Edit tour

Windows Analysis Report
04-25-Inv-Doc-339.pdf

Overview

General Information

Sample name:	04-25-Inv-Doc-339.pdf
Analysis ID:	1431947
MD5:	ce4372ea002fca274c16b40792e074e3
SHA1:	ad0b901ddadfa334ca9a6260c574544f0d5311a8
SHA256:	deb2c73fc314f347e01b90650dd116b1fea372d0774ab19257be560aeef03e23
Tags:	latrodectuspdf
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Phishing site detected (based on logo match)

Phishing site detected (based on title match)

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 6740 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\04-25-Inv-Doc-339.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 6912 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 7332 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1724,i,962325086941576876,17187480229861009220,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

chrome.exe (PID: 7736 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://stgmountainair.wpengine.com/wp-content/plugins/user-private-files/shared/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3872 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1996,i,17665591532222451069,15418270985203773523,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Phishing site detected (based on logo match)

Source: https://stgmountainair.wpengine.com/wp-content/plugins/user-private-files/shared/

Matcher: Template: cloudflare matched

Phishing site detected (based on title match)

Source: https://stgmountainair.wpengine.com/wp-content/plugins/user-private-files/shared/

Matcher: Template: cloudflare matched

Source: https://stgmountainair.wpengine.com/wp-content/plugins/user-private-files/shared/

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.197.180.115:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.197.180.115:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49767 version: TLS 1.2

Source: Joe Sandbox View

IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.180.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.180.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.180.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.180.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.180.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.180.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.180.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.180.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.180.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.180.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.180.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.180.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.180.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.180.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.180.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.180.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.180.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.180.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.197.180.115
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.158.36
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.158.36
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.158.36
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.158.36
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.158.36
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.158.36
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.158.36
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.158.36
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.158.36
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.158.36
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZKSTN7eXLXnbO4t&MD=gLTLf+Nz HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/user-private-files/shared/ HTTP/1.1Host: stgmountainair.wpengine.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/user-private-files/shared/vl.php HTTP/1.1Host: stgmountainair.wpengine.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://stgmountainair.wpengine.com/wp-content/plugins/user-private-files/shared/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: stgmountainair.wpengine.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://stgmountainair.wpengine.com/wp-content/plugins/user-private-files/shared/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/user-private-files/shared/vl.php HTTP/1.1Host: stgmountainair.wpengine.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: stgmountainair.wpengine.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZKSTN7eXLXnbO4t&MD=gLTLf+Nz HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: stgmountainair.wpengine.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: 04-25-Inv-Doc-339.pdf	String found in binary or memory: http://www.reportlab.com
Source: 04-25-Inv-Doc-339.pdf	String found in binary or memory: http://www.reportlab.com)
Source: chromecache_191.8.dr	String found in binary or memory: https://fonts.googleapis.com
Source: chromecache_191.8.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Open
Source: chromecache_191.8.dr	String found in binary or memory: https://fonts.gstatic.com
Source: chromecache_188.8.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2)
Source: chromecache_188.8.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2)
Source: chromecache_188.8.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2)
Source: chromecache_188.8.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2)
Source: chromecache_188.8.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSKmu1aB.woff2)
Source: chromecache_188.8.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSOmu1aB.woff2)
Source: chromecache_188.8.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2)
Source: chromecache_188.8.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu1aB.woff2)
Source: chromecache_188.8.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2)
Source: chromecache_188.8.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTVOmu1aB.woff2)
Source: 04-25-Inv-Doc-339.pdf	String found in binary or memory: https://stgmountainair.wpengine.com/wp-content/plugins/user-private-files/shared/)

Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767

Source: unknown	HTTPS traffic detected: 23.197.180.115:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.197.180.115:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49767 version: TLS 1.2

Source: classification engine

Classification label: mal48.phis.winPDF@40/54@8/5

Source: 04-25-Inv-Doc-339.pdf

Initial sample: https://stgmountainair.wpengine.com/wp-content/plugins/user-private-files/shared/

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6476

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-26 03-42-54-648.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\04-25-Inv-Doc-339.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1724,i,962325086941576876,17187480229861009220,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://stgmountainair.wpengine.com/wp-content/plugins/user-private-files/shared/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1996,i,17665591532222451069,15418270985203773523,262144 /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1724,i,962325086941576876,17187480229861009220,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1996,i,17665591532222451069,15418270985203773523,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: 04-25-Inv-Doc-339.pdf	Initial sample: PDF keyword /JS count = 0
Source: 04-25-Inv-Doc-339.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: 04-25-Inv-Doc-339.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Spearphishing Link	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
04-25-Inv-Doc-339.pdf	0%	Virustotal		Browse
04-25-Inv-Doc-339.pdf	0%	ReversingLabs

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://www.reportlab.com)	0%	Avira URL Cloud	safe
http://www.reportlab.com	0%	Avira URL Cloud	safe
http://www.reportlab.com	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
stgmountainair.wpengine.com	34.69.210.22	true	false		high
www.google.com	172.217.15.196	true	false		high

Contacted URLs

Name	Malicious	Reputation
https://stgmountainair.wpengine.com/wp-content/plugins/user-private-files/shared/	false	high
https://stgmountainair.wpengine.com/wp-content/plugins/user-private-files/shared/vl.php	false	high
https://stgmountainair.wpengine.com/favicon.ico	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.reportlab.com	04-25-Inv-Doc-339.pdf	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.reportlab.com)	04-25-Inv-Doc-339.pdf	false	Avira URL Cloud: safe	low
https://stgmountainair.wpengine.com/wp-content/plugins/user-private-files/shared/)	04-25-Inv-Doc-339.pdf	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
23.63.158.36	unknown	United States	16625	AKAMAI-ASUS	false
34.69.210.22	stgmountainair.wpengine.com	United States	15169	GOOGLEUS	false
172.217.15.196	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431947
Start date and time:	2024-04-26 03:42:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 40s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	04-25-Inv-Doc-339.pdf
Detection:	MAL
Classification:	mal48.phis.winPDF@40/54@8/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.46.188.157, 52.5.13.197, 23.22.254.206, 52.202.204.11, 54.227.187.23, 23.50.112.196, 23.50.112.208, 172.64.41.3, 162.159.61.3, 23.66.101.198, 23.66.101.196, 72.21.81.240, 192.229.211.108, 142.250.189.131, 142.250.189.142, 173.194.213.84, 34.104.35.123, 142.250.64.170, 192.178.50.35, 192.178.50.42, 142.250.217.170, 142.251.35.234, 192.178.50.74, 142.250.217.234, 142.250.64.202, 172.217.165.202, 142.250.217.202, 142.250.189.138, 142.250.64.138, 172.217.15.202, 172.217.2.202, 23.50.112.210, 23.50.112.198, 23.50.112.202, 172.217.165.195, 23.59.235.10, 23.59.235.6, 142.250.217.238, 142.250.64.227
Excluded domains from analysis (whitelisted): clients1.google.com, e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, clients.l.google.com, geo2.adobe.com, optimizationguide-pa.googleapis.com
Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
23.63.158.36	SA162.pdf.download.lnk	Get hash	malicious	Unknown	Browse
	ocuments.msg	Get hash	malicious	Unknown	Browse
	MDE_File_Sample_e58087ae88278b39958b41d20906aefc2b88a08d.zip	Get hash	malicious	Unknown	Browse
239.255.255.250	https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MDg4MzE4LCJtZXNzYWdlX2lkIjoiMGd4dnAwdGZzeWpiNm4yamRiMDRuYWd5IzcyNWE1YTc5LTgxYzQtNGM0Yy1iNmI1LTdmMTY0MTM2ZTE2NCIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1NjI0MzE4LCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtLmJyYWRlbnRvbmNjLmluZm8vP2VvdmlldWJyJnFyYz1yZW5lZS5zY2h3YXJ0ekBxci5jb20uYXUiLCJpbmRpdmlkdWFsX2lkIjoiODdiZTY3MTdlZjJmMThjYzI3YmMyMWQ4OTJhY2Q2NzAifQ.iusDS7mld4iiq9DDY82R1MJ9ToHxmMDW3SMbDENZOZQ	Get hash	malicious	HTMLPhisher	Browse
	https://marinatitle.com	Get hash	malicious	Unknown	Browse
	https://site-stlp3.powerappsportals.com/	Get hash	malicious	Unknown	Browse
	https://ndw5xvotehflt.pages.dev/smart89/	Get hash	malicious	Unknown	Browse
	https://cnmxukx5efilc7lvlel.pages.dev/smart89/	Get hash	malicious	Unknown	Browse
	https://m7qfa5ng4lp7.blob.core.windows.net/m7qfa5ng4lp7/1.html?4rKpnF7821CfLO43wsacrvmomp962ETPJQJTKIDNZNNV65316UFUY14332V14#14/43-7821/962-65316-14332	Get hash	malicious	Phisher	Browse
	https://bocmyw606y.pages.dev/smart89/	Get hash	malicious	Unknown	Browse
	https://www.xf2rnb.cn/	Get hash	malicious	Unknown	Browse
	https://vpmz0k.cn/	Get hash	malicious	Unknown	Browse
	https://sabbynarula-73p7yyw32q-ue.a.run.app/Win0belzer0sys07/index.html	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASUS	RemotePCHost.exe	Get hash	malicious	Unknown	Browse	184.31.62.93
	https://autode.sk/4bb5BeV	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	23.214.187.157
	aios3.exe	Get hash	malicious	Unknown	Browse	184.31.60.185
	http://email.wantyourfeedback.com/ls/click?upn=u001.PD4nPnyJUo8oiEzSkSGLgaBNAMtLp9U5nstWElDmnpXtySPOXSs4GxXhEZNYegDWlOpy_1gt1aDjd5mPVItYgazWgABkVm-2FZUH6kt1lIvkdtkRWsfoyQV18ixDvOX-2B0tU4ZH6SMN7PC0YJjM3gcvFPvh6CbZuFXlOBXf3FWLiJkpKJ7Hjba3S4-2FzhpmkR8VdprfK8GO3qSu-2BzqpIaLLC-2Bva9kOn7HY5B7OIgz5EOl88o1lnRSRpayTzqRzTSFhtg2Bi-2BI4dAZ7qHRbJ3vb9lcrxBKqAk13I-2BCAvndhSK1Vi4ubCjlp2xQlrXIHfzqmLiSPjl7tEmTsLYr99h3esBOPv8ASLIpf873P512I7xYEOjogT1gQCerfZNqh6K2IdWU6lDJ2r3wpU6ug02vU9Zslw4DYpuNNZQNVtap5mqv9Xf8D1PYQxYI5BK4owXOV2wEXeRIjST24XAw6EO9D1tdiGoHDRaxW2QofayefCuiW9Z191aML90svJWojHiQp1Fq-2BXFLiyEx8V1eLa7dixfJ23RRWtHvg1jOrHp7lqvXRA7dobs-3D	Get hash	malicious	HTMLPhisher	Browse	23.59.235.214
	dwn1cGHIbV.elf	Get hash	malicious	Mirai	Browse	104.73.199.214
	https://bushelman-my.sharepoint.com/:b:/p/lance/ESXtc6Laa05KpaC4W3rpMEMBfLSUU1GZhgfhBL8opRqFHg?e=Wrw3le	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	23.223.31.42
	[EXTERNAL] New file received.eml	Get hash	malicious	HTMLPhisher	Browse	23.47.176.131
	https://www.bing.com/////////////////////ck/a?!&&p=0533e94aab0b2a6eJmltdHM9MTcxMzQ4NDgwMCZpZ3VpZD0xNDE4NDZmNi1iZWY1LTY4NjUtMjQ0YS01MjkwYmYwZTY5ODQmaW5zaWQ9NTIyMA&ptn=3&ver=2&hsh=3&fclid=141846f6-bef5-6865-244a-5290bf0e6984&u=a1aHR0cHM6Ly9reDRrc3IuYXJ0aWNsZXdyaXRpbmdnZW5lcmF0b3IueHl6Lw#vds2aa29aYmRldmluc0B3ZS13b3JsZHdpZGUuY29t	Get hash	malicious	HTMLPhisher	Browse	23.209.84.186
	lzShU2RYJa.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, Vidar	Browse	96.17.209.196
	https://app.frame.io/presentations/da0e116a-d15f-430f-8c37-0aa7d783720f?component_clicked=digest_call_to_action&email_id=8abc710c-c18f-47f5-a884-e927cb8dcfaa&email_type=pending-reviewer-invite	Get hash	malicious	HTMLPhisher	Browse	23.199.47.148

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://site-stlp3.powerappsportals.com/	Get hash	malicious	Unknown	Browse	23.197.180.115 13.85.23.86
	https://ndw5xvotehflt.pages.dev/smart89/	Get hash	malicious	Unknown	Browse	23.197.180.115 13.85.23.86
	https://cnmxukx5efilc7lvlel.pages.dev/smart89/	Get hash	malicious	Unknown	Browse	23.197.180.115 13.85.23.86
	https://bocmyw606y.pages.dev/smart89/	Get hash	malicious	Unknown	Browse	23.197.180.115 13.85.23.86
	https://sabbynarula-73p7yyw32q-ue.a.run.app/Win0belzer0sys07/index.html	Get hash	malicious	Unknown	Browse	23.197.180.115 13.85.23.86
	https://uporniacomnuvidx.z13.web.core.windows.net/index.html	Get hash	malicious	TechSupportScam	Browse	23.197.180.115 13.85.23.86
	https://yucity.com/	Get hash	malicious	Unknown	Browse	23.197.180.115 13.85.23.86
	https://flicker-candle-sunspot.glitch.me/wond276816auing.html	Get hash	malicious	Unknown	Browse	23.197.180.115 13.85.23.86
	https://heiqi.xyz/	Get hash	malicious	Unknown	Browse	23.197.180.115 13.85.23.86
	https://markssmith.icu/23d80j2d/qwd13d8jqd/index.html?13813e8=0101%2048076%2044139&13813e8=https://playgames5.net	Get hash	malicious	TechSupportScam	Browse	23.197.180.115 13.85.23.86

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.203166738775914
Encrypted:	false
SSDEEP:	6:+3bAq2Pwkn2nKuAl9OmbnIFUt8F3mhZmw+F3m7kwOwkn2nKuAl9OmbjLJ:AAvYfHAahFUt8Ih/+I75JfHAaSJ
MD5:	4D912005945DB414EE312337737A9D2E
SHA1:	EA54DCA00D52ACD2E7387CE6A1F83C51539FBBE6
SHA-256:	A7723DC48B638D3615E1534641E38B84AB3BBC2B4033F143D8990906B04D099C
SHA-512:	210041E1A19C96E312BDCB22A0792221743AF727AB0395FBFC15D59B7EED87EC9F1EEE38CDC01EF5DE1976AF4D8F0ED47B7A2D740752488C30AA091588221651
Malicious:	false
Reputation:	low
Preview:	2024/04/26-03:42:52.492 1a70 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/26-03:42:52.493 1a70 Recovering log #3.2024/04/26-03:42:52.493 1a70 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.203166738775914
Encrypted:	false
SSDEEP:	6:+3bAq2Pwkn2nKuAl9OmbnIFUt8F3mhZmw+F3m7kwOwkn2nKuAl9OmbjLJ:AAvYfHAahFUt8Ih/+I75JfHAaSJ
MD5:	4D912005945DB414EE312337737A9D2E
SHA1:	EA54DCA00D52ACD2E7387CE6A1F83C51539FBBE6
SHA-256:	A7723DC48B638D3615E1534641E38B84AB3BBC2B4033F143D8990906B04D099C
SHA-512:	210041E1A19C96E312BDCB22A0792221743AF727AB0395FBFC15D59B7EED87EC9F1EEE38CDC01EF5DE1976AF4D8F0ED47B7A2D740752488C30AA091588221651
Malicious:	false
Reputation:	low
Preview:	2024/04/26-03:42:52.492 1a70 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/26-03:42:52.493 1a70 Recovering log #3.2024/04/26-03:42:52.493 1a70 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.147533752461722
Encrypted:	false
SSDEEP:	6:+Vu+L+q2Pwkn2nKuAl9Ombzo2jMGIFUt8FWIoKWZmw+FvJjLVkwOwkn2nKuAl9OU:ghL+vYfHAa8uFUt8HW/+rjLV5JfHAa8z
MD5:	7771523C57B0AF022DAD77C3B4B7EBD7
SHA1:	08BA487680B139A8F78B9213F82920C270BB7475
SHA-256:	268F79FD1EF3EA702665421412EAAAC608C6D4280DB6CF40A62DEB317D3F629E
SHA-512:	C1D8677C44265B6796BF04E5440F64B505438667F326C7C853DD3A14CD9E061DD4AAFD962F2525EAC9F59980AA972430FB523E36249E183D9C579EB126E9780A
Malicious:	false
Reputation:	low
Preview:	2024/04/26-03:42:52.534 1ccc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/26-03:42:52.535 1ccc Recovering log #3.2024/04/26-03:42:52.536 1ccc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.147533752461722
Encrypted:	false
SSDEEP:	6:+Vu+L+q2Pwkn2nKuAl9Ombzo2jMGIFUt8FWIoKWZmw+FvJjLVkwOwkn2nKuAl9OU:ghL+vYfHAa8uFUt8HW/+rjLV5JfHAa8z
MD5:	7771523C57B0AF022DAD77C3B4B7EBD7
SHA1:	08BA487680B139A8F78B9213F82920C270BB7475
SHA-256:	268F79FD1EF3EA702665421412EAAAC608C6D4280DB6CF40A62DEB317D3F629E
SHA-512:	C1D8677C44265B6796BF04E5440F64B505438667F326C7C853DD3A14CD9E061DD4AAFD962F2525EAC9F59980AA972430FB523E36249E183D9C579EB126E9780A
Malicious:	false
Reputation:	low
Preview:	2024/04/26-03:42:52.534 1ccc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/26-03:42:52.535 1ccc Recovering log #3.2024/04/26-03:42:52.536 1ccc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\0d761e7e-d248-42d2-805c-d23ee07c7b70.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.971316048517525
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqZ6hsBdOg2Ht2caq3QYiubInP7E4T3y:Y2sRdsedMHtJ3QYhbG7nby
MD5:	7FBAD3AD25DBCF4FCFAA758D525AD357
SHA1:	E1846185BF81BC071E5C1F7E97342D5B8D2CBB75
SHA-256:	FC3935387B3C80B696F3BD7E3D7ABC90A4A5B34C9F26BAE5C894D9B9F98E6246
SHA-512:	D342C3C03B735EFFFB03641891406BCD988150C279605850EF8F417CEDC76FF94313A8E583A979F2A3D6DCAF8F252557D27237DA5A0028B7AF0547F3EE2A28B6
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358655784460984","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":128773},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.971316048517525
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqZ6hsBdOg2Ht2caq3QYiubInP7E4T3y:Y2sRdsedMHtJ3QYhbG7nby
MD5:	7FBAD3AD25DBCF4FCFAA758D525AD357
SHA1:	E1846185BF81BC071E5C1F7E97342D5B8D2CBB75
SHA-256:	FC3935387B3C80B696F3BD7E3D7ABC90A4A5B34C9F26BAE5C894D9B9F98E6246
SHA-512:	D342C3C03B735EFFFB03641891406BCD988150C279605850EF8F417CEDC76FF94313A8E583A979F2A3D6DCAF8F252557D27237DA5A0028B7AF0547F3EE2A28B6
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358655784460984","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":128773},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4730
Entropy (8bit):	5.246658026815464
Encrypted:	false
SSDEEP:	96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7Cp3k0GDkZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goE
MD5:	C8B84E2C6548696D3282B30DFE7A29A7
SHA1:	5265E9B147B780DAB39EB49170E3787C23A83145
SHA-256:	2C268C50C812933EE4319C0F8B211DC3D6A8783C4032C6F4E1DE9C1EBB4BED5D
SHA-512:	7A743891DEBBF6035385E87A50F379742E601573F0D14F852F50158D35BE7F71BEBD63C91A8F924509BBBE296E31390393FC6B9AAEA2C1CE56788C792CF6C533
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..\|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.197310618466749
Encrypted:	false
SSDEEP:	6:+0GjL+q2Pwkn2nKuAl9OmbzNMxIFUt8FdoKWZmw+Fuu8LVkwOwkn2nKuAl9OmbzE:b+L+vYfHAa8jFUt8bXW/+KLV5JfHAa8E
MD5:	ACF42BC5127252AC3A43F476625DB0E3
SHA1:	C140D3A34079074AF21CFB38881F973899259478
SHA-256:	3E97E0318041FEAE251AE2273533F6807E25C144A73FE64C0D65E650D3C79890
SHA-512:	A527E6885081E0C66DC3DEB41E23E6AAACCFDEF9FCC296B765DC10A7579954436C4D5325CCA80780A9115AA9E4D409CB1587DFCA35E806BF03706B23585D81CA
Malicious:	false
Reputation:	low
Preview:	2024/04/26-03:42:52.758 1ccc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/26-03:42:52.759 1ccc Recovering log #3.2024/04/26-03:42:52.760 1ccc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.197310618466749
Encrypted:	false
SSDEEP:	6:+0GjL+q2Pwkn2nKuAl9OmbzNMxIFUt8FdoKWZmw+Fuu8LVkwOwkn2nKuAl9OmbzE:b+L+vYfHAa8jFUt8bXW/+KLV5JfHAa8E
MD5:	ACF42BC5127252AC3A43F476625DB0E3
SHA1:	C140D3A34079074AF21CFB38881F973899259478
SHA-256:	3E97E0318041FEAE251AE2273533F6807E25C144A73FE64C0D65E650D3C79890
SHA-512:	A527E6885081E0C66DC3DEB41E23E6AAACCFDEF9FCC296B765DC10A7579954436C4D5325CCA80780A9115AA9E4D409CB1587DFCA35E806BF03706B23585D81CA
Malicious:	false
Reputation:	low
Preview:	2024/04/26-03:42:52.758 1ccc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/26-03:42:52.759 1ccc Recovering log #3.2024/04/26-03:42:52.760 1ccc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240426014256Z-160.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
Category:	dropped
Size (bytes):	65110
Entropy (8bit):	4.269081586936094
Encrypted:	false
SSDEEP:	1536:f+wfqhSajWj9aHrdlelioWOo3A1PHaJ/bxr:f+wfqhS+Wirdlelio/1va9l
MD5:	F29A83D26063CFBB9C02C659D60C9B4C
SHA1:	ECA420A6B4F1773473FE4781F575AAFDEC071A8E
SHA-256:	5838F222277B88ED9ADC333F71582C55301E9462980D1FD8A2B268AF0785CC37
SHA-512:	03482DD56A4574980851384C6885F8DCA9BCF583A5E86E0CCC451E96238EB710DF2C7A5E2AA72F2154CD36C58C682375C0484951C3B777B8E9111421F07FE217
Malicious:	false
Reputation:	low
Preview:	BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.445264078085616
Encrypted:	false
SSDEEP:	384:yezci5tIiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rvs3OazzU89UTTgUL
MD5:	CA1BC61CFA5DD2898D64C8CB0CFBE7A1
SHA1:	28B36175A98F0D03237396004CD176D23EFED71E
SHA-256:	7D4D664AF3642B5462EA7B700C80999EAA490E2D420B8B01AD3C45F89ACDA2BD
SHA-512:	5D8876D357E40141B97403F14EEBA7E61A393F95862EDEC0AFFAE4EB31C501102AE44A3789E98DEB94C627FDF873FB196A9FFA2CA4EC20B22668D3F97D6A665B
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.771755085941288
Encrypted:	false
SSDEEP:	48:7MWp/E2ioyVaioy9oWoy1Cwoy1eKOioy1noy1AYoy1Wioy1hioybioyUoy1noy1H:7VpjuaFxXKQFWb9IVXEBodRBkc
MD5:	9FBC0540769F742ED2858349B4907EC8
SHA1:	B8A939F587E20844B3E9FBDE90AFF8A5CC7F4E49
SHA-256:	BB4FDAF724A2AA60955124A6FCDB13CB5A04D9A407E12A7526427514D46406F3
SHA-512:	3262DEBBD56D83422FCCAB250A57D5BA16BE9F19100E08E43CC1F1EE1E22E92B1C7A9F405C838B3E1CA1C2DAB85DBA01A068441E02CE03E2D455534B0D9EC066
Malicious:	false
Preview:	.... .c.......l................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6476

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	243196
Entropy (8bit):	3.3450692389394283
Encrypted:	false
SSDEEP:	1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
MD5:	F5567C4FF4AB049B696D3BE0DD72A793
SHA1:	EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
SHA-256:	D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
SHA-512:	E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.316776875559436
Encrypted:	false
SSDEEP:	6:YEQXJ2HXAEIQDR2n9VoZcg1vRcR0Y/w2KoAvJM3g98kUwPeUkwRe9:YvXKXyQDR2nEZc0vc5GMbLUkee9
MD5:	CBB053C8E90B079A1A715C85E0725358
SHA1:	5C268A59A68A6DE7F402B0E53E3D2D7220149B3D
SHA-256:	85F1269A3D2BDDC3F708FDB79F95A73531CE0F4CA86021F62DC754980900B144
SHA-512:	20AA312FC962DAD239DCB0B2AE3B9C51443FDEF778176FB65F2CCC10C2DCB86132ED9C49FF4BDC84DD7B17C49361CFB97599EF9E1FAE594787E0E04701D9EC2B
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"affca91a-7bf9-4d4a-989a-4fcedb5c5b0f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714274578595,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.263117087307326
Encrypted:	false
SSDEEP:	6:YEQXJ2HXAEIQDR2n9VoZcg1vRcR0Y/w2KoAvJfBoTfXpnrPeUkwRe9:YvXKXyQDR2nEZc0vc5GWTfXcUkee9
MD5:	1C90D24B25E3CFB90455379E62D61A3C
SHA1:	404E95DC840347312CD82CF8349F0790F28BD1C9
SHA-256:	20B3682D1117821D23A9E79F44138E907CDC60D91C9983F7FDCC5D6CDCCA5ACE
SHA-512:	ABD8838332E9B591FC9BA1E523BDEB4E603186C52AEAE4C1AD0F1CC68DA56EB8AF75F74A66409F44117A5F75E3E35BA6CC530A5244C8898498019CC62C77F428
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"affca91a-7bf9-4d4a-989a-4fcedb5c5b0f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714274578595,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.240967180884396
Encrypted:	false
SSDEEP:	6:YEQXJ2HXAEIQDR2n9VoZcg1vRcR0Y/w2KoAvJfBD2G6UpnrPeUkwRe9:YvXKXyQDR2nEZc0vc5GR22cUkee9
MD5:	61E4AFEDD8FD511C43509649558DACA6
SHA1:	D7C81908FE43C805FEB6F13650BB09FAE3F3D04C
SHA-256:	8EED3224A3BF8EC0A8C1AC2E60498541BF3E06F9ADD6793D967E3DE255BBE31C
SHA-512:	4D9B358B11CBA91CBD9A46C5F974D47149D95E325FB5EF30737443125F1227CC01B7C6EACEA0FEB604FAC35F871CC2D519612B359B54687D054D2A930A37EED6
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"affca91a-7bf9-4d4a-989a-4fcedb5c5b0f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714274578595,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.302152767342042
Encrypted:	false
SSDEEP:	6:YEQXJ2HXAEIQDR2n9VoZcg1vRcR0Y/w2KoAvJfPmwrPeUkwRe9:YvXKXyQDR2nEZc0vc5GH56Ukee9
MD5:	3CA9F687EEE2507CD6D8DC0819A37566
SHA1:	7D770FE8CCE9B6BD9C77C51DE57010684CD5AB83
SHA-256:	7B95F11429D03A5AEC39CD4C5C680D33C8AF826945D2115A8CEBC18EE91E09C7
SHA-512:	87F8B082C7A19C404319BA1683DB88499D478C4E9DFBCDF17604DC31463A6262139D565835010BA6064D42A9B3044E9B1CB5FACDA2B29E792B1E1FCE7201BC1B
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"affca91a-7bf9-4d4a-989a-4fcedb5c5b0f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714274578595,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.261760189554014
Encrypted:	false
SSDEEP:	6:YEQXJ2HXAEIQDR2n9VoZcg1vRcR0Y/w2KoAvJfJWCtMdPeUkwRe9:YvXKXyQDR2nEZc0vc5GBS8Ukee9
MD5:	4F6ABA6345C2769C285BBE34976D847F
SHA1:	DFCA61E7073158BB728A8A305168F1C32C14F94C
SHA-256:	B0998922DEB99DA5842FD06647880CF7EC73752F28D03978E1BD7CF7A84291B0
SHA-512:	C54E333CE7E557696B372D33728C9C4A840DB3C94804DEBDB3272EB6A0FDAB34E05AECCD823712988358658AEAA0193CA42BDA2EA7E223719EE6ED822FD007F8
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"affca91a-7bf9-4d4a-989a-4fcedb5c5b0f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714274578595,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.247397588925787
Encrypted:	false
SSDEEP:	6:YEQXJ2HXAEIQDR2n9VoZcg1vRcR0Y/w2KoAvJf8dPeUkwRe9:YvXKXyQDR2nEZc0vc5GU8Ukee9
MD5:	BF09267E216423E3C3C6BD5AC7D1A100
SHA1:	6C508EC0D93979A28277924DAFFD7554D20147EB
SHA-256:	EF101F5E4BCEA37C1C54B3E542A33036F02460B8B38A64D1EEC6C75104F3958A
SHA-512:	B7D4AE87D33E70D3023EE61CDF0ED56F1B5E3C07F80227F2E8C51A8B10DCB096ACFB38EC958E1F2B32EDF6ABA494E254D7A535E517F54352140C5000589091EB
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"affca91a-7bf9-4d4a-989a-4fcedb5c5b0f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714274578595,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.252955044747848
Encrypted:	false
SSDEEP:	6:YEQXJ2HXAEIQDR2n9VoZcg1vRcR0Y/w2KoAvJfQ1rPeUkwRe9:YvXKXyQDR2nEZc0vc5GY16Ukee9
MD5:	0F45E3FD21A885E2A4A71420B8BDB68D
SHA1:	0D64A9CFFF7C19F3D20F8363C5F84422F2F93D01
SHA-256:	642CC8F501E71B4E1DEC88DDB20469DC0E4D728B7964FC112EB857C579411EBB
SHA-512:	AACFF953287EA205DC35013D99F5E5F1DFC673EDF33605939C89233DF63157155E442DE93E127B160200CAB9C9A20D4222DE7E203F8CD41084A98586F86C47E7
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"affca91a-7bf9-4d4a-989a-4fcedb5c5b0f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714274578595,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.257155120552425
Encrypted:	false
SSDEEP:	6:YEQXJ2HXAEIQDR2n9VoZcg1vRcR0Y/w2KoAvJfFldPeUkwRe9:YvXKXyQDR2nEZc0vc5Gz8Ukee9
MD5:	79F59A6DE4054F864E70C3ABE87692D7
SHA1:	4E4B5664B2B208B1D78F674688D2E596484C1F17
SHA-256:	BC70FA78561133FF5938F36AF0F22993CF0D4883CA48ACDBBD63C71024669C5D
SHA-512:	06291C2FE26FD32AB18648DF7AC2AAA3E33DF3040353E800B43CC9B48D298CB61D0A98B0E1E785C19883E373CFEE42B4F472CE4FA4FA597A1277D47E0D44B69C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"affca91a-7bf9-4d4a-989a-4fcedb5c5b0f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714274578595,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1372
Entropy (8bit):	5.733286128188263
Encrypted:	false
SSDEEP:	24:Yv6XJFCEzvKKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJN+:Yv2CEgigrNt0wSJn+ns8cvFJA
MD5:	0D7FF533F03AC40415E216EDA197AA00
SHA1:	4A5A1E793465BA8F2C204ED037AD787F948D6E41
SHA-256:	8241F63B3160648A42A46B77E55BF958918D434066625C2A642CEB56547A533C
SHA-512:	6FA92734E75D61060C8D6F3F913C6992D6149D499694E33901237B17E683CF8F42D3AD5D29662092704F28287C7582461E177146D6F8855C6DA14D9122C04BA1
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"affca91a-7bf9-4d4a-989a-4fcedb5c5b0f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714274578595,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.254436535443107
Encrypted:	false
SSDEEP:	6:YEQXJ2HXAEIQDR2n9VoZcg1vRcR0Y/w2KoAvJfYdPeUkwRe9:YvXKXyQDR2nEZc0vc5Gg8Ukee9
MD5:	6BB499EE296C912405D3813F95A61B92
SHA1:	077949BECBFB9BD3174929AB4252E5E82DA108E7
SHA-256:	E6074ACFE0A47C348DA720BAB92F009185777E46004A2F49BD5533DF741E27D8
SHA-512:	DEC881286BDA5E9166EA9DCFFF7986BCFBF8175807B1E0A51470C0CDA62520468585C25FC9B23B1D7DF2B3B7446EA3046864FC64D57A1C3B4BF40248A24A1DDF
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"affca91a-7bf9-4d4a-989a-4fcedb5c5b0f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714274578595,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.775188718080611
Encrypted:	false
SSDEEP:	24:Yv6XJFCEzv5rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNG:Yv2BHgDv3W2aYQfgB5OUupHrQ9FJM
MD5:	2CDD7523A34559668874D5F879ACCF2C
SHA1:	23674F4089D1251C1289F1A8912CA9E543C17399
SHA-256:	B5D118C6D6E1B8D2DE411B9DF507BBDD968E873D34062ED99A6957BACDA3354A
SHA-512:	6F3ADE51C8213CBEAF5964F6C2EBF453D26446825007C2EBE00BC256AAFBE8B48B0508F195B69CD30C5094FA5C9421B43358C0D43AA9BAA9D7B8DE337ACE2829
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"affca91a-7bf9-4d4a-989a-4fcedb5c5b0f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714274578595,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.238296784076124
Encrypted:	false
SSDEEP:	6:YEQXJ2HXAEIQDR2n9VoZcg1vRcR0Y/w2KoAvJfbPtdPeUkwRe9:YvXKXyQDR2nEZc0vc5GDV8Ukee9
MD5:	06567A4D526F1E9A477ABEA00BE375EC
SHA1:	50C05EC0ECCC5B9046340B47B8770D55E9BCD725
SHA-256:	12B706B171982DA9D8899762685083CA0F7A6D9B0F8279A314924866399C115F
SHA-512:	BF38EC78DA350406637B6B643CE2CEA870E4B99F740521B58D55DD5F136F07EC8EF0E70FDEAE940981611325C5B4CB94226CB173E86AA726A0ADD66E799C51CA
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"affca91a-7bf9-4d4a-989a-4fcedb5c5b0f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714274578595,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.243157538408071
Encrypted:	false
SSDEEP:	6:YEQXJ2HXAEIQDR2n9VoZcg1vRcR0Y/w2KoAvJf21rPeUkwRe9:YvXKXyQDR2nEZc0vc5G+16Ukee9
MD5:	B1AE059D0B9DA72C32FE7A288FC43863
SHA1:	716881EE5CFDBEA60692AB18CB18D364F081D0E9
SHA-256:	8A85E8D1E406E3DB3826BB3820AF030B67FA811A30068060A3FA32FEFCB77971
SHA-512:	AB068956309E5B98F346FF04F25A73AA85EBE400D13B467C1847CCD1C3B4C7450A540936DBBFCA249D9A89A660FE7462BC9E9CDB8A04977F9843AC83643B663B
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"affca91a-7bf9-4d4a-989a-4fcedb5c5b0f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714274578595,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.260977846127032
Encrypted:	false
SSDEEP:	6:YEQXJ2HXAEIQDR2n9VoZcg1vRcR0Y/w2KoAvJfbpatdPeUkwRe9:YvXKXyQDR2nEZc0vc5GVat8Ukee9
MD5:	55BDC91C9DB081AB185E1E403201D701
SHA1:	095EFF79163C45C15706ECBF80328783D1AB8DB9
SHA-256:	98E2C8EF9DD03446090665DCDD397F98B5A70E76826BE61CE38A795B78DFF297
SHA-512:	4DA5C703778CF99C27B8152AD576FB7CA571EEEAD11BF39BB3E3D5ECD86A8C88B12D758A79371B339C42AFAF264ABC362D0C08D15FCA1F572DF8AD136182C4DA
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"affca91a-7bf9-4d4a-989a-4fcedb5c5b0f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714274578595,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.217501593212319
Encrypted:	false
SSDEEP:	6:YEQXJ2HXAEIQDR2n9VoZcg1vRcR0Y/w2KoAvJfshHHrPeUkwRe9:YvXKXyQDR2nEZc0vc5GUUUkee9
MD5:	8806F7349F36B5F788721B0BA4E8662B
SHA1:	DA9BA303E972619FD3BC63914CA1A5BFD9D8B708
SHA-256:	EF3D9C6C874F2CFCAE0399F222F7AAC86AEC60F54D9CF17C20649B0A20708B08
SHA-512:	F9F72224A03F02B215C1655BE529A679CF7CE2475D93FE9C21016FD16C4C1CDDB4EF8185BCFA2410A9B473720831C14C3B4461C67FCDA00D1C54BF2A4D38504A
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"affca91a-7bf9-4d4a-989a-4fcedb5c5b0f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714274578595,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.364441048310901
Encrypted:	false
SSDEEP:	12:YvXKXyQDR2nEZc0vc5GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWYhH:Yv6XJFCEzvY168CgEXX5kcIfANhL
MD5:	BD2FD3B0DEEBD3167C0FBA5854F80F9F
SHA1:	6FCA52A0AFC503EE543DCBD9EF91769336AC801B
SHA-256:	982FED883C85AB8771E0814C442CD4ED6E5577397B4F90FA85A1B37315EB0E7E
SHA-512:	6776C3652C4B19BC889FBDBA4526FF154F87B0A273234CCE8577909CE0B128907B39C5040E4E597D9E2EDBF0C86057451396B80FD182F256D8DA60FCEF878870
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"affca91a-7bf9-4d4a-989a-4fcedb5c5b0f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714274578595,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1714095778626}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2814
Entropy (8bit):	5.122655637517842
Encrypted:	false
SSDEEP:	48:YmF09BXaqDLlDr0RpkuHh3gKpkKwOpCV+PXoddvrYLuB9DqYF:NF09BBxDr0Rpph3lpkKnpo+PXkv8LCD5
MD5:	BBF1BBEC95C8384DDE8C66B4E9E3C936
SHA1:	40CA3FF31F73D823916EB681F6FADD93C606E418
SHA-256:	2AB4998C1973ECFDDF48BB3A572C4C821F4B9DA4A5909004A066221864F2371B
SHA-512:	A9920680D14B194A41BEB88C9CC8CF170748F0F378EE47D446FE9DC90F6362FB62A9C9CA30426531598F92D2E40EC4405E49D3E730BC89FA7828B34B1FF6D1F4
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"75d83d4731d74c489731d65c7f8d9f6c","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1714095777000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"1971bbc12c7d5fa2eb6f7f9f20580e0e","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1714095777000},{"id":"Edit_InApp_Aug2020","info":{"dg":"faadc5ba791562341f3bd5d5b1c653d7","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1714095777000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"0a057f9b4bd26ce7b8a8f96e3b54bfa7","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1714095777000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"1971d913f5f000dd74f734549f77d75c","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1714095777000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"5a43c9a418ca469da8062863de46e236","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1714095777000},

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.1881382607371673
Encrypted:	false
SSDEEP:	48:TGufl2GL7msEHUUUUUUUUhbVSvR9H9vxFGiDIAEkGVvpNbh:lNVmswUUUUUUUUhbV+FGSIthbh
MD5:	37798D2BA2842988E9E14E98132F1C77
SHA1:	2651CE41CC3E3259CFA395EDB8A65E5B67C06C05
SHA-256:	CB15467AB2EC3D2CB2A6A9B3D4F3C6AE72C66C816B884594387DBF7476636FB2
SHA-512:	299E036E63E1371984F4B78C69C12B3E5C6FE7F8111BD11F1D83E99122C68B1D525BE6A1496CC482B6DB6F126E6F20633D45A4ADBBFC43A7C91611EA35983281
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.605156553453878
Encrypted:	false
SSDEEP:	48:7MCKUUUUUUUUUUhbNvR9H9vxFGiDIAEkGVvLqFl2GL7msu:7WUUUUUUUUUUhbpFGSItFKVmsu
MD5:	6DC22CC89873F11E474688605A402297
SHA1:	5DAE33291750AED5C7C3ACC2942BC84DA1AE4F0B
SHA-256:	8CC6AC6ECDF0313D31B166B982C860E0BF4090821B2E145A73916A005D401088
SHA-512:	90452FB559F660134220AA4825789DEE234DADFB99A324E3B5053B28F25EFFB28949855B5EBAE22E8C0C9EA90360027E8A82171E76BB9009B31489FCD15AEBC1
Malicious:	false
Preview:	.... .c......IiY......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI3a4ca.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.537590009309966
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8mdWgEi:Qw946cPbiOxDlbYnuRKvjEi
MD5:	584C74A964CD168FE18BC54225EA3830
SHA1:	9C22785427C7DE6DD665042EA9E1AE9DE3B85895
SHA-256:	E267B7E17B1A03B05B97743911D03D99D5143545DE93A785F878D02C1A84B1E1
SHA-512:	BF8CE91D4030F59C3242C1AE3A076B86BB3D45C0E7956BCBF1B463CE2B20A6CAEF2D5FC29D415048CAC4A24247CEEFCF5BC27B410D506FC145164545FAEEF47D
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.6./.0.4./.2.0.2.4. . .0.3.:.4.2.:.5.9. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-26 03-42-54-648.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.345946398610936
Encrypted:	false
SSDEEP:	384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
MD5:	8947C10F5AB6CFFFAE64BCA79B5A0BE3
SHA1:	70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
SHA-256:	4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
SHA-512:	B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
Malicious:	false
Preview:	SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	16599
Entropy (8bit):	5.374166004666828
Encrypted:	false
SSDEEP:	384:hIkhMotjOPt15pHsjxi9P1ss/Q2LowfRid53vffHGeewLog+3uqWbWL+Y2809dVf:2L0
MD5:	C629163337BA4C0841B7BCC07CE846CF
SHA1:	1DBD602229D488B09139CB88DFBEE9B2BBFD1FB7
SHA-256:	06E9D29EEF884A6FCEF6B22F78E297B4AC2808BF538C7733ECCC25C5073B3EDD
SHA-512:	71946D0F2D43D4A7E4F215A3D185DE71790CE8E48A8A0B7DF4345EFF5BE54A2921FB6FEE940E2F9D634D9EF5B743BFB10C163262958F8B004AB8C5755D05E159
Malicious:	false
Preview:	SessionID=9c15a640-a581-4fc5-83f1-231364a58aed.1714095774670 Timestamp=2024-04-26T03:42:54:670+0200 ThreadID=7888 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=9c15a640-a581-4fc5-83f1-231364a58aed.1714095774670 Timestamp=2024-04-26T03:42:54:671+0200 ThreadID=7888 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=9c15a640-a581-4fc5-83f1-231364a58aed.1714095774670 Timestamp=2024-04-26T03:42:54:671+0200 ThreadID=7888 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=9c15a640-a581-4fc5-83f1-231364a58aed.1714095774670 Timestamp=2024-04-26T03:42:54:671+0200 ThreadID=7888 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=9c15a640-a581-4fc5-83f1-231364a58aed.1714095774670 Timestamp=2024-04-26T03:42:54:671+0200 ThreadID=7888 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29845
Entropy (8bit):	5.389584291746552
Encrypted:	false
SSDEEP:	768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rC:e
MD5:	718ADAB7C91EFE8D72E3BF844DF8F080
SHA1:	D1BDE288E600372CF166A6C74020E11382C13F36
SHA-256:	D8A8C1EFD724FBB006F40D9511A256C0C5106FFD136F005EEBF795557B35F7A9
SHA-512:	B778EE580EDE6DABA5B1D8A726A456EDAF5A731271791AFDCC453AF7C9F74BEA4DBAFB5E0E60F0FBD8EA4FB70374EE48D321947BBA2F15EA7503CC29DF59C597
Malicious:	false
Preview:	03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : *************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***********************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\13d768f2-3b8b-4be2-a514-09f1da7988b7.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\b173b3ab-983e-4950-a25f-d7dd36abe2be.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
MD5:	18E3D04537AF72FDBEB3760B2D10C80E
SHA1:	B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
SHA-256:	BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
SHA-512:	2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\c7367f34-44ff-4a04-81c9-2e4a81ad50a8.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\d2af6172-5558-4e27-a3cf-fec18fa5c97c.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
MD5:	A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:	54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:	74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

Chrome Cache Entry: 187

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Category:	downloaded
Size (bytes):	48236
Entropy (8bit):	7.994912604882335
Encrypted:	true
SSDEEP:	768:uj6JxavgLx5rjTH3CdZ3y11o4uMb2IVEhiB6z6GAAHJApICtBgso6HaOjTXHRWK:ujoa4LxZPCdm3B2IVEhiB62apApISxos
MD5:	015C126A3520C9A8F6A27979D0266E96
SHA1:	2ACF956561D44434A6D84204670CF849D3215D5F
SHA-256:	3C4D6A1421C7DDB7E404521FE8C4CD5BE5AF446D7689CD880BE26612EAAD3CFA
SHA-512:	02A20F2788BB1C3B2C7D3142C664CDEC306B6BA5366E57E33C008EDB3EB78638B98DC03CDF932A9DC440DED7827956F99117E7A3A4D55ACADD29B006032D9C5C
Malicious:	false
URL:	https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Preview:	wOF2.......l......D...............................O..B..h?HVAR.x.`?STAT.$'...0+...\|.../V........+..2.0..6.6.$..`. ..~......[B4q.....t..P.M_.z...1..R.S...u.#..R....fR.1.N.v.N.P...;.2........!Z......Qs...5f.G.K.an2&....2.........C.H.t..N!.....nh.<(.vN.....j.._.L.P.t..Ai.%.............._I.i,..o,C.].H.X9.....a.=N....k.....n.L..k.f.u..{...:.}^\[..~5...Z`...........`!...%4..,...K0..&.a/....P....S....m.Z......u...D.j.F...f.0`I.`.`.h#..)(FQ.F!o$........S.).MV8%Rh...r...x...T]$.=......Y...!.3.&U..."....Q....{.l/0..d..4iJ/..}...3....i[Z..NG.WD...>.[U..Q.h..@m.=..S...1C2...d...<..v.?.q.f..n...OUz.....&Z......Z."..N.....n...9.B..C..W....}...W..6Zs.i.+Z........jB.n..x.8M.....q..@I....-.%..,C,..K..#.2...4)/.v_..x.<....t.....%[.4?.=j.V..jj''..W.u..q....I.L.=......E...\.M.7{.>......W........C.`...,9$......\..o........y...4A..m.P.,X..=?.:................wF`..+.P..........M!.4.......l.>M..t.ff5r..^..Z.g...!fA,hIIQ...e.R>B.AH.VuX..>..\.=.ky...1>C....>C.c.;...6D.

Chrome Cache Entry: 188

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1572)
Category:	downloaded
Size (bytes):	11634
Entropy (8bit):	5.3590936999726
Encrypted:	false
SSDEEP:	192:a/KWbqXV6uyErbqGIwYjc1YT/7Hqqmg6uy5rbqGIwYyx1tf:kaHq9N3gq98
MD5:	C8F7F88BF690B7D8114390B573F5FC2D
SHA1:	D2B2803EA1877739C1519151590FFA3D5C5C4D1D
SHA-256:	F5285515BF363153D3AA9ED5F966D48EF395BB1F5C853AD2704B79B29D2BE692
SHA-512:	61883AC520A6D30ED4AE5CD5C8C6F14AD571D9A08FDC540E88002D0EE3BFCBEFDE913C931651C645D66F53A348781077045BF5C7C83F5280C4B2E72341A11EA7
Malicious:	false
URL:	https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;700&display=swap
Preview:	/* cyrillic-ext /.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. font-stretch: 100%;. font-display: swap;. src: url(https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSKmu1aB.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./ cyrillic /.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. font-stretch: 100%;. font-display: swap;. src: url(https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./ greek-ext /.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. font-stretch: 100%;. font-display: swap;. src: url(https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSOmu1aB.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./ greek

Chrome Cache Entry: 189

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	173
Entropy (8bit):	5.649805399408095
Encrypted:	false
SSDEEP:	3:YWR4bdUJxKvzgarO0r7r48e0B7qPoWXrHOhoWy8jdslqWte+agKWeHVH:YWybdQxKF7r48e0pqHHOtSlq1+PK9HVH
MD5:	5A58E7EF8367B06538630617C203EEB1
SHA1:	B4E0943F40A388C9624B157191062E95339BE431
SHA-256:	DDFD4544C8C7B3B07DBFB4574FB8477C4A196878061B536BA9EFEDFA7BCE7CAD
SHA-512:	C95D933180A8346B37AF40D4714DAAD3F5BFCBF720C52C6DD4A924F7A5AD0854E34A11A74D0CEBB50D08AAD5BE7DE3969C7457D208D38EBD07531526060E7D83
Malicious:	false
Preview:	{"status":201,"token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyYW5kX251bTEiOjMsInJhbmRfbnVtMiI6M30.FEqOZfmelr2sMe8F_YA7-PVQ8qC29vFuIqa7FgAdLmk","rand_num1":3,"rand_num2":3}

Chrome Cache Entry: 190

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:	3:HsqS1Y:Mp1Y
MD5:	5C5817DDFA72596CA976CA36E874EA95
SHA1:	4491479472A5B053DE8967911670F25206244D71
SHA-256:	2F317DE6216E423E81CC08AC342EA0ECD028D794E783D41CC46536ECCA8DC897
SHA-512:	23E7764083C72130E745DC2A490DEAC90E99A02B00D318FE1B325C6BC16798C7FF3823FCC23346C811A66DE62656774D49C2E39F6E084B828033EA2C05773E3A
Malicious:	false
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAlM5vjemMCVuBIFDdK5ntw=?alt=proto
Preview:	CgkKBw3SuZ7cGgA=

Chrome Cache Entry: 191

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (39159)
Category:	downloaded
Size (bytes):	61018
Entropy (8bit):	6.129620606388949
Encrypted:	false
SSDEEP:	1536:I4yLHoOmBp/tyoippWq25ve2d2/fqPHI3NJ32ET1yOltC1:I4yLHoO4/Op3OFW3j1yOlM
MD5:	6BAEA94020D865A4FC8C3F01D03EE5F2
SHA1:	FD276610C070F90AA68B081A0D5B3EB523784378
SHA-256:	96296D63308CF90F44477F24D92A5B34BC6953D4710C66679E1255F2A8B4FCFC
SHA-512:	1C6682ADC080A38483D91DCE98331CF0EAABED4D27761C5641D2E64C8AFE1F0D13A6191C17CCAC36D4B512B637E71899291809BE0D3040B5E9E7019D24BB97AB
Malicious:	false
URL:	https://stgmountainair.wpengine.com/wp-content/plugins/user-private-files/shared/
Preview:	.<html lang="en">. <head>. <meta charset="UTF-8" />. <meta name="viewport" content="width=device-width, initial-scale=1.0" />. <title>Cloudflare security check</title>. <link rel="preconnect" href="https://fonts.googleapis.com">. <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>. <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;700&display=swap" rel="stylesheet">. <style>. /************************\. Basic Modal Styles. \************************/. .modal {. font-family: -apple-system, BlinkMacSystemFont, avenir next, avenir,. helvetica neue, helvetica, ubuntu, roboto, noto, segoe ui, arial,. sans-serif;. }. .modal img {. max-width: 100%;. }. .modal h4 {. margin-bottom: 0;. }.. .modal__overlay {. position: fixed;. top: 0;. left: 0;. right: 0;. bottom: 0;. background: #ffffff;. displ

Chrome Cache Entry: 192

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	173
Entropy (8bit):	5.649805399408095
Encrypted:	false
SSDEEP:	3:YWR4bdUJxKvzgarO0r7r48e0B7qPoWXrHOhoWy8jdslqWte+agKWeHVH:YWybdQxKF7r48e0pqHHOtSlq1+PK9HVH
MD5:	5A58E7EF8367B06538630617C203EEB1
SHA1:	B4E0943F40A388C9624B157191062E95339BE431
SHA-256:	DDFD4544C8C7B3B07DBFB4574FB8477C4A196878061B536BA9EFEDFA7BCE7CAD
SHA-512:	C95D933180A8346B37AF40D4714DAAD3F5BFCBF720C52C6DD4A924F7A5AD0854E34A11A74D0CEBB50D08AAD5BE7DE3969C7457D208D38EBD07531526060E7D83
Malicious:	false
URL:	https://stgmountainair.wpengine.com/wp-content/plugins/user-private-files/shared/vl.php
Preview:	{"status":201,"token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyYW5kX251bTEiOjMsInJhbmRfbnVtMiI6M30.FEqOZfmelr2sMe8F_YA7-PVQ8qC29vFuIqa7FgAdLmk","rand_num1":3,"rand_num2":3}

Static File Info

General

File type:	PDF document, version 1.4, 2 pages
Entropy (8bit):	6.316538687888731
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	04-25-Inv-Doc-339.pdf
File size:	346'711 bytes
MD5:	ce4372ea002fca274c16b40792e074e3
SHA1:	ad0b901ddadfa334ca9a6260c574544f0d5311a8
SHA256:	deb2c73fc314f347e01b90650dd116b1fea372d0774ab19257be560aeef03e23
SHA512:	505c450ecaeb7fc0fbfb4803a43a593fcb44fc27727072fd0772ca335f001ca1917f3dac9ae44892819ae59cdfe264a036ebbedb615ee6e45d88b0f54eee9366
SSDEEP:	6144:YU0zngDfKcqq8HVQ+5UYmw9iXW7yJrgHu4Xbu9eIVIn7VmHEO/3xcCe:L6gDycqT9Zmw9iXW7ylmu8MhsNO/WCe
TLSH:	CA74AF6BEAF3F0DB914858351B01F17CA6D66A6F63A2989C1DC4E50034DBEC1237A3D9
File Content Preview:	%PDF-1.4.%.... ReportLab Generated PDF document http://www.reportlab.com.1 0 obj.<<./F1 2 0 R.>>.endobj.2 0 obj.<<./BaseFont /Helvetica /Encoding /WinAnsiEncoding /Name /F1 /Subtype /Type1 /Type /Font.>>.endobj.3 0 obj.<<./BitsPerComponent 8 /ColorSpace /

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.4
Total Entropy:	6.316539
Total Bytes:	346711
Stream Entropy:	6.307506
Stream Bytes:	344450
Entropy outside Streams:	5.242851
Bytes outside Streams:	2261
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	11
endobj	11
stream	3
endstream	3
xref	1
trailer	1
startxref	1
/Page	2
/Encrypt	0
/ObjStm	0
/URI	2
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 03:42:48.613373041 CEST	49678	443	192.168.2.4	104.46.162.224
Apr 26, 2024 03:42:49.425792933 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 26, 2024 03:42:59.031945944 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 26, 2024 03:42:59.788983107 CEST	49738	443	192.168.2.4	23.197.180.115
Apr 26, 2024 03:42:59.789002895 CEST	443	49738	23.197.180.115	192.168.2.4
Apr 26, 2024 03:42:59.789074898 CEST	49738	443	192.168.2.4	23.197.180.115
Apr 26, 2024 03:42:59.790740967 CEST	49738	443	192.168.2.4	23.197.180.115
Apr 26, 2024 03:42:59.790754080 CEST	443	49738	23.197.180.115	192.168.2.4
Apr 26, 2024 03:43:00.210144997 CEST	443	49738	23.197.180.115	192.168.2.4
Apr 26, 2024 03:43:00.210216045 CEST	49738	443	192.168.2.4	23.197.180.115
Apr 26, 2024 03:43:00.213970900 CEST	49738	443	192.168.2.4	23.197.180.115
Apr 26, 2024 03:43:00.213977098 CEST	443	49738	23.197.180.115	192.168.2.4
Apr 26, 2024 03:43:00.214200974 CEST	443	49738	23.197.180.115	192.168.2.4
Apr 26, 2024 03:43:00.258073092 CEST	49738	443	192.168.2.4	23.197.180.115
Apr 26, 2024 03:43:00.264837027 CEST	49738	443	192.168.2.4	23.197.180.115
Apr 26, 2024 03:43:00.308160067 CEST	443	49738	23.197.180.115	192.168.2.4
Apr 26, 2024 03:43:00.627002001 CEST	443	49738	23.197.180.115	192.168.2.4
Apr 26, 2024 03:43:00.627057076 CEST	443	49738	23.197.180.115	192.168.2.4
Apr 26, 2024 03:43:00.627103090 CEST	49738	443	192.168.2.4	23.197.180.115
Apr 26, 2024 03:43:00.641910076 CEST	49738	443	192.168.2.4	23.197.180.115
Apr 26, 2024 03:43:00.641921043 CEST	443	49738	23.197.180.115	192.168.2.4
Apr 26, 2024 03:43:00.641930103 CEST	49738	443	192.168.2.4	23.197.180.115
Apr 26, 2024 03:43:00.641935110 CEST	443	49738	23.197.180.115	192.168.2.4
Apr 26, 2024 03:43:00.689702988 CEST	49739	443	192.168.2.4	23.197.180.115
Apr 26, 2024 03:43:00.689785004 CEST	443	49739	23.197.180.115	192.168.2.4
Apr 26, 2024 03:43:00.689873934 CEST	49739	443	192.168.2.4	23.197.180.115
Apr 26, 2024 03:43:00.690109968 CEST	49739	443	192.168.2.4	23.197.180.115
Apr 26, 2024 03:43:00.690145016 CEST	443	49739	23.197.180.115	192.168.2.4
Apr 26, 2024 03:43:01.107677937 CEST	443	49739	23.197.180.115	192.168.2.4
Apr 26, 2024 03:43:01.107758999 CEST	49739	443	192.168.2.4	23.197.180.115
Apr 26, 2024 03:43:01.109302998 CEST	49739	443	192.168.2.4	23.197.180.115
Apr 26, 2024 03:43:01.109328032 CEST	443	49739	23.197.180.115	192.168.2.4
Apr 26, 2024 03:43:01.109563112 CEST	443	49739	23.197.180.115	192.168.2.4
Apr 26, 2024 03:43:01.110694885 CEST	49739	443	192.168.2.4	23.197.180.115
Apr 26, 2024 03:43:01.152117014 CEST	443	49739	23.197.180.115	192.168.2.4
Apr 26, 2024 03:43:01.546442032 CEST	443	49739	23.197.180.115	192.168.2.4
Apr 26, 2024 03:43:01.546557903 CEST	443	49739	23.197.180.115	192.168.2.4
Apr 26, 2024 03:43:01.546844006 CEST	49739	443	192.168.2.4	23.197.180.115
Apr 26, 2024 03:43:01.547281981 CEST	49739	443	192.168.2.4	23.197.180.115
Apr 26, 2024 03:43:01.547282934 CEST	49739	443	192.168.2.4	23.197.180.115
Apr 26, 2024 03:43:01.547314882 CEST	443	49739	23.197.180.115	192.168.2.4
Apr 26, 2024 03:43:01.547343969 CEST	443	49739	23.197.180.115	192.168.2.4
Apr 26, 2024 03:43:05.757777929 CEST	49740	443	192.168.2.4	23.63.158.36
Apr 26, 2024 03:43:05.757814884 CEST	443	49740	23.63.158.36	192.168.2.4
Apr 26, 2024 03:43:05.758816957 CEST	49740	443	192.168.2.4	23.63.158.36
Apr 26, 2024 03:43:05.759082079 CEST	49740	443	192.168.2.4	23.63.158.36
Apr 26, 2024 03:43:05.759093046 CEST	443	49740	23.63.158.36	192.168.2.4
Apr 26, 2024 03:43:06.176224947 CEST	443	49740	23.63.158.36	192.168.2.4
Apr 26, 2024 03:43:06.176808119 CEST	49740	443	192.168.2.4	23.63.158.36
Apr 26, 2024 03:43:06.176862955 CEST	443	49740	23.63.158.36	192.168.2.4
Apr 26, 2024 03:43:06.177824974 CEST	443	49740	23.63.158.36	192.168.2.4
Apr 26, 2024 03:43:06.177903891 CEST	49740	443	192.168.2.4	23.63.158.36
Apr 26, 2024 03:43:06.180892944 CEST	49740	443	192.168.2.4	23.63.158.36
Apr 26, 2024 03:43:06.181020021 CEST	443	49740	23.63.158.36	192.168.2.4
Apr 26, 2024 03:43:06.181185961 CEST	49740	443	192.168.2.4	23.63.158.36
Apr 26, 2024 03:43:06.181216955 CEST	443	49740	23.63.158.36	192.168.2.4
Apr 26, 2024 03:43:06.230143070 CEST	49740	443	192.168.2.4	23.63.158.36
Apr 26, 2024 03:43:06.331635952 CEST	443	49740	23.63.158.36	192.168.2.4
Apr 26, 2024 03:43:06.331927061 CEST	443	49740	23.63.158.36	192.168.2.4
Apr 26, 2024 03:43:06.332030058 CEST	49740	443	192.168.2.4	23.63.158.36
Apr 26, 2024 03:43:06.332535982 CEST	49740	443	192.168.2.4	23.63.158.36
Apr 26, 2024 03:43:06.332572937 CEST	443	49740	23.63.158.36	192.168.2.4
Apr 26, 2024 03:43:11.721945047 CEST	49741	443	192.168.2.4	13.85.23.86
Apr 26, 2024 03:43:11.722033024 CEST	443	49741	13.85.23.86	192.168.2.4
Apr 26, 2024 03:43:11.723246098 CEST	49741	443	192.168.2.4	13.85.23.86
Apr 26, 2024 03:43:11.723246098 CEST	49741	443	192.168.2.4	13.85.23.86
Apr 26, 2024 03:43:11.723330021 CEST	443	49741	13.85.23.86	192.168.2.4
Apr 26, 2024 03:43:12.214665890 CEST	443	49741	13.85.23.86	192.168.2.4
Apr 26, 2024 03:43:12.216818094 CEST	49741	443	192.168.2.4	13.85.23.86
Apr 26, 2024 03:43:12.218733072 CEST	49741	443	192.168.2.4	13.85.23.86
Apr 26, 2024 03:43:12.218744040 CEST	443	49741	13.85.23.86	192.168.2.4
Apr 26, 2024 03:43:12.219074965 CEST	443	49741	13.85.23.86	192.168.2.4
Apr 26, 2024 03:43:12.261531115 CEST	49741	443	192.168.2.4	13.85.23.86
Apr 26, 2024 03:43:12.678950071 CEST	49741	443	192.168.2.4	13.85.23.86
Apr 26, 2024 03:43:12.720141888 CEST	443	49741	13.85.23.86	192.168.2.4
Apr 26, 2024 03:43:12.996622086 CEST	443	49741	13.85.23.86	192.168.2.4
Apr 26, 2024 03:43:12.996649981 CEST	443	49741	13.85.23.86	192.168.2.4
Apr 26, 2024 03:43:12.996665955 CEST	443	49741	13.85.23.86	192.168.2.4
Apr 26, 2024 03:43:12.996675014 CEST	443	49741	13.85.23.86	192.168.2.4
Apr 26, 2024 03:43:12.996686935 CEST	443	49741	13.85.23.86	192.168.2.4
Apr 26, 2024 03:43:12.996710062 CEST	443	49741	13.85.23.86	192.168.2.4
Apr 26, 2024 03:43:12.996769905 CEST	49741	443	192.168.2.4	13.85.23.86
Apr 26, 2024 03:43:12.996845961 CEST	443	49741	13.85.23.86	192.168.2.4
Apr 26, 2024 03:43:12.996886969 CEST	49741	443	192.168.2.4	13.85.23.86
Apr 26, 2024 03:43:12.996910095 CEST	49741	443	192.168.2.4	13.85.23.86
Apr 26, 2024 03:43:12.997081041 CEST	443	49741	13.85.23.86	192.168.2.4
Apr 26, 2024 03:43:12.997160912 CEST	49741	443	192.168.2.4	13.85.23.86
Apr 26, 2024 03:43:12.997169018 CEST	443	49741	13.85.23.86	192.168.2.4
Apr 26, 2024 03:43:12.997231960 CEST	49741	443	192.168.2.4	13.85.23.86
Apr 26, 2024 03:43:13.313898087 CEST	49741	443	192.168.2.4	13.85.23.86
Apr 26, 2024 03:43:13.313971043 CEST	443	49741	13.85.23.86	192.168.2.4
Apr 26, 2024 03:43:13.314027071 CEST	49741	443	192.168.2.4	13.85.23.86
Apr 26, 2024 03:43:13.314044952 CEST	443	49741	13.85.23.86	192.168.2.4
Apr 26, 2024 03:43:19.419855118 CEST	49747	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:19.419928074 CEST	443	49747	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:19.420053959 CEST	49747	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:19.421042919 CEST	49747	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:19.421097040 CEST	443	49747	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:19.937046051 CEST	443	49747	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:19.937285900 CEST	49747	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:19.937313080 CEST	443	49747	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:19.938159943 CEST	443	49747	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:19.938215017 CEST	49747	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:19.939280033 CEST	49747	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:19.939335108 CEST	443	49747	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:19.939444065 CEST	49747	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:19.939451933 CEST	443	49747	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:19.986475945 CEST	49747	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:20.332300901 CEST	443	49747	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:20.332340956 CEST	443	49747	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:20.332348108 CEST	443	49747	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:20.332364082 CEST	443	49747	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:20.332396984 CEST	443	49747	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:20.332420111 CEST	49747	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:20.332434893 CEST	443	49747	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:20.332458973 CEST	49747	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:20.332484007 CEST	49747	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:20.482847929 CEST	443	49747	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:20.482866049 CEST	443	49747	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:20.482944012 CEST	49747	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:20.483009100 CEST	443	49747	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:20.483062983 CEST	49747	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:20.563373089 CEST	443	49747	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:20.563389063 CEST	443	49747	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:20.563451052 CEST	49747	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:20.563473940 CEST	443	49747	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:20.563522100 CEST	49747	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:20.620131016 CEST	443	49747	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:20.620192051 CEST	443	49747	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:20.620224953 CEST	443	49747	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:20.620228052 CEST	49747	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:20.620250940 CEST	49747	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:20.620291948 CEST	49747	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:20.620461941 CEST	49747	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:20.620492935 CEST	443	49747	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:21.341058016 CEST	49753	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:21.341085911 CEST	443	49753	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:21.341175079 CEST	49753	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:21.342283964 CEST	49753	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:21.342302084 CEST	443	49753	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:21.822967052 CEST	49755	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:21.823064089 CEST	443	49755	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:21.823157072 CEST	49755	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:21.823342085 CEST	49755	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:21.823379993 CEST	443	49755	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:21.886315107 CEST	443	49753	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:21.886569023 CEST	49753	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:21.886585951 CEST	443	49753	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:21.886930943 CEST	443	49753	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:21.887217045 CEST	49753	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:21.887279034 CEST	443	49753	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:21.887327909 CEST	49753	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:21.928153992 CEST	443	49753	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:22.248771906 CEST	443	49753	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:22.248825073 CEST	443	49753	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:22.248923063 CEST	49753	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:22.249725103 CEST	49753	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:22.249742985 CEST	443	49753	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:22.329051971 CEST	443	49755	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:22.329310894 CEST	49755	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:22.329351902 CEST	443	49755	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:22.329685926 CEST	443	49755	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:22.329958916 CEST	49755	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:22.330028057 CEST	443	49755	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:22.330097914 CEST	49755	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:22.376113892 CEST	443	49755	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:22.385404110 CEST	49757	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:22.385490894 CEST	443	49757	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:22.385576010 CEST	49757	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:22.385871887 CEST	49757	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:22.385915995 CEST	443	49757	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:22.665749073 CEST	443	49755	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:22.665800095 CEST	443	49755	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:22.665855885 CEST	49755	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:22.666331053 CEST	49755	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:22.666374922 CEST	443	49755	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:22.669724941 CEST	49758	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:22.669750929 CEST	443	49758	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:22.669816971 CEST	49758	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:22.670016050 CEST	49758	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:22.670028925 CEST	443	49758	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:22.892693043 CEST	443	49757	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:22.893290043 CEST	49757	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:22.893315077 CEST	443	49757	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:22.894177914 CEST	443	49757	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:22.894241095 CEST	49757	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:22.894992113 CEST	49757	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:22.895045042 CEST	443	49757	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:22.895131111 CEST	49757	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:22.895138979 CEST	443	49757	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:22.943223000 CEST	49757	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:23.181216002 CEST	443	49758	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:23.181813002 CEST	49758	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:23.181828976 CEST	443	49758	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:23.185357094 CEST	443	49758	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:23.185430050 CEST	49758	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:23.186067104 CEST	49758	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:23.186233044 CEST	443	49758	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:23.186245918 CEST	49758	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:23.228147030 CEST	443	49758	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:23.231291056 CEST	443	49757	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:23.231349945 CEST	443	49757	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:23.231542110 CEST	49757	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:23.232161045 CEST	49757	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:23.232206106 CEST	443	49757	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:23.236512899 CEST	49758	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:23.236521006 CEST	443	49758	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:23.283504963 CEST	49758	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:23.517043114 CEST	443	49758	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:23.517112970 CEST	443	49758	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:23.517205000 CEST	49758	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:23.517685890 CEST	49758	443	192.168.2.4	34.69.210.22
Apr 26, 2024 03:43:23.517698050 CEST	443	49758	34.69.210.22	192.168.2.4
Apr 26, 2024 03:43:23.849140882 CEST	49759	443	192.168.2.4	172.217.15.196
Apr 26, 2024 03:43:23.849203110 CEST	443	49759	172.217.15.196	192.168.2.4
Apr 26, 2024 03:43:23.849347115 CEST	49759	443	192.168.2.4	172.217.15.196
Apr 26, 2024 03:43:23.849683046 CEST	49759	443	192.168.2.4	172.217.15.196
Apr 26, 2024 03:43:23.849714041 CEST	443	49759	172.217.15.196	192.168.2.4
Apr 26, 2024 03:43:24.183619022 CEST	443	49759	172.217.15.196	192.168.2.4
Apr 26, 2024 03:43:24.183959961 CEST	49759	443	192.168.2.4	172.217.15.196
Apr 26, 2024 03:43:24.184017897 CEST	443	49759	172.217.15.196	192.168.2.4
Apr 26, 2024 03:43:24.185447931 CEST	443	49759	172.217.15.196	192.168.2.4
Apr 26, 2024 03:43:24.185534000 CEST	49759	443	192.168.2.4	172.217.15.196
Apr 26, 2024 03:43:24.186813116 CEST	49759	443	192.168.2.4	172.217.15.196
Apr 26, 2024 03:43:24.186898947 CEST	443	49759	172.217.15.196	192.168.2.4
Apr 26, 2024 03:43:24.237231970 CEST	49759	443	192.168.2.4	172.217.15.196
Apr 26, 2024 03:43:24.237251997 CEST	443	49759	172.217.15.196	192.168.2.4
Apr 26, 2024 03:43:24.284116983 CEST	49759	443	192.168.2.4	172.217.15.196
Apr 26, 2024 03:43:34.166115046 CEST	443	49759	172.217.15.196	192.168.2.4
Apr 26, 2024 03:43:34.166193008 CEST	443	49759	172.217.15.196	192.168.2.4
Apr 26, 2024 03:43:34.166254997 CEST	49759	443	192.168.2.4	172.217.15.196
Apr 26, 2024 03:43:34.606985092 CEST	49759	443	192.168.2.4	172.217.15.196
Apr 26, 2024 03:43:34.607033014 CEST	443	49759	172.217.15.196	192.168.2.4
Apr 26, 2024 03:43:49.642448902 CEST	49767	443	192.168.2.4	13.85.23.86
Apr 26, 2024 03:43:49.642478943 CEST	443	49767	13.85.23.86	192.168.2.4
Apr 26, 2024 03:43:49.642570972 CEST	49767	443	192.168.2.4	13.85.23.86
Apr 26, 2024 03:43:49.642976999 CEST	49767	443	192.168.2.4	13.85.23.86
Apr 26, 2024 03:43:49.642992020 CEST	443	49767	13.85.23.86	192.168.2.4
Apr 26, 2024 03:43:50.126636028 CEST	443	49767	13.85.23.86	192.168.2.4
Apr 26, 2024 03:43:50.126715899 CEST	49767	443	192.168.2.4	13.85.23.86
Apr 26, 2024 03:43:50.130672932 CEST	49767	443	192.168.2.4	13.85.23.86
Apr 26, 2024 03:43:50.130683899 CEST	443	49767	13.85.23.86	192.168.2.4
Apr 26, 2024 03:43:50.130944967 CEST	443	49767	13.85.23.86	192.168.2.4
Apr 26, 2024 03:43:50.138039112 CEST	49767	443	192.168.2.4	13.85.23.86
Apr 26, 2024 03:43:50.180154085 CEST	443	49767	13.85.23.86	192.168.2.4
Apr 26, 2024 03:43:50.602814913 CEST	443	49767	13.85.23.86	192.168.2.4
Apr 26, 2024 03:43:50.602834940 CEST	443	49767	13.85.23.86	192.168.2.4
Apr 26, 2024 03:43:50.602900982 CEST	443	49767	13.85.23.86	192.168.2.4
Apr 26, 2024 03:43:50.602907896 CEST	49767	443	192.168.2.4	13.85.23.86
Apr 26, 2024 03:43:50.602936983 CEST	443	49767	13.85.23.86	192.168.2.4
Apr 26, 2024 03:43:50.602971077 CEST	49767	443	192.168.2.4	13.85.23.86
Apr 26, 2024 03:43:50.602983952 CEST	49767	443	192.168.2.4	13.85.23.86
Apr 26, 2024 03:43:50.603059053 CEST	443	49767	13.85.23.86	192.168.2.4
Apr 26, 2024 03:43:50.603111982 CEST	443	49767	13.85.23.86	192.168.2.4
Apr 26, 2024 03:43:50.603118896 CEST	49767	443	192.168.2.4	13.85.23.86
Apr 26, 2024 03:43:50.603132963 CEST	443	49767	13.85.23.86	192.168.2.4
Apr 26, 2024 03:43:50.603142023 CEST	443	49767	13.85.23.86	192.168.2.4
Apr 26, 2024 03:43:50.603164911 CEST	49767	443	192.168.2.4	13.85.23.86
Apr 26, 2024 03:43:50.603193045 CEST	49767	443	192.168.2.4	13.85.23.86
Apr 26, 2024 03:43:50.607961893 CEST	49767	443	192.168.2.4	13.85.23.86
Apr 26, 2024 03:43:50.607975960 CEST	443	49767	13.85.23.86	192.168.2.4
Apr 26, 2024 03:43:50.607985973 CEST	49767	443	192.168.2.4	13.85.23.86
Apr 26, 2024 03:43:50.607990980 CEST	443	49767	13.85.23.86	192.168.2.4
Apr 26, 2024 03:44:23.785680056 CEST	49769	443	192.168.2.4	172.217.15.196
Apr 26, 2024 03:44:23.785722971 CEST	443	49769	172.217.15.196	192.168.2.4
Apr 26, 2024 03:44:23.785963058 CEST	49769	443	192.168.2.4	172.217.15.196
Apr 26, 2024 03:44:23.786113024 CEST	49769	443	192.168.2.4	172.217.15.196
Apr 26, 2024 03:44:23.786143064 CEST	443	49769	172.217.15.196	192.168.2.4
Apr 26, 2024 03:44:24.173192024 CEST	443	49769	172.217.15.196	192.168.2.4
Apr 26, 2024 03:44:24.173935890 CEST	49769	443	192.168.2.4	172.217.15.196
Apr 26, 2024 03:44:24.173966885 CEST	443	49769	172.217.15.196	192.168.2.4
Apr 26, 2024 03:44:24.174428940 CEST	443	49769	172.217.15.196	192.168.2.4
Apr 26, 2024 03:44:24.175349951 CEST	49769	443	192.168.2.4	172.217.15.196
Apr 26, 2024 03:44:24.175429106 CEST	443	49769	172.217.15.196	192.168.2.4
Apr 26, 2024 03:44:24.221992970 CEST	49769	443	192.168.2.4	172.217.15.196
Apr 26, 2024 03:44:34.164676905 CEST	443	49769	172.217.15.196	192.168.2.4
Apr 26, 2024 03:44:34.164758921 CEST	443	49769	172.217.15.196	192.168.2.4
Apr 26, 2024 03:44:34.164840937 CEST	49769	443	192.168.2.4	172.217.15.196
Apr 26, 2024 03:44:35.848746061 CEST	49769	443	192.168.2.4	172.217.15.196
Apr 26, 2024 03:44:35.848778963 CEST	443	49769	172.217.15.196	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 03:43:19.226881981 CEST	57759	53	192.168.2.4	1.1.1.1
Apr 26, 2024 03:43:19.227119923 CEST	58473	53	192.168.2.4	1.1.1.1
Apr 26, 2024 03:43:19.354269028 CEST	53	53101	1.1.1.1	192.168.2.4
Apr 26, 2024 03:43:19.355561972 CEST	53	57759	1.1.1.1	192.168.2.4
Apr 26, 2024 03:43:19.358169079 CEST	53	58473	1.1.1.1	192.168.2.4
Apr 26, 2024 03:43:19.463138103 CEST	53	65180	1.1.1.1	192.168.2.4
Apr 26, 2024 03:43:19.608992100 CEST	138	138	192.168.2.4	192.168.2.255
Apr 26, 2024 03:43:20.448447943 CEST	53	52992	1.1.1.1	192.168.2.4
Apr 26, 2024 03:43:20.476397991 CEST	53	49527	1.1.1.1	192.168.2.4
Apr 26, 2024 03:43:20.476484060 CEST	53	64349	1.1.1.1	192.168.2.4
Apr 26, 2024 03:43:21.467137098 CEST	53	59904	1.1.1.1	192.168.2.4
Apr 26, 2024 03:43:22.253320932 CEST	56800	53	192.168.2.4	1.1.1.1
Apr 26, 2024 03:43:22.253472090 CEST	57978	53	192.168.2.4	1.1.1.1
Apr 26, 2024 03:43:22.382457972 CEST	53	56800	1.1.1.1	192.168.2.4
Apr 26, 2024 03:43:22.384955883 CEST	53	57978	1.1.1.1	192.168.2.4
Apr 26, 2024 03:43:23.722587109 CEST	60314	53	192.168.2.4	1.1.1.1
Apr 26, 2024 03:43:23.722804070 CEST	56260	53	192.168.2.4	1.1.1.1
Apr 26, 2024 03:43:23.847884893 CEST	53	60314	1.1.1.1	192.168.2.4
Apr 26, 2024 03:43:23.847929955 CEST	53	56260	1.1.1.1	192.168.2.4
Apr 26, 2024 03:43:31.864626884 CEST	53	57299	1.1.1.1	192.168.2.4
Apr 26, 2024 03:43:37.411194086 CEST	53	56789	1.1.1.1	192.168.2.4
Apr 26, 2024 03:43:56.222816944 CEST	53	63372	1.1.1.1	192.168.2.4
Apr 26, 2024 03:44:18.819344997 CEST	53	55931	1.1.1.1	192.168.2.4
Apr 26, 2024 03:44:19.184544086 CEST	53	50923	1.1.1.1	192.168.2.4
Apr 26, 2024 03:44:46.724467993 CEST	53	57741	1.1.1.1	192.168.2.4
Apr 26, 2024 03:45:33.304378986 CEST	53	57040	1.1.1.1	192.168.2.4
Apr 26, 2024 03:45:54.402235031 CEST	64849	53	192.168.2.4	1.1.1.1
Apr 26, 2024 03:45:54.403017998 CEST	54148	53	192.168.2.4	1.1.1.1
Apr 26, 2024 03:45:54.530189037 CEST	53	64849	1.1.1.1	192.168.2.4
Apr 26, 2024 03:45:54.536125898 CEST	53	54148	1.1.1.1	192.168.2.4
Apr 26, 2024 03:45:54.566191912 CEST	53	59402	1.1.1.1	192.168.2.4
Apr 26, 2024 03:45:54.566246033 CEST	53	59422	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 26, 2024 03:43:19.226881981 CEST	192.168.2.4	1.1.1.1	0x64ca	Standard query (0)	stgmountainair.wpengine.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 03:43:19.227119923 CEST	192.168.2.4	1.1.1.1	0x7f42	Standard query (0)	stgmountainair.wpengine.com	65	IN (0x0001)	false
Apr 26, 2024 03:43:22.253320932 CEST	192.168.2.4	1.1.1.1	0x30ac	Standard query (0)	stgmountainair.wpengine.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 03:43:22.253472090 CEST	192.168.2.4	1.1.1.1	0x4e79	Standard query (0)	stgmountainair.wpengine.com	65	IN (0x0001)	false
Apr 26, 2024 03:43:23.722587109 CEST	192.168.2.4	1.1.1.1	0xa3b2	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 03:43:23.722804070 CEST	192.168.2.4	1.1.1.1	0x17ad	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 26, 2024 03:45:54.402235031 CEST	192.168.2.4	1.1.1.1	0xffc7	Standard query (0)	stgmountainair.wpengine.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 03:45:54.403017998 CEST	192.168.2.4	1.1.1.1	0x7684	Standard query (0)	stgmountainair.wpengine.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Apr 26, 2024 03:43:19.355561972 CEST	1.1.1.1	192.168.2.4	0x64ca	No error (0)	stgmountainair.wpengine.com	34.69.210.22	A (IP address)	IN (0x0001)	false
Apr 26, 2024 03:43:22.382457972 CEST	1.1.1.1	192.168.2.4	0x30ac	No error (0)	stgmountainair.wpengine.com	34.69.210.22	A (IP address)	IN (0x0001)	false
Apr 26, 2024 03:43:23.847884893 CEST	1.1.1.1	192.168.2.4	0xa3b2	No error (0)	www.google.com	172.217.15.196	A (IP address)	IN (0x0001)	false
Apr 26, 2024 03:43:23.847929955 CEST	1.1.1.1	192.168.2.4	0x17ad	No error (0)	www.google.com		65	IN (0x0001)	false
Apr 26, 2024 03:45:54.530189037 CEST	1.1.1.1	192.168.2.4	0xffc7	No error (0)	stgmountainair.wpengine.com	34.69.210.22	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

fs.microsoft.com

armmf.adobe.com

slscr.update.microsoft.com

stgmountainair.wpengine.com

https:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49738	23.197.180.115	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 01:43:00 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 01:43:00 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0758) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=105669 Date: Fri, 26 Apr 2024 01:43:00 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49739	23.197.180.115	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 01:43:01 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 01:43:01 UTC	531	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0rcGnYgAAAAANOnx9vccHTr21ROgX9ESTU0pDRURHRTAzMDkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=105700 Date: Fri, 26 Apr 2024 01:43:01 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-26 01:43:01 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49740	23.63.158.36	443	7332	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 01:43:06 UTC	475	OUT	GET /onboarding/smskillreader.txt HTTP/1.1 Host: armmf.adobe.com Connection: keep-alive Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br If-None-Match: "78-5faa31cce96da" If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
2024-04-26 01:43:06 UTC	198	IN	HTTP/1.1 304 Not Modified Content-Type: text/plain; charset=UTF-8 Last-Modified: Mon, 01 May 2023 15:02:33 GMT ETag: "78-5faa31cce96da" Date: Fri, 26 Apr 2024 01:43:06 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49741	13.85.23.86	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 01:43:12 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZKSTN7eXLXnbO4t&MD=gLTLf+Nz HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-26 01:43:12 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 2ed36373-1a0d-4f02-a75b-0b8d00e11839 MS-RequestId: 5ada45be-85a1-4af7-946e-4165704853f8 MS-CV: Ksr/N/mKYk24qrF2.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 26 Apr 2024 01:43:11 GMT Connection: close Content-Length: 24490
2024-04-26 01:43:12 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-04-26 01:43:12 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49747	34.69.210.22	443	3872	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 01:43:19 UTC	715	OUT	GET /wp-content/plugins/user-private-files/shared/ HTTP/1.1 Host: stgmountainair.wpengine.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 01:43:20 UTC	404	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Apr 2024 01:43:20 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 61018 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding X-Powered-By: WP Engine X-Cacheable: SHORT Vary: Accept-Encoding,Cookie Cache-Control: max-age=600, must-revalidate Accept-Ranges: bytes X-Cache: HIT: 3 X-Cache-Group: normal
2024-04-26 01:43:20 UTC	15980	IN	Data Raw: 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 43 6c 6f 75 64 66 6c 61 72 65 20 73 65 63 75 72 69 74 79 20 63 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c Data Ascii: <html lang="en"> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <title>Cloudflare security check</title> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel
2024-04-26 01:43:20 UTC	16384	IN	Data Raw: 79 6d 2b 74 74 46 58 6b 77 49 67 41 41 41 41 4d 4c 51 58 46 68 51 41 41 53 43 6a 72 48 6d 73 6d 6f 34 34 59 38 75 2f 71 4d 49 37 6e 2b 70 59 7a 6a 79 2b 70 50 2f 58 78 56 63 32 38 6b 70 53 41 41 51 41 41 41 43 47 38 75 4c 53 64 44 73 70 41 45 41 32 4e 63 30 2b 58 54 5a 32 2b 79 33 2f 49 67 71 41 39 57 36 55 57 33 78 35 7a 2b 38 4f 32 36 6c 52 56 35 41 43 49 41 41 41 41 44 43 55 58 48 38 6e 42 41 44 49 6e 74 79 75 42 79 6b 2f 2f 51 32 44 73 36 75 76 72 43 58 51 4f 6d 66 53 44 6f 56 71 37 68 49 76 68 2f 6c 47 58 44 38 4b 67 41 41 41 41 4d 42 51 6e 6e 43 37 55 51 41 45 67 4b 7a 4a 4e 61 6e 70 79 48 4f 30 52 53 2f 2b 65 4e 62 33 6f 52 46 59 53 32 57 56 4e 2b 53 62 67 53 6b 41 41 67 41 41 41 45 4e 6f 5a 4f 6e 75 2b 79 55 39 53 52 49 41 6b 42 31 4e 73 30 39 58 Data Ascii: ym+ttFXkwIgAAAAMLQXFhQAASCjrHmsmo44Y8u/qMI7n+pYzjy+pP/XxVc28kpSAAQAAACG8uLSdDspAEA2Nc0+XTZ2+y3/IgqA9W6UW3x5z+8O26lRV5ACIAAAADCUXH8nBADIntyuByk//Q2Ds6uvrCXQOmfSDoVq7hIvh/lGXD8KgAAAAMBQnnC7UQAEgKzJNanpyHO0RS/+eNb3oRFYS2WVN+SbgSkAAgAAAENoZOnu+yU9SRIAkB1Ns09X
2024-04-26 01:43:20 UTC	16384	IN	Data Raw: 54 4e 6e 7a 70 7a 41 55 4d 58 47 6d 44 39 2f 66 6b 36 79 4e 36 58 55 66 4e 56 4d 62 31 71 34 63 4f 47 61 72 4f 62 54 32 64 6c 78 68 5a 54 38 39 6d 79 6d 58 63 4d 77 50 49 77 52 43 6d 52 50 46 45 57 2f 63 72 64 33 70 62 77 59 73 38 49 77 6e 45 4a 76 41 4d 69 4b 31 74 62 57 51 78 4f 2b 6f 38 51 6c 72 55 79 77 76 52 46 53 38 45 35 36 65 6e 6a 6f 36 4f 6a 34 69 36 54 72 6b 32 7a 54 33 62 6d 47 52 2b 62 38 70 77 43 34 2f 71 32 68 61 64 36 6d 64 70 2f 6b 38 37 4a 55 2f 48 74 36 32 2b 33 73 62 48 6d 76 5a 4a 65 6e 31 48 34 2b 6c 38 75 64 77 46 44 46 78 6c 69 78 59 6b 56 52 4b 62 33 38 77 31 31 66 4c 70 66 4c 31 32 63 39 6f 30 71 6c 2f 32 50 75 75 6a 2b 46 70 6b 39 6b 68 41 4c 5a 31 4e 6e 5a 63 56 47 36 76 2b 79 54 6d 64 6b 62 36 51 6b 41 6d 62 6b 41 38 71 52 66 Data Ascii: TNnzpzAUMXGmD9/fk6yN6XUfNVMb1q4cOGarObT2dlxhZT89mymXcMwPIwRCmRPFEW/crd3pbwYs8IwnEJvAMiK1tbWQxO+o8QlrUywvRFS8E56enjo6Oj4i6Trk2zT3bmGR+b8pwC4/q2had6mdp/k87JU/Ht62+3sbHmvZJen1H4+l8udwFDFxlixYkVRKb38w11fLpfL12c9o0ql/2Puuj+Fpk9khALZ1NnZcVG6v+yTmdkb6QkAmbkA8qRf
2024-04-26 01:43:20 UTC	12270	IN	Data Raw: 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 6e 29 2c 74 68 69 73 2e 63 6f 6e 66 69 67 3d 7b 64 65 62 75 67 4d 6f 64 65 3a 43 2c 64 69 73 61 62 6c 65 53 63 72 6f 6c 6c 3a 62 2c 6f 70 65 6e 54 72 69 67 67 65 72 3a 75 2c 63 6c 6f 73 65 54 72 69 67 67 65 72 3a 68 2c 6f 70 65 6e 43 6c 61 73 73 3a 67 2c 6f 6e 53 68 6f 77 3a 73 2c 6f 6e 43 6c 6f 73 65 3a 63 2c 61 77 61 69 74 43 6c 6f 73 65 41 6e 69 6d 61 74 69 6f 6e 3a 45 2c 61 77 61 69 74 4f 70 65 6e 41 6e 69 6d 61 74 69 6f 6e 3a 4d 2c 64 69 73 61 62 6c 65 46 6f 63 75 73 3a 70 7d 2c 61 2e 6c 65 6e 67 74 68 3e 30 26 26 74 68 69 73 2e 72 65 67 69 73 74 65 72 54 72 69 67 67 65 72 73 2e 61 70 70 6c 79 28 74 68 69 73 2c 74 28 61 29 29 2c 74 68 69 73 2e 6f 6e 43 6c 69 63 6b 3d 74 68 69 73 2e 6f 6e 43 6c 69 63 6b 2e 62 69 Data Ascii: tElementById(n),this.config={debugMode:C,disableScroll:b,openTrigger:u,closeTrigger:h,openClass:g,onShow:s,onClose:c,awaitCloseAnimation:E,awaitOpenAnimation:M,disableFocus:p},a.length>0&&this.registerTriggers.apply(this,t(a)),this.onClick=this.onClick.bi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49753	34.69.210.22	443	3872	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 01:43:21 UTC	631	OUT	GET /wp-content/plugins/user-private-files/shared/vl.php HTTP/1.1 Host: stgmountainair.wpengine.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://stgmountainair.wpengine.com/wp-content/plugins/user-private-files/shared/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 01:43:22 UTC	356	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Apr 2024 01:43:22 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 173 Connection: close Vary: Accept-Encoding X-Powered-By: WP Engine X-Cacheable: SHORT Vary: Accept-Encoding,Cookie Cache-Control: max-age=600, must-revalidate Accept-Ranges: bytes X-Cache: HIT: 1 X-Cache-Group: normal
2024-04-26 01:43:22 UTC	173	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 32 30 31 2c 22 74 6f 6b 65 6e 22 3a 22 65 79 4a 30 65 58 41 69 4f 69 4a 4b 56 31 51 69 4c 43 4a 68 62 47 63 69 4f 69 4a 49 55 7a 49 31 4e 69 4a 39 2e 65 79 4a 79 59 57 35 6b 58 32 35 31 62 54 45 69 4f 6a 4d 73 49 6e 4a 68 62 6d 52 66 62 6e 56 74 4d 69 49 36 4d 33 30 2e 46 45 71 4f 5a 66 6d 65 6c 72 32 73 4d 65 38 46 5f 59 41 37 2d 50 56 51 38 71 43 32 39 76 46 75 49 71 61 37 46 67 41 64 4c 6d 6b 22 2c 22 72 61 6e 64 5f 6e 75 6d 31 22 3a 33 2c 22 72 61 6e 64 5f 6e 75 6d 32 22 3a 33 7d Data Ascii: {"status":201,"token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyYW5kX251bTEiOjMsInJhbmRfbnVtMiI6M30.FEqOZfmelr2sMe8F_YA7-PVQ8qC29vFuIqa7FgAdLmk","rand_num1":3,"rand_num2":3}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49755	34.69.210.22	443	3872	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 01:43:22 UTC	655	OUT	GET /favicon.ico HTTP/1.1 Host: stgmountainair.wpengine.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://stgmountainair.wpengine.com/wp-content/plugins/user-private-files/shared/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 01:43:22 UTC	321	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Apr 2024 01:43:22 GMT Content-Type: image/x-icon Content-Length: 0 Connection: close Last-Modified: Mon, 08 Apr 2024 19:41:17 GMT ETag: "6614485d-0" Cache-Control: public, max-age=31536000 Vary: Accept-Encoding Access-Control-Allow-Origin: * Accept-Ranges: bytes

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49757	34.69.210.22	443	3872	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 01:43:22 UTC	402	OUT	GET /wp-content/plugins/user-private-files/shared/vl.php HTTP/1.1 Host: stgmountainair.wpengine.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 01:43:23 UTC	356	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Apr 2024 01:43:23 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 173 Connection: close Vary: Accept-Encoding X-Powered-By: WP Engine X-Cacheable: SHORT Vary: Accept-Encoding,Cookie Cache-Control: max-age=600, must-revalidate Accept-Ranges: bytes X-Cache: HIT: 2 X-Cache-Group: normal
2024-04-26 01:43:23 UTC	173	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 32 30 31 2c 22 74 6f 6b 65 6e 22 3a 22 65 79 4a 30 65 58 41 69 4f 69 4a 4b 56 31 51 69 4c 43 4a 68 62 47 63 69 4f 69 4a 49 55 7a 49 31 4e 69 4a 39 2e 65 79 4a 79 59 57 35 6b 58 32 35 31 62 54 45 69 4f 6a 4d 73 49 6e 4a 68 62 6d 52 66 62 6e 56 74 4d 69 49 36 4d 33 30 2e 46 45 71 4f 5a 66 6d 65 6c 72 32 73 4d 65 38 46 5f 59 41 37 2d 50 56 51 38 71 43 32 39 76 46 75 49 71 61 37 46 67 41 64 4c 6d 6b 22 2c 22 72 61 6e 64 5f 6e 75 6d 31 22 3a 33 2c 22 72 61 6e 64 5f 6e 75 6d 32 22 3a 33 7d Data Ascii: {"status":201,"token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyYW5kX251bTEiOjMsInJhbmRfbnVtMiI6M30.FEqOZfmelr2sMe8F_YA7-PVQ8qC29vFuIqa7FgAdLmk","rand_num1":3,"rand_num2":3}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49758	34.69.210.22	443	3872	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 01:43:23 UTC	362	OUT	GET /favicon.ico HTTP/1.1 Host: stgmountainair.wpengine.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 01:43:23 UTC	321	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Apr 2024 01:43:23 GMT Content-Type: image/x-icon Content-Length: 0 Connection: close Last-Modified: Mon, 08 Apr 2024 19:41:17 GMT ETag: "6614485d-0" Cache-Control: public, max-age=31536000 Vary: Accept-Encoding Access-Control-Allow-Origin: * Accept-Ranges: bytes

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49767	13.85.23.86	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 01:43:50 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZKSTN7eXLXnbO4t&MD=gLTLf+Nz HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-26 01:43:50 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: 9d3e7884-cb0c-4e03-86a5-e270ee409f5c MS-RequestId: 79e0954c-73a7-4b44-970f-3eae757a3b38 MS-CV: axnkC+1k0E6SDmr8.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 26 Apr 2024 01:43:49 GMT Connection: close Content-Length: 25457
2024-04-26 01:43:50 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-04-26 01:43:50 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 6740, Parent PID: 2580

General

Target ID:	0
Start time:	03:42:51
Start date:	26/04/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\04-25-Inv-Doc-339.pdf"
Imagebase:	0x7ff6bc1b0000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 6912, Parent PID: 6740

General

Target ID:	1
Start time:	03:42:52
Start date:	26/04/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7332, Parent PID: 6912

General

Target ID:	3
Start time:	03:42:52
Start date:	26/04/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1724,i,962325086941576876,17187480229861009220,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7736, Parent PID: 1856

General

Target ID:	7
Start time:	03:43:16
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://stgmountainair.wpengine.com/wp-content/plugins/user-private-files/shared/"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3872, Parent PID: 7736

General

Target ID:	8
Start time:	03:43:17
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1996,i,17665591532222451069,15418270985203773523,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems. Spearphishing with a link is a specific variant of spearphishing. It is different from other forms of spearphishing in that it employs the use of links to download malware contained in email, instead of attaching malicious files to the email itself, to avoid defenses that may inspect email attachments. Spearphishing may also involve social engineering techniques, such as posing as a trusted source.
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Google Workspace, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 04-25-Inv-Doc-339.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\0d761e7e-d248-42d2-805c-d23ee07c7b70.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240426014256Z-160.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6476

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Windows Analysis Report
04-25-Inv-Doc-339.pdf