Edit tour

Windows Analysis Report
Purchase Order_PO-1075094.pdf

Overview

General Information

Sample name:	Purchase Order_PO-1075094.pdf
Analysis ID:	1432226
MD5:	88e1bfe4497640b4aead0b90247fbe4b
SHA1:	5c8b680d6ca138c44f62e7708b58b695bf3eeef3
SHA256:	e7cec96c94be3fc83e692b6265acb6563fc24ecb0add03780cb9ef2d54213d02
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 5348 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Purchase Order_PO-1075094.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 3304 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 6524 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1580,i,15323731237159000086,10191843191279349048,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

chrome.exe (PID: 6572 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:/// MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7060 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1200 --field-trial-handle=2092,i,17862452954393239142,16234041336410296844,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.5:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.5:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49732 version: TLS 1.2

Source: Joe Sandbox View	IP Address: 104.94.108.142 104.94.108.142
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 52.5.13.197 52.5.13.197

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103

Source: global traffic	HTTP traffic detected: GET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1Host: p13n.adobe.ioConnection: keep-alivesec-ch-ua: "Chromium";v="105"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01x-adobe-uuid: 89d789c4-e7e5-4f75-95a4-57139ab6811fx-adobe-uuid-type: visitorIdx-api-key: AdobeReader9sec-ch-ua-platform: "Windows"Origin: https://rna-resource.acrobat.comAccept-Language: en-US,en;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://rna-resource.acrobat.com/Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZoSorZyHsZfhacS&MD=ehKoYMDM HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGLOdr7EGIjDWW8B8LphlZmkxvApt-Z3ltbKD0-nZ8OpPWZFjlGIssID7BbJJDELbw2Dkechh6kQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=D1iCil_UU-ksPBJpNJUuncWUVpBZZKey3YqvX7u2O4RViIrNpemfhb7n8yJkxfPmMygVA0jHzWioNQUxRxdDtnwj0glQFkLbsYQ3pW5uEWplK1N-WBtwxA-SullpX-m4vGzr_PNXDpW-l7JLWFDIv5VY1cri1k-F4zacEWCEvDM
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGLOdr7EGIjC1h0q3DREyhmy_YAw0vygGIdysH54QUPssYDRJ6iQGtlYHiejdc8f2QxpTZzyH7CAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=ouALnGHnnfLDavtrb_cGNvCXYFHk69yc3pLtQG2BB_xweaxHTLWoOIUTNyElTD6UPAhAfsBsQfqfRc-suMqorqyAI0F_pxWWogcYn9VkWgoZH-SX_rufW74aFwmmhdsgJwDtv8XqSykY1z6n-lRihmb0Zsh6QgMH8yXrpqKcfFs
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZoSorZyHsZfhacS&MD=ehKoYMDM HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic

DNS traffic detected: DNS query: www.google.com

Source: Purchase Order_PO-1075094.pdf	String found in binary or memory: http://bfo.com/products/report?version=work-20200610T1518-r36819M)/CreationDate(D:20240426075710-07
Source: Purchase Order_PO-1075094.pdf	String found in binary or memory: https://app.mavenlink.com/redirect?url=mailto%3AVendorSupport%40VaultPC.com)

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724

Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.5:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.5:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49732 version: TLS 1.2

Source: classification engine

Classification label: clean1.winPDF@28/50@2/6

Source: Purchase Order_PO-1075094.pdf	Initial sample: https://app.mavenlink.com/redirect?url=mailto%3avendorsupport%40vaultpc.com
Source: Purchase Order_PO-1075094.pdf	Initial sample: mailto:Accountspayable@vaultpc.com
Source: Purchase Order_PO-1075094.pdf	Initial sample: mailto:Documentcontrol@vaultpc.com
Source: Purchase Order_PO-1075094.pdf	Initial sample: http://bfo.com/products/report?version=work-20200610t1518-r36819m
Source: Purchase Order_PO-1075094.pdf	Initial sample: https://app.mavenlink.com/redirect?url=mailto%3AVendorSupport%40VaultPC.com

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-26 17-56-04-062.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Purchase Order_PO-1075094.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1580,i,15323731237159000086,10191843191279349048,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1200 --field-trial-handle=2092,i,17862452954393239142,16234041336410296844,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1580,i,15323731237159000086,10191843191279349048,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1200 --field-trial-handle=2092,i,17862452954393239142,16234041336410296844,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.8.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.8.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.8.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.8.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.8.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.8.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Purchase Order_PO-1075094.pdf	Initial sample: PDF keyword /JS count = 0
Source: Purchase Order_PO-1075094.pdf	Initial sample: PDF keyword /JavaScript count = 0
Source: A9fcpt98_1uuof1y_1wc.tmp.0.dr	Initial sample: PDF keyword /JS count = 0
Source: A9fcpt98_1uuof1y_1wc.tmp.0.dr	Initial sample: PDF keyword /JavaScript count = 0

Source: Purchase Order_PO-1075094.pdf

Initial sample: PDF keyword stream count = 29

Source: Purchase Order_PO-1075094.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: Purchase Order_PO-1075094.pdf

Initial sample: PDF keyword obj count = 113

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Spearphishing Link	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Purchase Order_PO-1075094.pdf	0%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://bfo.com/products/report?version=work-20200610T1518-r36819M)/CreationDate(D:20240426075710-07	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	142.250.217.196	true	false		high

Contacted URLs

Name	Malicious	Reputation
https://www.google.com/async/ddljson?async=ntp:2	false	high
https://www.google.com/async/newtab_promos	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	false	high
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGLOdr7EGIjDWW8B8LphlZmkxvApt-Z3ltbKD0-nZ8OpPWZFjlGIssID7BbJJDELbw2Dkechh6kQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://app.mavenlink.com/redirect?url=mailto%3AVendorSupport%40VaultPC.com)	Purchase Order_PO-1075094.pdf	false		high
http://bfo.com/products/report?version=work-20200610T1518-r36819M)/CreationDate(D:20240426075710-07	Purchase Order_PO-1075094.pdf	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.94.108.142	unknown	United States	16625	AKAMAI-ASUS	false
142.250.217.196	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
52.5.13.197	unknown	United States	14618	AMAZON-AESUS	false

Private

IP
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1432226
Start date and time:	2024-04-26 17:55:13 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 21s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Purchase Order_PO-1075094.pdf
Detection:	CLEAN
Classification:	clean1.winPDF@28/50@2/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.204.76.141, 172.64.41.3, 162.159.61.3, 34.193.227.236, 54.144.73.197, 18.207.85.246, 107.22.247.231, 23.221.212.219, 23.221.212.204, 199.232.210.172, 192.229.211.108, 142.250.64.195, 142.250.217.238, 172.253.123.84, 34.104.35.123, 142.250.217.195, 192.178.50.46
Excluded domains from analysis (whitelisted): clients1.google.com, e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, clientservices.googleapis.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, clients.l.google.com, geo2.adobe.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MTAxOTIyLCJtZXNzYWdlX2lkIjoiMGd4d3poYXc3czloeGZoZWNuNjNuYnFwIzg0YjRlN2VjLTdhZjUtNDU5Yi1hNTYxLWE1ZmVlMTE3NTllNiIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1NjM3OTIyLCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtbWVzc2FuZ2VyLnJkb2NtZ2xvYmFsLmNvbS9kb2NzL2luZGV4LnBocD9tYWlsPSUyMGphbWVzLmZheUBjb3VudHluYXRpb25hbGJhbmsuY29tJnBhdGhzPWFib3ZlJmxpbms9RmF4X091dGxvb2siLCJpbmRpdmlkdWFsX2lkIjoiNDA4YWI4OGRlY2JmNDFjMjRhYTZhMDRlOWU1OWMzZDAifQ.i-tkK1Lnys-MM487ot1MrSYQb6ExLgZNRQbgsH8B2K0	Get hash	malicious	Captcha Phish	Browse
	http://relevanteduofficelogin.relevantedu.xyz	Get hash	malicious	HTMLPhisher	Browse
	Settlement DOL 08262024 - Victoria Brignon - Reference #27224675-2722934.html	Get hash	malicious	HTMLPhisher	Browse
	file.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, SectopRAT, Stealc, Vidar, zgRAT	Browse
	https://downloads.locklizard.com/SafeguardPDFViewer_v3.exe	Get hash	malicious	Unknown	Browse
	https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MTM3MzAwLCJtZXNzYWdlX2lkIjoiMGd5MGJnNjBqOTJwcmNuZjhhNHNxYWpwIzZjY2RmYjMyLWJiNzgtNGQwNC1hYWYwLTg3MjdkMTg4MjZlMyIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1NjczMzAwLCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtbWVzc2FuZ2VyLnJkb2NtZ2xvYmFsLmNvbS9kb2NzL2luZGV4LnBocD9tYWlsPSUyMGhiYXJ0aGxvd0BzZWN1cnVzdGVjaG5vbG9naWVzLmNvbSZwYXRocz1hYm92ZSZsaW5rPUZheF9PdXRsb29rIiwiaW5kaXZpZHVhbF9pZCI6IjQ0NDY4NzI5YzA1N2Q5ZDJjYzNiYjZlOTc3NDg3MzUyIn0.AryFGbNWOut6hGg1x_WBQ4QL5QU_wggDk6q2PUj7rNI	Get hash	malicious	Captcha Phish	Browse
	https://srmcorp.tecuidoc.com/?PSZlk=ViP	Get hash	malicious	HTMLPhisher	Browse
	gq83mrprwy.exe	Get hash	malicious	Xmrig	Browse
	http://url9212.charteredarena.org/ls/click?upn=u001.kjyKVeM-2Fb1rGOGHOnr1jOBOY3L3JqbNTsl6-2FG2Q28FBbMvScULOdn5hj4fYmOT1gSvNV_eFFQU5nW4TX33oYM-2FvMZ4H4nrQnEbWOt7nYb46lhhradIe8kQ30nH41Yux5-2ByqjXVzNOeRGeH70TSwGBG-2FsCyfS-2BqFuy7r7yA-2BMVhshonhVyPepAGojJAWOStPfHQEXVhS9QapMz6-2FLiLkIDitr77rwl6cV3-2BOVbi0qMHcpubANPDna-2BAJRWKHhsn2J-2BHsm2h-2B1n0PvhIvECyeSGKW-2FdmoYnwMnfXv-2F0VHDQdAF4JyTklFAWOdWvqmq9QaL29M0Lqvm9PdkAaDucmiv1yWhzGJ-2FSlIlic4yMaUzKSM2tXbVKRT-2BcTJHrLGjV82z-2BxMi-2FPWDvS9vQSeDz0xjN0gvzYnMQqfZiJ7fdvgXYvIvcGvziknMmHkQ7sUHmtLIGr6gsv-2FI2qInnZxnaJ1Ow7w3sMmgc-2FLcAEaJe5QnWJ5qez1H3mc7J1f4VLI4PyjCxv7syUPC13rDkwMklRiABfKztYQ3n9LW3FeH4hgMGYJgJovBs-2FKlVUipIzO24iLrfZpg-2FS6-2Fvp-2BRnBXh4Gim5LY7NxdelnIZomgKJ8r1gxfM163jd5ekCcUFZcZJn8BUr-2FrBOq6vvyf5Ut44ln9oAHSsmy2ecvwUHxQ-2Bo0mJA2r9a8FeSV3APNVBZowUa1ZGpOSvbZRLc6uZxrFl3fSWY774fhm-2Fl3qG7s-2BRWj2lGIHB3NEqH1X520Diu5Le7soeKgWoeaLCSrT5v7lt-2B7XayjukGYP4Yz5jSqZD2gXDxl443sgS6brqBQ3LKHfRN7s2NZ-2F6nWblHw6-2BLG-2FTduGCq0lMfhnVz7mFWLyKhJHvoE3C2dN6qv1-2FpHnRcIGopoYVEdZ-2F182c7Ll7OsxlzgTKemGKriHFjxwOhwkIoHVdgcJWnLS8-3D	Get hash	malicious	Unknown	Browse
	https://runrun.it/share/form/0GZMCgHSxRh4PBOM	Get hash	malicious	HTMLPhisher	Browse
52.5.13.197	PO_983888123.xls	Get hash	malicious	Unknown	Browse
	https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6InJlc3VsdDMxNzdAZ21haWwuY29tIiwicmVxdWVzdElkIjoiZmE2MjkzNzktOGVlOS00ZDkxLTU2NGYtODZlN2Q1MjBhMTgxIiwibGluayI6Imh0dHBzOi8vYWNyb2JhdC5hZG9iZS5jb20vaWQvdXJuOmFhaWQ6c2M6VkE2QzI6NTIyMzBiMDgtOTVhMi00YWM0LWE1NzUtODJlOGU4OGQ0ZDQxIiwibGFiZWwiOiIxMSIsImxvY2FsZSI6ImVuX1VTIn0.6QK9gd12KmAWhogZmxgLuCkLGY2E_zrbMQmdhhDyRIOYPSXcqy0OWeli3WNWeGYHCbKTmQtprFT1CJf99ywr0g	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse
	https://hon6yh6idrd.jp.larksuite.com/file/HRUubUMKZoc3TLxj8cbjnZPfpbh	Get hash	malicious	Unknown	Browse
	https://acrobat.adobe.com/id/urn:aaid:sc:US:9e302e2f-d0ed-45a9-8388-cab11cb350ef	Get hash	malicious	HTMLPhisher	Browse
	https://acrobat.adobe.com/id/urn:aaid:sc:US:b1c915de-7158-4dd9-aa63-db461c226178	Get hash	malicious	HTMLPhisher	Browse
	BL.xls	Get hash	malicious	Unknown	Browse
	NorthStar Memorial Funding -Portfolio and Statement`.msg	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse
	ENQUIRY_No_67543.xla.xlsx	Get hash	malicious	Unknown	Browse
	https://indd.adobe.com/view/51d58930-d96e-48dc-a566-f8851e59953f	Get hash	malicious	HTMLPhisher	Browse
	https://kc9x74kj8sh.larksuite.com/file/RrqJb5F1ooBLNoxX9qyuac4Nsjh	Get hash	malicious	Unknown	Browse
104.94.108.142	RFd2zutX8H.exe	Get hash	malicious	Unknown	Browse
	Benefits Open Enrollment 2024 #U007e Closes on Friday For Carboline	Get hash	malicious	HTMLPhisher	Browse
	Invoices.xls	Get hash	malicious	Unknown	Browse
	Orden_T7405.xla.xlsx	Get hash	malicious	Unknown	Browse
	IF-07b_SIGS-EN-ICS-IC-002_SMC-SCU ICD_v31_19-03-2014.pdf.exe	Get hash	malicious	Unknown	Browse
	btui2YGkc5.exe	Get hash	malicious	NetSupport RAT	Browse
	btui2YGkc5.exe	Get hash	malicious	NetSupport RAT	Browse
	swift_copy.xls	Get hash	malicious	Unknown	Browse
	kSWf9QrxMR.exe	Get hash	malicious	ScreenConnect Tool	Browse
	Iu4a4i5N15.exe	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASUS	file.exe	Get hash	malicious	Unknown	Browse	23.50.112.29
	file.exe	Get hash	malicious	Unknown	Browse	23.50.112.28
	factura - ztcpyqiqtfiewxjhesna.msi	Get hash	malicious	Unknown	Browse	23.44.94.139
	file.exe	Get hash	malicious	Vidar	Browse	23.194.234.100
	RemotePCHost.exe	Get hash	malicious	Unknown	Browse	184.31.62.93
	https://autode.sk/4bb5BeV	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	23.214.187.157
	aios3.exe	Get hash	malicious	Unknown	Browse	184.31.60.185
	http://email.wantyourfeedback.com/ls/click?upn=u001.PD4nPnyJUo8oiEzSkSGLgaBNAMtLp9U5nstWElDmnpXtySPOXSs4GxXhEZNYegDWlOpy_1gt1aDjd5mPVItYgazWgABkVm-2FZUH6kt1lIvkdtkRWsfoyQV18ixDvOX-2B0tU4ZH6SMN7PC0YJjM3gcvFPvh6CbZuFXlOBXf3FWLiJkpKJ7Hjba3S4-2FzhpmkR8VdprfK8GO3qSu-2BzqpIaLLC-2Bva9kOn7HY5B7OIgz5EOl88o1lnRSRpayTzqRzTSFhtg2Bi-2BI4dAZ7qHRbJ3vb9lcrxBKqAk13I-2BCAvndhSK1Vi4ubCjlp2xQlrXIHfzqmLiSPjl7tEmTsLYr99h3esBOPv8ASLIpf873P512I7xYEOjogT1gQCerfZNqh6K2IdWU6lDJ2r3wpU6ug02vU9Zslw4DYpuNNZQNVtap5mqv9Xf8D1PYQxYI5BK4owXOV2wEXeRIjST24XAw6EO9D1tdiGoHDRaxW2QofayefCuiW9Z191aML90svJWojHiQp1Fq-2BXFLiyEx8V1eLa7dixfJ23RRWtHvg1jOrHp7lqvXRA7dobs-3D	Get hash	malicious	HTMLPhisher	Browse	23.59.235.214
	dwn1cGHIbV.elf	Get hash	malicious	Mirai	Browse	104.73.199.214
	https://bushelman-my.sharepoint.com/:b:/p/lance/ESXtc6Laa05KpaC4W3rpMEMBfLSUU1GZhgfhBL8opRqFHg?e=Wrw3le	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	23.223.31.42
AMAZON-AESUS	https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MTAxOTIyLCJtZXNzYWdlX2lkIjoiMGd4d3poYXc3czloeGZoZWNuNjNuYnFwIzg0YjRlN2VjLTdhZjUtNDU5Yi1hNTYxLWE1ZmVlMTE3NTllNiIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1NjM3OTIyLCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtbWVzc2FuZ2VyLnJkb2NtZ2xvYmFsLmNvbS9kb2NzL2luZGV4LnBocD9tYWlsPSUyMGphbWVzLmZheUBjb3VudHluYXRpb25hbGJhbmsuY29tJnBhdGhzPWFib3ZlJmxpbms9RmF4X091dGxvb2siLCJpbmRpdmlkdWFsX2lkIjoiNDA4YWI4OGRlY2JmNDFjMjRhYTZhMDRlOWU1OWMzZDAifQ.i-tkK1Lnys-MM487ot1MrSYQb6ExLgZNRQbgsH8B2K0	Get hash	malicious	Captcha Phish	Browse	52.205.88.207
	https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MTM3MzAwLCJtZXNzYWdlX2lkIjoiMGd5MGJnNjBqOTJwcmNuZjhhNHNxYWpwIzZjY2RmYjMyLWJiNzgtNGQwNC1hYWYwLTg3MjdkMTg4MjZlMyIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1NjczMzAwLCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtbWVzc2FuZ2VyLnJkb2NtZ2xvYmFsLmNvbS9kb2NzL2luZGV4LnBocD9tYWlsPSUyMGhiYXJ0aGxvd0BzZWN1cnVzdGVjaG5vbG9naWVzLmNvbSZwYXRocz1hYm92ZSZsaW5rPUZheF9PdXRsb29rIiwiaW5kaXZpZHVhbF9pZCI6IjQ0NDY4NzI5YzA1N2Q5ZDJjYzNiYjZlOTc3NDg3MzUyIn0.AryFGbNWOut6hGg1x_WBQ4QL5QU_wggDk6q2PUj7rNI	Get hash	malicious	Captcha Phish	Browse	3.94.175.225
	https://runrun.it/share/form/0GZMCgHSxRh4PBOM	Get hash	malicious	HTMLPhisher	Browse	44.217.183.210
	http://ww1.lourdoueisienne.website/	Get hash	malicious	Unknown	Browse	3.93.251.206
	https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:d35aec95-f365-414c-8371-68e6d7d2ec41	Get hash	malicious	Unknown	Browse	3.215.128.155
	http://cleverchoice.com.au	Get hash	malicious	Unknown	Browse	52.55.103.136
	http://cleverchoice.com.au	Get hash	malicious	Unknown	Browse	54.204.238.15
	http://cleverchoice.com.au	Get hash	malicious	Unknown	Browse	44.214.72.116
	https://shorturl.at/lMOT7	Get hash	malicious	Unknown	Browse	52.204.88.175
	https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MDg4MzE4LCJtZXNzYWdlX2lkIjoiMGd4dnAwdGZzeWpiNm4yamRiMDRuYWd5IzcyNWE1YTc5LTgxYzQtNGM0Yy1iNmI1LTdmMTY0MTM2ZTE2NCIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1NjI0MzE4LCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtLmJyYWRlbnRvbmNjLmluZm8vP2VvdmlldWJyJnFyYz1yZW5lZS5zY2h3YXJ0ekBxci5jb20uYXUiLCJpbmRpdmlkdWFsX2lkIjoiODdiZTY3MTdlZjJmMThjYzI3YmMyMWQ4OTJhY2Q2NzAifQ.iusDS7mld4iiq9DDY82R1MJ9ToHxmMDW3SMbDENZOZQ	Get hash	malicious	HTMLPhisher	Browse	3.94.175.225

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MTAxOTIyLCJtZXNzYWdlX2lkIjoiMGd4d3poYXc3czloeGZoZWNuNjNuYnFwIzg0YjRlN2VjLTdhZjUtNDU5Yi1hNTYxLWE1ZmVlMTE3NTllNiIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1NjM3OTIyLCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtbWVzc2FuZ2VyLnJkb2NtZ2xvYmFsLmNvbS9kb2NzL2luZGV4LnBocD9tYWlsPSUyMGphbWVzLmZheUBjb3VudHluYXRpb25hbGJhbmsuY29tJnBhdGhzPWFib3ZlJmxpbms9RmF4X091dGxvb2siLCJpbmRpdmlkdWFsX2lkIjoiNDA4YWI4OGRlY2JmNDFjMjRhYTZhMDRlOWU1OWMzZDAifQ.i-tkK1Lnys-MM487ot1MrSYQb6ExLgZNRQbgsH8B2K0	Get hash	malicious	Captcha Phish	Browse	23.204.76.112 40.127.169.103
	http://relevanteduofficelogin.relevantedu.xyz	Get hash	malicious	HTMLPhisher	Browse	23.204.76.112 40.127.169.103
	Settlement DOL 08262024 - Victoria Brignon - Reference #27224675-2722934.html	Get hash	malicious	HTMLPhisher	Browse	23.204.76.112 40.127.169.103
	file.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, SectopRAT, Stealc, Vidar, zgRAT	Browse	23.204.76.112 40.127.169.103
	https://downloads.locklizard.com/SafeguardPDFViewer_v3.exe	Get hash	malicious	Unknown	Browse	23.204.76.112 40.127.169.103
	https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MTM3MzAwLCJtZXNzYWdlX2lkIjoiMGd5MGJnNjBqOTJwcmNuZjhhNHNxYWpwIzZjY2RmYjMyLWJiNzgtNGQwNC1hYWYwLTg3MjdkMTg4MjZlMyIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1NjczMzAwLCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtbWVzc2FuZ2VyLnJkb2NtZ2xvYmFsLmNvbS9kb2NzL2luZGV4LnBocD9tYWlsPSUyMGhiYXJ0aGxvd0BzZWN1cnVzdGVjaG5vbG9naWVzLmNvbSZwYXRocz1hYm92ZSZsaW5rPUZheF9PdXRsb29rIiwiaW5kaXZpZHVhbF9pZCI6IjQ0NDY4NzI5YzA1N2Q5ZDJjYzNiYjZlOTc3NDg3MzUyIn0.AryFGbNWOut6hGg1x_WBQ4QL5QU_wggDk6q2PUj7rNI	Get hash	malicious	Captcha Phish	Browse	23.204.76.112 40.127.169.103
	https://srmcorp.tecuidoc.com/?PSZlk=ViP	Get hash	malicious	HTMLPhisher	Browse	23.204.76.112 40.127.169.103
	gq83mrprwy.exe	Get hash	malicious	Xmrig	Browse	23.204.76.112 40.127.169.103
	https://runrun.it/share/form/0GZMCgHSxRh4PBOM	Get hash	malicious	HTMLPhisher	Browse	23.204.76.112 40.127.169.103
	Dragons Dogma 2 v1.0 Plus 36 Trainer.exe	Get hash	malicious	Unknown	Browse	23.204.76.112 40.127.169.103

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.203654917240285
Encrypted:	false
SSDEEP:	6:ETN4q2P92nKuAl9OmbnIFUt8lCJZmw+lCDkwO92nKuAl9OmbjLJ:ETOv4HAahFUt8lc/+lc5LHAaSJ
MD5:	2B0688ABA69D2BD01F7A79596BD5E738
SHA1:	4E8DEA8EA068A1BEC34CEB0ADE52D791AC4A3E43
SHA-256:	B6DE6BE345F7B375754FBF7BBF93AAF68BDE2A99AF37242831B89B152C097505
SHA-512:	EA7D3CB4831D997F553FB0BF84CD4BAFEAA7C434429FEBE6C33213D10083F76697848D06063C065CEFD597C093540B4F614F26E3F074CD7F0FA60B7858A02628
Malicious:	false
Reputation:	low
Preview:	2024/04/26-17:56:01.196 1700 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/26-17:56:01.197 1700 Recovering log #3.2024/04/26-17:56:01.197 1700 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.203654917240285
Encrypted:	false
SSDEEP:	6:ETN4q2P92nKuAl9OmbnIFUt8lCJZmw+lCDkwO92nKuAl9OmbjLJ:ETOv4HAahFUt8lc/+lc5LHAaSJ
MD5:	2B0688ABA69D2BD01F7A79596BD5E738
SHA1:	4E8DEA8EA068A1BEC34CEB0ADE52D791AC4A3E43
SHA-256:	B6DE6BE345F7B375754FBF7BBF93AAF68BDE2A99AF37242831B89B152C097505
SHA-512:	EA7D3CB4831D997F553FB0BF84CD4BAFEAA7C434429FEBE6C33213D10083F76697848D06063C065CEFD597C093540B4F614F26E3F074CD7F0FA60B7858A02628
Malicious:	false
Reputation:	low
Preview:	2024/04/26-17:56:01.196 1700 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/26-17:56:01.197 1700 Recovering log #3.2024/04/26-17:56:01.197 1700 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.19346700045622
Encrypted:	false
SSDEEP:	6:EhlzFlyq2P92nKuAl9Ombzo2jMGIFUt8lhZz1Zmw+lh6RkwO92nKuAl9Ombzo2jz:ED6v4HAa8uFUt8lX1/+l45LHAa8RJ
MD5:	CAAAFA9C6434E9377A91D63A5C9566DA
SHA1:	E6956F1F1F54F1833CE87E27EA02F0AD789F185F
SHA-256:	16A4629384F34A2A5260F3B39A43979CB94098A9695737F31F49610DE7011599
SHA-512:	0A4469D3792752F39DDA60EAD61C21C217DE9A7F2D51187144E45F78A970B6ACB52DA49BDF1097ED49A0AD8A03C4F94390D85A0DBF6E800E7C6C7FC375B06BC7
Malicious:	false
Reputation:	low
Preview:	2024/04/26-17:56:01.281 15a0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/26-17:56:01.283 15a0 Recovering log #3.2024/04/26-17:56:01.284 15a0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.19346700045622
Encrypted:	false
SSDEEP:	6:EhlzFlyq2P92nKuAl9Ombzo2jMGIFUt8lhZz1Zmw+lh6RkwO92nKuAl9Ombzo2jz:ED6v4HAa8uFUt8lX1/+l45LHAa8RJ
MD5:	CAAAFA9C6434E9377A91D63A5C9566DA
SHA1:	E6956F1F1F54F1833CE87E27EA02F0AD789F185F
SHA-256:	16A4629384F34A2A5260F3B39A43979CB94098A9695737F31F49610DE7011599
SHA-512:	0A4469D3792752F39DDA60EAD61C21C217DE9A7F2D51187144E45F78A970B6ACB52DA49BDF1097ED49A0AD8A03C4F94390D85A0DBF6E800E7C6C7FC375B06BC7
Malicious:	false
Reputation:	low
Preview:	2024/04/26-17:56:01.281 15a0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/26-17:56:01.283 15a0 Recovering log #3.2024/04/26-17:56:01.284 15a0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\0a043f48-eb71-4873-873d-df40170e5673.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	508
Entropy (8bit):	5.066587247063736
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqZQCesBdOg2HtkAcaq3QYiubxnP7E4T3OF+:Y2sRdsrgdMHyr3QYhbxP7nbI+
MD5:	8F44B66CDBDB8B76F77306DF50972643
SHA1:	61EF612C5D66C854E5C44FBA7E1CB0FCB5283C9F
SHA-256:	96E3C1E18EA7423CEA7ADDFDA77D2169C4E6F5A828986EDC8CB84AEF398900CE
SHA-512:	CD020DB01EB325383DFB8AD385764E0D9E40451A19706319BB82DCB22A825EC0B5ED8C596210E4933CF248FBD9B1C671527C9A2BC92F503FA30730084810CDC7
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358706973059602","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":155978},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	508
Entropy (8bit):	5.066587247063736
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqZQCesBdOg2HtkAcaq3QYiubxnP7E4T3OF+:Y2sRdsrgdMHyr3QYhbxP7nbI+
MD5:	8F44B66CDBDB8B76F77306DF50972643
SHA1:	61EF612C5D66C854E5C44FBA7E1CB0FCB5283C9F
SHA-256:	96E3C1E18EA7423CEA7ADDFDA77D2169C4E6F5A828986EDC8CB84AEF398900CE
SHA-512:	CD020DB01EB325383DFB8AD385764E0D9E40451A19706319BB82DCB22A825EC0B5ED8C596210E4933CF248FBD9B1C671527C9A2BC92F503FA30730084810CDC7
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358706973059602","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":155978},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4509
Entropy (8bit):	5.235200205022063
Encrypted:	false
SSDEEP:	96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLU3cF0X2/Z:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNL5
MD5:	526C8B6C4E9184668D876E87B549614B
SHA1:	A6BC92F88233D18874535B9512A5F0A3FECB30A1
SHA-256:	401EEE7DB3BD6787662BEFB795BC2413199C798C9F4B136A916FC63B460E844E
SHA-512:	143D23A95F9D200A14C5EC787718156EBAB604B86950D97E4835AA0DAA08D6915E10DFE1B67E5FAE475F61D12853AB95357233ED62CBEC451C65C2C31284F189
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.\|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	326
Entropy (8bit):	5.184453305923054
Encrypted:	false
SSDEEP:	6:Eugyq2P92nKuAl9OmbzNMxIFUt8lu21Zmw+l4RkwO92nKuAl9OmbzNMFLJ:Eyv4HAa8jFUt8lx1/+lA5LHAa84J
MD5:	C6419D39E170F9A5B37E84B40BBCB941
SHA1:	17632E3AE1674C1EEDD43004151663F0E136262E
SHA-256:	6D7FC5B6D1F7811D57B16EF84E77C7781C44872CAB52C0B792CCA7600872F94F
SHA-512:	08C9ED5503EAF4CCF97598AE19263C25BB094651BD32F333519B5B97D393B173C1330D62BC01380A06DEE7EDBF2FB8BF409935B314424E37CE1A78CD6F9F49E6
Malicious:	false
Reputation:	low
Preview:	2024/04/26-17:56:01.476 15a0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/26-17:56:01.476 15a0 Recovering log #3.2024/04/26-17:56:01.477 15a0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	326
Entropy (8bit):	5.184453305923054
Encrypted:	false
SSDEEP:	6:Eugyq2P92nKuAl9OmbzNMxIFUt8lu21Zmw+l4RkwO92nKuAl9OmbzNMFLJ:Eyv4HAa8jFUt8lx1/+lA5LHAa84J
MD5:	C6419D39E170F9A5B37E84B40BBCB941
SHA1:	17632E3AE1674C1EEDD43004151663F0E136262E
SHA-256:	6D7FC5B6D1F7811D57B16EF84E77C7781C44872CAB52C0B792CCA7600872F94F
SHA-512:	08C9ED5503EAF4CCF97598AE19263C25BB094651BD32F333519B5B97D393B173C1330D62BC01380A06DEE7EDBF2FB8BF409935B314424E37CE1A78CD6F9F49E6
Malicious:	false
Reputation:	low
Preview:	2024/04/26-17:56:01.476 15a0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/26-17:56:01.476 15a0 Recovering log #3.2024/04/26-17:56:01.477 15a0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240426155606Z-184.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	1.244774720168901
Encrypted:	false
SSDEEP:	96:n24XH0ISDSnCZVCU0gbZ1d0VKhE0nJ0kPGwSZHEMffP81N9F7WIHXZkJcFMPnfPc:fX2VBNzlvWLSePmR
MD5:	8B9921057B9CDE422C3D3FE2B864DDD4
SHA1:	EBE79D7BD561B0B675C3BA720C18EE08CF2FE97C
SHA-256:	B2A1BD36991973AE83D007D61BC33335C39C631881397FB3982E3B70D12446FC
SHA-512:	36BF96480F86A5D70967E02AFDDC05E1C655164C8EF995594D2D9D75828DAF7E69CEADCDDABE3FE724DE174047D23AD03439E31CB1BD06A52D715C779A1017CE
Malicious:	false
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.2460

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	227002
Entropy (8bit):	3.392780893644728
Encrypted:	false
SSDEEP:	1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn
MD5:	87EDBEE38F56C20298F25D5D3D4D1B5C
SHA1:	7F904E9615AC3186A87472EF366DD8202855B0B7
SHA-256:	A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6
SHA-512:	BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.327061130979899
Encrypted:	false
SSDEEP:	6:YEQXJ2HXF5Ib7+FIbRI6XVW7+0YofDieoAvJM3g98kUwPeUkwRe9:YvXKXFBYpW7TfWVGMbLUkee9
MD5:	B2C463264F9326709F55E467A763D5D1
SHA1:	E942574427C7048633B716205DBFE7CDBE3A79E7
SHA-256:	8E3979742D1F1E43EB01A334F00E025CE409D9E747864C2AFE23B2DCD450B94B
SHA-512:	42DB8433DA5E80F5FE8114A86373678BA4CC12921062AE62E96F2615F8D3202CE54CE3042B876ED3FE9F0CA003D662058DE299557EA5905E1D1AD81E5242F0CC
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2ce3f18d-541d-4283-b309-eaa51008525a","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714320879278,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.265825953966516
Encrypted:	false
SSDEEP:	6:YEQXJ2HXF5Ib7+FIbRI6XVW7+0YofDieoAvJfBoTfXpnrPeUkwRe9:YvXKXFBYpW7TfWVGWTfXcUkee9
MD5:	1B50D8F0393368AF891FE4EC3B939860
SHA1:	CCC3A6BF2380E73B6921D0AFF020C852373DF1C6
SHA-256:	1AB9CFEF9FC5587C73C613D1140CE36C9DE53E2103D378A27CFAD5302B6E89AE
SHA-512:	A53C699B24CED8744F03CD64590E46C244327055B6B27B0CCC349AAF1146E4525BAE2D6B66A5B328621085A7B97958FC5281BDDB48F8921DDA8A11B784CBAA44
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2ce3f18d-541d-4283-b309-eaa51008525a","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714320879278,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.244820989361592
Encrypted:	false
SSDEEP:	6:YEQXJ2HXF5Ib7+FIbRI6XVW7+0YofDieoAvJfBD2G6UpnrPeUkwRe9:YvXKXFBYpW7TfWVGR22cUkee9
MD5:	105D3D8DDC495EB7FCA4DB764F5AC76E
SHA1:	7D23F98BF4A033F9C19B7636DA18D14CA0D5BDC0
SHA-256:	ED505E51DFB435BE04037632B2A3DEE6C98162F577329A81A1141F5650EF999F
SHA-512:	8197806F8C75CC6825515710A1A3D1650929FD7775E40ED1B188F42A4CDB9BE34342FBE160ADC00946195F6921112E7EC3A3A301946A1E25B0FD4879331FCA67
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2ce3f18d-541d-4283-b309-eaa51008525a","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714320879278,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.304680245288667
Encrypted:	false
SSDEEP:	6:YEQXJ2HXF5Ib7+FIbRI6XVW7+0YofDieoAvJfPmwrPeUkwRe9:YvXKXFBYpW7TfWVGH56Ukee9
MD5:	3B5CC13082D14333B77EFACEBE669D2C
SHA1:	56D8E25CB50B66B1CC8946F270174F696E3F3D76
SHA-256:	6BA2B47899947A6F5D2F1DCFFA30556C9409F1F2AD5DFBEBF7F51ACA35959E92
SHA-512:	1EB684F2DB78D7FB0BA6CA87A50A40BA18AB24A3DDAFFDC55ADA5E088BCAD430AEF4EA9266F74A4B4ADBE25F429210C105CDB0DE54D645CC587E88BE49B0587D
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2ce3f18d-541d-4283-b309-eaa51008525a","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714320879278,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.262860505738741
Encrypted:	false
SSDEEP:	6:YEQXJ2HXF5Ib7+FIbRI6XVW7+0YofDieoAvJfJWCtMdPeUkwRe9:YvXKXFBYpW7TfWVGBS8Ukee9
MD5:	EE9CF515FAE1F4E813C8070E93164EAD
SHA1:	A153EAC3EFC58BEFD65C641349E7D39CA66344B6
SHA-256:	3567E157DE18DA7308CDD983809DAB479C2E79A3A9E8B0F110954E0EB1EE0ACA
SHA-512:	B125309CDEF4087A17C2A1AFAD5AB1CD928D17BEAF2F44A0AD37F5EF4E680E04E1F0BD9311A6B75F7A7ECE361FD34C880586A0F306EFB6C1DD4FED31D09A94AF
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2ce3f18d-541d-4283-b309-eaa51008525a","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714320879278,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.249081307825629
Encrypted:	false
SSDEEP:	6:YEQXJ2HXF5Ib7+FIbRI6XVW7+0YofDieoAvJf8dPeUkwRe9:YvXKXFBYpW7TfWVGU8Ukee9
MD5:	6B37ABC98B90EC5C7D76FDFD4A8007F9
SHA1:	3A0B7C3F0DA135EA5F64DA3DBF5271795DC78C8C
SHA-256:	3303437917D62B3FD9D1DAD27DF428C8A3370C7864FD0BA367E09776093B5196
SHA-512:	6725FDB1A9DDEBD845F4032C59088B78AD5530B1F83418C91A4E6E7BA669ADB8F82A5ECD2FB352DF1CD2971950F0783484D0B19AA3643985CE423AA6EBA6603A
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2ce3f18d-541d-4283-b309-eaa51008525a","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714320879278,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.2508686438872925
Encrypted:	false
SSDEEP:	6:YEQXJ2HXF5Ib7+FIbRI6XVW7+0YofDieoAvJfQ1rPeUkwRe9:YvXKXFBYpW7TfWVGY16Ukee9
MD5:	FB2942E563133C4EB4332280D7BCA867
SHA1:	A38992FEC1A73531D36D70E213A32DF4AE4EF489
SHA-256:	579519B993448FD4440A3C7D0096B36E1976B4A4CF04CC2FEA53E32D5C07DA9C
SHA-512:	8808BC29322FEDDC17FDF18859960195AE5F034BB6BCABDA270F4BBD189EF7596697B96FFE51C745069E4D548166ACF280B31336657AC3AE9FE2C8D269A8FE44
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2ce3f18d-541d-4283-b309-eaa51008525a","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714320879278,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.26909832922719
Encrypted:	false
SSDEEP:	6:YEQXJ2HXF5Ib7+FIbRI6XVW7+0YofDieoAvJfFldPeUkwRe9:YvXKXFBYpW7TfWVGz8Ukee9
MD5:	6BD7EDB22A04E420605F3CE62675A7C8
SHA1:	5A375CC98ADC9C72DBD2DAD0FBCB67B5C4F74974
SHA-256:	D8DC913D0280CA6FF93AEAC0501BB55D38EC9FA88E7FD88B5B34B5B83A427882
SHA-512:	BA54264DCCDB7D26B464B71347FE073DE5AD1FD2A02857EA13F3FA35C836C87C0AEFDAF793263B1463EDC7A7C8BE1AD8583BFD25C3372BE6BB35FA162D767F2A
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2ce3f18d-541d-4283-b309-eaa51008525a","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714320879278,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1372
Entropy (8bit):	5.736377129053569
Encrypted:	false
SSDEEP:	24:Yv6XAiTfWBKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNnL:Yv4bWEgigrNt0wSJn+ns8cvFJd
MD5:	B8318C12492446A30596E100A9D5350E
SHA1:	08FDF12195ADB8DFEF3E923DBD8DCC70D4F54B13
SHA-256:	F2ED67A248172838BDC80F6FF0B2B041216D242F770C278BC6C3EC4FAA9ED66E
SHA-512:	3BD3F4DB0ABC01260EAF9E278D1F527278D719D9F9275EBAA512DBF56868139424AD8EB03902509E7076011DAACE5726FE10BFE9AB501C8502B1E292D3B4EEA7
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2ce3f18d-541d-4283-b309-eaa51008525a","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714320879278,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.256553443337202
Encrypted:	false
SSDEEP:	6:YEQXJ2HXF5Ib7+FIbRI6XVW7+0YofDieoAvJfYdPeUkwRe9:YvXKXFBYpW7TfWVGg8Ukee9
MD5:	523EEDA39B8F177B0DC3002854747412
SHA1:	ECE91118CDC04DEE8E084C9EF68E78D799A0BA8C
SHA-256:	246D1D49294698EA4C0934FC48A003774BFEEE85098A18F281E64E9032A33CFF
SHA-512:	AC861756C67975F66D15D09E64DBCF0AC9736AF1F3EA284EDBF34ECC80B3986D0AA5D332FE54EB91645FB06F8A663E8BAA4C040FF7E4C8A8DFD1D6FEB006CEDE
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2ce3f18d-541d-4283-b309-eaa51008525a","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714320879278,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.7710842724175855
Encrypted:	false
SSDEEP:	24:Yv6XAiTfWMrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNPL:Yv4bdHgDv3W2aYQfgB5OUupHrQ9FJp
MD5:	DA5B490DB1A6F247A0BCA179D6C7D80A
SHA1:	5841322EC102B53A7A3FA80D54698C46300A0669
SHA-256:	269CE325022F91B4290EFF4A5F7C7599AC979BD7A81888DB110889FCA4FA591B
SHA-512:	E9E280CC868B521ECF8224ECD1BD44D01011705F30CDD855E1A39054713FA2585061B1F39DD130046CFD68E292E79EEFB5456F5355018F11E2FBA17E93F7010D
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2ce3f18d-541d-4283-b309-eaa51008525a","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714320879278,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.24039914277507
Encrypted:	false
SSDEEP:	6:YEQXJ2HXF5Ib7+FIbRI6XVW7+0YofDieoAvJfbPtdPeUkwRe9:YvXKXFBYpW7TfWVGDV8Ukee9
MD5:	879FE18F9D100D5D8130BF82F8A63C57
SHA1:	DDBF059D225832320E55697EE62FE46F6C5D94DA
SHA-256:	8C031372E3A73458E62678EDF572A3875537DB7798A52B4D6094299C721C4FA3
SHA-512:	556CD163C3DDCD989BCBD6980A4D8A97123335014EAD8A7EE40A62EC0D7F12A7905EC535583EA03EFCEB873B0E7511CAAAC234476D3E55EFD00B5CCAF2B2C546
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2ce3f18d-541d-4283-b309-eaa51008525a","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714320879278,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.241766862420291
Encrypted:	false
SSDEEP:	6:YEQXJ2HXF5Ib7+FIbRI6XVW7+0YofDieoAvJf21rPeUkwRe9:YvXKXFBYpW7TfWVG+16Ukee9
MD5:	C082FEA34B989CD838EF9EEC45E79AAC
SHA1:	FC955C44BB124EB9B2861C710FE8D680AB5AAA26
SHA-256:	8EBD62798228FAD2554B261B1F6DD2B5BB7E62B8F1E9BCBBF4E27421F3073829
SHA-512:	4A08C22B082804974D71B236DD9BD54D4C6E3E403461204BE57D6C8D13C7D64CE9AAAA4A7553684C790931E58E29BD0238BF87B5740EE672A7A642C3211B798C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2ce3f18d-541d-4283-b309-eaa51008525a","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714320879278,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.263388572095349
Encrypted:	false
SSDEEP:	6:YEQXJ2HXF5Ib7+FIbRI6XVW7+0YofDieoAvJfbpatdPeUkwRe9:YvXKXFBYpW7TfWVGVat8Ukee9
MD5:	7223C9C7A54438FE5AEB50B7943E108C
SHA1:	379220222206E82C3E57A4624046CEC576FFB618
SHA-256:	5FA17AC6B1B9A31DAB68B066CBEA2B1C3415571456E6D17B925B1A01928D661A
SHA-512:	6525B0562590692BD944A0DAC45223A80A5C4EEBA830E0665DD3156DB2B7C12776B7774A8BE247F3497701F1651B96F7551177E52BE6D3900BD05D9C518E1D4B
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2ce3f18d-541d-4283-b309-eaa51008525a","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714320879278,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.215933246279161
Encrypted:	false
SSDEEP:	6:YEQXJ2HXF5Ib7+FIbRI6XVW7+0YofDieoAvJfshHHrPeUkwRe9:YvXKXFBYpW7TfWVGUUUkee9
MD5:	0A69F716B8B9C41EC127F0DB4CAF6F3E
SHA1:	EFC7CA15610E170658A9E1BBA41F750DC60F0E6E
SHA-256:	4308D3D42328CB2CAF3BFADCF0EB105C9E8557C5B0809AB5EFBF9044E38A2465
SHA-512:	4A63DAD04DDA87A88D528D9F727CD55E724B2ADD8C1571B3D0A4BBB95AECC1786562F9D9EAA9D80B14B758524E054550718DB1740DC82EE2E58C27ECE6115643
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2ce3f18d-541d-4283-b309-eaa51008525a","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714320879278,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.35820514370257
Encrypted:	false
SSDEEP:	12:YvXKXFBYpW7TfWVGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWvTL:Yv6XAiTfWx168CgEXX5kcIfANh6L
MD5:	684FD561F4C8F0AB9E98DB0753C053C2
SHA1:	28D1C784685CE6BB64798EB4B2D372591EA8371E
SHA-256:	78398D0971498580243886CE7448853BFA93AAA70E49B6C040FF27473F15C6A4
SHA-512:	2418906C544C61618941834F4B6D661717F8029D701AD79866FE991EBD56FA8ADB3B0E677FBD954DDCC00970852328E32F4AAC34F6A1FEE1D04B3B743B75A4B2
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2ce3f18d-541d-4283-b309-eaa51008525a","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714320879278,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1714146969309}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2814
Entropy (8bit):	5.129942703344279
Encrypted:	false
SSDEEP:	24:Yc1klH5KAlRCCKgxXlVbflJw5lVklGa9taykleoqnkqoxqHjw6j0S3qHfgqa2/2D:Y/5likbnwi3JhDf21aKkBIiMK9aOB
MD5:	6342BA820FCDC19405C423F70BFF1C6F
SHA1:	5EEEE4CC8E126E1323828DBE7CDADEA95E14FFED
SHA-256:	93605CA0D4FD80FB8EF2E664C24071AF98D4C03E921E54980B9B65183E29BF06
SHA-512:	7249717344B9E9449804954FA83E50583F4704A32161C0486CDBD9BB7B4E59192E7D934BA2496F713FCC086ADE3B312CBB240EA5A50472E8F3FF66DFEB6DECF8
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"9573f733f58c9f7145cff6826bd9434b","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1714146969000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"22338ba1ea39a0c750d7d4235bafc567","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1714146969000},{"id":"Edit_InApp_Aug2020","info":{"dg":"7af619fed81f0e53002611a0c2bd1a66","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1714146969000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"b42de7eca75c0865ca807c81cd09f5a0","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1714146969000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"2dcd5d940219435bcf972ecfb1f16299","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1714146969000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"13f8333f43d81afdd24f6b1f1c305c4b","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1714146969000},

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.9845958991588438
Encrypted:	false
SSDEEP:	24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/Sph4zJwtNBwtNbRZ6bRZ4EF:TVl2GL7ms6ggOVpizutYtp6PR
MD5:	C97CA4390BD6FD905ADB8D05CB315549
SHA1:	B85C0BB964FAC0DBD77EA75D3F9DD20730A30E53
SHA-256:	3D2C64FE3980565664C2E50D7C810C972B567B526AB6D393B0CE45DE5AC48494
SHA-512:	88C970B72CDA4DA3C0CDBA5DCFF34F36BFA41708DDE7F979F1C06689C1D68F173AB11A3ACEA9AD08A79CEC288ADDA07D23517DC32AEB1EB66ECD59B684502EAC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.3396220271711252
Encrypted:	false
SSDEEP:	24:7+tR/AD1RZKHs/Ds/SphPzJwtNBwtNbRZ6bRZWf1RZK2qLBx/XYKQvGJF7ursK:7MR/GgOVp5zutYtp6PM3qll2GL7msK
MD5:	7DAA55526DB5E03CC57E0A1B9A38662E
SHA1:	21AFC022A4D657A6A1A3C950868D551F263616A3
SHA-256:	9E52B58B123A0A00E43C6A2F688270A1FABB340AC7010CCE778EA91C4BB8E342
SHA-512:	1770E8ED8E21AC0B766062530C688178DEB8AA6D9870D509974B0115C468A77B05537FA579954C2B09A1DE12EF6E93C0962330F077EF21892EB698A4F1932CC9
Malicious:	false
Preview:	.... .c...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI715d2.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.536003181970279
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8mdWaGww:Qw946cPbiOxDlbYnuRKvK
MD5:	DF371384F6FC0655674DE42E584E3516
SHA1:	188075304FD2356C2E0148E1DFDF60326FF81103
SHA-256:	908F458646876D5AB85ED6F69B0E22B8A6B180F3FBE6FBB62AE5F460964D1DF1
SHA-512:	8B417F76AC3ADD747AA5A82F17C5D508FCF868E0FAC80D0FD53D359AC87E4EDE41BA2E83DDE77E995780C1066EFEBB2D20439711E4F4121CC050861396A48F50
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.6./.0.4./.2.0.2.4. . .1.7.:.5.6.:.0.9. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9fcpt98_1uuof1y_1wc.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PDF document, version 1.6, 0 pages
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.075137862630284
Encrypted:	false
SSDEEP:	6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOOsiQR8tsiQR86bMTCSyAAO:IngVMre9T0HQIDmy9g06JXhz/zmTlX
MD5:	E5FB716ED2C91447666424975318449B
SHA1:	D4D69B9B83FF8FE5A21B1A997DB7A53C55312677
SHA-256:	1B567DF1C73E614D7CBF6AA9DE688823D541BAB0072B4B89860AF8686DC679B5
SHA-512:	7E6BE9BC3DEDB38CFE80958B6B72E819D28B38D27E530308959E5FC1B0B9358E15083775E167542A6C1E66D3B0953E7241CD581625B5F9310F84353AB47FB3CC
Malicious:	false
Preview:	%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<C1B9EC97B1DF57409C59E6820AD8BE2E><C1B9EC97B1DF57409C59E6820AD8BE2E>]>>..startxref..127..%%EOF..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-26 17-56-04-062.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.376360055978702
Encrypted:	false
SSDEEP:	384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
MD5:	1336667A75083BF81E2632FABAA88B67
SHA1:	46E40800B27D95DAED0DBB830E0D0BA85C031D40
SHA-256:	F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
SHA-512:	D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
Malicious:	false
Preview:	SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	16603
Entropy (8bit):	5.329734348190203
Encrypted:	false
SSDEEP:	384:U79OlTfgXGAvh1YgVaNZsAZFSTJFO2tc/EYiKtT2Cy2EJ5iktOQ5U5kx3Zt9M8Ed:ZNN
MD5:	769EEE4B2D5FFBFE61FBC633F85AB829
SHA1:	7A2C2C999DB01977BE3565DD7F9A9A06639E944B
SHA-256:	6018DD33E05C4A74AACD07045F54458BA3340E4D639270103A507449A679305C
SHA-512:	D3D59B449D4259BF090082D64457AE6FC1EB5665EBC1EC64636A668044FFD2347CFD16E6FE7CE444CE62C4EAA5598C192A7C85F322D45BAC9AB7D54E56A2B32D
Malicious:	false
Preview:	SessionID=ebc573a0-26a7-4ee0-96c4-f60680628197.1714146964077 Timestamp=2024-04-26T17:56:04:077+0200 ThreadID=6084 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=ebc573a0-26a7-4ee0-96c4-f60680628197.1714146964077 Timestamp=2024-04-26T17:56:04:077+0200 ThreadID=6084 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=ebc573a0-26a7-4ee0-96c4-f60680628197.1714146964077 Timestamp=2024-04-26T17:56:04:077+0200 ThreadID=6084 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=ebc573a0-26a7-4ee0-96c4-f60680628197.1714146964077 Timestamp=2024-04-26T17:56:04:077+0200 ThreadID=6084 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=ebc573a0-26a7-4ee0-96c4-f60680628197.1714146964077 Timestamp=2024-04-26T17:56:04:077+0200 ThreadID=6084 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29845
Entropy (8bit):	5.398909253144245
Encrypted:	false
SSDEEP:	768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbQ:c
MD5:	45E84B86CBB6A3752ADEC19C6A2F3B03
SHA1:	A533D0CDF4460AE0B5B578B0A866DBE878EE3DAD
SHA-256:	37107EDAA9892EB8FE8EAB2343AE2C64BF82D6EA5EB663F79315F66A072D331E
SHA-512:	E6F0A207C25C1A8105650FDFD6CF6B3DCF53C555F05625E6BF6C61B7BB225683074E72EE426939A19B1F0AE9C97418A2B725489E07B390F44DDF8B0A3A013477
Malicious:	false
Preview:	04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : *************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***********************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\40b62c56-ebc4-446e-ba58-ef5c130ced45.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
MD5:	18E3D04537AF72FDBEB3760B2D10C80E
SHA1:	B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
SHA-256:	BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
SHA-512:	2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\55624d59-21a0-49de-a44c-72b549b87b33.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
MD5:	A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:	54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:	74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\d69632e5-8535-491a-9097-8a1cf30903ce.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\e564532c-4de1-490f-b1f7-49f706e0cfd8.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 14:56:35 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.981095528500733
Encrypted:	false
SSDEEP:	48:83d2TyuqHmidAKZdA19ehwiZUklqehBy+3:8Avf2y
MD5:	BFEB6013722138437E3B3F434B5ACEFD
SHA1:	5AD0A4CB6F384A953038D2A0692BA59F0A218AAD
SHA-256:	FEA76B41F07C2D745D8FCAD58F0D4CFB5583C3D3D32FB1DAFFC832CBD04E042B
SHA-512:	B023844BF6F0257DF96F3A56648CF4A40B9D2A30788CD272C9426C99A4A9B09C304A3824AFFC3431B28DA55F778301899DD26B0BCB80A90158E59592D538EC30
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....`.P...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............d.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 14:56:35 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9937093261346663
Encrypted:	false
SSDEEP:	48:84d2TyuqHmidAKZdA1weh/iZUkAQkqehmy+2:8pvl9QLy
MD5:	4E24586EA96B51D3510328243B89C64C
SHA1:	4684A2E244D32B7214A872A14F3EA65F709516CB
SHA-256:	27DC195202C05354F1EB6149974F71FD301049A85975A48521513C615BB40F04
SHA-512:	80396139F8F40A2BF646972B6457A2E468115BC7B4A29EA06C49A3C9207F3D7A6D874D7FF1782E63E3C20CBACBF9446C58CAE1F69CAF0173C644C253DD8A960D
Malicious:	false
Preview:	L..................F.@.. ...$+.,.......P...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............d.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.005669638765949
Encrypted:	false
SSDEEP:	48:8x+d2TyusHmidAKZdA14tseh7sFiZUkmgqeh7s4y+BX:8xPvvnyy
MD5:	ACC8DC9175D01373287F2EAC5E93AA3E
SHA1:	3E52B7089E31D6C35A4AFA8D33DA6FC3FCE4743C
SHA-256:	3D9F7CC014F5CDE34F38A6B9BE9D6C2ED324FB5A7ADA4AD713B82E1DE0F8CE0A
SHA-512:	FAA38A539863539E65A917C01C6F51A2A29FB5AB2F5D25789688096A53845E4C722E9CDDAA5FB61E46B3751C03D7AE526C0C3ADA17B667E620DD2D06A546F121
Malicious:	false
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............d.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 14:56:35 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9923212903590617
Encrypted:	false
SSDEEP:	48:8Hd2TyuqHmidAKZdA1vehDiZUkwqehKy+R:8QvmQy
MD5:	81970B95404D935E5AAB98992A363505
SHA1:	EE96BAD7BE722C476E60784E4517E3E8BF3F23FB
SHA-256:	243389F13667EF54E124F5C3D5890CAAE05D8BA39B665F5985386DDACA2FFF49
SHA-512:	720F2F3E048BCD52E133F5C01BC4E8E132131937B9625E97D0C8C7ECAC7AA03ECA17EC84AF63E787FB147BE2C1AC32B1B8933CD8FCF5BB9CF51A0DC0C5DE7236
Malicious:	false
Preview:	L..................F.@.. ...$+.,......P...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............d.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 14:56:35 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9829976508275404
Encrypted:	false
SSDEEP:	48:8Vd2TyuqHmidAKZdA1hehBiZUk1W1qehEy+C:8+vm9ky
MD5:	35F4E9CE2E1B4E8F7E14A0DD1DD23ABE
SHA1:	11A80FC0D8A9AA68C02ECC1CF70622E515340CD0
SHA-256:	9E438BE20D5E398BB3AD50C0B0E1BA3EE08E8A5125E810092913F8773DB92CAA
SHA-512:	A77377A49A6689CB55908D66974B6ABF2B73CC593F4E9650B7DAFDD74C2C15609A53FFEC2ED24C1246D8BD363300868DF12CF5538F07F5730671982A6D205FBB
Malicious:	false
Preview:	L..................F.@.. ...$+.,......P...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............d.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 14:56:34 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9925135020824127
Encrypted:	false
SSDEEP:	48:8Rd2TyuqHmidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbyy+yT+:8yv4T/TbxWOvTbyy7T
MD5:	19F7FF4C9972FD84FDDAC7184881A245
SHA1:	154AC192038326609D59345593CFC83AE211883F
SHA-256:	2C4FBD367597917A1EAC298571AC8759C52903D1FE6A4427FE062D58AF118A9E
SHA-512:	86B78158DC227713CB0EC761B5B0B2030261627A5066D8092A2E6D60364422F7197A10613B24A0CB4C2E91F7865A27BD024777C6295BBD03DA073010DD5EED09
Malicious:	false
Preview:	L..................F.@.. ...$+.,....m:}P...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............d.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 174

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3025)
Category:	downloaded
Size (bytes):	3030
Entropy (8bit):	5.837406216650395
Encrypted:	false
SSDEEP:	48:HHhtR0ExAKlgZ01LFoacH6666/5Lf3kYyHyduiVbz7qVd1LYNRa3cM5z77bJ7pL+:nhtR0AliFH6666d5yS5NChFzXbJBvfnO
MD5:	7326118E9D3DF10FCAEEBF9647027FDA
SHA1:	24003B09E0A7C6446D6C70F0FC4B08888FC5441C
SHA-256:	E56396C4FE9CF79152749BCAA5050ABCD14ACA367B8AB2BDCFF758DB2547B617
SHA-512:	197AD35BE1D7613E04715CBC820E416C74631AEFA09AE43C9E1205CC60E479C2E689C422E81DE6A0232F5DC38A5E9CE448CB27905179AC9D975700AA8A19397B
Malicious:	false
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["intel earnings report","american horror story delicate ending","korey cunningham football","new smyrna beach florida explosion","nintendo garry mod","nasa mars spiders","weather storms tornadoes","marvel deadpool wolverine trailer"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"google:entityinfo":"CgovbS8wd2hjdnNyEhlGb290YmFsbCBvZmZlbnNpdmUgdGFja2xlMt8LZGF0YTppbWFnZS9qcGVnO2Jhc2U2NCwvOWovNEFBUVNrWkpSZ0FCQVFBQUFRQUJBQUQvMndDRUFBa0dCd2dIQmdrSUJ3Z0tDZ2tMRFJZUERRd01EUnNVRlJBV0lCMGlJaUFkSHg4a0tEUXNKQ1l4Sng4ZkxUMHRNVFUzT2pvNkl5cy9SRDg0UXpRNU9qY0JDZ29LRFF3TkdnOFBHamNsSHlVM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOLy9BQUJFSUFFQUFRQU1CSWdBQ0VRRURFUUgveEFBY0FBQUNBZ01CQVFBQUFBQUFBQUFBQUFBQUJ3TUZBZ1FHQ0FIL3hBQXlFQUFDQVFNQkJnVUNCQWNBQUFBQUFBQUJBZ01BQkJFRkJoSVRJVEdCQjBGUllYRXlVaUlqUXBFVUZYS1NvYUxoLzhR

Static File Info

General

File type:	PDF document, version 1.3, 6 pages
Entropy (8bit):	7.968821645529483
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Purchase Order_PO-1075094.pdf
File size:	275'065 bytes
MD5:	88e1bfe4497640b4aead0b90247fbe4b
SHA1:	5c8b680d6ca138c44f62e7708b58b695bf3eeef3
SHA256:	e7cec96c94be3fc83e692b6265acb6563fc24ecb0add03780cb9ef2d54213d02
SHA512:	5ac2ce78c67974a6927d94749cc473a424159dcff665652404a3560b581c21f632ce33ee4ca7db9bd14df054517fef2164b6da4081af4b7e4d4a17e685b278bb
SSDEEP:	6144:Dgezwfyi4Dnj++YPcxUOYt9j7gd6HdnbyeAF2mSNyB8NLE:DgKi4Dnj++YkxUxj728bye+2zNyB8NA
TLSH:	7F440269DD1A44CCCEA2F782911D708D870CF3A5B0C9A992257D8FC72580FE8E6736D6
File Content Preview:	%PDF-1.3.%.....1 0 obj.<</Type/Catalog/Pages 3 0 R/Lang(en-US)/Names 4 0 R/Metadata 5 0 R>>.endobj.2 0 obj.<</Producer(http://bfo.com/products/report?version=work-20200610T1518-r36819M)/CreationDate(D:20240426075710-07'00')/ModDate(D:20240426075710-07'00'

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.3
Total Entropy:	7.968822
Total Bytes:	275065
Stream Entropy:	7.998470
Stream Bytes:	254402
Entropy outside Streams:	5.226168
Bytes outside Streams:	20663
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	113
endobj	113
stream	29
endstream	29
xref	1
trailer	1
startxref	1
/Page	6
/Encrypt	0
/ObjStm	0
/URI	6
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
23	3a9e4f0c08a4b61b	82f5fe1054b04b135c7337df66876d78
33	88c06c4e4f43494c	cff6f0cdc3a694eb8a56f05eae89b8e3

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 17:55:56.708074093 CEST	49675	443	192.168.2.5	23.1.237.91
Apr 26, 2024 17:55:56.801798105 CEST	49674	443	192.168.2.5	23.1.237.91
Apr 26, 2024 17:55:57.004937887 CEST	49673	443	192.168.2.5	23.1.237.91
Apr 26, 2024 17:56:06.373260021 CEST	49675	443	192.168.2.5	23.1.237.91
Apr 26, 2024 17:56:06.452634096 CEST	49674	443	192.168.2.5	23.1.237.91
Apr 26, 2024 17:56:06.675614119 CEST	49673	443	192.168.2.5	23.1.237.91
Apr 26, 2024 17:56:07.984199047 CEST	443	49703	23.1.237.91	192.168.2.5
Apr 26, 2024 17:56:07.984334946 CEST	49703	443	192.168.2.5	23.1.237.91
Apr 26, 2024 17:56:08.718463898 CEST	49711	443	192.168.2.5	52.5.13.197
Apr 26, 2024 17:56:08.718497038 CEST	443	49711	52.5.13.197	192.168.2.5
Apr 26, 2024 17:56:08.718569040 CEST	49711	443	192.168.2.5	52.5.13.197
Apr 26, 2024 17:56:08.718961000 CEST	49711	443	192.168.2.5	52.5.13.197
Apr 26, 2024 17:56:08.718972921 CEST	443	49711	52.5.13.197	192.168.2.5
Apr 26, 2024 17:56:09.032607079 CEST	443	49711	52.5.13.197	192.168.2.5
Apr 26, 2024 17:56:09.032958031 CEST	49711	443	192.168.2.5	52.5.13.197
Apr 26, 2024 17:56:09.033015966 CEST	443	49711	52.5.13.197	192.168.2.5
Apr 26, 2024 17:56:09.034512043 CEST	443	49711	52.5.13.197	192.168.2.5
Apr 26, 2024 17:56:09.034629107 CEST	49711	443	192.168.2.5	52.5.13.197
Apr 26, 2024 17:56:09.034650087 CEST	443	49711	52.5.13.197	192.168.2.5
Apr 26, 2024 17:56:09.034709930 CEST	49711	443	192.168.2.5	52.5.13.197
Apr 26, 2024 17:56:09.034889936 CEST	49711	443	192.168.2.5	52.5.13.197
Apr 26, 2024 17:56:09.034981966 CEST	443	49711	52.5.13.197	192.168.2.5
Apr 26, 2024 17:56:09.035185099 CEST	49711	443	192.168.2.5	52.5.13.197
Apr 26, 2024 17:56:09.035206079 CEST	443	49711	52.5.13.197	192.168.2.5
Apr 26, 2024 17:56:09.085475922 CEST	49711	443	192.168.2.5	52.5.13.197
Apr 26, 2024 17:56:09.390175104 CEST	443	49711	52.5.13.197	192.168.2.5
Apr 26, 2024 17:56:09.390198946 CEST	443	49711	52.5.13.197	192.168.2.5
Apr 26, 2024 17:56:09.390260935 CEST	49711	443	192.168.2.5	52.5.13.197
Apr 26, 2024 17:56:09.390268087 CEST	443	49711	52.5.13.197	192.168.2.5
Apr 26, 2024 17:56:09.390307903 CEST	49711	443	192.168.2.5	52.5.13.197
Apr 26, 2024 17:56:09.428205967 CEST	49711	443	192.168.2.5	52.5.13.197
Apr 26, 2024 17:56:09.428226948 CEST	443	49711	52.5.13.197	192.168.2.5
Apr 26, 2024 17:56:10.004316092 CEST	49712	443	192.168.2.5	23.204.76.112
Apr 26, 2024 17:56:10.004364967 CEST	443	49712	23.204.76.112	192.168.2.5
Apr 26, 2024 17:56:10.004440069 CEST	49712	443	192.168.2.5	23.204.76.112
Apr 26, 2024 17:56:10.006225109 CEST	49712	443	192.168.2.5	23.204.76.112
Apr 26, 2024 17:56:10.006247044 CEST	443	49712	23.204.76.112	192.168.2.5
Apr 26, 2024 17:56:10.265909910 CEST	443	49712	23.204.76.112	192.168.2.5
Apr 26, 2024 17:56:10.266094923 CEST	49712	443	192.168.2.5	23.204.76.112
Apr 26, 2024 17:56:10.268213034 CEST	49712	443	192.168.2.5	23.204.76.112
Apr 26, 2024 17:56:10.268222094 CEST	443	49712	23.204.76.112	192.168.2.5
Apr 26, 2024 17:56:10.268534899 CEST	443	49712	23.204.76.112	192.168.2.5
Apr 26, 2024 17:56:10.303535938 CEST	49712	443	192.168.2.5	23.204.76.112
Apr 26, 2024 17:56:10.348114967 CEST	443	49712	23.204.76.112	192.168.2.5
Apr 26, 2024 17:56:10.510812998 CEST	443	49712	23.204.76.112	192.168.2.5
Apr 26, 2024 17:56:10.510895014 CEST	443	49712	23.204.76.112	192.168.2.5
Apr 26, 2024 17:56:10.511352062 CEST	49712	443	192.168.2.5	23.204.76.112
Apr 26, 2024 17:56:10.511442900 CEST	443	49712	23.204.76.112	192.168.2.5
Apr 26, 2024 17:56:10.511488914 CEST	49712	443	192.168.2.5	23.204.76.112
Apr 26, 2024 17:56:10.511507988 CEST	443	49712	23.204.76.112	192.168.2.5
Apr 26, 2024 17:56:10.559041023 CEST	49713	443	192.168.2.5	23.204.76.112
Apr 26, 2024 17:56:10.559128046 CEST	443	49713	23.204.76.112	192.168.2.5
Apr 26, 2024 17:56:10.559324980 CEST	49713	443	192.168.2.5	23.204.76.112
Apr 26, 2024 17:56:10.559540033 CEST	49713	443	192.168.2.5	23.204.76.112
Apr 26, 2024 17:56:10.559576035 CEST	443	49713	23.204.76.112	192.168.2.5
Apr 26, 2024 17:56:10.813263893 CEST	443	49713	23.204.76.112	192.168.2.5
Apr 26, 2024 17:56:10.813611031 CEST	49713	443	192.168.2.5	23.204.76.112
Apr 26, 2024 17:56:10.975409985 CEST	49713	443	192.168.2.5	23.204.76.112
Apr 26, 2024 17:56:10.975444078 CEST	443	49713	23.204.76.112	192.168.2.5
Apr 26, 2024 17:56:10.975765944 CEST	443	49713	23.204.76.112	192.168.2.5
Apr 26, 2024 17:56:11.026195049 CEST	49713	443	192.168.2.5	23.204.76.112
Apr 26, 2024 17:56:11.248492002 CEST	49713	443	192.168.2.5	23.204.76.112
Apr 26, 2024 17:56:11.292165995 CEST	443	49713	23.204.76.112	192.168.2.5
Apr 26, 2024 17:56:11.374305964 CEST	443	49713	23.204.76.112	192.168.2.5
Apr 26, 2024 17:56:11.374380112 CEST	443	49713	23.204.76.112	192.168.2.5
Apr 26, 2024 17:56:11.374449015 CEST	49713	443	192.168.2.5	23.204.76.112
Apr 26, 2024 17:56:11.981719017 CEST	49713	443	192.168.2.5	23.204.76.112
Apr 26, 2024 17:56:11.981719971 CEST	49713	443	192.168.2.5	23.204.76.112
Apr 26, 2024 17:56:11.981796980 CEST	443	49713	23.204.76.112	192.168.2.5
Apr 26, 2024 17:56:11.981827974 CEST	443	49713	23.204.76.112	192.168.2.5
Apr 26, 2024 17:56:13.631756067 CEST	49714	443	192.168.2.5	104.94.108.142
Apr 26, 2024 17:56:13.631798029 CEST	443	49714	104.94.108.142	192.168.2.5
Apr 26, 2024 17:56:13.631870985 CEST	49714	443	192.168.2.5	104.94.108.142
Apr 26, 2024 17:56:13.632107973 CEST	49714	443	192.168.2.5	104.94.108.142
Apr 26, 2024 17:56:13.632119894 CEST	443	49714	104.94.108.142	192.168.2.5
Apr 26, 2024 17:56:14.015954971 CEST	443	49714	104.94.108.142	192.168.2.5
Apr 26, 2024 17:56:14.016236067 CEST	49714	443	192.168.2.5	104.94.108.142
Apr 26, 2024 17:56:14.016262054 CEST	443	49714	104.94.108.142	192.168.2.5
Apr 26, 2024 17:56:14.017265081 CEST	443	49714	104.94.108.142	192.168.2.5
Apr 26, 2024 17:56:14.017343044 CEST	49714	443	192.168.2.5	104.94.108.142
Apr 26, 2024 17:56:14.023361921 CEST	49714	443	192.168.2.5	104.94.108.142
Apr 26, 2024 17:56:14.023426056 CEST	443	49714	104.94.108.142	192.168.2.5
Apr 26, 2024 17:56:14.023581028 CEST	49714	443	192.168.2.5	104.94.108.142
Apr 26, 2024 17:56:14.023587942 CEST	443	49714	104.94.108.142	192.168.2.5
Apr 26, 2024 17:56:14.063334942 CEST	49714	443	192.168.2.5	104.94.108.142
Apr 26, 2024 17:56:14.155153036 CEST	443	49714	104.94.108.142	192.168.2.5
Apr 26, 2024 17:56:14.155230999 CEST	443	49714	104.94.108.142	192.168.2.5
Apr 26, 2024 17:56:14.155282974 CEST	49714	443	192.168.2.5	104.94.108.142
Apr 26, 2024 17:56:14.155658007 CEST	49714	443	192.168.2.5	104.94.108.142
Apr 26, 2024 17:56:14.155677080 CEST	443	49714	104.94.108.142	192.168.2.5
Apr 26, 2024 17:56:19.054378033 CEST	49716	443	192.168.2.5	40.127.169.103
Apr 26, 2024 17:56:19.054429054 CEST	443	49716	40.127.169.103	192.168.2.5
Apr 26, 2024 17:56:19.054497004 CEST	49716	443	192.168.2.5	40.127.169.103
Apr 26, 2024 17:56:19.055675983 CEST	49716	443	192.168.2.5	40.127.169.103
Apr 26, 2024 17:56:19.055697918 CEST	443	49716	40.127.169.103	192.168.2.5
Apr 26, 2024 17:56:19.752563000 CEST	443	49716	40.127.169.103	192.168.2.5
Apr 26, 2024 17:56:19.752634048 CEST	49716	443	192.168.2.5	40.127.169.103
Apr 26, 2024 17:56:19.755364895 CEST	49716	443	192.168.2.5	40.127.169.103
Apr 26, 2024 17:56:19.755387068 CEST	443	49716	40.127.169.103	192.168.2.5
Apr 26, 2024 17:56:19.755646944 CEST	443	49716	40.127.169.103	192.168.2.5
Apr 26, 2024 17:56:19.797712088 CEST	49716	443	192.168.2.5	40.127.169.103
Apr 26, 2024 17:56:20.229933977 CEST	49716	443	192.168.2.5	40.127.169.103
Apr 26, 2024 17:56:20.276122093 CEST	443	49716	40.127.169.103	192.168.2.5
Apr 26, 2024 17:56:20.686464071 CEST	443	49716	40.127.169.103	192.168.2.5
Apr 26, 2024 17:56:20.686487913 CEST	443	49716	40.127.169.103	192.168.2.5
Apr 26, 2024 17:56:20.686495066 CEST	443	49716	40.127.169.103	192.168.2.5
Apr 26, 2024 17:56:20.686505079 CEST	443	49716	40.127.169.103	192.168.2.5
Apr 26, 2024 17:56:20.686533928 CEST	443	49716	40.127.169.103	192.168.2.5
Apr 26, 2024 17:56:20.686567068 CEST	49716	443	192.168.2.5	40.127.169.103
Apr 26, 2024 17:56:20.686588049 CEST	443	49716	40.127.169.103	192.168.2.5
Apr 26, 2024 17:56:20.686597109 CEST	443	49716	40.127.169.103	192.168.2.5
Apr 26, 2024 17:56:20.686625957 CEST	49716	443	192.168.2.5	40.127.169.103
Apr 26, 2024 17:56:20.686651945 CEST	49716	443	192.168.2.5	40.127.169.103
Apr 26, 2024 17:56:20.686656952 CEST	443	49716	40.127.169.103	192.168.2.5
Apr 26, 2024 17:56:20.686676979 CEST	443	49716	40.127.169.103	192.168.2.5
Apr 26, 2024 17:56:20.686731100 CEST	49716	443	192.168.2.5	40.127.169.103
Apr 26, 2024 17:56:20.978852034 CEST	49716	443	192.168.2.5	40.127.169.103
Apr 26, 2024 17:56:20.978893995 CEST	443	49716	40.127.169.103	192.168.2.5
Apr 26, 2024 17:56:20.978909969 CEST	49716	443	192.168.2.5	40.127.169.103
Apr 26, 2024 17:56:20.978916883 CEST	443	49716	40.127.169.103	192.168.2.5
Apr 26, 2024 17:56:32.986798048 CEST	49724	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:32.986845016 CEST	443	49724	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:32.986922979 CEST	49725	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:32.986954927 CEST	49724	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:32.986960888 CEST	443	49725	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:32.987009048 CEST	49725	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:32.987045050 CEST	49726	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:32.987087965 CEST	443	49726	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:32.987143993 CEST	49727	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:32.987163067 CEST	49726	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:32.987181902 CEST	443	49727	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:32.987231970 CEST	49727	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:32.987452984 CEST	49724	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:32.987462044 CEST	443	49724	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:32.987600088 CEST	49725	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:32.987607956 CEST	443	49725	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:32.987788916 CEST	49726	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:32.987797976 CEST	443	49726	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:32.987965107 CEST	49727	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:32.987973928 CEST	443	49727	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:33.341203928 CEST	443	49726	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:33.341461897 CEST	49726	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:33.341497898 CEST	443	49726	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:33.342987061 CEST	443	49726	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:33.343066931 CEST	49726	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:33.344266891 CEST	443	49725	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:33.344738007 CEST	49726	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:33.344858885 CEST	443	49726	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:33.344921112 CEST	49725	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:33.344949961 CEST	443	49725	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:33.345184088 CEST	49726	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:33.345197916 CEST	443	49726	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:33.346432924 CEST	443	49725	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:33.346493959 CEST	49725	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:33.347616911 CEST	49725	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:33.347682953 CEST	443	49725	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:33.347800970 CEST	49725	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:33.347807884 CEST	443	49725	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:33.400425911 CEST	49725	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:33.400429964 CEST	49726	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:33.686770916 CEST	443	49726	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:33.686830997 CEST	443	49726	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:33.686872959 CEST	443	49726	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:33.686885118 CEST	49726	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:33.686918974 CEST	443	49726	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:33.686961889 CEST	49726	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:33.690049887 CEST	443	49726	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:33.690165997 CEST	443	49726	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:33.690212965 CEST	49726	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:33.700454950 CEST	49725	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:33.700558901 CEST	443	49725	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:33.700614929 CEST	49725	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:33.704562902 CEST	49726	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:33.704590082 CEST	443	49726	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:34.140583038 CEST	443	49724	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:34.204071045 CEST	49724	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:34.323113918 CEST	443	49727	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:34.399302006 CEST	49727	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:35.147934914 CEST	49724	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:35.147980928 CEST	443	49724	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:35.148284912 CEST	49727	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:35.148355007 CEST	443	49727	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:35.149678946 CEST	443	49724	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:35.149697065 CEST	443	49724	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:35.149739981 CEST	49724	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:35.150235891 CEST	49724	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:35.150351048 CEST	443	49724	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:35.150588989 CEST	49724	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:35.150605917 CEST	443	49724	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:35.151942015 CEST	443	49727	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:35.151956081 CEST	443	49727	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:35.151990891 CEST	49727	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:35.199201107 CEST	49724	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:35.202971935 CEST	49727	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:35.203109026 CEST	49727	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:35.203156948 CEST	443	49727	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:35.293178082 CEST	49727	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:35.293235064 CEST	443	49727	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:35.403424025 CEST	49727	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:35.727796078 CEST	443	49727	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:35.727890968 CEST	49727	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:35.728051901 CEST	443	49727	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:35.728286982 CEST	443	49727	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:35.728347063 CEST	49727	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:35.792783022 CEST	49727	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:35.792845964 CEST	443	49727	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:35.799559116 CEST	49728	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:35.799638033 CEST	443	49728	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:35.799895048 CEST	49728	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:35.800144911 CEST	49728	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:35.800199986 CEST	443	49728	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:35.852751970 CEST	443	49724	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:35.852844000 CEST	49724	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:35.852905989 CEST	443	49724	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:35.852940083 CEST	443	49724	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:35.852992058 CEST	49724	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:35.855930090 CEST	49724	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:35.855968952 CEST	443	49724	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:35.855993986 CEST	49724	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:35.856019974 CEST	49724	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:36.182543039 CEST	49730	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:36.182636976 CEST	443	49730	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:36.182728052 CEST	49730	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:36.183244944 CEST	49730	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:36.183279037 CEST	443	49730	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:36.279176950 CEST	443	49728	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:36.279836893 CEST	49728	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:36.279875994 CEST	443	49728	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:36.280392885 CEST	443	49728	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:36.280893087 CEST	49728	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:36.280982018 CEST	443	49728	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:36.281421900 CEST	49728	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:36.324155092 CEST	443	49728	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:36.640561104 CEST	443	49730	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:36.641207933 CEST	49730	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:36.641233921 CEST	443	49730	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:36.641721964 CEST	443	49730	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:36.642733097 CEST	49730	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:36.642822981 CEST	443	49730	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:36.643505096 CEST	49730	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:36.684125900 CEST	443	49730	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:36.762685061 CEST	443	49728	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:36.762754917 CEST	443	49728	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:36.762809038 CEST	443	49728	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:36.762856960 CEST	49728	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:36.762891054 CEST	443	49728	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:36.762913942 CEST	443	49728	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:36.762940884 CEST	49728	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:36.762969971 CEST	49728	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:36.763825893 CEST	49728	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:36.763844013 CEST	443	49728	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:37.093255997 CEST	443	49730	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:37.093302011 CEST	443	49730	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:37.093349934 CEST	443	49730	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:37.093358994 CEST	49730	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:37.093383074 CEST	443	49730	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:37.093446970 CEST	443	49730	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:37.093502045 CEST	49730	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:37.094048977 CEST	49730	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:37.094063997 CEST	443	49730	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:37.262311935 CEST	49731	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:37.262361050 CEST	443	49731	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:37.262464046 CEST	49731	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:37.264739990 CEST	49731	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:37.264758110 CEST	443	49731	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:37.592763901 CEST	443	49731	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:37.593324900 CEST	49731	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:37.593346119 CEST	443	49731	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:37.593786001 CEST	443	49731	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:37.601365089 CEST	49731	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:37.601454020 CEST	443	49731	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:37.799966097 CEST	49731	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:47.586951017 CEST	443	49731	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:47.587024927 CEST	443	49731	142.250.217.196	192.168.2.5
Apr 26, 2024 17:56:47.587196112 CEST	49731	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:47.595508099 CEST	49703	443	192.168.2.5	23.1.237.91
Apr 26, 2024 17:56:47.825095892 CEST	443	49703	23.1.237.91	192.168.2.5
Apr 26, 2024 17:56:49.849858999 CEST	49731	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:56:49.849893093 CEST	443	49731	142.250.217.196	192.168.2.5
Apr 26, 2024 17:57:01.687714100 CEST	49732	443	192.168.2.5	40.127.169.103
Apr 26, 2024 17:57:01.687767029 CEST	443	49732	40.127.169.103	192.168.2.5
Apr 26, 2024 17:57:01.687829018 CEST	49732	443	192.168.2.5	40.127.169.103
Apr 26, 2024 17:57:01.688257933 CEST	49732	443	192.168.2.5	40.127.169.103
Apr 26, 2024 17:57:01.688272953 CEST	443	49732	40.127.169.103	192.168.2.5
Apr 26, 2024 17:57:02.380911112 CEST	443	49732	40.127.169.103	192.168.2.5
Apr 26, 2024 17:57:02.381077051 CEST	49732	443	192.168.2.5	40.127.169.103
Apr 26, 2024 17:57:03.416260004 CEST	49732	443	192.168.2.5	40.127.169.103
Apr 26, 2024 17:57:03.416332960 CEST	443	49732	40.127.169.103	192.168.2.5
Apr 26, 2024 17:57:03.416723013 CEST	443	49732	40.127.169.103	192.168.2.5
Apr 26, 2024 17:57:03.431206942 CEST	49732	443	192.168.2.5	40.127.169.103
Apr 26, 2024 17:57:03.472137928 CEST	443	49732	40.127.169.103	192.168.2.5
Apr 26, 2024 17:57:03.889408112 CEST	443	49732	40.127.169.103	192.168.2.5
Apr 26, 2024 17:57:03.889472008 CEST	443	49732	40.127.169.103	192.168.2.5
Apr 26, 2024 17:57:03.889517069 CEST	443	49732	40.127.169.103	192.168.2.5
Apr 26, 2024 17:57:03.889554977 CEST	49732	443	192.168.2.5	40.127.169.103
Apr 26, 2024 17:57:03.889585972 CEST	443	49732	40.127.169.103	192.168.2.5
Apr 26, 2024 17:57:03.889612913 CEST	49732	443	192.168.2.5	40.127.169.103
Apr 26, 2024 17:57:03.889632940 CEST	49732	443	192.168.2.5	40.127.169.103
Apr 26, 2024 17:57:03.889687061 CEST	443	49732	40.127.169.103	192.168.2.5
Apr 26, 2024 17:57:03.889765024 CEST	49732	443	192.168.2.5	40.127.169.103
Apr 26, 2024 17:57:03.889765978 CEST	443	49732	40.127.169.103	192.168.2.5
Apr 26, 2024 17:57:03.889825106 CEST	443	49732	40.127.169.103	192.168.2.5
Apr 26, 2024 17:57:03.889862061 CEST	49732	443	192.168.2.5	40.127.169.103
Apr 26, 2024 17:57:03.889874935 CEST	443	49732	40.127.169.103	192.168.2.5
Apr 26, 2024 17:57:03.889966965 CEST	443	49732	40.127.169.103	192.168.2.5
Apr 26, 2024 17:57:03.890033960 CEST	49732	443	192.168.2.5	40.127.169.103
Apr 26, 2024 17:57:04.445607901 CEST	49732	443	192.168.2.5	40.127.169.103
Apr 26, 2024 17:57:04.445633888 CEST	443	49732	40.127.169.103	192.168.2.5
Apr 26, 2024 17:57:37.307210922 CEST	49734	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:57:37.307244062 CEST	443	49734	142.250.217.196	192.168.2.5
Apr 26, 2024 17:57:37.307324886 CEST	49734	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:57:37.307545900 CEST	49734	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:57:37.307559967 CEST	443	49734	142.250.217.196	192.168.2.5
Apr 26, 2024 17:57:37.786403894 CEST	443	49734	142.250.217.196	192.168.2.5
Apr 26, 2024 17:57:37.786714077 CEST	49734	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:57:37.786736965 CEST	443	49734	142.250.217.196	192.168.2.5
Apr 26, 2024 17:57:37.787863016 CEST	443	49734	142.250.217.196	192.168.2.5
Apr 26, 2024 17:57:37.788239956 CEST	49734	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:57:37.788414955 CEST	443	49734	142.250.217.196	192.168.2.5
Apr 26, 2024 17:57:37.835036993 CEST	49734	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:57:47.775913000 CEST	443	49734	142.250.217.196	192.168.2.5
Apr 26, 2024 17:57:47.775983095 CEST	443	49734	142.250.217.196	192.168.2.5
Apr 26, 2024 17:57:47.776093006 CEST	49734	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:57:49.105421066 CEST	49734	443	192.168.2.5	142.250.217.196
Apr 26, 2024 17:57:49.105458975 CEST	443	49734	142.250.217.196	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 17:56:32.851680040 CEST	58075	53	192.168.2.5	1.1.1.1
Apr 26, 2024 17:56:32.851857901 CEST	50695	53	192.168.2.5	1.1.1.1
Apr 26, 2024 17:56:32.882714033 CEST	53	55025	1.1.1.1	192.168.2.5
Apr 26, 2024 17:56:32.896811962 CEST	53	50055	1.1.1.1	192.168.2.5
Apr 26, 2024 17:56:32.982954979 CEST	53	50695	1.1.1.1	192.168.2.5
Apr 26, 2024 17:56:32.986326933 CEST	53	58075	1.1.1.1	192.168.2.5
Apr 26, 2024 17:56:35.657360077 CEST	53	58383	1.1.1.1	192.168.2.5
Apr 26, 2024 17:56:53.266964912 CEST	53	61850	1.1.1.1	192.168.2.5
Apr 26, 2024 17:57:12.417279005 CEST	53	49396	1.1.1.1	192.168.2.5
Apr 26, 2024 17:57:32.497539997 CEST	53	57506	1.1.1.1	192.168.2.5
Apr 26, 2024 17:57:36.247711897 CEST	53	50690	1.1.1.1	192.168.2.5
Apr 26, 2024 17:58:03.897500038 CEST	53	60340	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 26, 2024 17:56:32.851680040 CEST	192.168.2.5	1.1.1.1	0x2683	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:56:32.851857901 CEST	192.168.2.5	1.1.1.1	0xbb52	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 26, 2024 17:56:32.982954979 CEST	1.1.1.1	192.168.2.5	0xbb52	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 26, 2024 17:56:32.986326933 CEST	1.1.1.1	192.168.2.5	0x2683	No error (0)	www.google.com		142.250.217.196	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

https:

p13n.adobe.io

fs.microsoft.com

armmf.adobe.com

slscr.update.microsoft.com

www.google.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49711	52.5.13.197	443	6524	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:56:09 UTC	1473	OUT	GET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1 Host: p13n.adobe.io Connection: keep-alive sec-ch-ua: "Chromium";v="105" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 x-adobe-uuid: 89d789c4-e7e5-4f75-95a4-57139ab6811f x-adobe-uuid-type: visitorId x-api-key: AdobeReader9 sec-ch-ua-platform: "Windows" Origin: https://rna-resource.acrobat.com Accept-Language: en-US,en;q=0.9 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://rna-resource.acrobat.com/ Accept-Encoding: gzip, deflate, br
2024-04-26 15:56:09 UTC	544	IN	HTTP/1.1 200 Server: openresty Date: Fri, 26 Apr 2024 15:56:09 GMT Content-Type: application/json;charset=UTF-8 Content-Length: 3120 Connection: close x-request-id: AtNGCKQlfrcpaT7hHFFayjy1DJHeRgI3 vary: accept-encoding Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Headers: Authorization,Content-Type,X-Api-Key,cache-control,User-Agent,If-None-Match,x-adobe-uuid,x-adobe-uuid-type, X-Request-Id Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: x-request-id
2024-04-26 15:56:09 UTC	3120	IN	Data Raw: 7b 22 73 75 72 66 61 63 65 73 22 3a 7b 22 44 43 5f 52 65 61 64 65 72 5f 52 48 50 5f 42 61 6e 6e 65 72 22 3a 7b 22 63 6f 6e 74 61 69 6e 65 72 73 22 3a 5b 7b 22 63 6f 6e 74 61 69 6e 65 72 49 64 22 3a 31 2c 22 63 6f 6e 74 61 69 6e 65 72 4c 61 62 65 6c 22 3a 22 4a 53 4f 4e 20 66 6f 72 20 52 65 61 64 65 72 20 44 43 20 52 48 50 20 42 61 6e 6e 65 72 22 2c 22 64 61 74 61 54 79 70 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 22 2c 22 64 61 74 61 22 3a 22 65 79 4a 6a 64 47 45 69 4f 6e 73 69 64 48 6c 77 5a 53 49 36 49 6d 4a 31 64 48 52 76 62 69 49 73 49 6e 52 6c 65 48 51 69 4f 69 4a 47 63 6d 56 6c 49 44 63 74 52 47 46 35 49 46 52 79 61 57 46 73 49 69 77 69 5a 32 39 66 64 58 4a 73 49 6a 6f 69 61 48 52 30 63 48 4d 36 4c 79 39 68 59 33 4a 76 59 6d 46 30 Data Ascii: {"surfaces":{"DC_Reader_RHP_Banner":{"containers":[{"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","dataType":"application/json","data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49712	23.204.76.112	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:56:10 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 15:56:10 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0758) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=54455 Date: Fri, 26 Apr 2024 15:56:10 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49713	23.204.76.112	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:56:11 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 15:56:11 UTC	530	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0DZ+oYgAAAABSxwJpMgMuSLkfS640ajfFQVRBRURHRTEyMTkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=54448 Date: Fri, 26 Apr 2024 15:56:11 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-26 15:56:11 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49714	104.94.108.142	443	6524	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:56:14 UTC	475	OUT	GET /onboarding/smskillreader.txt HTTP/1.1 Host: armmf.adobe.com Connection: keep-alive Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br If-None-Match: "78-5faa31cce96da" If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
2024-04-26 15:56:14 UTC	198	IN	HTTP/1.1 304 Not Modified Content-Type: text/plain; charset=UTF-8 Last-Modified: Mon, 01 May 2023 15:02:33 GMT ETag: "78-5faa31cce96da" Date: Fri, 26 Apr 2024 15:56:14 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49716	40.127.169.103	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:56:20 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZoSorZyHsZfhacS&MD=ehKoYMDM HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-26 15:56:20 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 4e4fb507-f74e-4779-bf78-511c0b4dcaf4 MS-RequestId: 2b121617-6f58-4d52-8b0f-6c1bd9682006 MS-CV: 0dEzrzuqK0udRW3Y.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 26 Apr 2024 15:56:19 GMT Connection: close Content-Length: 24490
2024-04-26 15:56:20 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-04-26 15:56:20 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49726	142.250.217.196	443	7060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:56:33 UTC	615	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 15:56:33 UTC	1703	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 15:56:33 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-P6JxlKDrwB3GxsU-sAARlg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-26 15:56:33 UTC	1703	IN	Data Raw: 62 30 30 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 69 6e 74 65 6c 20 65 61 72 6e 69 6e 67 73 20 72 65 70 6f 72 74 22 2c 22 61 6d 65 72 69 63 61 6e 20 68 6f 72 72 6f 72 20 73 74 6f 72 79 20 64 65 6c 69 63 61 74 65 20 65 6e 64 69 6e 67 22 2c 22 6b 6f 72 65 79 20 63 75 6e 6e 69 6e 67 68 61 6d 20 66 6f 6f 74 62 61 6c 6c 22 2c 22 6e 65 77 20 73 6d 79 72 6e 61 20 62 65 61 63 68 20 66 6c 6f 72 69 64 61 20 65 78 70 6c 6f 73 69 6f 6e 22 2c 22 6e 69 6e 74 65 6e 64 6f 20 67 61 72 72 79 20 6d 6f 64 22 2c 22 6e 61 73 61 20 6d 61 72 73 20 73 70 69 64 65 72 73 22 2c 22 77 65 61 74 68 65 72 20 73 74 6f 72 6d 73 20 74 6f 72 6e 61 64 6f 65 73 22 2c 22 6d 61 72 76 65 6c 20 64 65 61 64 70 6f 6f 6c 20 77 6f 6c 76 65 72 69 6e 65 20 74 72 61 69 6c 65 72 22 5d 2c 5b 22 22 2c 22 22 Data Ascii: b00)]}'["",["intel earnings report","american horror story delicate ending","korey cunningham football","new smyrna beach florida explosion","nintendo garry mod","nasa mars spiders","weather storms tornadoes","marvel deadpool wolverine trailer"],["",""
2024-04-26 15:56:33 UTC	1120	IN	Data Raw: 4a 75 4f 46 52 6a 59 31 4d 78 4d 6d 52 71 65 57 56 68 4c 33 64 42 57 6b 74 50 57 48 6c 70 4b 32 5a 35 5a 6a 4a 79 59 55 64 32 53 6b 31 6a 54 55 4e 35 62 47 35 61 52 55 31 31 53 32 34 34 5a 46 6b 30 4d 6a 4a 4e 61 57 78 4b 4c 31 42 6f 64 6c 6b 7a 61 58 64 6d 55 45 4a 43 4e 57 56 6d 4e 46 4e 68 56 48 56 71 57 48 4e 47 65 55 6b 30 4e 32 39 30 64 58 68 30 62 6d 4e 42 51 6a 63 30 55 45 6b 72 57 45 74 30 4e 31 59 31 4e 33 5a 57 54 47 78 69 62 53 39 31 53 6d 4a 78 59 6a 63 31 56 7a 4e 70 51 6a 5a 45 4d 45 68 7a 53 33 42 69 65 6c 4a 69 61 55 35 31 54 46 6f 76 61 6c 55 76 63 45 68 57 59 58 4a 68 5a 30 31 4e 62 6b 4a 35 4d 58 46 36 5a 56 5a 75 54 6d 6c 7a 64 46 64 31 4e 32 45 78 4e 47 64 6f 54 58 46 70 55 56 70 4c 54 57 39 59 55 48 5a 6e 59 32 68 55 5a 54 68 45 59 Data Ascii: JuOFRjY1MxMmRqeWVhL3dBWktPWHlpK2Z5ZjJyYUd2Sk1jTUN5bG5aRU11S244ZFk0MjJNaWxKL1BodlkzaXdmUEJCNWVmNFNhVHVqWHNGeUk0N290dXh0bmNBQjc0UEkrWEt0N1Y1N3ZWTGxibS91SmJxYjc1VzNpQjZEMEhzS3BielJiaU51TFovalUvcEhWYXJhZ01NbkJ5MXF6ZVZuTmlzdFd1N2ExNGdoTXFpUVpLTW9YUHZnY2hUZThEY
2024-04-26 15:56:33 UTC	220	IN	Data Raw: 64 36 0d 0a 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 73 75 62 74 79 70 65 73 22 3a 5b 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 45 4e 54 49 54 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 5d 7d 5d 0d 0a Data Ascii: d6],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","ENTITY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]
2024-04-26 15:56:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49725	142.250.217.196	443	7060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:56:33 UTC	353	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49724	142.250.217.196	443	7060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:56:35 UTC	518	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 15:56:35 UTC	1843	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGLOdr7EGIjC1h0q3DREyhmy_YAw0vygGIdysH54QUPssYDRJ6iQGtlYHiejdc8f2QxpTZzyH7CAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgwIs52vsQYQ1aXKzQISBGaBmNw Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Date: Fri, 26 Apr 2024 15:56:35 GMT Server: gws Content-Length: 458 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-04-26-15; expires=Sun, 26-May-2024 15:56:35 GMT; path=/; domain=.google.com; Secure; SameSite=none Set-Cookie: NID=513=ouALnGHnnfLDavtrb_cGNvCXYFHk69yc3pLtQG2BB_xweaxHTLWoOIUTNyElTD6UPAhAfsBsQfqfRc-suMqorqyAI0F_pxWWogcYn9VkWgoZH-SX_rufW74aFwmmhdsgJwDtv8XqSykY1z6n-lRihmb0Zsh6QgMH8yXrpqKcfFs; expires=Sat, 26-Oct-2024 15:56:35 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-26 15:56:35 UTC	458	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 25 33 46 68 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49727	142.250.217.196	443	7060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:56:35 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 15:56:35 UTC	1761	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGLOdr7EGIjDWW8B8LphlZmkxvApt-Z3ltbKD0-nZ8OpPWZFjlGIssID7BbJJDELbw2Dkechh6kQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgwIs52vsQYQ8rzwtAISBGaBmNw Content-Type: text/html; charset=UTF-8 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Date: Fri, 26 Apr 2024 15:56:35 GMT Server: gws Content-Length: 417 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-04-26-15; expires=Sun, 26-May-2024 15:56:35 GMT; path=/; domain=.google.com; Secure; SameSite=none Set-Cookie: NID=513=D1iCil_UU-ksPBJpNJUuncWUVpBZZKey3YqvX7u2O4RViIrNpemfhb7n8yJkxfPmMygVA0jHzWioNQUxRxdDtnwj0glQFkLbsYQ3pW5uEWplK1N-WBtwxA-SullpX-m4vGzr_PNXDpW-l7JLWFDIv5VY1cri1k-F4zacEWCEvDM; expires=Sat, 26-Oct-2024 15:56:35 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-26 15:56:35 UTC	417	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 26 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49728	142.250.217.196	443	7060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:56:36 UTC	738	OUT	GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGLOdr7EGIjDWW8B8LphlZmkxvApt-Z3ltbKD0-nZ8OpPWZFjlGIssID7BbJJDELbw2Dkechh6kQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2024-04-26-15; NID=513=D1iCil_UU-ksPBJpNJUuncWUVpBZZKey3YqvX7u2O4RViIrNpemfhb7n8yJkxfPmMygVA0jHzWioNQUxRxdDtnwj0glQFkLbsYQ3pW5uEWplK1N-WBtwxA-SullpX-m4vGzr_PNXDpW-l7JLWFDIv5VY1cri1k-F4zacEWCEvDM
2024-04-26 15:56:36 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Fri, 26 Apr 2024 15:56:36 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3114 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-26 15:56:36 UTC	899	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_promos</title></head
2024-04-26 15:56:36 UTC	1255	IN	Data Raw: 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 57 52 45 34 51 46 38 68 78 76 56 56 54 47 37 32 38 51 70 52 43 4b 4e 43 31 76 79 64 4e 63 51 62 39 Data Ascii: ack = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="WRE4QF8hxvVVTG728QpRCKNC1vydNcQb9
2024-04-26 15:56:36 UTC	960	IN	Data Raw: 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49 6e 20 74 68 65 20 6d 65 61 6e 74 69 6d 65 2c 20 73 6f 6c 76 69 6e Data Ascii: ogle automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly after those requests stop. In the meantime, solvin

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49730	142.250.217.196	443	7060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:56:36 UTC	920	OUT	GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGLOdr7EGIjC1h0q3DREyhmy_YAw0vygGIdysH54QUPssYDRJ6iQGtlYHiejdc8f2QxpTZzyH7CAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2024-04-26-15; NID=513=ouALnGHnnfLDavtrb_cGNvCXYFHk69yc3pLtQG2BB_xweaxHTLWoOIUTNyElTD6UPAhAfsBsQfqfRc-suMqorqyAI0F_pxWWogcYn9VkWgoZH-SX_rufW74aFwmmhdsgJwDtv8XqSykY1z6n-lRihmb0Zsh6QgMH8yXrpqKcfFs
2024-04-26 15:56:37 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Fri, 26 Apr 2024 15:56:36 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3186 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-26 15:56:37 UTC	899	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 3f 68 6c 3d 65 6e 2d 55 53 26 61 6d 70 3b 61 73 79 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_ogb?hl=en-US&asy
2024-04-26 15:56:37 UTC	1255	IN	Data Raw: 0a 3c 73 63 72 69 70 74 3e 76 61 72 20 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 67 63 4a 39 65 6c 42 73 4f Data Ascii: <script>var submitCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="gcJ9elBsO
2024-04-26 15:56:37 UTC	1032	IN	Data Raw: 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 22 3e 0a 54 68 69 73 20 70 61 67 65 20 61 70 70 65 61 72 73 20 77 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 Data Ascii: ; line-height:1.4em;">This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly aft

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49732	40.127.169.103	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:57:03 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZoSorZyHsZfhacS&MD=ehKoYMDM HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-26 15:57:03 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: 9ce2440d-01ec-4317-b865-5ff1501c477b MS-RequestId: f7eafe38-dba2-418d-be8f-321419d57e17 MS-CV: y8dwFroagkSJ99pY.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 26 Apr 2024 15:57:03 GMT Connection: close Content-Length: 25457
2024-04-26 15:57:03 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-04-26 15:57:03 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 5348, Parent PID: 1028

General

Target ID:	0
Start time:	17:56:00
Start date:	26/04/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Purchase Order_PO-1075094.pdf"
Imagebase:	0x7ff686a00000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 3304, Parent PID: 5348

General

Target ID:	2
Start time:	17:56:00
Start date:	26/04/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff6413e0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 6524, Parent PID: 3304

General

Target ID:	4
Start time:	17:56:01
Start date:	26/04/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1580,i,15323731237159000086,10191843191279349048,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff6413e0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6572, Parent PID: 4852

General

Target ID:	8
Start time:	17:56:31
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7060, Parent PID: 6572

General

Target ID:	9
Start time:	17:56:31
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1200 --field-trial-handle=2092,i,17862452954393239142,16234041336410296844,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems. Spearphishing with a link is a specific variant of spearphishing. It is different from other forms of spearphishing in that it employs the use of links to download malware contained in email, instead of attaching malicious files to the email itself, to avoid defenses that may inspect email attachments. Spearphishing may also involve social engineering techniques, such as posing as a trusted source.
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Google Workspace, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Purchase Order_PO-1075094.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\0a043f48-eb71-4873-873d-df40170e5673.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240426155606Z-184.bmp

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.2460

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Windows Analysis Report
Purchase Order_PO-1075094.pdf