Edit tour

Windows Analysis Report
Wed 27th March-plans.pdf

Overview

General Information

Sample name:	Wed 27th March-plans.pdf
Analysis ID:	1417516
MD5:	f94f1274cd9e8bf2c39254d9fb49a2b2
SHA1:	39fb62650673365c86a3ab57d0f5d945d8890ed3
SHA256:	370592c0a11006893e69b8f28662947c231db8fda7826642a35aac572ed65ed5
Infos:

Detection

Score:	21
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Suspicious PDF detected (based on various text indicators)

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 7268 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Wed 27th March-plans.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 7432 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 7620 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1688,i,12523481647777461214,9698492695912916176,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

chrome.exe (PID: 8188 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://[https://cloudflare-ipfs.com/ipfs/bafkreiavlcyoapggzccoydnrah3rodice7ulf6j4srxzydqoagrbtu7d6y/#dGF5bG9yLmNyYW5kYWxsQGJvYXJzaGVhZC5jb20= MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7652 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 --field-trial-handle=2344,i,7249975859297791386,4547035576211600834,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Suspicious PDF detected (based on various text indicators)

Source: Adobe Acrobat PDF

OCR Text: Human Resource/PayroII shared a file with you Scan the QR code with the camera program on your mobile device to access your files.

Source: unknown	HTTPS traffic detected: 23.56.8.114:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.56.8.114:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49759 version: TLS 1.2

Source: Joe Sandbox View	IP Address: 104.72.156.136 104.72.156.136
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknown	TCP traffic detected without corresponding DNS query: 104.72.156.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.72.156.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.72.156.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.72.156.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.72.156.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.72.156.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.72.156.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.72.156.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.72.156.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.72.156.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.72.156.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.72.156.136
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183

Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmpTArGNKHm7AGIjA157o5chH4qRFcaBvNy4R9JLBPkpu5-pdyz2YlySbWFcEF4pH2JnfRfWQpm48wCSkyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk; 1P_JAR=2024-03-29-13
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmpTArGNKHm7AGIjBgUWRaClu3bjFOkoXVzhg-sp8Y670U55WcmekYN6QOu5h9A9cM7bx0ZtjEG3TBC6AyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk; 1P_JAR=2024-03-29-13
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=+ggorlLpmALzGLz&MD=nAeRCyR2 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=+ggorlLpmALzGLz&MD=nAeRCyR2 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: unknown

DNS traffic detected: queries for: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 23.56.8.114:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.56.8.114:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49759 version: TLS 1.2

Source: classification engine

Classification label: sus21.phis.winPDF@29/49@2/4

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-03-29 14-36-15-546.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Wed 27th March-plans.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1688,i,12523481647777461214,9698492695912916176,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://[https://cloudflare-ipfs.com/ipfs/bafkreiavlcyoapggzccoydnrah3rodice7ulf6j4srxzydqoagrbtu7d6y/#dGF5bG9yLmNyYW5kYWxsQGJvYXJzaGVhZC5jb20=
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 --field-trial-handle=2344,i,7249975859297791386,4547035576211600834,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1688,i,12523481647777461214,9698492695912916176,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 --field-trial-handle=2344,i,7249975859297791386,4547035576211600834,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Wed 27th March-plans.pdf	Initial sample: PDF keyword /JS count = 0
Source: Wed 27th March-plans.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Wed 27th March-plans.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	142.251.16.147	true	false		high

Contacted URLs

Name	Malicious	Reputation
https://www.google.com/async/ddljson?async=ntp:2	false	high
https://www.google.com/async/newtab_promos	false	high
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmpTArGNKHm7AGIjA157o5chH4qRFcaBvNy4R9JLBPkpu5-pdyz2YlySbWFcEF4pH2JnfRfWQpm48wCSkyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false	high
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmpTArGNKHm7AGIjBgUWRaClu3bjFOkoXVzhg-sp8Y670U55WcmekYN6QOu5h9A9cM7bx0ZtjEG3TBC6AyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.72.156.136	unknown	United States	3257	GTT-BACKBONEGTTDE	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.251.16.147	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1417516
Start date and time:	2024-03-29 14:35:28 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 3s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Wed 27th March-plans.pdf
Detection:	SUS
Classification:	sus21.phis.winPDF@29/49@2/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.163.94, 23.56.8.145, 142.251.167.102, 142.251.167.138, 142.251.167.113, 142.251.167.101, 142.251.167.139, 142.251.167.100, 172.253.115.84, 34.104.35.123, 23.207.202.165, 23.207.202.153, 52.22.41.97, 3.233.129.217, 3.219.243.226, 52.6.155.20, 172.64.41.3, 162.159.61.3, 104.97.85.49, 104.97.85.18, 104.97.85.5, 104.97.85.37, 104.97.85.56, 104.97.85.41, 104.97.85.31, 104.97.85.59, 23.207.202.37, 192.229.211.108, 104.97.85.8, 104.97.85.39, 104.97.85.16, 104.97.85.57, 104.97.85.42, 104.97.85.34, 104.97.85.53, 104.97.85.11, 23.62.230.184, 23.62.230.207, 172.253.62.94
Excluded domains from analysis (whitelisted): clients1.google.com, e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, clientservices.googleapis.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, clients.l.google.com, geo2.adobe.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtCreateFile calls found.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
104.72.156.136	Quotation.xls	Get hash	malicious	Unknown	Browse
	MDE_File_Sample_7363cfffd929192e21f5da0b85d002cffd960c25.zip	Get hash	malicious	Unknown	Browse
	IPELLUZ1_2024-02-26_11_26_26.699.zip	Get hash	malicious	Unknown	Browse
	https://necowater-my.sharepoint.com/:f:/p/pbaumer/Erb0K2oih7ZBqywMH_sUDHoBVFLWcTTS62zQhkRrJwfJ6Q?e=fWjo1v	Get hash	malicious	HTMLPhisher	Browse
	sfc.ps1	Get hash	malicious	Unknown	Browse
	0tbO8kogOL.lnk	Get hash	malicious	PreBot	Browse
	evervendor.exe	Get hash	malicious	NetSupport RAT	Browse
	http://img1.wsimg.com/blobby/go/478a916a-56a8-445d-9eb0-b1a280ba537b/downloads/dmv_signs_in_spanish.pdf	Get hash	malicious	Unknown	Browse
	RFQ#1045598.xls	Get hash	malicious	Unknown	Browse
	Ord.For.N#UfffdGF2301820.xls	Get hash	malicious	Unknown	Browse
239.255.255.250	index[1].htm	Get hash	malicious	Unknown	Browse
	https://emplacing.com/mde/anti.php	Get hash	malicious	HTMLPhisher	Browse
	http://specialtaskevents.com	Get hash	malicious	Unknown	Browse
	http://bigzipfiles.facebook.com	Get hash	malicious	Unknown	Browse
	https://activeonlinemailuelmanagment.com/Mcm9iZXJ0Lm1hcnRpbmpyQGJvYXJzaGVhZC5jb20=	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse
	https://s.viisupport.com/n/827/ozihu7sqiznhw6tfpj2eazqdpnwxoz3xizbfiackizegikq5p7rwm4bnf5mriwl6fftx44sfmihx6olrmnyukq2raalucqdaceuq6j2ymfmu4v2okr4h6y36llbjyjln6kvjbstwivtau6rcynlcqbiosg5j53euulhom3bascmnrq2vi3g35m5ijie623vyomwhbjew4bwv44tbjnewdfz46ldgsafloqvdmtkyirluhakk4izxh6tzllqexofwmtqevihzllkux3k7rbbypnm4j2kukqhuubg3om6u5g6gvfkl4gcbs3fdjb7yu3c576dxbg3rkm3e3oav57gu5dlafhnhgr7aofe5mryxqbfeholwxghjdanxxwgkzskmxbcyhb5iuko43dmnq5izqs3pwrwvghq2ex7g6ssikyehcqfqbhovurpxihuxnsbqoetswfgajccnbhp3w63j5cesjoffibslo	Get hash	malicious	Unknown	Browse
	dada.exe	Get hash	malicious	Unknown	Browse
	https://airdrop-online-altlayer-anniversary.s3.us-east-2.amazonaws.com/posten.html?cid=freetomfr@hotmail.com	Get hash	malicious	Phisher	Browse
	http://116.198.42.183/uqcjjj	Get hash	malicious	Unknown	Browse
	https://brilink.me/xD6ksa	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
GTT-BACKBONEGTTDE	8lzQh5F8lt.elf	Get hash	malicious	Mirai	Browse	69.31.120.97
	SecuriteInfo.com.CIL.HeapOverride.Heur.10407.9903.exe	Get hash	malicious	Unknown	Browse	104.72.156.109
	https://autode.sk/3PDBl3X	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	23.50.79.174
	Quotation.xls	Get hash	malicious	Unknown	Browse	104.72.156.136
	MDE_File_Sample_7363cfffd929192e21f5da0b85d002cffd960c25.zip	Get hash	malicious	Unknown	Browse	104.72.156.136
	https://atriaseniorliving-my.sharepoint.com/:b:/p/diane_lohrke/EfCnrKC0OU1Dq-0cEXf4JPABJJd9lPE-fqOBw12V7qUv5g?e=rsMn0e	Get hash	malicious	HTMLPhisher	Browse	23.50.77.225
	https://mmsinconline-my.sharepoint.com/:b:/p/mamundson/EeOSVduz9u9Nq2EMudbwB1EB0_OUpVBpkF6OAVxuDwyQNQ?e=WB6ddg	Get hash	malicious	Unknown	Browse	23.50.77.225
	frm6PzHwpb.exe	Get hash	malicious	Socks5Systemz	Browse	195.16.74.230
	7aVX5L8lHY.exe	Get hash	malicious	Socks5Systemz	Browse	195.16.74.230
	FizdKaOdkL.exe	Get hash	malicious	Socks5Systemz	Browse	195.16.74.230

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	index[1].htm	Get hash	malicious	Unknown	Browse	23.56.8.114 20.114.59.183
	https://emplacing.com/mde/anti.php	Get hash	malicious	HTMLPhisher	Browse	23.56.8.114 20.114.59.183
	http://bigzipfiles.facebook.com	Get hash	malicious	Unknown	Browse	23.56.8.114 20.114.59.183
	https://activeonlinemailuelmanagment.com/Mcm9iZXJ0Lm1hcnRpbmpyQGJvYXJzaGVhZC5jb20=	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	23.56.8.114 20.114.59.183
	https://s.viisupport.com/n/827/ozihu7sqiznhw6tfpj2eazqdpnwxoz3xizbfiackizegikq5p7rwm4bnf5mriwl6fftx44sfmihx6olrmnyukq2raalucqdaceuq6j2ymfmu4v2okr4h6y36llbjyjln6kvjbstwivtau6rcynlcqbiosg5j53euulhom3bascmnrq2vi3g35m5ijie623vyomwhbjew4bwv44tbjnewdfz46ldgsafloqvdmtkyirluhakk4izxh6tzllqexofwmtqevihzllkux3k7rbbypnm4j2kukqhuubg3om6u5g6gvfkl4gcbs3fdjb7yu3c576dxbg3rkm3e3oav57gu5dlafhnhgr7aofe5mryxqbfeholwxghjdanxxwgkzskmxbcyhb5iuko43dmnq5izqs3pwrwvghq2ex7g6ssikyehcqfqbhovurpxihuxnsbqoetswfgajccnbhp3w63j5cesjoffibslo	Get hash	malicious	Unknown	Browse	23.56.8.114 20.114.59.183
	https://airdrop-online-altlayer-anniversary.s3.us-east-2.amazonaws.com/posten.html?cid=freetomfr@hotmail.com	Get hash	malicious	Phisher	Browse	23.56.8.114 20.114.59.183
	http://116.198.42.183/uqcjjj	Get hash	malicious	Unknown	Browse	23.56.8.114 20.114.59.183
	DHL INVOICE DOCUMENT NOTIFICATION 202403286777373688_pdf.vbs	Get hash	malicious	Remcos, GuLoader	Browse	23.56.8.114 20.114.59.183
	https://brilink.me/xD6ksa	Get hash	malicious	Unknown	Browse	23.56.8.114 20.114.59.183
	https://1drv.ms/f/s!AsWd4BQz7qwJa8oeifBH2QA-eNg	Get hash	malicious	HTMLPhisher	Browse	23.56.8.114 20.114.59.183

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.234153091041926
Encrypted:	false
SSDEEP:	6:FKiLxpyq2Pwkn2nKuAl9OmbnIFUt88KiLKR1Zmw+8KiLKHRkwOwkn2nKuAl9Omb5:yvYfHAahFUt8h1/+h5JfHAaSJ
MD5:	1F6C28D0DA7BD872AEF6D655FE72BEDA
SHA1:	AE9AAF51443C24AF4B407DC3CF5E73A16A029634
SHA-256:	66842DFA79C8F011EDFF3D100BD3F6802AA617D1267B21256A105E1B2BE11718
SHA-512:	47BD26C2925C7B69AF38A03E0EA3EBB9063C39D4514E92AEB586FF08ABE8DDEC97F95ACCED42883C9FAF2038A588C60D35360CFC756B2EAB36F65AAF6CF468E1
Malicious:	false
Reputation:	low
Preview:	2024/03/29-14:36:12.738 1d30 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/03/29-14:36:12.739 1d30 Recovering log #3.2024/03/29-14:36:12.739 1d30 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.234153091041926
Encrypted:	false
SSDEEP:	6:FKiLxpyq2Pwkn2nKuAl9OmbnIFUt88KiLKR1Zmw+8KiLKHRkwOwkn2nKuAl9Omb5:yvYfHAahFUt8h1/+h5JfHAaSJ
MD5:	1F6C28D0DA7BD872AEF6D655FE72BEDA
SHA1:	AE9AAF51443C24AF4B407DC3CF5E73A16A029634
SHA-256:	66842DFA79C8F011EDFF3D100BD3F6802AA617D1267B21256A105E1B2BE11718
SHA-512:	47BD26C2925C7B69AF38A03E0EA3EBB9063C39D4514E92AEB586FF08ABE8DDEC97F95ACCED42883C9FAF2038A588C60D35360CFC756B2EAB36F65AAF6CF468E1
Malicious:	false
Reputation:	low
Preview:	2024/03/29-14:36:12.738 1d30 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/03/29-14:36:12.739 1d30 Recovering log #3.2024/03/29-14:36:12.739 1d30 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.191010118939131
Encrypted:	false
SSDEEP:	6:FKiLpv9+q2Pwkn2nKuAl9Ombzo2jMGIFUt88KiLpXPsN2WZmw+8KiLpz9VkwOwkV:dv9+vYfHAa8uFUt8cX0NJ/+cz9V5JfHA
MD5:	0D4C3B8A42A7B01442F3F90EE57A7642
SHA1:	13D5ACB63AF44BC805A76D1D726734BF0611C50F
SHA-256:	254961D0B71445873A174BC2B61C661E77483FCE3B4113184CBD09DC5F69AAE6
SHA-512:	6FA96E86458198575345F31576A47498AEC5707A87193EF82967BB5980E1FC6C95F477AB1E089A5E7702CD5E1804F3E2938A0EB76E6088CB77F7DB3A3B25098F
Malicious:	false
Reputation:	low
Preview:	2024/03/29-14:36:12.832 1e0c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/03/29-14:36:12.835 1e0c Recovering log #3.2024/03/29-14:36:12.836 1e0c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.191010118939131
Encrypted:	false
SSDEEP:	6:FKiLpv9+q2Pwkn2nKuAl9Ombzo2jMGIFUt88KiLpXPsN2WZmw+8KiLpz9VkwOwkV:dv9+vYfHAa8uFUt8cX0NJ/+cz9V5JfHA
MD5:	0D4C3B8A42A7B01442F3F90EE57A7642
SHA1:	13D5ACB63AF44BC805A76D1D726734BF0611C50F
SHA-256:	254961D0B71445873A174BC2B61C661E77483FCE3B4113184CBD09DC5F69AAE6
SHA-512:	6FA96E86458198575345F31576A47498AEC5707A87193EF82967BB5980E1FC6C95F477AB1E089A5E7702CD5E1804F3E2938A0EB76E6088CB77F7DB3A3B25098F
Malicious:	false
Reputation:	low
Preview:	2024/03/29-14:36:12.832 1e0c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/03/29-14:36:12.835 1e0c Recovering log #3.2024/03/29-14:36:12.836 1e0c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\55fe6e84-202f-44c4-a99c-809c6bd8470c.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	474
Entropy (8bit):	4.964312253111539
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqZchsBdOg2HcQeAcaq3QYiubInP7E4T3y:Y2sRdsZydMHcQer3QYhbG7nby
MD5:	5177BFEF041F29D61143044295F791DF
SHA1:	90D37A4020E458EBF320E484D22AF77E09A76BC9
SHA-256:	869BD2267BEF59F5926D4209FA8C20F006313946445A23BC56E7300278BFF6F7
SHA-512:	4B420F4EF5F9536ECB4772BE2252EB2E539BE77276E042FB54007FCACEFE3E2279885C61F62A50A0A15005BB1DA99C542EB759BF1FAAE3A6C3F7E490D7B94C58
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13356279384666296","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":97715},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	474
Entropy (8bit):	4.964312253111539
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqZchsBdOg2HcQeAcaq3QYiubInP7E4T3y:Y2sRdsZydMHcQer3QYhbG7nby
MD5:	5177BFEF041F29D61143044295F791DF
SHA1:	90D37A4020E458EBF320E484D22AF77E09A76BC9
SHA-256:	869BD2267BEF59F5926D4209FA8C20F006313946445A23BC56E7300278BFF6F7
SHA-512:	4B420F4EF5F9536ECB4772BE2252EB2E539BE77276E042FB54007FCACEFE3E2279885C61F62A50A0A15005BB1DA99C542EB759BF1FAAE3A6C3F7E490D7B94C58
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13356279384666296","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":97715},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4730
Entropy (8bit):	5.255355140664771
Encrypted:	false
SSDEEP:	96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7Q9jiyKKZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goE
MD5:	988EE804BD25F57C5A98F335AA95AC7B
SHA1:	98C033691BE882683DB47C2ACAC982536FACC8F8
SHA-256:	3FD406215FE9C8367CA7EFBF37154E255EC669D3A0193F829968B7896EE32AF2
SHA-512:	1A8E611C8950B15683E58600E306267DF06919DF99E2E2210CFF3151E6EE95F050D62F835DB085F4571314B5B47A59807A0DF7B21779153398CD314A01F193C6
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..\|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.1610176476120735
Encrypted:	false
SSDEEP:	6:FKiuAsN9+q2Pwkn2nKuAl9OmbzNMxIFUt88KiYUZ2WZmw+8Kic9VkwOwkn2nKuAo:GAsN9+vYfHAa8jFUt8jQJ/+v9V5JfHAo
MD5:	9C8573E0FE23C2E8B2F4CDFEEB6337A8
SHA1:	107148C997DC9B4998BE594C49AFAB47C9BAF0B5
SHA-256:	1E7F4A1359140FC2ECF427D9A6C850F7F97A8EE8FFE71EB640380285E0209DBC
SHA-512:	204D8E72F46935BA108CFCB0B281B4F2F29EFEAC9DB1F84DBA006AEA80F7DD8BF7087995022FD32B3BC3C0F7B946C0DC63BD0AF4E1E00D73E48506CBEE8F7EB9
Malicious:	false
Reputation:	low
Preview:	2024/03/29-14:36:13.007 1e0c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/03/29-14:36:13.008 1e0c Recovering log #3.2024/03/29-14:36:13.009 1e0c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.1610176476120735
Encrypted:	false
SSDEEP:	6:FKiuAsN9+q2Pwkn2nKuAl9OmbzNMxIFUt88KiYUZ2WZmw+8Kic9VkwOwkn2nKuAo:GAsN9+vYfHAa8jFUt8jQJ/+v9V5JfHAo
MD5:	9C8573E0FE23C2E8B2F4CDFEEB6337A8
SHA1:	107148C997DC9B4998BE594C49AFAB47C9BAF0B5
SHA-256:	1E7F4A1359140FC2ECF427D9A6C850F7F97A8EE8FFE71EB640380285E0209DBC
SHA-512:	204D8E72F46935BA108CFCB0B281B4F2F29EFEAC9DB1F84DBA006AEA80F7DD8BF7087995022FD32B3BC3C0F7B946C0DC63BD0AF4E1E00D73E48506CBEE8F7EB9
Malicious:	false
Reputation:	low
Preview:	2024/03/29-14:36:13.007 1e0c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/03/29-14:36:13.008 1e0c Recovering log #3.2024/03/29-14:36:13.009 1e0c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240329133617Z-178.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	0.9647216892469602
Encrypted:	false
SSDEEP:	96:wSlf+kU+SaXu0pyWRjsjI68iw4mkR4W7AXRFoR065u5JYYMSbI:Flml+ScywgjIf/o6hToR06g5GUbI
MD5:	1173101ACDE4068D97C04F932E352BC7
SHA1:	4C73442C41E9A20E0A2FD1CE61AD6918C99E28CE
SHA-256:	89C47896676B8E39CC23F6DE61D6D0BA9BCE4A1C366E8F2D2E877CA7FF75933E
SHA-512:	AB098D9CFEE4242093F9D756C1DC0909992CECC4838AA68BC102BCEA4DF18E7FADF4127047BFCEE6EF6263065923DFEA520525F7BFE033A2D0B43821A388EACC
Malicious:	false
Reputation:	low
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.445355063650873
Encrypted:	false
SSDEEP:	384:yezci5tmiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rps3OazzU89UTTgUL
MD5:	558BCBA320FB36B6EBF26503B6FB20E9
SHA1:	FD8C4A2B8680F3AC9B00CC19FEF2EFA4EDAC8C38
SHA-256:	4A1FBA8EE7C2D0C2C9699470C9BBC5B6CA79FE3914047F571889E7D9F8723D18
SHA-512:	6E6C32AEE1862C9B5EFADD3EA44B0E40F81479B432B6D9631850A76F95BB9BE95243AA61AC6E9EAD9C989153672C5406959AF58C55786730FB1876D7AD5C2626
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.7778877630809373
Encrypted:	false
SSDEEP:	48:7Map/E2ioyVpioy9oWoy1Cwoy11KOioy1noy1AYoy1Wioy1hioybioyxoy1noy1N:7xpjupF4XKQQYb9IVXEBodRBks
MD5:	D340973F8290AEEF506C3BCC0B71A1CE
SHA1:	ED22103765ED252C43C0B04F8C72D781CA5A23AD
SHA-256:	3D5393A8C8794401CFEDC612D6BBC7E9A9D8DEB914F25315189784DDE815ECF1
SHA-512:	35CE90F1889CCDBD8450358B2EABCBA427EA2E4422FF230AED2AF5197B58F61AA59AC14DB101C705D95AC7B4D6BB99601BE0134EE68D2D46605DECB15FA8F4F5
Malicious:	false
Preview:	.... .c.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	1233
Entropy (8bit):	5.233980037532449
Encrypted:	false
SSDEEP:	24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
MD5:	8BA9D8BEBA42C23A5DB405994B54903F
SHA1:	FC1B1646EC8A7015F492AA17ADF9712B54858361
SHA-256:	862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
SHA-512:	26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7352

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	1233
Entropy (8bit):	5.233980037532449
Encrypted:	false
SSDEEP:	24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
MD5:	8BA9D8BEBA42C23A5DB405994B54903F
SHA1:	FC1B1646EC8A7015F492AA17ADF9712B54858361
SHA-256:	862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
SHA-512:	26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	1233
Entropy (8bit):	5.233980037532449
Encrypted:	false
SSDEEP:	24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
MD5:	8BA9D8BEBA42C23A5DB405994B54903F
SHA1:	FC1B1646EC8A7015F492AA17ADF9712B54858361
SHA-256:	862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
SHA-512:	26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	10880
Entropy (8bit):	5.214360287289079
Encrypted:	false
SSDEEP:	192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
MD5:	B60EE534029885BD6DECA42D1263BDC0
SHA1:	4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
SHA-256:	B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
SHA-512:	52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.7352

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	10880
Entropy (8bit):	5.214360287289079
Encrypted:	false
SSDEEP:	192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
MD5:	B60EE534029885BD6DECA42D1263BDC0
SHA1:	4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
SHA-256:	B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
SHA-512:	52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	243196
Entropy (8bit):	3.3450692389394283
Encrypted:	false
SSDEEP:	1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
MD5:	F5567C4FF4AB049B696D3BE0DD72A793
SHA1:	EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
SHA-256:	D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
SHA-512:	E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.390181794216196
Encrypted:	false
SSDEEP:	6:YEQXJ2HXttSzngQCoyHHVoZcg1vRcR0Ys4DoAvJM3g98kUwPeUkwRe9:YvXKXt8gDoyWZc0vD4sGMbLUkee9
MD5:	946F4155AC1725E9666FA8D259B93012
SHA1:	2FB97314E2D2B2C5200BC9FBCD59465CFD84B63D
SHA-256:	729B7B76C214CA8D9C7A821DFD1212EF19AFA773A7137E73B9A806D5DB66FAB8
SHA-512:	10B02D383C4A6152E8EF56C7BFF9ABDDF067E61A5FD190D43572512EE963EB72470CAA8B1D426E6B668B350283EEEB02F8294020B522A3FA999CCAB0100412F9
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"ec39f08b-1273-40bb-85df-7f372c8ebdcb","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711894384668,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.338362861359739
Encrypted:	false
SSDEEP:	6:YEQXJ2HXttSzngQCoyHHVoZcg1vRcR0Ys4DoAvJfBoTfXpnrPeUkwRe9:YvXKXt8gDoyWZc0vD4sGWTfXcUkee9
MD5:	6012220632750C93F9CDC2EE92CAFA06
SHA1:	A1CE8AD8306600FFD177DD4D91DBA9DD2B983311
SHA-256:	0DDFBB36FDEBD9E3E0F786863E9792F1516D636AE03BA50A67AF1CCA53247E76
SHA-512:	A7D602496FAE7A2CF731747364A22C9FEF6D71C0F767BF6F0FD81884EDA264E8C52C9FA1C30275FD9272B52336FC9164B6A50F501B006BC01344EE77D17907DB
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"ec39f08b-1273-40bb-85df-7f372c8ebdcb","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711894384668,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.316501776105007
Encrypted:	false
SSDEEP:	6:YEQXJ2HXttSzngQCoyHHVoZcg1vRcR0Ys4DoAvJfBD2G6UpnrPeUkwRe9:YvXKXt8gDoyWZc0vD4sGR22cUkee9
MD5:	2782194BBFD3A4AF72C07635CD3FE65E
SHA1:	98791F1FB1591E0365E3D8EDEAF725B117FF0B25
SHA-256:	23742019AB06BEC3F06731EC1CC0D5C6E43BEFE43A019AFF4D9FFAE52F786698
SHA-512:	AD6EDD59BD733872F5F1BCC30421249253C97C19196E7A65BE0523BD7412A6DC4FA15E9EB3C4AE7D140FF7A5313664B62EEDEAC09E5C0491A1E74926552BB304
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"ec39f08b-1273-40bb-85df-7f372c8ebdcb","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711894384668,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.37813329717974
Encrypted:	false
SSDEEP:	6:YEQXJ2HXttSzngQCoyHHVoZcg1vRcR0Ys4DoAvJfPmwrPeUkwRe9:YvXKXt8gDoyWZc0vD4sGH56Ukee9
MD5:	1A785078EA2289F0420DFA6CB4083127
SHA1:	16E57A6EC6B7078035B8A5CB848F259F7BFACC23
SHA-256:	B8C6960F8FD58CC84880B1FC5A9ED4EF766738E92A7A407C0A57EB59ABE29EA8
SHA-512:	E43C59C11B05E40FF579A298E4D88944FBD535344551B5F9C03B40B849B53C34BC5DE3F7E138F4B96F5DF87E3FF6C7C5AE6ABEE5999D17647CC03CD477CA5083
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"ec39f08b-1273-40bb-85df-7f372c8ebdcb","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711894384668,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.33765810436738
Encrypted:	false
SSDEEP:	6:YEQXJ2HXttSzngQCoyHHVoZcg1vRcR0Ys4DoAvJfJWCtMdPeUkwRe9:YvXKXt8gDoyWZc0vD4sGBS8Ukee9
MD5:	3270D935BCDFA9E26BE5467EB380248A
SHA1:	9C53F4776AA7438FAEC8788C92C17618EB9A8939
SHA-256:	9438E653B59788835BCC6FF3CEE83EBF8C9E3963460FAAB9C533F806E7AE1008
SHA-512:	4A712F45886878CEEA19A78CEAF5BDC8BB3020427187C0ABF5957D41BC25BCBBF1DF6C0FD601038998578205FD0A1CE15E04F0DC108DB9A676BDCC1062D66D6D
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"ec39f08b-1273-40bb-85df-7f372c8ebdcb","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711894384668,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.324377189441195
Encrypted:	false
SSDEEP:	6:YEQXJ2HXttSzngQCoyHHVoZcg1vRcR0Ys4DoAvJf8dPeUkwRe9:YvXKXt8gDoyWZc0vD4sGU8Ukee9
MD5:	31044306AB1F1F3255BC0D5962EB260E
SHA1:	5D4F328B5EC6917612099D9171D5C254EEB837D1
SHA-256:	FB3FCEFDD8855AE05E8E2E464F808A13CB40B5A89C2174852C084BE7181E20FF
SHA-512:	03AD9A781684CC14193EE311199C560AC4E96779198D7B32E9F4807B534F5CAC2177D2FE08DF05115242F75222FEA811D46C042B7B7BD26BA39A66D2B932ABBD
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"ec39f08b-1273-40bb-85df-7f372c8ebdcb","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711894384668,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.327388750256427
Encrypted:	false
SSDEEP:	6:YEQXJ2HXttSzngQCoyHHVoZcg1vRcR0Ys4DoAvJfQ1rPeUkwRe9:YvXKXt8gDoyWZc0vD4sGY16Ukee9
MD5:	EAA6BD3400CB47D2997648B25C66072D
SHA1:	7615FF05ED1DFD0FD4E1991FCA4D9DD54A32A9C8
SHA-256:	86FAF80FDB283EB626F7FEF371A24F346F677600C8192892592EE03377BE55F3
SHA-512:	5E3CEDB4FC9A4D8E5FE5D6D9941FE44C63E27404C7DB47DBFA9968C34DE62522482F121B3572CF037ECCB8CF9FBA856C81BDA4055ABBC34F910D92B0F94D9E68
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"ec39f08b-1273-40bb-85df-7f372c8ebdcb","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711894384668,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.334134721067833
Encrypted:	false
SSDEEP:	6:YEQXJ2HXttSzngQCoyHHVoZcg1vRcR0Ys4DoAvJfFldPeUkwRe9:YvXKXt8gDoyWZc0vD4sGz8Ukee9
MD5:	F0D56A572494228119505580BE55483F
SHA1:	4ADC54115FEA007AE2053470A67F2FF330170091
SHA-256:	4360CE51636C7D1E0EFD34CBD8B72050E8DD14B88ED361251C209417B7868390
SHA-512:	3B731136A129A12D0E6FC5FAB5AE2B16EF048EA01584292FE6E50EDD0AEC43E1DDE3EBB24AE1A6B3C851D5A3A6788C645B386B438B095450B2B546926F0C7D7E
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"ec39f08b-1273-40bb-85df-7f372c8ebdcb","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711894384668,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.350439425733254
Encrypted:	false
SSDEEP:	6:YEQXJ2HXttSzngQCoyHHVoZcg1vRcR0Ys4DoAvJfzdPeUkwRe9:YvXKXt8gDoyWZc0vD4sGb8Ukee9
MD5:	CB21EF5B83ECE89A00DCE11B55963C4C
SHA1:	80908B468E046CD87A42760F95605391D85A496B
SHA-256:	F761B45FCF62A93B0CA5095D6E225317FA48A2E2FA553DB80EB5C8552B171143
SHA-512:	D05C3C0642BB06AECCF3AFC11FB835911C05E61B81210F2997728CAB05030E922D65BF32D7A8988FF103415CE942BC2E55AEC9426CA8AD890719B0FD4D20F51B
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"ec39f08b-1273-40bb-85df-7f372c8ebdcb","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711894384668,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.331122317884293
Encrypted:	false
SSDEEP:	6:YEQXJ2HXttSzngQCoyHHVoZcg1vRcR0Ys4DoAvJfYdPeUkwRe9:YvXKXt8gDoyWZc0vD4sGg8Ukee9
MD5:	E15B92A137FBFA0D7E89F575277AE6D7
SHA1:	888E46132992804504F7B765D4C811BD1CEE5765
SHA-256:	8FC29D08A7140FA43559106B53B7B1806F0F595C5A497FF18BC027ADCE50E584
SHA-512:	EA8998469C92C5909E2200F984C1B5D91EA7014469783762AE5393D886C7AE9F765572708CFA671201FF046F2BFF22A3B2689E5F6552D6DFC58C2D9962FB8EC4
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"ec39f08b-1273-40bb-85df-7f372c8ebdcb","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711894384668,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.779653188571815
Encrypted:	false
SSDEEP:	24:Yv6Xeg8TzvD47rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNRr:YvpgyU7HgDv3W2aYQfgB5OUupHrQ9FJP
MD5:	D1D5A9BE0E7C2BC9CAB52E9D4BC406FB
SHA1:	8C5AF5FF9B8855765B6FF1175B654FBE3102AE66
SHA-256:	9A0C4E56A135C6305BC3B99A55989637FA5527C9A8ACBCCE0DB0248380F15820
SHA-512:	F333A130D9E1451CEF6A47A7EECA1042C7E2380E6B59A83FAA6CC3A2B0D696156D5C039C61EF8D5060E9FEE6905B7B4F8F804EF35E179462EDD0C60365927147
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"ec39f08b-1273-40bb-85df-7f372c8ebdcb","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711894384668,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.314455516466168
Encrypted:	false
SSDEEP:	6:YEQXJ2HXttSzngQCoyHHVoZcg1vRcR0Ys4DoAvJfbPtdPeUkwRe9:YvXKXt8gDoyWZc0vD4sGDV8Ukee9
MD5:	1452FC4116494A6797F9CE86B14A5A70
SHA1:	546C899BE3F989198FBC9E3A36DC68F9E6163BC4
SHA-256:	9D0DD28DB26B5BB471C381AFF04ABA7ACFDB92E3F6FC3ACC6064EBD6D8CB6E46
SHA-512:	C40C5F1837705FCE7F5A8E46757B75A06DAA202AD44BA3A1CA5C1A336A6EF69C73ACD6616EDEF8E56297FA5C72D27C945EB58507603B52A75D74613344119A65
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"ec39f08b-1273-40bb-85df-7f372c8ebdcb","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711894384668,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.3188879983680195
Encrypted:	false
SSDEEP:	6:YEQXJ2HXttSzngQCoyHHVoZcg1vRcR0Ys4DoAvJf21rPeUkwRe9:YvXKXt8gDoyWZc0vD4sG+16Ukee9
MD5:	0567CD846C69ED165A36E49A05073AAA
SHA1:	A7D5D6B7C41334D6D38ECB744B8DFC3FA590C698
SHA-256:	F1745173B154DF9AB84DE3C85ADEA8A1610C29C066F532032048EBA952390674
SHA-512:	93A0EB73B9C7D537F6E8992E58D17D482458C58F5ABC31B416F98E4CD345ED8E39110F0C60BD7EE6B24A7B007A42630F31E4404C8012AFEDE8248EE8DCF6321D
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"ec39f08b-1273-40bb-85df-7f372c8ebdcb","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711894384668,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.33795744664244
Encrypted:	false
SSDEEP:	6:YEQXJ2HXttSzngQCoyHHVoZcg1vRcR0Ys4DoAvJfbpatdPeUkwRe9:YvXKXt8gDoyWZc0vD4sGVat8Ukee9
MD5:	A019866D5841A95EF876EA8F00610D44
SHA1:	476BFC6DF94E51729F5442E63099A2CF8BF408B2
SHA-256:	C93E7AF7804AF992264C01D522B91EBF7830CFF3E4DC02D05686DB2489E28461
SHA-512:	4117FCAB8BC153B7D1DEF056080A85FFC6F43F7CFC6FEB48531ED64DB4ED77F53B9D19AADB83524A6C3850944ABC1C1ED3AE4A720BD9E960FB042682085E18DE
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"ec39f08b-1273-40bb-85df-7f372c8ebdcb","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711894384668,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.295288672054812
Encrypted:	false
SSDEEP:	6:YEQXJ2HXttSzngQCoyHHVoZcg1vRcR0Ys4DoAvJfshHHrPeUkwRe9:YvXKXt8gDoyWZc0vD4sGUUUkee9
MD5:	D653351149E1B39E1FE7ACDB2A24866C
SHA1:	984F0B5590E66884FC9B817A49CE69BA24F971F0
SHA-256:	24B9F1AC01A0E08D0927DEF8EF3A29DD40FD32344AB3F8E24C33021909BEAC6B
SHA-512:	CDE68A57D700AD44C8EA08C01BAEA7FC4F0506AF16837261778215445BDB4684335B2EFBF2141340DB928EB9D963978F56DFFACD6197C33F2F13466C5AED1825
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"ec39f08b-1273-40bb-85df-7f372c8ebdcb","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711894384668,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.377532872412777
Encrypted:	false
SSDEEP:	12:YvXKXt8gDoyWZc0vD4sGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWNr:Yv6Xeg8TzvD4C168CgEXX5kcIfANhgr
MD5:	9C24127A900D0F73C9F68D140D62C0D0
SHA1:	1A1084B684669141D357FFDC45B20F717D5A0D24
SHA-256:	C0D8B512B469911221E38C3C81749D8C581719AACE11F70F6CEEE8F07B5DEB8D
SHA-512:	CD609F3C7F182F60B19E66A96FB881C73C774277D0A165D2C7EF129598C7023F27D16CBFAFCC8E72DAD3C0B6BA0A568B88D4BBDE2DE2410515047FEDD8E96603
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"ec39f08b-1273-40bb-85df-7f372c8ebdcb","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711894384668,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1711719379701}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2813
Entropy (8bit):	5.129392176228702
Encrypted:	false
SSDEEP:	24:YN3VCKhUJBFGrVCsCZaoay3pvCSmOyqeoNujiFyj0SCJBi2vN2LSM88Z5rWLQKnb:YbpafG1ugSmO4yEbAK88Z0L99fwUF
MD5:	7545840F77E90CF0E5D3A58211897A8F
SHA1:	4B9A156C3355A307425C15F597D807875E9DF807
SHA-256:	139A65F1A45DE7BFBE9ACAB843537BC96AA92D13D250DAAFDB46D95FB40D8A02
SHA-512:	04E3D268B27551C59A898BC9B63409889F4E255C64F719FE144C2A2D2C359AF36E652F7290D17827D5305AE9E401A00B303D7E0B3EAF5B07FA64B3D98B56535C
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"15a3b1f1c784b0ded9f18ccdbebde996","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1711719378000},{"id":"Edit_InApp_Aug2020","info":{"dg":"2050f871edd2329c9526636ad6752f51","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1711719378000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"6c613f60645e5c9f50525a3c13d20abe","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1711719378000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"1f25a0ed9b4c585d1e5bb7c8e6270ebd","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1711719378000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"e309ed1b027bee015fdc31e26b70fa37","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1711719378000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"07d62421c6c704d3027908388eb9211f","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":289,"ts":1711719

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.1878997738987285
Encrypted:	false
SSDEEP:	48:TGufl2GL7msEHUUUUUUUUrxSvR9H9vxFGiDIAEkGVvpv1:lNVmswUUUUUUUUl+FGSItR
MD5:	EBB2B82BF6BCF7088903CDBC0D634ADC
SHA1:	015C974AB2C693D7C5AA00394A185296747BA574
SHA-256:	532460CFDD2D416516FC779956AD3496AA5BA348FBC682B968FED60A0EFDDB76
SHA-512:	12A288455D622B5F35FCE35E7835BDEA3C04F0DACC2977825E5F994F229AEFC3A6E377AEAFD092F69872C3787F7EF4AFE7C1DEC792A42E0F3541C77E0657FC3C
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.607584255359161
Encrypted:	false
SSDEEP:	48:7MgKUUUUUUUUUUrZvR9H9vxFGiDIAEkGVvAqFl2GL7msu:7oUUUUUUUUUU5FGSItWKVmsu
MD5:	7F56E752BBAA7B57CFA36F2F5FF79CF1
SHA1:	DF787C7CACA6CC1A03AED98170FD727B257A236F
SHA-256:	4ABBB98B3C8F0BD0788C727EB656DC8F3AFCF5DAC2E1542697D7FBB159023955
SHA-512:	6A45F5EA47E0CC6AF8D13D8EF7216FAE69BDDB4CE6D259BB3334B6164943F61642DC2BBEB642F777C9C0419414729380A96E7716AEE4488B3BAED51172E73F39
Malicious:	false
Preview:	.... .c...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	66726
Entropy (8bit):	5.392739213842091
Encrypted:	false
SSDEEP:	768:RNOpblrU6TBH44ADKZEgBPiIzCNY5XRDQVtZ2yqNCOiAqPaYyu:6a6TZ44ADE1iIzCNY/DQVgLeaK
MD5:	72722FDF5B2207247C44B266DEC146E9
SHA1:	FE335C3F234191A59C99BAEA30B79F443903617F
SHA-256:	AFB47F58D6845E1764BD432D856D8EAC1F14F90BD20B53706FE6D3DB558E0F21
SHA-512:	763D12FD198596DE70EE76D24DBA4F7C66723885A22F7752281E62BC686EC98D22AFA24C757CD7C0B89B952DB26A83D0583B78F19E9325500057F030EA32B546
Malicious:	false
Preview:	4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

C:\Users\user\AppData\Local\Temp\MSI38069.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.529459928009153
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8xUFRWQlYH:Qw946cPbiOxDlbYnuRKOwYH
MD5:	EDBA9EAFD8210E61AC9A92F5AF9C75F8
SHA1:	71FD8EB57080DEE505AA1DA8F9261DA36804204D
SHA-256:	E40EFEF0981189F1B4FEE387165FCCF41E49D51D4E0F289AB88CC73AC2C91D48
SHA-512:	0FACA23BED68A9500E2D783CA25E3F7CA9F83D9D81EFC424A6EC7C51EDB7A85A838100A1C6C009968F135B0776007AF9E3463116D9D37477FB56038280C28F3B
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.9./.0.3./.2.0.2.4. . .1.4.:.3.6.:.2.0. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-03-29 14-36-15-546.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.345946398610936
Encrypted:	false
SSDEEP:	384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
MD5:	8947C10F5AB6CFFFAE64BCA79B5A0BE3
SHA1:	70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
SHA-256:	4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
SHA-512:	B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
Malicious:	false
Preview:	SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	16603
Entropy (8bit):	5.405798037313115
Encrypted:	false
SSDEEP:	384:okIR4I1E5eWvOYygsnNfzG2VuA0Hnj9+6OImOeH+5i29Wrzs0DvP2h23OJTlyfH+:WjN+
MD5:	37E6E758081078AD84E28220281DB8BD
SHA1:	1BA6B39DF60B591243FA400DCE1F66053E9393E4
SHA-256:	65BA40D3ED98773B3BD0CB838A30B865FDC4BD7AE27475A04C9339339B8A0A62
SHA-512:	39628ACB9C918ED8E4E3F9F60EBA5E077A2D7EC15D743673DC1E546D1B4A94929900CA2F35C0FEDB32B1CEB029DE4461B241E4798B225B5E86372F7AE4861020
Malicious:	false
Preview:	SessionID=9fc3ccdd-255b-4888-8827-b201777c9aa4.1711719375556 Timestamp=2024-03-29T14:36:15:556+0100 ThreadID=8256 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=9fc3ccdd-255b-4888-8827-b201777c9aa4.1711719375556 Timestamp=2024-03-29T14:36:15:723+0100 ThreadID=8256 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=9fc3ccdd-255b-4888-8827-b201777c9aa4.1711719375556 Timestamp=2024-03-29T14:36:15:723+0100 ThreadID=8256 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=9fc3ccdd-255b-4888-8827-b201777c9aa4.1711719375556 Timestamp=2024-03-29T14:36:15:723+0100 ThreadID=8256 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=9fc3ccdd-255b-4888-8827-b201777c9aa4.1711719375556 Timestamp=2024-03-29T14:36:15:723+0100 ThreadID=8256 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29845
Entropy (8bit):	5.399122398440477
Encrypted:	false
SSDEEP:	768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2r4:Iv
MD5:	66E4104826897F9091E90161E84CC067
SHA1:	8C2A94F35C7A3E0A0AB41B056984F50DB55BD971
SHA-256:	97314E6A82D9A546995A696FD1567A1185E745E602913A6436D1E4C1E1B01CDA
SHA-512:	D9345256E080BA301C919314EB5096E42270128EC575907AB2378FF45BECF36F048BEBE2E4C8F4ECC29CE19ED70681E920D29C8B3B4FAD8B92520D3B891A606E
Malicious:	false
Preview:	03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : *************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***********************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\935589a8-918c-4ea6-9067-5f0a07ffc6a2.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\da668f34-c350-44ca-ad24-f9838491cc26.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\e39e64ba-90f8-4073-89ea-81f39c0dab6b.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
MD5:	A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:	54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:	74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\f9524a77-3541-480e-a7de-52b51bc174ad.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/nZwYIGNPgeWL07oYGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:fZwZG/WLxYGZN3mlind9i4ufFXpAXkru
MD5:	1F3D69524A9D7E17BD2363C81D130F1A
SHA1:	C2A4A08839CBA47BEE2B601975F7C4F0CC191091
SHA-256:	D0FFBEC8502A0BE88A99F6708987658FEBE4CF3B6B79AF219C53EFF6458F9D9D
SHA-512:	A4CBE7073A7CB4C5E33E1CD903CCD7F24B78A04C037BFA1D90D9A5BBD12AF60E3DFFD6546277D1B765CA1DAC1CDA28D24D3454C81952B72D97CAF84DF395E99A
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

Chrome Cache Entry: 167

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (779)
Category:	downloaded
Size (bytes):	784
Entropy (8bit):	5.166633240511853
Encrypted:	false
SSDEEP:	24:Ykp3kH1Anab+WBHslgT9lCuABuoB7HHHHHHHYqmffffffo:rs2naHKlgZ01BuSEqmffffffo
MD5:	3E3E538DF048565861E2E8D9FCA2EBB4
SHA1:	2CE145AFD1345DFE758DBE34027113D61BCE2C65
SHA-256:	28A5AC761431A6605EEE016660A1B159C3DCADF5C03E098B167C0BC7A0217B3A
SHA-512:	8972A9D6422C69096F1902BB946C6B8033C622E15F881F55B600A4BD946AB912F3C8A2253644FA15DDE06A349269ED4E43C3DC514F077AE34F00960C43123034
Malicious:	false
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["jesus christ good friday","mlb predictions","7 eleven hot dog sparkling water","sphinx riddles","karma jojo siwa music video","$300 direct deposit child tax credit","phillies opening day roster","2025 toyota 4runner teaser"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

Static File Info

General

File type:	PDF document, version 1.7, 0 pages
Entropy (8bit):	7.971376979290603
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Wed 27th March-plans.pdf
File size:	75'301 bytes
MD5:	f94f1274cd9e8bf2c39254d9fb49a2b2
SHA1:	39fb62650673365c86a3ab57d0f5d945d8890ed3
SHA256:	370592c0a11006893e69b8f28662947c231db8fda7826642a35aac572ed65ed5
SHA512:	de8802bd820b0941eb13c28cd9ffe1ecf3f32c9b8d75082dae172431105aa40a383b4055b4933d9836f33691931f75a72aa69769a7687e1d16bdd582d1b38e6c
SSDEEP:	1536:GmrB6ZpnDeRf4J8860YjmBdbP8INYGLGV75+akCiEKO:bIxDccw09BqINYGLw74TCh
TLSH:	CE73E1A1E02BCA4CD972E1B09CF0EE6F76FA22C362E85A26D1551778B335E5350132DD
File Content Preview:	%PDF-1.7.1 0 obj.<< /Type /Catalog./Outlines 2 0 R./Pages 3 0 R >>.endobj.2 0 obj.<< /Type /Outlines /Count 0 >>.endobj.3 0 obj.<< /Type /Pages./Kids [6 0 R.]./Count 1./Resources <<./ProcSet 4 0 R./Font << ./F1 8 0 R.>>./XObject << ./I1 9 0 R./I2 10 0 R./

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.7
Total Entropy:	7.971377
Total Bytes:	75301
Stream Entropy:	7.974739
Stream Bytes:	73386
Entropy outside Streams:	5.141716
Bytes outside Streams:	1915
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	11
endobj	11
stream	4
endstream	4
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5
9	7010ec7019009b9b	cff9a64fd32fcd7276882164686c644e
10	c060304824120904	8fda3ec9c006447cfce4db065ff22def
11	1040004000201080	5a8038e0b22313825a6c6002dd282af7

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 29, 2024 14:36:09.518692970 CET	49675	443	192.168.2.4	173.222.162.32
Mar 29, 2024 14:36:10.550054073 CET	49678	443	192.168.2.4	104.46.162.224
Mar 29, 2024 14:36:17.655505896 CET	49738	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:17.655534983 CET	443	49738	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:17.655605078 CET	49738	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:17.655889988 CET	49739	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:17.655914068 CET	443	49739	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:17.655966997 CET	49739	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:17.656271935 CET	49740	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:17.656296968 CET	443	49740	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:17.656369925 CET	49740	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:17.656532049 CET	49741	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:17.656552076 CET	443	49741	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:17.656615973 CET	49741	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:17.657001019 CET	49741	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:17.657011032 CET	443	49741	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:17.657277107 CET	49740	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:17.657286882 CET	443	49740	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:17.657566071 CET	49739	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:17.657579899 CET	443	49739	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:17.657845974 CET	49738	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:17.657860041 CET	443	49738	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:17.947084904 CET	443	49739	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:17.953869104 CET	443	49740	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:17.957926035 CET	443	49738	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:17.957959890 CET	443	49741	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:17.986104965 CET	49739	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:17.986123085 CET	443	49739	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:17.986227036 CET	49740	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:17.986243963 CET	443	49740	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:17.986323118 CET	49738	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:17.986335993 CET	443	49738	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:17.986583948 CET	49741	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:17.986599922 CET	443	49741	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:17.987134933 CET	443	49739	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:17.987204075 CET	49739	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:17.987255096 CET	443	49740	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:17.987308979 CET	49740	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:17.987677097 CET	443	49741	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:17.987730026 CET	49741	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:17.987987041 CET	443	49738	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:17.988048077 CET	49738	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:17.989694118 CET	49739	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:17.989749908 CET	443	49739	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:17.990628004 CET	49739	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:17.990638971 CET	443	49739	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:17.990974903 CET	49740	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:17.991027117 CET	443	49740	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:17.991040945 CET	49741	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:17.991096020 CET	443	49741	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:17.991106033 CET	49738	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:17.991209030 CET	443	49738	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:17.991264105 CET	49740	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:17.991275072 CET	443	49740	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:17.991344929 CET	49741	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:17.991352081 CET	443	49741	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:17.991398096 CET	49738	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:17.991405964 CET	443	49738	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:18.094424963 CET	49738	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:18.094487906 CET	443	49738	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:18.094540119 CET	49738	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:18.094955921 CET	49740	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:18.158955097 CET	49739	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:18.159024000 CET	49741	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:18.205204964 CET	443	49741	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:18.205306053 CET	443	49741	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:18.205358982 CET	49741	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:18.205368996 CET	443	49741	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:18.208348036 CET	443	49741	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:18.208408117 CET	49741	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:18.212058067 CET	49741	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:18.212068081 CET	443	49741	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:18.502382994 CET	443	49739	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:18.502473116 CET	443	49739	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:18.502624035 CET	49739	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:18.536596060 CET	49739	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:18.536611080 CET	443	49739	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:18.541704893 CET	49742	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:18.541719913 CET	443	49742	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:18.541785955 CET	49742	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:18.542020082 CET	49742	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:18.542028904 CET	443	49742	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:18.658256054 CET	443	49740	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:18.658355951 CET	443	49740	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:18.658488989 CET	49740	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:18.677289963 CET	49740	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:18.677300930 CET	443	49740	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:18.679994106 CET	49743	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:18.680013895 CET	443	49743	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:18.680182934 CET	49743	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:18.680366993 CET	49743	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:18.680381060 CET	443	49743	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:18.765633106 CET	443	49742	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:18.765883923 CET	49742	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:18.765892029 CET	443	49742	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:18.766767979 CET	443	49742	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:18.766839027 CET	49742	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:18.767205954 CET	49742	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:18.767256021 CET	443	49742	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:18.767425060 CET	49742	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:18.767431021 CET	443	49742	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:18.854691029 CET	49742	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:18.907531977 CET	443	49743	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:18.907877922 CET	49743	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:18.907886982 CET	443	49743	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:18.908474922 CET	443	49743	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:18.909065008 CET	49743	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:18.909118891 CET	443	49743	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:18.909394979 CET	49743	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:18.952240944 CET	443	49743	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:18.993912935 CET	443	49742	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:18.993976116 CET	443	49742	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:18.994000912 CET	443	49742	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:18.994028091 CET	49742	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:18.994041920 CET	443	49742	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:18.994081974 CET	49742	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:18.994462967 CET	443	49742	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:18.994492054 CET	443	49742	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:18.994668961 CET	49742	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:18.996310949 CET	49742	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:18.996323109 CET	443	49742	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:18.996340990 CET	49742	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:18.996366978 CET	49742	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:19.127130032 CET	443	49743	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:19.127218962 CET	443	49743	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:19.127243996 CET	443	49743	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:19.127269983 CET	49743	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:19.127280951 CET	443	49743	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:19.127329111 CET	49743	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:19.127532959 CET	443	49743	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:19.127614975 CET	443	49743	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:19.127657890 CET	49743	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:19.158458948 CET	49675	443	192.168.2.4	173.222.162.32
Mar 29, 2024 14:36:19.179013968 CET	49743	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:19.179020882 CET	443	49743	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:19.845073938 CET	49748	443	192.168.2.4	23.56.8.114
Mar 29, 2024 14:36:19.845109940 CET	443	49748	23.56.8.114	192.168.2.4
Mar 29, 2024 14:36:19.845232010 CET	49748	443	192.168.2.4	23.56.8.114
Mar 29, 2024 14:36:19.847023964 CET	49748	443	192.168.2.4	23.56.8.114
Mar 29, 2024 14:36:19.847039938 CET	443	49748	23.56.8.114	192.168.2.4
Mar 29, 2024 14:36:20.171775103 CET	443	49748	23.56.8.114	192.168.2.4
Mar 29, 2024 14:36:20.171866894 CET	49748	443	192.168.2.4	23.56.8.114
Mar 29, 2024 14:36:20.174261093 CET	49748	443	192.168.2.4	23.56.8.114
Mar 29, 2024 14:36:20.174269915 CET	443	49748	23.56.8.114	192.168.2.4
Mar 29, 2024 14:36:20.174474001 CET	443	49748	23.56.8.114	192.168.2.4
Mar 29, 2024 14:36:20.209086895 CET	49748	443	192.168.2.4	23.56.8.114
Mar 29, 2024 14:36:20.252238035 CET	443	49748	23.56.8.114	192.168.2.4
Mar 29, 2024 14:36:20.484595060 CET	443	49748	23.56.8.114	192.168.2.4
Mar 29, 2024 14:36:20.484744072 CET	443	49748	23.56.8.114	192.168.2.4
Mar 29, 2024 14:36:20.484836102 CET	49748	443	192.168.2.4	23.56.8.114
Mar 29, 2024 14:36:20.484934092 CET	49748	443	192.168.2.4	23.56.8.114
Mar 29, 2024 14:36:20.484949112 CET	443	49748	23.56.8.114	192.168.2.4
Mar 29, 2024 14:36:20.484981060 CET	49748	443	192.168.2.4	23.56.8.114
Mar 29, 2024 14:36:20.484987020 CET	443	49748	23.56.8.114	192.168.2.4
Mar 29, 2024 14:36:20.531446934 CET	49749	443	192.168.2.4	23.56.8.114
Mar 29, 2024 14:36:20.531480074 CET	443	49749	23.56.8.114	192.168.2.4
Mar 29, 2024 14:36:20.531639099 CET	49749	443	192.168.2.4	23.56.8.114
Mar 29, 2024 14:36:20.532232046 CET	49749	443	192.168.2.4	23.56.8.114
Mar 29, 2024 14:36:20.532247066 CET	443	49749	23.56.8.114	192.168.2.4
Mar 29, 2024 14:36:20.853738070 CET	443	49749	23.56.8.114	192.168.2.4
Mar 29, 2024 14:36:20.853810072 CET	49749	443	192.168.2.4	23.56.8.114
Mar 29, 2024 14:36:20.855794907 CET	49749	443	192.168.2.4	23.56.8.114
Mar 29, 2024 14:36:20.855802059 CET	443	49749	23.56.8.114	192.168.2.4
Mar 29, 2024 14:36:20.856005907 CET	443	49749	23.56.8.114	192.168.2.4
Mar 29, 2024 14:36:20.857453108 CET	49749	443	192.168.2.4	23.56.8.114
Mar 29, 2024 14:36:20.900238991 CET	443	49749	23.56.8.114	192.168.2.4
Mar 29, 2024 14:36:20.959492922 CET	49750	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:20.959511042 CET	443	49750	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:20.959563017 CET	49750	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:20.960464954 CET	49750	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:20.960474968 CET	443	49750	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:21.212493896 CET	443	49750	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:21.212852001 CET	49750	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:21.212862015 CET	443	49750	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:21.213313103 CET	443	49750	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:21.214066029 CET	49750	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:21.214123964 CET	443	49750	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:21.255079985 CET	49750	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:21.270245075 CET	443	49749	23.56.8.114	192.168.2.4
Mar 29, 2024 14:36:21.270303011 CET	443	49749	23.56.8.114	192.168.2.4
Mar 29, 2024 14:36:21.270350933 CET	49749	443	192.168.2.4	23.56.8.114
Mar 29, 2024 14:36:21.275266886 CET	49749	443	192.168.2.4	23.56.8.114
Mar 29, 2024 14:36:21.275288105 CET	443	49749	23.56.8.114	192.168.2.4
Mar 29, 2024 14:36:21.275298119 CET	49749	443	192.168.2.4	23.56.8.114
Mar 29, 2024 14:36:21.275302887 CET	443	49749	23.56.8.114	192.168.2.4
Mar 29, 2024 14:36:25.740603924 CET	49752	443	192.168.2.4	104.72.156.136
Mar 29, 2024 14:36:25.740648985 CET	443	49752	104.72.156.136	192.168.2.4
Mar 29, 2024 14:36:25.740727901 CET	49752	443	192.168.2.4	104.72.156.136
Mar 29, 2024 14:36:25.740900040 CET	49752	443	192.168.2.4	104.72.156.136
Mar 29, 2024 14:36:25.740916014 CET	443	49752	104.72.156.136	192.168.2.4
Mar 29, 2024 14:36:26.033340931 CET	443	49752	104.72.156.136	192.168.2.4
Mar 29, 2024 14:36:26.033631086 CET	49752	443	192.168.2.4	104.72.156.136
Mar 29, 2024 14:36:26.033653021 CET	443	49752	104.72.156.136	192.168.2.4
Mar 29, 2024 14:36:26.034522057 CET	443	49752	104.72.156.136	192.168.2.4
Mar 29, 2024 14:36:26.034589052 CET	49752	443	192.168.2.4	104.72.156.136
Mar 29, 2024 14:36:26.036485910 CET	49752	443	192.168.2.4	104.72.156.136
Mar 29, 2024 14:36:26.036544085 CET	443	49752	104.72.156.136	192.168.2.4
Mar 29, 2024 14:36:26.036652088 CET	49752	443	192.168.2.4	104.72.156.136
Mar 29, 2024 14:36:26.036659956 CET	443	49752	104.72.156.136	192.168.2.4
Mar 29, 2024 14:36:26.080306053 CET	49752	443	192.168.2.4	104.72.156.136
Mar 29, 2024 14:36:26.133759022 CET	443	49752	104.72.156.136	192.168.2.4
Mar 29, 2024 14:36:26.133974075 CET	443	49752	104.72.156.136	192.168.2.4
Mar 29, 2024 14:36:26.134143114 CET	49752	443	192.168.2.4	104.72.156.136
Mar 29, 2024 14:36:26.134304047 CET	49752	443	192.168.2.4	104.72.156.136
Mar 29, 2024 14:36:26.134320021 CET	443	49752	104.72.156.136	192.168.2.4
Mar 29, 2024 14:36:26.134327888 CET	49752	443	192.168.2.4	104.72.156.136
Mar 29, 2024 14:36:26.134367943 CET	49752	443	192.168.2.4	104.72.156.136
Mar 29, 2024 14:36:31.246036053 CET	443	49750	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:31.246258020 CET	443	49750	142.251.16.147	192.168.2.4
Mar 29, 2024 14:36:31.246344090 CET	49750	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:31.462536097 CET	49753	443	192.168.2.4	20.114.59.183
Mar 29, 2024 14:36:31.462559938 CET	443	49753	20.114.59.183	192.168.2.4
Mar 29, 2024 14:36:31.462630033 CET	49753	443	192.168.2.4	20.114.59.183
Mar 29, 2024 14:36:31.463606119 CET	49753	443	192.168.2.4	20.114.59.183
Mar 29, 2024 14:36:31.463618040 CET	443	49753	20.114.59.183	192.168.2.4
Mar 29, 2024 14:36:31.980638027 CET	443	49753	20.114.59.183	192.168.2.4
Mar 29, 2024 14:36:31.980818033 CET	49753	443	192.168.2.4	20.114.59.183
Mar 29, 2024 14:36:31.983441114 CET	49753	443	192.168.2.4	20.114.59.183
Mar 29, 2024 14:36:31.983448982 CET	443	49753	20.114.59.183	192.168.2.4
Mar 29, 2024 14:36:31.983776093 CET	443	49753	20.114.59.183	192.168.2.4
Mar 29, 2024 14:36:32.033404112 CET	49753	443	192.168.2.4	20.114.59.183
Mar 29, 2024 14:36:32.337980986 CET	49753	443	192.168.2.4	20.114.59.183
Mar 29, 2024 14:36:32.380230904 CET	443	49753	20.114.59.183	192.168.2.4
Mar 29, 2024 14:36:32.674937963 CET	443	49753	20.114.59.183	192.168.2.4
Mar 29, 2024 14:36:32.674956083 CET	443	49753	20.114.59.183	192.168.2.4
Mar 29, 2024 14:36:32.674962044 CET	443	49753	20.114.59.183	192.168.2.4
Mar 29, 2024 14:36:32.674973965 CET	443	49753	20.114.59.183	192.168.2.4
Mar 29, 2024 14:36:32.675014019 CET	443	49753	20.114.59.183	192.168.2.4
Mar 29, 2024 14:36:32.675126076 CET	49753	443	192.168.2.4	20.114.59.183
Mar 29, 2024 14:36:32.675126076 CET	49753	443	192.168.2.4	20.114.59.183
Mar 29, 2024 14:36:32.675138950 CET	443	49753	20.114.59.183	192.168.2.4
Mar 29, 2024 14:36:32.675156116 CET	443	49753	20.114.59.183	192.168.2.4
Mar 29, 2024 14:36:32.675193071 CET	49753	443	192.168.2.4	20.114.59.183
Mar 29, 2024 14:36:32.675199986 CET	443	49753	20.114.59.183	192.168.2.4
Mar 29, 2024 14:36:32.675209045 CET	443	49753	20.114.59.183	192.168.2.4
Mar 29, 2024 14:36:32.675221920 CET	49753	443	192.168.2.4	20.114.59.183
Mar 29, 2024 14:36:32.675252914 CET	49753	443	192.168.2.4	20.114.59.183
Mar 29, 2024 14:36:32.895479918 CET	49753	443	192.168.2.4	20.114.59.183
Mar 29, 2024 14:36:32.895488977 CET	443	49753	20.114.59.183	192.168.2.4
Mar 29, 2024 14:36:32.895518064 CET	49753	443	192.168.2.4	20.114.59.183
Mar 29, 2024 14:36:32.895523071 CET	443	49753	20.114.59.183	192.168.2.4
Mar 29, 2024 14:36:33.222589970 CET	49750	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:36:33.222599030 CET	443	49750	142.251.16.147	192.168.2.4
Mar 29, 2024 14:37:09.206289053 CET	49759	443	192.168.2.4	20.114.59.183
Mar 29, 2024 14:37:09.206321001 CET	443	49759	20.114.59.183	192.168.2.4
Mar 29, 2024 14:37:09.206451893 CET	49759	443	192.168.2.4	20.114.59.183
Mar 29, 2024 14:37:09.207187891 CET	49759	443	192.168.2.4	20.114.59.183
Mar 29, 2024 14:37:09.207201004 CET	443	49759	20.114.59.183	192.168.2.4
Mar 29, 2024 14:37:09.711257935 CET	443	49759	20.114.59.183	192.168.2.4
Mar 29, 2024 14:37:09.711410999 CET	49759	443	192.168.2.4	20.114.59.183
Mar 29, 2024 14:37:09.722049952 CET	49759	443	192.168.2.4	20.114.59.183
Mar 29, 2024 14:37:09.722059011 CET	443	49759	20.114.59.183	192.168.2.4
Mar 29, 2024 14:37:09.722296000 CET	443	49759	20.114.59.183	192.168.2.4
Mar 29, 2024 14:37:09.738054991 CET	49759	443	192.168.2.4	20.114.59.183
Mar 29, 2024 14:37:09.784231901 CET	443	49759	20.114.59.183	192.168.2.4
Mar 29, 2024 14:37:10.204256058 CET	443	49759	20.114.59.183	192.168.2.4
Mar 29, 2024 14:37:10.204281092 CET	443	49759	20.114.59.183	192.168.2.4
Mar 29, 2024 14:37:10.204343081 CET	443	49759	20.114.59.183	192.168.2.4
Mar 29, 2024 14:37:10.204463005 CET	49759	443	192.168.2.4	20.114.59.183
Mar 29, 2024 14:37:10.204487085 CET	443	49759	20.114.59.183	192.168.2.4
Mar 29, 2024 14:37:10.204557896 CET	49759	443	192.168.2.4	20.114.59.183
Mar 29, 2024 14:37:10.204679966 CET	443	49759	20.114.59.183	192.168.2.4
Mar 29, 2024 14:37:10.204720974 CET	443	49759	20.114.59.183	192.168.2.4
Mar 29, 2024 14:37:10.204741955 CET	443	49759	20.114.59.183	192.168.2.4
Mar 29, 2024 14:37:10.204746008 CET	49759	443	192.168.2.4	20.114.59.183
Mar 29, 2024 14:37:10.204801083 CET	49759	443	192.168.2.4	20.114.59.183
Mar 29, 2024 14:37:10.213792086 CET	49759	443	192.168.2.4	20.114.59.183
Mar 29, 2024 14:37:10.213808060 CET	443	49759	20.114.59.183	192.168.2.4
Mar 29, 2024 14:37:21.019053936 CET	49761	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:37:21.019085884 CET	443	49761	142.251.16.147	192.168.2.4
Mar 29, 2024 14:37:21.019156933 CET	49761	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:37:21.019403934 CET	49761	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:37:21.019421101 CET	443	49761	142.251.16.147	192.168.2.4
Mar 29, 2024 14:37:21.774727106 CET	443	49761	142.251.16.147	192.168.2.4
Mar 29, 2024 14:37:21.775464058 CET	49761	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:37:21.775489092 CET	443	49761	142.251.16.147	192.168.2.4
Mar 29, 2024 14:37:21.775779963 CET	443	49761	142.251.16.147	192.168.2.4
Mar 29, 2024 14:37:21.776597977 CET	49761	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:37:21.776657104 CET	443	49761	142.251.16.147	192.168.2.4
Mar 29, 2024 14:37:21.831063986 CET	49761	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:37:29.474195004 CET	49723	80	192.168.2.4	72.21.81.240
Mar 29, 2024 14:37:29.474463940 CET	49724	80	192.168.2.4	72.21.81.240
Mar 29, 2024 14:37:29.569413900 CET	80	49723	72.21.81.240	192.168.2.4
Mar 29, 2024 14:37:29.569466114 CET	80	49724	72.21.81.240	192.168.2.4
Mar 29, 2024 14:37:29.569539070 CET	49723	80	192.168.2.4	72.21.81.240
Mar 29, 2024 14:37:29.569638968 CET	49724	80	192.168.2.4	72.21.81.240
Mar 29, 2024 14:37:31.295310974 CET	443	49761	142.251.16.147	192.168.2.4
Mar 29, 2024 14:37:31.295368910 CET	443	49761	142.251.16.147	192.168.2.4
Mar 29, 2024 14:37:31.295478106 CET	49761	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:37:33.225406885 CET	49761	443	192.168.2.4	142.251.16.147
Mar 29, 2024 14:37:33.225435019 CET	443	49761	142.251.16.147	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 29, 2024 14:36:16.779073954 CET	53	50761	1.1.1.1	192.168.2.4
Mar 29, 2024 14:36:17.558759928 CET	53396	53	192.168.2.4	1.1.1.1
Mar 29, 2024 14:36:17.558907032 CET	56981	53	192.168.2.4	1.1.1.1
Mar 29, 2024 14:36:17.563836098 CET	53	60940	1.1.1.1	192.168.2.4
Mar 29, 2024 14:36:17.654827118 CET	53	53396	1.1.1.1	192.168.2.4
Mar 29, 2024 14:36:17.654841900 CET	53	56981	1.1.1.1	192.168.2.4
Mar 29, 2024 14:36:18.338942051 CET	53	54834	1.1.1.1	192.168.2.4
Mar 29, 2024 14:36:35.326169014 CET	53	56466	1.1.1.1	192.168.2.4
Mar 29, 2024 14:36:41.076006889 CET	138	138	192.168.2.4	192.168.2.255
Mar 29, 2024 14:36:54.274070978 CET	53	62447	1.1.1.1	192.168.2.4
Mar 29, 2024 14:37:16.602709055 CET	53	53917	1.1.1.1	192.168.2.4
Mar 29, 2024 14:37:16.620023966 CET	53	60622	1.1.1.1	192.168.2.4
Mar 29, 2024 14:37:45.132627010 CET	53	58216	1.1.1.1	192.168.2.4
Mar 29, 2024 14:38:31.490966082 CET	53	52399	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 29, 2024 14:36:17.558759928 CET	192.168.2.4	1.1.1.1	0x94d5	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 29, 2024 14:36:17.558907032 CET	192.168.2.4	1.1.1.1	0x28cd	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Mar 29, 2024 14:36:17.654827118 CET	1.1.1.1	192.168.2.4	0x94d5	No error (0)	www.google.com	142.251.16.147	A (IP address)	IN (0x0001)	false
Mar 29, 2024 14:36:17.654827118 CET	1.1.1.1	192.168.2.4	0x94d5	No error (0)	www.google.com	142.251.16.106	A (IP address)	IN (0x0001)	false
Mar 29, 2024 14:36:17.654827118 CET	1.1.1.1	192.168.2.4	0x94d5	No error (0)	www.google.com	142.251.16.99	A (IP address)	IN (0x0001)	false
Mar 29, 2024 14:36:17.654827118 CET	1.1.1.1	192.168.2.4	0x94d5	No error (0)	www.google.com	142.251.16.105	A (IP address)	IN (0x0001)	false
Mar 29, 2024 14:36:17.654827118 CET	1.1.1.1	192.168.2.4	0x94d5	No error (0)	www.google.com	142.251.16.103	A (IP address)	IN (0x0001)	false
Mar 29, 2024 14:36:17.654827118 CET	1.1.1.1	192.168.2.4	0x94d5	No error (0)	www.google.com	142.251.16.104	A (IP address)	IN (0x0001)	false
Mar 29, 2024 14:36:17.654841900 CET	1.1.1.1	192.168.2.4	0x28cd	No error (0)	www.google.com		65	IN (0x0001)	false

HTTP Request Dependency Graph

www.google.com

fs.microsoft.com

armmf.adobe.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49739	142.251.16.147	443	7652	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-29 13:36:17 UTC	699	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
2024-03-29 13:36:18 UTC	1481	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmpTArGNKHm7AGIjA157o5chH4qRFcaBvNy4R9JLBPkpu5-pdyz2YlySbWFcEF4pH2JnfRfWQpm48wCSkyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgwI0oebsAYQ5fXYzwESBGalMCs Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Date: Fri, 29 Mar 2024 13:36:18 GMT Server: gws Content-Length: 458 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-03-29-13; expires=Sun, 28-Apr-2024 13:36:18 GMT; path=/; domain=.google.com; Secure; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-03-29 13:36:18 UTC	458	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 25 33 46 68 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49740	142.251.16.147	443	7652	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-29 13:36:17 UTC	542	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
2024-03-29 13:36:18 UTC	1399	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmpTArGNKHm7AGIjBgUWRaClu3bjFOkoXVzhg-sp8Y670U55WcmekYN6QOu5h9A9cM7bx0ZtjEG3TBC6AyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgwI0oebsAYQtKfwmAISBGalMCs Content-Type: text/html; charset=UTF-8 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Date: Fri, 29 Mar 2024 13:36:18 GMT Server: gws Content-Length: 417 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-03-29-13; expires=Sun, 28-Apr-2024 13:36:18 GMT; path=/; domain=.google.com; Secure; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-03-29 13:36:18 UTC	417	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 26 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49741	142.251.16.147	443	7652	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-29 13:36:17 UTC	796	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
2024-03-29 13:36:18 UTC	1703	IN	HTTP/1.1 200 OK Date: Fri, 29 Mar 2024 13:36:18 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-DWaQ9-DfRdE-FoN2mZkoJA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-03-29 13:36:18 UTC	791	IN	Data Raw: 33 31 30 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6a 65 73 75 73 20 63 68 72 69 73 74 20 67 6f 6f 64 20 66 72 69 64 61 79 22 2c 22 6d 6c 62 20 70 72 65 64 69 63 74 69 6f 6e 73 22 2c 22 37 20 65 6c 65 76 65 6e 20 68 6f 74 20 64 6f 67 20 73 70 61 72 6b 6c 69 6e 67 20 77 61 74 65 72 22 2c 22 73 70 68 69 6e 78 20 72 69 64 64 6c 65 73 22 2c 22 6b 61 72 6d 61 20 6a 6f 6a 6f 20 73 69 77 61 20 6d 75 73 69 63 20 76 69 64 65 6f 22 2c 22 24 33 30 30 20 64 69 72 65 63 74 20 64 65 70 6f 73 69 74 20 63 68 69 6c 64 20 74 61 78 20 63 72 65 64 69 74 22 2c 22 70 68 69 6c 6c 69 65 73 20 6f 70 65 6e 69 6e 67 20 64 61 79 20 72 6f 73 74 65 72 22 2c 22 32 30 32 35 20 74 6f 79 6f 74 61 20 34 72 75 6e 6e 65 72 20 74 65 61 73 65 72 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 Data Ascii: 310)]}'["",["jesus christ good friday","mlb predictions","7 eleven hot dog sparkling water","sphinx riddles","karma jojo siwa music video","$300 direct deposit child tax credit","phillies opening day roster","2025 toyota 4runner teaser"],["","","","","
2024-03-29 13:36:18 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49738	142.251.16.147	443	7652	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-29 13:36:17 UTC	542	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49742	142.251.16.147	443	7652	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-29 13:36:18 UTC	912	OUT	GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmpTArGNKHm7AGIjA157o5chH4qRFcaBvNy4R9JLBPkpu5-pdyz2YlySbWFcEF4pH2JnfRfWQpm48wCSkyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk; 1P_JAR=2024-03-29-13
2024-03-29 13:36:18 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Fri, 29 Mar 2024 13:36:18 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3184 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-03-29 13:36:18 UTC	896	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 3f 68 6c 3d 65 6e 2d 55 53 26 61 6d 70 3b 61 73 79 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_ogb?hl=en-US&asy
2024-03-29 13:36:18 UTC	1252	IN	Data Raw: 70 74 3e 0a 3c 73 63 72 69 70 74 3e 76 61 72 20 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 5f 50 37 32 58 4a Data Ascii: pt><script>var submitCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="_P72XJ
2024-03-29 13:36:18 UTC	1036	IN	Data Raw: 31 35 70 78 20 30 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 22 3e 0a 54 68 69 73 20 70 61 67 65 20 61 70 70 65 61 72 73 20 77 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 Data Ascii: 15px 0; line-height:1.4em;">This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire short

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49743	142.251.16.147	443	7652	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-29 13:36:18 UTC	738	OUT	GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmpTArGNKHm7AGIjBgUWRaClu3bjFOkoXVzhg-sp8Y670U55WcmekYN6QOu5h9A9cM7bx0ZtjEG3TBC6AyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk; 1P_JAR=2024-03-29-13
2024-03-29 13:36:19 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Fri, 29 Mar 2024 13:36:19 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3112 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-03-29 13:36:19 UTC	896	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_promos</title></head
2024-03-29 13:36:19 UTC	1252	IN	Data Raw: 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 74 49 48 49 58 34 6f 66 78 55 6d 4a 61 66 39 4e 5f 31 46 39 4d 53 79 6f 30 36 79 49 55 2d Data Ascii: llback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="tIHIX4ofxUmJaf9N_1F9MSyo06yIU-
2024-03-29 13:36:19 UTC	964	IN	Data Raw: 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49 6e 20 74 68 65 20 6d 65 61 6e 74 69 6d 65 2c 20 Data Ascii: hen Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly after those requests stop. In the meantime,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49748	23.56.8.114	443

Timestamp	Bytes transferred	Direction	Data
2024-03-29 13:36:20 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-03-29 13:36:20 UTC	468	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0758) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus2-z1 Cache-Control: public, max-age=149255 Date: Fri, 29 Mar 2024 13:36:20 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49749	23.56.8.114	443

Timestamp	Bytes transferred	Direction	Data
2024-03-29 13:36:20 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-03-29 13:36:21 UTC	531	IN	HTTP/1.1 200 OK Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Content-Type: application/octet-stream ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0rcGnYgAAAAANOnx9vccHTr21ROgX9ESTU0pDRURHRTAzMDkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=149207 Date: Fri, 29 Mar 2024 13:36:21 GMT Content-Length: 55 Connection: close X-CID: 2
2024-03-29 13:36:21 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49752	104.72.156.136	443	7620	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-29 13:36:26 UTC	475	OUT	GET /onboarding/smskillreader.txt HTTP/1.1 Host: armmf.adobe.com Connection: keep-alive Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br If-None-Match: "78-5faa31cce96da" If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
2024-03-29 13:36:26 UTC	198	IN	HTTP/1.1 304 Not Modified Content-Type: text/plain; charset=UTF-8 Last-Modified: Mon, 01 May 2023 15:02:33 GMT ETag: "78-5faa31cce96da" Date: Fri, 29 Mar 2024 13:36:26 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49753	20.114.59.183	443

Timestamp	Bytes transferred	Direction	Data
2024-03-29 13:36:32 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=+ggorlLpmALzGLz&MD=nAeRCyR2 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-03-29 13:36:32 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 8f38bbe9-6add-4fe2-ae75-d2d5128f6fe4 MS-RequestId: 44eeedbe-39cd-4e96-be23-eba770d65225 MS-CV: CBRjq64EREWPl7BI.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 29 Mar 2024 13:36:31 GMT Connection: close Content-Length: 24490
2024-03-29 13:36:32 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-03-29 13:36:32 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49759	20.114.59.183	443

Timestamp	Bytes transferred	Direction	Data
2024-03-29 13:37:09 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=+ggorlLpmALzGLz&MD=nAeRCyR2 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-03-29 13:37:10 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: 6693e614-d4ed-4273-ab49-98131a3d3814 MS-RequestId: 86f6b1db-674d-4c1c-91f3-5247fd257804 MS-CV: mF7hAEJSd0uNqGlf.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 29 Mar 2024 13:37:09 GMT Connection: close Content-Length: 25457
2024-03-29 13:37:10 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-03-29 13:37:10 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 7268, Parent PID: 2580

General

Target ID:	0
Start time:	14:36:11
Start date:	29/03/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Wed 27th March-plans.pdf"
Imagebase:	0x7ff6bc1b0000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7432, Parent PID: 7268

General

Target ID:	1
Start time:	14:36:12
Start date:	29/03/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7620, Parent PID: 7432

General

Target ID:	3
Start time:	14:36:12
Start date:	29/03/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1688,i,12523481647777461214,9698492695912916176,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 8188, Parent PID: 3288

General

Target ID:	4
Start time:	14:36:14
Start date:	29/03/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://[https://cloudflare-ipfs.com/ipfs/bafkreiavlcyoapggzccoydnrah3rodice7ulf6j4srxzydqoagrbtu7d6y/#dGF5bG9yLmNyYW5kYWxsQGJvYXJzaGVhZC5jb20=
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7652, Parent PID: 8188

General

Target ID:	5
Start time:	14:36:14
Start date:	29/03/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 --field-trial-handle=2344,i,7249975859297791386,4547035576211600834,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Wed 27th March-plans.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\55fe6e84-202f-44c4-a99c-809c6bd8470c.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240329133617Z-178.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7352

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.7352

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Windows Analysis Report
Wed 27th March-plans.pdf