CET44349735162.159.61.3192.168.2.5
          Mar 28, 2024 23:12:50.241542101 CET49735443192.168.2.5162.159.61.3
          Mar 28, 2024 23:12:50.241573095 CET49734443192.168.2.5162.159.61.3
          Mar 28, 2024 23:12:50.241588116 CET44349734162.159.61.3192.168.2.5
          Mar 28, 2024 23:12:50.241688967 CET49735443192.168.2.5162.159.61.3
          Mar 28, 2024 23:12:50.241704941 CET44349735162.159.61.3192.168.2.5
          Mar 28, 2024 23:12:50.446768045 CET44349734162.159.61.3192.168.2.5
          Mar 28, 2024 23:12:50.447177887 CET49734443192.168.2.5162.159.61.3
          Mar 28, 2024 23:12:50.447227001 CET44349734162.159.61.3192.168.2.5
          Mar 28, 2024 23:12:50.448252916 CET44349735162.159.61.3192.168.2.5
          Mar 28, 2024 23:12:50.448524952 CET44349734162.159.61.3192.168.2.5
          Mar 28, 2024 23:12:50.448596954 CET49734443192.168.2.5162.159.61.3
          Mar 28, 2024 23:12:50.448637962 CET49735443192.168.2.5162.159.61.3
          Mar 28, 2024 23:12:50.448667049 CET44349735162.159.61.3192.168.2.5
          Mar 28, 2024 23:12:50.449712038 CET44349735162.159.61.3192.168.2.5
          Mar 28, 2024 23:12:50.449795008 CET49735443192.168.2.5162.159.61.3
          Mar 28, 2024 23:12:50.451066971 CET49734443192.168.2.5162.159.61.3
          Mar 28, 2024 23:12:50.451142073 CET44349734162.159.61.3192.168.2.5
          Mar 28, 2024 23:12:50.451354980 CET49734443192.168.2.5162.159.61.3
          Mar 28, 2024 23:12:50.451370955 CET44349734162.159.61.3192.168.2.5
          Mar 28, 2024 23:12:50.452121973 CET49735443192.168.2.5162.159.61.3
          Mar 28, 2024 23:12:50.452193022 CET44349735162.159.61.3192.168.2.5
          Mar 28, 2024 23:12:50.452287912 CET49735443192.168.2.5162.159.61.3
          Mar 28, 2024 23:12:50.500253916 CET44349735162.159.61.3192.168.2.5
          Mar 28, 2024 23:12:50.500463963 CET49735443192.168.2.5162.159.61.3
          Mar 28, 2024 23:12:50.500483990 CET44349735162.159.61.3192.168.2.5
          Mar 28, 2024 23:12:50.522181988 CET49734443192.168.2.5162.159.61.3
          Mar 28, 2024 23:12:50.553442001 CET49735443192.168.2.5162.159.61.3
          Mar 28, 2024 23:12:50.672276974 CET44349734162.159.61.3192.168.2.5
          Mar 28, 2024 23:12:50.672364950 CET44349734162.159.61.3192.168.2.5
          Mar 28, 2024 23:12:50.672641993 CET49734443192.168.2.5162.159.61.3
          Mar 28, 2024 23:12:50.672743082 CET49734443192.168.2.5162.159.61.3
          Mar 28, 2024 23:12:50.672763109 CET44349734162.159.61.3192.168.2.5
          Mar 28, 2024 23:12:50.674714088 CET44349735162.159.61.3192.168.2.5
          Mar 28, 2024 23:12:50.674770117 CET44349735162.159.61.3192.168.2.5
          Mar 28, 2024 23:12:50.674838066 CET49735443192.168.2.5162.159.61.3
          Mar 28, 2024 23:12:50.674932957 CET49735443192.168.2.5162.159.61.3
          Mar 28, 2024 23:12:50.674948931 CET44349735162.159.61.3192.168.2.5
          Mar 28, 2024 23:12:56.854593992 CET49737443192.168.2.523.47.168.24
          Mar 28, 2024 23:12:56.854621887 CET4434973723.47.168.24192.168.2.5
          Mar 28, 2024 23:12:56.854831934 CET49737443192.168.2.523.47.168.24
          Mar 28, 2024 23:12:56.855535030 CET49737443192.168.2.523.47.168.24
          Mar 28, 2024 23:12:56.855546951 CET4434973723.47.168.24192.168.2.5
          Mar 28, 2024 23:12:57.164170980 CET4434973723.47.168.24192.168.2.5
          Mar 28, 2024 23:12:57.164813995 CET49737443192.168.2.523.47.168.24
          Mar 28, 2024 23:12:57.164824963 CET4434973723.47.168.24192.168.2.5
          Mar 28, 2024 23:12:57.165827990 CET4434973723.47.168.24192.168.2.5
          Mar 28, 2024 23:12:57.165896893 CET49737443192.168.2.523.47.168.24
          Mar 28, 2024 23:12:57.167849064 CET49737443192.168.2.523.47.168.24
          Mar 28, 2024 23:12:57.167905092 CET4434973723.47.168.24192.168.2.5
          Mar 28, 2024 23:12:57.168195963 CET49737443192.168.2.523.47.168.24
          Mar 28, 2024 23:12:57.168203115 CET4434973723.47.168.24192.168.2.5
          Mar 28, 2024 23:12:57.210026979 CET49737443192.168.2.523.47.168.24
          Mar 28, 2024 23:12:57.279690027 CET4434973723.47.168.24192.168.2.5
          Mar 28, 2024 23:12:57.279858112 CET4434973723.47.168.24192.168.2.5
          Mar 28, 2024 23:12:57.279920101 CET49737443192.168.2.523.47.168.24
          Mar 28, 2024 23:12:57.283600092 CET49737443192.168.2.523.47.168.24
          Mar 28, 2024 23:12:57.283616066 CET4434973723.47.168.24192.168.2.5

          UDP Packets

          TimestampSource PortDest PortSource IPDest IP
          Mar 28, 2024 23:11:24.868475914 CET53554631.1.1.1192.168.2.5
          Mar 28, 2024 23:11:24.874964952 CET53492171.1.1.1192.168.2.5
          Mar 28, 2024 23:11:25.655558109 CET53534981.1.1.1192.168.2.5
          Mar 28, 2024 23:11:26.120434999 CET5950553192.168.2.51.1.1.1
          Mar 28, 2024 23:11:26.120682955 CET5491853192.168.2.51.1.1.1
          Mar 28, 2024 23:11:27.322467089 CET6180053192.168.2.51.1.1.1
          Mar 28, 2024 23:11:27.322616100 CET6221653192.168.2.51.1.1.1
          Mar 28, 2024 23:11:27.419275045 CET53622161.1.1.1192.168.2.5
          Mar 28, 2024 23:11:28.870691061 CET5347753192.168.2.51.1.1.1
          Mar 28, 2024 23:11:28.871167898 CET5234553192.168.2.51.1.1.1
          Mar 28, 2024 23:11:28.965455055 CET53534771.1.1.1192.168.2.5
          Mar 28, 2024 23:11:28.965981007 CET53523451.1.1.1192.168.2.5
          Mar 28, 2024 23:11:43.759943962 CET53610571.1.1.1192.168.2.5
          Mar 28, 2024 23:12:02.491202116 CET53636271.1.1.1192.168.2.5
          Mar 28, 2024 23:12:24.695684910 CET53563281.1.1.1192.168.2.5
          Mar 28, 2024 23:12:24.815535069 CET53614181.1.1.1192.168.2.5
          Mar 28, 2024 23:12:50.144294977 CET5033553192.168.2.51.1.1.1
          Mar 28, 2024 23:12:50.239780903 CET53503351.1.1.1192.168.2.5
          Mar 28, 2024 23:12:52.138633966 CET53542241.1.1.1192.168.2.5
          Mar 28, 2024 23:12:56.619680882 CET49798443192.168.2.5162.159.61.3
          Mar 28, 2024 23:12:56.716571093 CET44349798162.159.61.3192.168.2.5
          Mar 28, 2024 23:12:56.716831923 CET44349798162.159.61.3192.168.2.5
          Mar 28, 2024 23:12:56.716845036 CET44349798162.159.61.3192.168.2.5
          Mar 28, 2024 23:12:56.718839884 CET49798443192.168.2.5162.159.61.3
          Mar 28, 2024 23:12:56.734236956 CET49798443192.168.2.5162.159.61.3
          Mar 28, 2024 23:12:56.734558105 CET49798443192.168.2.5162.159.61.3
          Mar 28, 2024 23:12:56.734960079 CET49798443192.168.2.5162.159.61.3
          Mar 28, 2024 23:12:56.828608036 CET44349798162.159.61.3192.168.2.5
          Mar 28, 2024 23:12:56.828627110 CET44349798162.159.61.3192.168.2.5
          Mar 28, 2024 23:12:56.828636885 CET44349798162.159.61.3192.168.2.5
          Mar 28, 2024 23:12:56.828648090 CET44349798162.159.61.3192.168.2.5
          Mar 28, 2024 23:12:56.828658104 CET44349798162.159.61.3192.168.2.5
          Mar 28, 2024 23:12:56.830153942 CET44349798162.159.61.3192.168.2.5
          Mar 28, 2024 23:12:56.833131075 CET44349798162.159.61.3192.168.2.5
          Mar 28, 2024 23:12:56.853276968 CET49798443192.168.2.5162.159.61.3
          Mar 28, 2024 23:12:56.853713036 CET49798443192.168.2.5162.159.61.3
          Mar 28, 2024 23:12:56.880798101 CET49798443192.168.2.5162.159.61.3
          Mar 28, 2024 23:12:56.948338985 CET44349798162.159.61.3192.168.2.5
          Mar 28, 2024 23:12:56.975563049 CET49798443192.168.2.5162.159.61.3
          Mar 28, 2024 23:13:07.164541960 CET5442553192.168.2.51.1.1.1
          Mar 28, 2024 23:13:07.259680986 CET53544251.1.1.1192.168.2.5

          DNS Queries

          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
          Mar 28, 2024 23:11:26.120434999 CET192.168.2.51.1.1.10x22c9Standard query (0)res.cloudinary.comA (IP address)IN (0x0001)false
          Mar 28, 2024 23:11:26.120682955 CET192.168.2.51.1.1.10x1f0bStandard query (0)res.cloudinary.com65IN (0x0001)false
          Mar 28, 2024 23:11:27.322467089 CET192.168.2.51.1.1.10x5227Standard query (0)res.cloudinary.comA (IP address)IN (0x0001)false
          Mar 28, 2024 23:11:27.322616100 CET192.168.2.51.1.1.10x3625Standard query (0)res.cloudinary.com65IN (0x0001)false
          Mar 28, 2024 23:11:28.870691061 CET192.168.2.51.1.1.10x33bfStandard query (0)www.google.comA (IP address)IN (0x0001)false
          Mar 28, 2024 23:11:28.871167898 CET192.168.2.51.1.1.10x5d1Standard query (0)www.google.com65IN (0x0001)false
          Mar 28, 2024 23:12:50.144294977 CET192.168.2.51.1.1.10xb93bStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
          Mar 28, 2024 23:13:07.164541960 CET192.168.2.51.1.1.10xd294Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false

          DNS Answers

          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
          Mar 28, 2024 23:11:26.216777086 CET1.1.1.1192.168.2.50x22c9No error (0)res.cloudinary.comresc.cloudinary.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
          Mar 28, 2024 23:11:26.218193054 CET1.1.1.1192.168.2.50x1f0bNo error (0)res.cloudinary.comion.cloudinary.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
          Mar 28, 2024 23:11:27.417572975 CET1.1.1.1192.168.2.50x5227No error (0)res.cloudinary.comresc.cloudinary.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
          Mar 28, 2024 23:11:27.419275045 CET1.1.1.1192.168.2.50x3625No error (0)res.cloudinary.comresc.cloudinary.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
          Mar 28, 2024 23:11:28.965455055 CET1.1.1.1192.168.2.50x33bfNo error (0)www.google.com142.251.167.105A (IP address)IN (0x0001)false
          Mar 28, 2024 23:11:28.965455055 CET1.1.1.1192.168.2.50x33bfNo error (0)www.google.com142.251.167.106A (IP address)IN (0x0001)false
          Mar 28, 2024 23:11:28.965455055 CET1.1.1.1192.168.2.50x33bfNo error (0)www.google.com142.251.167.147A (IP address)IN (0x0001)false
          Mar 28, 2024 23:11:28.965455055 CET1.1.1.1192.168.2.50x33bfNo error (0)www.google.com142.251.167.103A (IP address)IN (0x0001)false
          Mar 28, 2024 23:11:28.965455055 CET1.1.1.1192.168.2.50x33bfNo error (0)www.google.com142.251.167.104A (IP address)IN (0x0001)false
          Mar 28, 2024 23:11:28.965455055 CET1.1.1.1192.168.2.50x33bfNo error (0)www.google.com142.251.167.99A (IP address)IN (0x0001)false
          Mar 28, 2024 23:11:28.965981007 CET1.1.1.1192.168.2.50x5d1No error (0)www.google.com65IN (0x0001)false
          Mar 28, 2024 23:12:50.239780903 CET1.1.1.1192.168.2.50xb93bNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
          Mar 28, 2024 23:12:50.239780903 CET1.1.1.1192.168.2.50xb93bNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
          Mar 28, 2024 23:13:07.259680986 CET1.1.1.1192.168.2.50xd294No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
          Mar 28, 2024 23:13:07.259680986 CET1.1.1.1192.168.2.50xd294No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false

          HTTP Request Dependency Graph

          • fs.microsoft.com
          • slscr.update.microsoft.com
          • https:
            • www.bing.com
          • chrome.cloudflare-dns.com
          • armmf.adobe.com

          HTTPS Proxied Packets

          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          0192.168.2.54971823.41.168.93443
          TimestampBytes transferredDirectionData
          2024-03-28 22:11:31 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
          Connection: Keep-Alive
          Accept: */*
          Accept-Encoding: identity
          User-Agent: Microsoft BITS/7.8
          Host: fs.microsoft.com
          2024-03-28 22:11:31 UTC467INHTTP/1.1 200 OK
          Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
          Content-Type: application/octet-stream
          ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
          Last-Modified: Tue, 16 May 2017 22:58:00 GMT
          Server: ECAcc (lpl/EF06)
          X-CID: 11
          X-Ms-ApiVersion: Distribute 1.2
          X-Ms-Region: prod-neu-z1
          Cache-Control: public, max-age=151146
          Date: Thu, 28 Mar 2024 22:11:31 GMT
          Connection: close
          X-CID: 2


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          1192.168.2.54971923.41.168.93443
          TimestampBytes transferredDirectionData
          2024-03-28 22:11:31 UTC239OUTGET /fs/windows/config.json HTTP/1.1
          Connection: Keep-Alive
          Accept: */*
          Accept-Encoding: identity
          If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
          Range: bytes=0-2147483646
          User-Agent: Microsoft BITS/7.8
          Host: fs.microsoft.com
          2024-03-28 22:11:31 UTC531INHTTP/1.1 200 OK
          Content-Type: application/octet-stream
          Last-Modified: Tue, 16 May 2017 22:58:00 GMT
          ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
          ApiVersion: Distribute 1.1
          Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
          X-Azure-Ref: 08K+nYgAAAACXC/Ywsy9UQ60qHfPpvzYzU0pDRURHRTA1MTIAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm
          Cache-Control: public, max-age=151080
          Date: Thu, 28 Mar 2024 22:11:31 GMT
          Content-Length: 55
          Connection: close
          X-CID: 2
          2024-03-28 22:11:31 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
          Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          2192.168.2.54972040.68.123.157443
          TimestampBytes transferredDirectionData
          2024-03-28 22:11:42 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Mz7pEoCWOxsfYor&MD=9sovUM1Z HTTP/1.1
          Connection: Keep-Alive
          Accept: */*
          User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
          Host: slscr.update.microsoft.com
          2024-03-28 22:11:42 UTC560INHTTP/1.1 200 OK
          Cache-Control: no-cache
          Pragma: no-cache
          Content-Type: application/octet-stream
          Expires: -1
          Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
          ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
          MS-CorrelationId: 7ab6d8f4-f4bf-4bda-8ab9-3a2935bee929
          MS-RequestId: 3b0c713f-738e-4323-8ca5-224d417be50b
          MS-CV: AsuTo+G55Uyq2BMR.0
          X-Microsoft-SLSClientCache: 2880
          Content-Disposition: attachment; filename=environment.cab
          X-Content-Type-Options: nosniff
          Date: Thu, 28 Mar 2024 22:11:42 GMT
          Connection: close
          Content-Length: 24490
          2024-03-28 22:11:42 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
          Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
          2024-03-28 22:11:42 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
          Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


          Session IDSource IPSource PortDestination IPDestination Port
          3192.168.2.54972423.1.237.91443
          TimestampBytes transferredDirectionData
          2024-03-28 22:11:42 UTC2148OUTPOST /threshold/xls.aspx HTTP/1.1
          Origin: https://www.bing.com
          Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
          Accept: */*
          Accept-Language: en-CH
          Content-type: text/xml
          X-Agent-DeviceId: 01000A410900D492
          X-BM-CBT: 1696428841
          X-BM-DateFormat: dd/MM/yyyy
          X-BM-DeviceDimensions: 784x984
          X-BM-DeviceDimensionsLogical: 784x984
          X-BM-DeviceScale: 100
          X-BM-DTZ: 120
          X-BM-Market: CH
          X-BM-Theme: 000000;0078d7
          X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E
          X-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22
          X-Device-isOptin: false
          X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
          X-Device-OSSKU: 48
          X-Device-Touch: false
          X-DeviceID: 01000A410900D492
          X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticsh
          X-MSEdge-ExternalExpType: JointCoord
          X-PositionerType: Desktop
          X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
          X-Search-CortanaAvailableCapabilities: None
          X-Search-SafeSearch: Moderate
          X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time
          X-UserAgeClass: Unknown
          Accept-Encoding: gzip, deflate, br
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
          Host: www.bing.com
          Content-Length: 2484
          Connection: Keep-Alive
          Cache-Control: no-cache
          Cookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1711663871039&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
          2024-03-28 22:11:42 UTC1OUTData Raw: 3c
          Data Ascii: <
          2024-03-28 22:11:42 UTC2483OUTData Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 33 36 34 34 46 44 37 34 44 46 31 36 36 31 38 46 30 38 46 37 45 43 30 33 44 45 35 35 36 30 30 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 37 35 32 32 38 31 35 36 37 30 33 41 34 30 44 35 42 39 37 45 35 41 36 38 33 36 46 32 41 31 43 45 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49
          Data Ascii: ClientInstRequest><CID>3644FD74DF16618F08F7EC03DE556001</CID><Events><E><T>Event.ClientInst</T><IG>75228156703A40D5B97E5A6836F2A1CE</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
          2024-03-28 22:11:43 UTC479INHTTP/1.1 204 No Content
          Access-Control-Allow-Origin: *
          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          X-MSEdge-Ref: Ref A: C6711F10D9FB49B28C652210C2BE2D1A Ref B: LAX311000114035 Ref C: 2024-03-28T22:11:43Z
          Date: Thu, 28 Mar 2024 22:11:43 GMT
          Connection: close
          Alt-Svc: h3=":443"; ma=93600
          X-CDN-TraceID: 0.57ed0117.1711663902.321bf9f


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          4192.168.2.54972740.68.123.157443
          TimestampBytes transferredDirectionData
          2024-03-28 22:12:20 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Mz7pEoCWOxsfYor&MD=9sovUM1Z HTTP/1.1
          Connection: Keep-Alive
          Accept: */*
          User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
          Host: slscr.update.microsoft.com
          2024-03-28 22:12:20 UTC560INHTTP/1.1 200 OK
          Cache-Control: no-cache
          Pragma: no-cache
          Content-Type: application/octet-stream
          Expires: -1
          Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
          ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"
          MS-CorrelationId: 461ee418-e9c3-4e66-9f54-82bb8a8b7c66
          MS-RequestId: 90592fe2-363b-4895-9697-689b0413376f
          MS-CV: 83OPqsXW1E216wGE.0
          X-Microsoft-SLSClientCache: 2160
          Content-Disposition: attachment; filename=environment.cab
          X-Content-Type-Options: nosniff
          Date: Thu, 28 Mar 2024 22:12:19 GMT
          Connection: close
          Content-Length: 25457
          2024-03-28 22:12:20 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92
          Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
          2024-03-28 22:12:20 UTC9633INData Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a
          Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          5192.168.2.549734162.159.61.34435444C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          TimestampBytes transferredDirectionData
          2024-03-28 22:12:50 UTC245OUTPOST /dns-query HTTP/1.1
          Host: chrome.cloudflare-dns.com
          Connection: keep-alive
          Content-Length: 128
          Accept: application/dns-message
          Accept-Language: *
          User-Agent: Chrome
          Accept-Encoding: identity
          Content-Type: application/dns-message
          2024-03-28 22:12:50 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
          Data Ascii: wwwgstaticcom)TP
          2024-03-28 22:12:50 UTC247INHTTP/1.1 200 OK
          Server: cloudflare
          Date: Thu, 28 Mar 2024 22:12:50 GMT
          Content-Type: application/dns-message
          Connection: close
          Access-Control-Allow-Origin: *
          Content-Length: 468
          CF-RAY: 86baf6c86f950595-IAD
          alt-svc: h3=":443"; ma=86400
          2024-03-28 22:12:50 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 c0 00 04 8e fb a7 5e 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
          Data Ascii: wwwgstaticcom^)


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          6192.168.2.549735162.159.61.34435444C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          TimestampBytes transferredDirectionData
          2024-03-28 22:12:50 UTC245OUTPOST /dns-query HTTP/1.1
          Host: chrome.cloudflare-dns.com
          Connection: keep-alive
          Content-Length: 128
          Accept: application/dns-message
          Accept-Language: *
          User-Agent: Chrome
          Accept-Encoding: identity
          Content-Type: application/dns-message
          2024-03-28 22:12:50 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
          Data Ascii: wwwgstaticcom)TP
          2024-03-28 22:12:50 UTC247INHTTP/1.1 200 OK
          Server: cloudflare
          Date: Thu, 28 Mar 2024 22:12:50 GMT
          Content-Type: application/dns-message
          Connection: close
          Access-Control-Allow-Origin: *
          Content-Length: 468
          CF-RAY: 86baf6c86d91058e-IAD
          alt-svc: h3=":443"; ma=86400
          2024-03-28 22:12:50 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 91 00 04 8e fb a3 5e 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
          Data Ascii: wwwgstaticcom^)


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          7192.168.2.54973723.47.168.244435444C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          TimestampBytes transferredDirectionData
          2024-03-28 22:12:57 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
          Host: armmf.adobe.com
          Connection: keep-alive
          Accept-Language: en-US,en;q=0.9
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
          Sec-Fetch-Site: same-origin
          Sec-Fetch-Mode: no-cors
          Sec-Fetch-Dest: empty
          Accept-Encoding: gzip, deflate, br
          If-None-Match: "78-5faa31cce96da"
          If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
          2024-03-28 22:12:57 UTC198INHTTP/1.1 304 Not Modified
          Content-Type: text/plain; charset=UTF-8
          Last-Modified: Mon, 01 May 2023 15:02:33 GMT
          ETag: "78-5faa31cce96da"
          Date: Thu, 28 Mar 2024 22:12:57 GMT
          Connection: close


          Statistics

          CPU Usage

          Click to jump to process

          Memory Usage

          Click to jump to process

          High Level Behavior Distribution

          Click to dive into process behavior distribution

          Behavior

          Click to jump to process

          System Behavior

          General

          Target ID:0
          Start time:23:11:20
          Start date:28/03/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
          Imagebase:0x7ff715980000
          File size:3'242'272 bytes
          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          General

          Target ID:2
          Start time:23:11:23
          Start date:28/03/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2012,i,7360897489061024423,9905447035876370478,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
          Imagebase:0x7ff715980000
          File size:3'242'272 bytes
          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          General

          Target ID:3
          Start time:23:11:25
          Start date:28/03/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://res.cloudinary.com/dkqffqmhj/image/upload/v1711648081/%282%29%20New%20Doc.pdf"
          Imagebase:0x7ff715980000
          File size:3'242'272 bytes
          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:true

          General

          Target ID:7
          Start time:23:12:43
          Start date:28/03/2024
          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\downloaded.pdf"
          Imagebase:0x7ff686a00000
          File size:5'641'176 bytes
          MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          General

          Target ID:8
          Start time:23:12:43
          Start date:28/03/2024
          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
          Imagebase:0x7ff6413e0000
          File size:3'581'912 bytes
          MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          General

          Target ID:9
          Start time:23:12:44
          Start date:28/03/2024
          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1620,i,8969369785409778150,18068494573306022805,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
          Imagebase:0x7ff6413e0000
          File size:3'581'912 bytes
          MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          Disassembly

          No disassembly