Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ReInvest Capital .pdf

Overview

General Information

Sample name:ReInvest Capital .pdf
Analysis ID:1432391
MD5:fb82e75bc86557f800a9b6a6683cf6b1
SHA1:936a5f0e4eae6e87e68f4eda75d51e3be8bbe526
SHA256:8ae6974611a7ce7d03e22d5d6fc5e6840e1c19e4cfb8b7158ebb748e9ef389df
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found potential malicious PDF (bad image similarity)
Multi AV Scanner detection for submitted file
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Phishing site detected (based on OCR NLP Model)
Stores files to the Windows start menu directory
Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 7128 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\ReInvest Capital .pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 2520 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 5908 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1636,i,6048400525593136051,16366284519615366679,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • chrome.exe (PID: 8136 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://btweb.top" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6204 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1992,i,8589298334556741863,1996516174095378037,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: ReInvest Capital .pdfAvira: detected
Multi AV Scanner detection for submitted file
Source: ReInvest Capital .pdfReversingLabs: Detection: 41%
Source: Adobe Acrobat PDFML Model on OCR Text: Matched 80.3% probability on "OneDrive for Business A document has been sent to you with OneDrive, access the document by clicking the button below. Access Document OneDrive OneDrive for for Business "
Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49737 version: TLS 1.0
Source: unknownHTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.5:49738 version: TLS 1.2
Source: Joe Sandbox ViewIP Address: 23.47.168.24 23.47.168.24
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewJA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49737 version: TLS 1.0
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=o7Mc8GUSlbOUKpk&MD=xkXvzFLG HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=o7Mc8GUSlbOUKpk&MD=xkXvzFLG HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficDNS traffic detected: DNS query: btweb.top
Source: global trafficDNS traffic detected: DNS query: google.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownHTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A410900D492X-BM-CBT: 1696428841X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A410900D492X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticshX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 2484Connection: Keep-AliveCache-Control: no-cacheCookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1714170139007&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
Source: ReInvest Capital .pdfString found in binary or memory: https://btweb.top)
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownHTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.5:49738 version: TLS 1.2

System Summary

barindex
Found potential malicious PDF (bad image similarity)
Source: ReInvest Capital .pdfStatic PDF information: Image stream: 10
Source: ReInvest Capital .pdfStatic PDF information: Image stream: 11
Source: ReInvest Capital .pdfStatic PDF information: Image stream: 16
Source: classification engineClassification label: mal64.winPDF@45/48@23/5
Source: ReInvest Capital .pdfInitial sample: https://btweb.top
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-27 00-22-33-788.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: ReInvest Capital .pdfReversingLabs: Detection: 41%
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\ReInvest Capital .pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1636,i,6048400525593136051,16366284519615366679,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://btweb.top"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1992,i,8589298334556741863,1996516174095378037,262144 /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1636,i,6048400525593136051,16366284519615366679,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1992,i,8589298334556741863,1996516174095378037,262144 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Google Drive.lnk.8.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.8.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.8.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.8.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.8.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.8.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: ReInvest Capital .pdfInitial sample: PDF keyword /JS count = 0
Source: ReInvest Capital .pdfInitial sample: PDF keyword /JavaScript count = 0
Source: A91fh6ov0_a5jczy_13w.tmp.0.drInitial sample: PDF keyword /JS count = 0
Source: A91fh6ov0_a5jczy_13w.tmp.0.drInitial sample: PDF keyword /JavaScript count = 0
Source: ReInvest Capital .pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Spearphishing Link		Windows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
ReInvest Capital .pdf42%ReversingLabsDocument-PDF.Trojan.Heuristic
ReInvest Capital .pdf100%AviraTR/AVI.PhishingX.rdoxl

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://btweb.top)0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
google.com
142.250.80.46
truefalse
    		high
    www.google.com
    		142.250.80.36
    		truefalse
      		high
      btweb.top
      		unknown
      		unknownfalse
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        https://btweb.top)ReInvest Capital .pdffalse
        • Avira URL Cloud: safe
        		low

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        142.250.80.36
        		www.google.comUnited States
        		15169GOOGLEUSfalse
        23.47.168.24
        		unknownUnited States
        		16625AKAMAI-ASUSfalse
        239.255.255.250
        		unknownReserved
        		unknownunknownfalse

        Private

        IP
        192.168.2.16
        192.168.2.5

        General Information

        Joe Sandbox version:40.0.0 Tourmaline
        Analysis ID:1432391
        Start date and time:2024-04-27 00:21:44 +02:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 5m 36s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:defaultwindowspdfcookbook.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:13
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample name:ReInvest Capital .pdf
        Detection:MAL
        Classification:mal64.winPDF@45/48@23/5
        EGA Information:Failed
        HCA Information:
        • Successful, ratio: 100%
        • Number of executed functions: 0
        • Number of non-executed functions: 0
        Cookbook Comments:
        • Found application associated with file extension: .pdf
        • Found PDF document
        • Close Viewer

        Warnings

        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 69.192.108.223, 52.5.13.197, 23.22.254.206, 54.227.187.23, 52.202.204.11, 162.159.61.3, 172.64.41.3, 23.40.179.35, 23.40.179.19, 23.206.121.20, 72.21.81.240, 192.229.211.108, 142.250.81.227, 142.250.31.84, 142.250.80.78, 23.44.133.32, 23.44.133.36, 34.104.35.123, 142.251.40.170, 142.250.81.234, 142.250.80.42, 142.251.41.10, 142.250.176.202, 142.250.80.74, 142.251.32.106, 142.250.80.10, 142.250.64.74, 142.251.40.138, 142.251.40.106, 142.250.65.234, 142.250.64.106, 142.250.80.106, 142.250.72.106, 142.251.35.170, 142.250.80.67, 142.251.40.174
        • Excluded domains from analysis (whitelisted): clients1.google.com, e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, clientservices.googleapis.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, clients.l.google.com, geo2.adobe.com, optimizationguide-pa.googleapis.com
        • Not all processes where analyzed, report is missing behavior information
        • Report size getting too big, too many NtSetInformationFile calls found.
        • VT rate limit hit for: ReInvest Capital .pdf

        Simulations

        Behavior and APIs

        No simulations

        Joe Sandbox View / Context

        IPs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        23.47.168.24http://6.imimg.com/data6/Rfq/2024/3/404696953/HX/AW/IV/217882449/square-breathing-pdf.pdfGet hashmaliciousUnknownBrowse
          phish_alert_iocp_v1.4.48 (23).emlGet hashmaliciousHTMLPhisherBrowse
            https://app.nihaocloud.com/f/bf027d5695e84bac920c/Get hashmaliciousUnknownBrowse
              MDE_File_Sample_f29ce0d93859cca71356213c6e187a644debf0c9.zipGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                https://docvmentdrive.au1.cdn-alpha.com/wordplusnero/Payment.pdfGet hashmaliciousUnknownBrowse
                  qqeng.pdf.lnkGet hashmaliciousRHADAMANTHYSBrowse
                    D21 .pdf.exeGet hashmaliciousUnknownBrowse
                      D21 .pdf.exeGet hashmaliciousUnknownBrowse
                        PURCHASE ORDER.xlsGet hashmaliciousUnknownBrowse
                          J-JeremieKarg-78462.jsGet hashmaliciousUnknownBrowse
                            239.255.255.250https://qdorbb80j410g85n.azureedge.net/010au/Get hashmaliciousTechSupportScamBrowse
                              https://wvijwiyjap-xn----90at1dc-xn----p1ai.translate.goog/hdiw/zqteil/efdfdqgb?ZEdOcFFIUmtZMm91ZEdWNFlYTXVaMjkyOml5YXBpdndiY20=+&_x_tr_sch=http&_x_tr_sl=dosderma&_x_tr_tl=bempjhrlGet hashmaliciousUnknownBrowse
                                https://worker-curly-silence-18d1.pistisarte.workers.dev/Get hashmaliciousHTMLPhisherBrowse
                                  https://1st2844kxjperro04264.z31.web.core.windows.net/ErW0ind0SmW0Security04/index.htmlGet hashmaliciousTechSupportScamBrowse
                                    https://3rdkxalxjperror10427.z31.web.core.windows.net/ErW0ind0SmW0Security04/index.htmlGet hashmaliciousTechSupportScamBrowse
                                      https://palmettoanimalclinic.aweb.page/p/0ac693e3-6f85-4fd6-86d7-f770e6e73d32Get hashmaliciousUnknownBrowse
                                        Lab5-3.exeGet hashmaliciousChaos, Conti, LockBit ransomware, TrojanRansomBrowse
                                          http://www.superiorbillingsolutions.comGet hashmaliciousUnknownBrowse
                                            Document_a51_19i793302-14b09981a5569-3684u8.jsGet hashmaliciousLatrodectusBrowse
                                              https://rise.articulate.com/share/zO8B8EFq4bxdit8kVRcUzBOZMbkl1WSz#/lessons/2GyyR-D75sLlZcXDanN5dOaLxSSkgNvoGet hashmaliciousHTMLPhisherBrowse

                                                Domains

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                google.comhttps://qdorbb80j410g85n.azureedge.net/010au/Get hashmaliciousTechSupportScamBrowse
                                                • 142.250.176.196
                                                https://worker-curly-silence-18d1.pistisarte.workers.dev/Get hashmaliciousHTMLPhisherBrowse
                                                • 142.251.40.196
                                                https://1st2844kxjperro04264.z31.web.core.windows.net/ErW0ind0SmW0Security04/index.htmlGet hashmaliciousTechSupportScamBrowse
                                                • 142.250.80.100
                                                https://3rdkxalxjperror10427.z31.web.core.windows.net/ErW0ind0SmW0Security04/index.htmlGet hashmaliciousTechSupportScamBrowse
                                                • 142.250.80.68
                                                https://palmettoanimalclinic.aweb.page/p/0ac693e3-6f85-4fd6-86d7-f770e6e73d32Get hashmaliciousUnknownBrowse
                                                • 192.178.50.78
                                                Lab5-3.exeGet hashmaliciousChaos, Conti, LockBit ransomware, TrojanRansomBrowse
                                                • 142.250.217.228
                                                http://www.superiorbillingsolutions.comGet hashmaliciousUnknownBrowse
                                                • 142.250.217.228
                                                Document_a51_19i793302-14b09981a5569-3684u8.jsGet hashmaliciousLatrodectusBrowse
                                                • 142.250.217.228
                                                https://rise.articulate.com/share/zO8B8EFq4bxdit8kVRcUzBOZMbkl1WSz#/lessons/2GyyR-D75sLlZcXDanN5dOaLxSSkgNvoGet hashmaliciousHTMLPhisherBrowse
                                                • 142.250.64.206

                                                ASNs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                AKAMAI-ASUSfile.exeGet hashmaliciousVidarBrowse
                                                • 23.194.234.100
                                                https://gjyefv.degaris.com/Get hashmaliciousHTMLPhisherBrowse
                                                • 23.193.106.20
                                                file.exeGet hashmaliciousUnknownBrowse
                                                • 23.50.112.29
                                                file.exeGet hashmaliciousUnknownBrowse
                                                • 23.50.112.28
                                                factura - ztcpyqiqtfiewxjhesna.msiGet hashmaliciousUnknownBrowse
                                                • 23.44.94.139
                                                file.exeGet hashmaliciousVidarBrowse
                                                • 23.194.234.100
                                                RemotePCHost.exeGet hashmaliciousUnknownBrowse
                                                • 184.31.62.93
                                                https://autode.sk/4bb5BeVGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                • 23.214.187.157
                                                aios3.exeGet hashmaliciousUnknownBrowse
                                                • 184.31.60.185
                                                http://email.wantyourfeedback.com/ls/click?upn=u001.PD4nPnyJUo8oiEzSkSGLgaBNAMtLp9U5nstWElDmnpXtySPOXSs4GxXhEZNYegDWlOpy_1gt1aDjd5mPVItYgazWgABkVm-2FZUH6kt1lIvkdtkRWsfoyQV18ixDvOX-2B0tU4ZH6SMN7PC0YJjM3gcvFPvh6CbZuFXlOBXf3FWLiJkpKJ7Hjba3S4-2FzhpmkR8VdprfK8GO3qSu-2BzqpIaLLC-2Bva9kOn7HY5B7OIgz5EOl88o1lnRSRpayTzqRzTSFhtg2Bi-2BI4dAZ7qHRbJ3vb9lcrxBKqAk13I-2BCAvndhSK1Vi4ubCjlp2xQlrXIHfzqmLiSPjl7tEmTsLYr99h3esBOPv8ASLIpf873P512I7xYEOjogT1gQCerfZNqh6K2IdWU6lDJ2r3wpU6ug02vU9Zslw4DYpuNNZQNVtap5mqv9Xf8D1PYQxYI5BK4owXOV2wEXeRIjST24XAw6EO9D1tdiGoHDRaxW2QofayefCuiW9Z191aML90svJWojHiQp1Fq-2BXFLiyEx8V1eLa7dixfJ23RRWtHvg1jOrHp7lqvXRA7dobs-3DGet hashmaliciousHTMLPhisherBrowse
                                                • 23.59.235.214

                                                JA3 Fingerprints

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                1138de370e523e824bbca92d049a3777360total.dll.dllGet hashmaliciousLatrodectusBrowse
                                                • 23.1.237.91
                                                MSG.docxGet hashmaliciousUnknownBrowse
                                                • 23.1.237.91
                                                https://www.clktoro.com/feed/click/?t1=128&tid=859&uid=26&subid=remotescripps.org&id=62b00eca6d15ba41d06e054ec8234620:c5cc33c8f67a8e2157054b6a1a46513330d8d1b9ba254759e28d5e39682faf3a0c638282c2c64e9d5352d1ed667ebaaf8201abc8c47aea233add3225b515fb85693743b12c7509aae6fe6327275ef08dc3f481903563d1550be49405e93a390c41176fe292821b7d6098f34b28b9e7b3c1a327f168218dd37d959e1d8326a3dc7910042cd769fb91dfb171de393907f5870d1100482cb158754118b401727ac226cffc957846c78b0e9abcca8d32d5a6ad75dd1af64e7feee6f847ba1695ac8b9515c5fe28cc4005f0012c33f25f14967186986fa0130af2fc961a6ad412c9b4aa8c9bb8de73d1c785c14d432fe083fc1215c9564a8991d6fc9805ac127a42ffdfadf6dae0f2731324a242c43e3fceec3023a2155939fe1a27676e4a6a87cfc84b770a7bc9f80a549fd09cfb1ad645853bdfb1b7639d71e11035e1789b964e38c91352f7c5a319e5df29671022a79d04Get hashmaliciousUnknownBrowse
                                                • 23.1.237.91
                                                neo.msiGet hashmaliciousLatrodectusBrowse
                                                • 23.1.237.91
                                                https://unilever3.demdex.net/firstevent?d_event=click&d_bu=317196&c_medium=display&c_destination=Retailer&c_country=BD&c_campaignname=L-LifebuoyHandsanitizerLaunchComm&c_prodcat=CH1097&c_brandcode=BH0300&d_adgroup=All_KV&c_contenttype=display&c_source=Dhaka%20Tribune&d_rd=https://campaign-statistics.com/link_click/PidJvkyg2S_O4JTm/159dfdb0ade49a7c5597d3c1d9bd3d8aGet hashmaliciousUnknownBrowse
                                                • 23.1.237.91
                                                https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MTAxOTIyLCJtZXNzYWdlX2lkIjoiMGd4d3poYXc3czloeGZoZWNuNjNuYnFwIzg0YjRlN2VjLTdhZjUtNDU5Yi1hNTYxLWE1ZmVlMTE3NTllNiIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1NjM3OTIyLCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtbWVzc2FuZ2VyLnJkb2NtZ2xvYmFsLmNvbS9kb2NzL2luZGV4LnBocD9tYWlsPSUyMGphbWVzLmZheUBjb3VudHluYXRpb25hbGJhbmsuY29tJnBhdGhzPWFib3ZlJmxpbms9RmF4X091dGxvb2siLCJpbmRpdmlkdWFsX2lkIjoiNDA4YWI4OGRlY2JmNDFjMjRhYTZhMDRlOWU1OWMzZDAifQ.i-tkK1Lnys-MM487ot1MrSYQb6ExLgZNRQbgsH8B2K0Get hashmaliciousCaptcha PhishBrowse
                                                • 23.1.237.91
                                                Settlement DOL 08262024 - Victoria Brignon - Reference #27224675-2722934.htmlGet hashmaliciousHTMLPhisherBrowse
                                                • 23.1.237.91
                                                file.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, SectopRAT, Stealc, Vidar, zgRATBrowse
                                                • 23.1.237.91
                                                https://runrun.it/share/form/0GZMCgHSxRh4PBOMGet hashmaliciousHTMLPhisherBrowse
                                                • 23.1.237.91
                                                InmateExport.exeGet hashmaliciousUnknownBrowse
                                                • 23.1.237.91
                                                28a2c9bd18a11de089ef85a160da29e4https://qdorbb80j410g85n.azureedge.net/010au/Get hashmaliciousTechSupportScamBrowse
                                                • 13.85.23.86
                                                • 23.51.58.94
                                                https://wvijwiyjap-xn----90at1dc-xn----p1ai.translate.goog/hdiw/zqteil/efdfdqgb?ZEdOcFFIUmtZMm91ZEdWNFlYTXVaMjkyOml5YXBpdndiY20=+&_x_tr_sch=http&_x_tr_sl=dosderma&_x_tr_tl=bempjhrlGet hashmaliciousUnknownBrowse
                                                • 13.85.23.86
                                                • 23.51.58.94
                                                https://worker-curly-silence-18d1.pistisarte.workers.dev/Get hashmaliciousHTMLPhisherBrowse
                                                • 13.85.23.86
                                                • 23.51.58.94
                                                https://1st2844kxjperro04264.z31.web.core.windows.net/ErW0ind0SmW0Security04/index.htmlGet hashmaliciousTechSupportScamBrowse
                                                • 13.85.23.86
                                                • 23.51.58.94
                                                https://3rdkxalxjperror10427.z31.web.core.windows.net/ErW0ind0SmW0Security04/index.htmlGet hashmaliciousTechSupportScamBrowse
                                                • 13.85.23.86
                                                • 23.51.58.94
                                                https://palmettoanimalclinic.aweb.page/p/0ac693e3-6f85-4fd6-86d7-f770e6e73d32Get hashmaliciousUnknownBrowse
                                                • 13.85.23.86
                                                • 23.51.58.94
                                                Lab5-3.exeGet hashmaliciousChaos, Conti, LockBit ransomware, TrojanRansomBrowse
                                                • 13.85.23.86
                                                • 23.51.58.94
                                                http://www.superiorbillingsolutions.comGet hashmaliciousUnknownBrowse
                                                • 13.85.23.86
                                                • 23.51.58.94
                                                Document_a51_19i793302-14b09981a5569-3684u8.jsGet hashmaliciousLatrodectusBrowse
                                                • 13.85.23.86
                                                • 23.51.58.94
                                                https://rise.articulate.com/share/zO8B8EFq4bxdit8kVRcUzBOZMbkl1WSz#/lessons/2GyyR-D75sLlZcXDanN5dOaLxSSkgNvoGet hashmaliciousHTMLPhisherBrowse
                                                • 13.85.23.86
                                                • 23.51.58.94

                                                Dropped Files

                                                No context

                                                Created / dropped Files

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):291
                                                Entropy (8bit):5.149216021009419
                                                Encrypted:false
                                                SSDEEP:6:5Xap09+q2P92nKuAl9OmbnIFUt86XapN5BZmw+6XapN5VVkwO92nKuAl9OmbjLJ:5IS+v4HAahFUt86IN5B/+6IN5VV5LHAR
                                                MD5:6B0D5C93DB92EC2ABE316E95EB223E48
                                                SHA1:A693EDCC1B8A2EDACAEFBCF31186EA6EDDEDBBCC
                                                SHA-256:0CDA83C17637863FBD734B1C4C0353377DB69B4293CDE5E8520133AEB4C224D8
                                                SHA-512:05526E017AEFAF9E67F48C64F7E38AE2D20A902E9340570A638B77F8314067F532E14398DB5795E6C2D5B7891A3974284EBC3549F726468FFB1AC609D9C7DBA2
                                                Malicious:false
                                                Reputation:low
                                                Preview:2024/04/27-00:22:30.809 f7c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/27-00:22:30.811 f7c Recovering log #3.2024/04/27-00:22:30.811 f7c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):291
                                                Entropy (8bit):5.149216021009419
                                                Encrypted:false
                                                SSDEEP:6:5Xap09+q2P92nKuAl9OmbnIFUt86XapN5BZmw+6XapN5VVkwO92nKuAl9OmbjLJ:5IS+v4HAahFUt86IN5B/+6IN5VV5LHAR
                                                MD5:6B0D5C93DB92EC2ABE316E95EB223E48
                                                SHA1:A693EDCC1B8A2EDACAEFBCF31186EA6EDDEDBBCC
                                                SHA-256:0CDA83C17637863FBD734B1C4C0353377DB69B4293CDE5E8520133AEB4C224D8
                                                SHA-512:05526E017AEFAF9E67F48C64F7E38AE2D20A902E9340570A638B77F8314067F532E14398DB5795E6C2D5B7891A3974284EBC3549F726468FFB1AC609D9C7DBA2
                                                Malicious:false
                                                Reputation:low
                                                Preview:2024/04/27-00:22:30.809 f7c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/27-00:22:30.811 f7c Recovering log #3.2024/04/27-00:22:30.811 f7c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):338
                                                Entropy (8bit):5.197975848195973
                                                Encrypted:false
                                                SSDEEP:6:5XaQuN+q2P92nKuAl9Ombzo2jMGIFUt86XaS2Zmw+6XaSyVkwO92nKuAl9Ombzos:5wIv4HAa8uFUt8672/+67K5LHAa8RJ
                                                MD5:88C36372029A3DEF971BD307B9D5DAE1
                                                SHA1:E6FA9C28D1536AC62551F7688389A3D8832853FD
                                                SHA-256:FB87C4A71F52F01D311ED02947DC39405A01B33C49B8F3C6379B01CF5DDB7793
                                                SHA-512:541F11F122B62D641C241C1991DD2CF7DFDA02C2869A1FD3C459C6118F4D89CC2C999E583D93461542A8E219A5E911D87A37C15680E9B70E11BC3B9FB9D61AA3
                                                Malicious:false
                                                Reputation:low
                                                Preview:2024/04/27-00:22:30.944 1578 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/27-00:22:30.946 1578 Recovering log #3.2024/04/27-00:22:30.946 1578 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):338
                                                Entropy (8bit):5.197975848195973
                                                Encrypted:false
                                                SSDEEP:6:5XaQuN+q2P92nKuAl9Ombzo2jMGIFUt86XaS2Zmw+6XaSyVkwO92nKuAl9Ombzos:5wIv4HAa8uFUt8672/+67K5LHAa8RJ
                                                MD5:88C36372029A3DEF971BD307B9D5DAE1
                                                SHA1:E6FA9C28D1536AC62551F7688389A3D8832853FD
                                                SHA-256:FB87C4A71F52F01D311ED02947DC39405A01B33C49B8F3C6379B01CF5DDB7793
                                                SHA-512:541F11F122B62D641C241C1991DD2CF7DFDA02C2869A1FD3C459C6118F4D89CC2C999E583D93461542A8E219A5E911D87A37C15680E9B70E11BC3B9FB9D61AA3
                                                Malicious:false
                                                Reputation:low
                                                Preview:2024/04/27-00:22:30.944 1578 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/27-00:22:30.946 1578 Recovering log #3.2024/04/27-00:22:30.946 1578 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\62a7fbb7-19da-43f1-8cc7-7ff90d965ff8.tmp

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):507
                                                Entropy (8bit):5.05878949156416
                                                Encrypted:false
                                                SSDEEP:12:YH/um3RA8sqZQbUsBdOg2H6Zcaq3QYiubxnP7E4T3OF+:Y2sRdsr9dMH6g3QYhbxP7nbI+
                                                MD5:866D1027DC4D247C3026B13CF71CAA18
                                                SHA1:C07CFA0FB4FABA404A54BF4A94C9A3232713B601
                                                SHA-256:A5C5696BF46EAEFF753C1D8F3E24856703C40A8A147A673BD990663B78C36019
                                                SHA-512:3CEC01E59CBBDBD489C55DC19D912F80ACCF8F228AD98FF0DC7D4EA98353C1CCE63C424C9A79669AE64781A3BF21E019A8448772750DA945EB7F1A59D248BA63
                                                Malicious:false
                                                Reputation:low
                                                Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358730162705048","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":90153},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):507
                                                Entropy (8bit):5.05878949156416
                                                Encrypted:false
                                                SSDEEP:12:YH/um3RA8sqZQbUsBdOg2H6Zcaq3QYiubxnP7E4T3OF+:Y2sRdsr9dMH6g3QYhbxP7nbI+
                                                MD5:866D1027DC4D247C3026B13CF71CAA18
                                                SHA1:C07CFA0FB4FABA404A54BF4A94C9A3232713B601
                                                SHA-256:A5C5696BF46EAEFF753C1D8F3E24856703C40A8A147A673BD990663B78C36019
                                                SHA-512:3CEC01E59CBBDBD489C55DC19D912F80ACCF8F228AD98FF0DC7D4EA98353C1CCE63C424C9A79669AE64781A3BF21E019A8448772750DA945EB7F1A59D248BA63
                                                Malicious:false
                                                Reputation:low
                                                Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358730162705048","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":90153},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):4509
                                                Entropy (8bit):5.238180647859435
                                                Encrypted:false
                                                SSDEEP:96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUmHXWaM67WaZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLX
                                                MD5:168664EB0667995750BD4D46F5CF7233
                                                SHA1:EACE8FBD06B250961D29E7EFE70F3A69B35D3D0B
                                                SHA-256:3BC4E7F6A0272F459CBFC29EA761984F11B25941D7083B54574BD2968CD4A955
                                                SHA-512:5419E2775C36173B5A04E3CE22E5B73AC1F7777FC61B07EB2CF8A97EB886EBDE517DA8B2C397A05C1261B55A8692311AD9E8EEA162860F954BB1D200EBDA2F1C
                                                Malicious:false
                                                Reputation:low
                                                Preview:*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):326
                                                Entropy (8bit):5.196781840757621
                                                Encrypted:false
                                                SSDEEP:6:5XYMH3+q2P92nKuAl9OmbzNMxIFUt86XYMNZmw+6XYMpKNVkwO92nKuAl9OmbzNq:5IMHOv4HAa8jFUt86IMN/+6IMpKz5LHP
                                                MD5:C93D889FAEF05BC6BEF42EB352FA8EAC
                                                SHA1:3ED81E11AC9DDDCE9101446B578424928F0E02C9
                                                SHA-256:C970119790FEAFF6AB9FFBA38EB1A9FC29228F007EA9D8876C2183A3B5B0C80F
                                                SHA-512:FBFA7DA3FF03635B26D9F6F5C14D8CC819DBF70BD06C6F5B7204A743F2906DD7159DFF3C341ECF9368D63C38F79689194BA10ADDA632131F02A70DFAC070F9C7
                                                Malicious:false
                                                Reputation:low
                                                Preview:2024/04/27-00:22:32.945 1578 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/27-00:22:32.947 1578 Recovering log #3.2024/04/27-00:22:32.948 1578 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):326
                                                Entropy (8bit):5.196781840757621
                                                Encrypted:false
                                                SSDEEP:6:5XYMH3+q2P92nKuAl9OmbzNMxIFUt86XYMNZmw+6XYMpKNVkwO92nKuAl9OmbzNq:5IMHOv4HAa8jFUt86IMN/+6IMpKz5LHP
                                                MD5:C93D889FAEF05BC6BEF42EB352FA8EAC
                                                SHA1:3ED81E11AC9DDDCE9101446B578424928F0E02C9
                                                SHA-256:C970119790FEAFF6AB9FFBA38EB1A9FC29228F007EA9D8876C2183A3B5B0C80F
                                                SHA-512:FBFA7DA3FF03635B26D9F6F5C14D8CC819DBF70BD06C6F5B7204A743F2906DD7159DFF3C341ECF9368D63C38F79689194BA10ADDA632131F02A70DFAC070F9C7
                                                Malicious:false
                                                Reputation:low
                                                Preview:2024/04/27-00:22:32.945 1578 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/27-00:22:32.947 1578 Recovering log #3.2024/04/27-00:22:32.948 1578 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240426222235Z-173.bmp

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:PC bitmap, Windows 3.x format, 152 x -152 x 32, cbSize 92470, bits offset 54
                                                Category:dropped
                                                Size (bytes):92470
                                                Entropy (8bit):2.7265653582021634
                                                Encrypted:false
                                                SSDEEP:192:E52kCwRS+C0IwutbGpdFmABY2AHPe18bWJ7l9fhGdVj77taN89:EMZwRS+C+uIpdFm/PHPjbAlRhwNtae
                                                MD5:4FF8C9650186AC77D3BF46BCAE9AD622
                                                SHA1:72E7D20141BB02C44960DA7F468969758ED99184
                                                SHA-256:0AEA7A2765CD7E714D43E814BB4511AE64BC4181A7FB5D3D3181C47385D000CD
                                                SHA-512:D56172DE497B6C2FC3D571852EEDDC415F7C576298921EF9D159BFD6DBB686BB426A0C66E21273F027C781DBEFA197109C2F412CF052E8F30755B8FA5941D300
                                                Malicious:false
                                                Preview:BM6i......6...(.......h..... ..........................P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P"..P

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.1436

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:PostScript document text
                                                Category:dropped
                                                Size (bytes):185099
                                                Entropy (8bit):5.182478651346149
                                                Encrypted:false
                                                SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                                                MD5:94185C5850C26B3C6FC24ABC385CDA58
                                                SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                                                SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                                                SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                                                Malicious:false
                                                Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:PostScript document text
                                                Category:dropped
                                                Size (bytes):185099
                                                Entropy (8bit):5.182478651346149
                                                Encrypted:false
                                                SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                                                MD5:94185C5850C26B3C6FC24ABC385CDA58
                                                SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                                                SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                                                SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                                                Malicious:false
                                                Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):228346
                                                Entropy (8bit):3.3890581331110528
                                                Encrypted:false
                                                SSDEEP:1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgf/rRoL+sn:DPCaJ/3AYvYwgXFoL+sn
                                                MD5:BAE090D23B1C0D4F6DC247F0080D349E
                                                SHA1:8A7AAD52A54F9A3CCEF3CE323F6BBD5B2B530461
                                                SHA-256:D7D3096317CF32DBEDF75D85390FE89A96170D44C09B2F6D164036064F506AE3
                                                SHA-512:208136EBA10544EA5EADA1C32EADFD8066047A9D851FF95BADF9938D40AFA1771003C2725DB8C78991E700C73FA2FC3C9F3CC3712B3332E4CF6F8DDE0E539130
                                                Malicious:false
                                                Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):295
                                                Entropy (8bit):5.334356168588472
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXFY8Pc7Zzx+FIbRI6XVW7+0Yum8NqoAvJM3g98kUwPeUkwRe9:YvXKXFYuc7ZzUYpW7/ZGMbLUkee9
                                                MD5:DEEEFDDAFA8ACE47B2FE921B568FB1C0
                                                SHA1:950454DCC675A7655113445483CDB8C4CA4411AB
                                                SHA-256:2418A1BD2D4BBB679F25C6AE00681F438924015C60A85A804548C05F437D532F
                                                SHA-512:291CF0C3DCA223E12932FB08648449C0287C6314E88CED88364D408EA733E4FFC3070EFC533241DC64AE39CE868FF6246381AAC4FC5038981FCCD839EF35DD3A
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"2fa42937-bccd-4e21-886c-3b980d3303c8","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714347022948,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):294
                                                Entropy (8bit):5.273706338765527
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXFY8Pc7Zzx+FIbRI6XVW7+0Yum8NqoAvJfBoTfXpnrPeUkwRe9:YvXKXFYuc7ZzUYpW7/ZGWTfXcUkee9
                                                MD5:DF9F73F69C073F53EC8E551962EA952F
                                                SHA1:8372E1E251CD24140196A56A41A539AB29202CAB
                                                SHA-256:479B09F603552E361C6196ACB59029F7D05216FE6F1552912A488459FA9B94D1
                                                SHA-512:00A309E09582DC5A5345F811367893E519350DDF29FF70F950C1569ADAFEBBD34AF292352CCB8B1E7731E82EC8161D8AD8EC86BFDA90C9409F489C5F81015429
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"2fa42937-bccd-4e21-886c-3b980d3303c8","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714347022948,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):294
                                                Entropy (8bit):5.2511785879691555
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXFY8Pc7Zzx+FIbRI6XVW7+0Yum8NqoAvJfBD2G6UpnrPeUkwRe9:YvXKXFYuc7ZzUYpW7/ZGR22cUkee9
                                                MD5:956566294C31C53FE509C5D3453E3C58
                                                SHA1:B2575C4FCEADD9EFD9104A832EF6281C07807C7B
                                                SHA-256:C6A9BEDF16FD2588CB0FFEFD2EAF16A63439C442BBE1B062689EF890E923199C
                                                SHA-512:E2D78E6E0049D93247B1F9E3EE7B19F2CDCECE71C67AFF7ECB367FEE012B568FBB73C3C433A232B0A3CFEAA4480FDBE3C4633EE1E5AD79E698609D89E53176B4
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"2fa42937-bccd-4e21-886c-3b980d3303c8","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714347022948,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):285
                                                Entropy (8bit):5.31223124912912
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXFY8Pc7Zzx+FIbRI6XVW7+0Yum8NqoAvJfPmwrPeUkwRe9:YvXKXFYuc7ZzUYpW7/ZGH56Ukee9
                                                MD5:9B4D6C36DEB249B3A35BF984C4DFCFD4
                                                SHA1:83CF95526062C6C4D3DB56594882172E9A42B658
                                                SHA-256:75882280C9628ADFEFF2E5E5EA62FAE4DB36B8F0A1A612ED038E3D101632FF83
                                                SHA-512:0869C77CB8A00C3B3980C081D4856C338EACAA13B6825DE4D29E44FC29C0A734EFF4F1BAC87CFA5CDE660FB80DDAFFA93A852062F1A562CF893C8F5A48019C6E
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"2fa42937-bccd-4e21-886c-3b980d3303c8","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714347022948,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):292
                                                Entropy (8bit):5.2727515474546
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXFY8Pc7Zzx+FIbRI6XVW7+0Yum8NqoAvJfJWCtMdPeUkwRe9:YvXKXFYuc7ZzUYpW7/ZGBS8Ukee9
                                                MD5:E6ECDAE16651AA04F322E237CEA6749C
                                                SHA1:EDDE98FC62EB401316512F366825346B2F05602C
                                                SHA-256:645FCF8F9D26CCFC74FF2EBEC04AB893AF61E513171001759CF5D569CE8723E4
                                                SHA-512:020DC8C3129D5EABCD97B3C8871563A5AF3DD3D74803680BDAB1CC748AB8BD8482668C1AB69C0A1569D3AA6B145F998896988D154FB383BB5E668EAA3CF7705F
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"2fa42937-bccd-4e21-886c-3b980d3303c8","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714347022948,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):289
                                                Entropy (8bit):5.257410236428719
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXFY8Pc7Zzx+FIbRI6XVW7+0Yum8NqoAvJf8dPeUkwRe9:YvXKXFYuc7ZzUYpW7/ZGU8Ukee9
                                                MD5:8398E2F2E91AB61B20A9566E18283C06
                                                SHA1:164E2348A25ADA39AA1AB8EC0FD7EB3D5F5AF1F1
                                                SHA-256:A6C677CCCC769ED536D9B218F44AA156B5273F067B96C06EC42B9A79E63F6BBC
                                                SHA-512:6B6F6E645B1796C8DB2499D13201A4ED1973BB7F1571C290B868DCF34B3310DC4D6CAEEF6E96FAAA13A087A39CC7A1F519884EF375F78C6B5136096CC3C75E99
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"2fa42937-bccd-4e21-886c-3b980d3303c8","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714347022948,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):292
                                                Entropy (8bit):5.258803003924655
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXFY8Pc7Zzx+FIbRI6XVW7+0Yum8NqoAvJfQ1rPeUkwRe9:YvXKXFYuc7ZzUYpW7/ZGY16Ukee9
                                                MD5:CBDF31FE33BB9CFA8C66D3A86840E85B
                                                SHA1:5D50BBB0BE3976480D8D9DF41F0C9D32490BFD57
                                                SHA-256:C16FAD212DC499E711769799E77D4D1DD43510030A8479760DFEFF234D728AF7
                                                SHA-512:DDE0FE60E64517CD091BD0021F4FD8B6BB68874B4AEC9644743FEAC2D1D0A358DAF2E9A9C471583EBAF4B7214F117F7FA8EAD8191617569C8076F5765332EE40
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"2fa42937-bccd-4e21-886c-3b980d3303c8","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714347022948,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):289
                                                Entropy (8bit):5.278798228042348
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXFY8Pc7Zzx+FIbRI6XVW7+0Yum8NqoAvJfFldPeUkwRe9:YvXKXFYuc7ZzUYpW7/ZGz8Ukee9
                                                MD5:1907D504C4E07B76D682349D70B566EC
                                                SHA1:4DE36E78DD9F144C8010B26C522AE279D166121F
                                                SHA-256:83F7368236453BD288F441C86A8E78B64E169F5500EC8381C4E8BDCD14C2032F
                                                SHA-512:AE1FD4FC1BAD0542C2884A111963B207A8ED2A443B20655D6746072930C5FB6DC3A8BE3354FA6466D3900FFA7B794984A29482FAA3A1D74DADC3D769D7AC10A5
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"2fa42937-bccd-4e21-886c-3b980d3303c8","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714347022948,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):1372
                                                Entropy (8bit):5.737218214636835
                                                Encrypted:false
                                                SSDEEP:24:Yv6XausBi/FKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNL:Yvzu5NEgigrNt0wSJn+ns8cvFJR
                                                MD5:94D0CA37B91547FDB5CC25A62A727D75
                                                SHA1:BBD2AC7D8FA1D19AAD072C52A8D843EDB2ED60E0
                                                SHA-256:FF6F8EC746D0DE60A84AAC0727A484DA82A264F9DA15F874BB1211C293327C47
                                                SHA-512:A9CDD7943B9FF779C7D532529F2E48E5991A12FF5D93313EB42ED2A93FC681AFA308C6840E408A33D97E2DCA3B63FCBFD55A5C3FE80B08271920868CEE9A4A8B
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"2fa42937-bccd-4e21-886c-3b980d3303c8","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714347022948,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):289
                                                Entropy (8bit):5.2665471602265805
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXFY8Pc7Zzx+FIbRI6XVW7+0Yum8NqoAvJfYdPeUkwRe9:YvXKXFYuc7ZzUYpW7/ZGg8Ukee9
                                                MD5:58DA08642E6F537E14B7C30F8D705780
                                                SHA1:38C1871394B89A86A83573B82DE3EB66FF943447
                                                SHA-256:40DD51AC363FE79A3AC960CBD252844003F3B06A349FD03FF6538CA13C5AF494
                                                SHA-512:79BA6B84E62AAD9431DEA16A2D2A97F5928BE3AA1648A4938D3378AC1E596FEC7C285141413C3AEE837B4B28155B0BBD57847986B993ACACBC522532E3A226D6
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"2fa42937-bccd-4e21-886c-3b980d3303c8","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714347022948,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):1395
                                                Entropy (8bit):5.772852032548889
                                                Encrypted:false
                                                SSDEEP:24:Yv6XausBi/4rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNz:Yvzu5QHgDv3W2aYQfgB5OUupHrQ9FJN
                                                MD5:D2AB93F63C07F04E8348A7BA6ECAAF5D
                                                SHA1:E6A22206DDCBC698941F7A63040A5838B2C66270
                                                SHA-256:884501328DDC69B1CC4BB0BE9C18F8A2CCEF28E37C1FA1A8A6916FA852BC97E0
                                                SHA-512:4CF3D164AD84BC9EB9CA09D88CA2DD580193B017E394D72A78D7D0717A326F4FE18CA9FC6DA7FBA7310E931B0EE0EA14A9A7F8D15ADC4F27F41029D1D1FA3913
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"2fa42937-bccd-4e21-886c-3b980d3303c8","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714347022948,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):291
                                                Entropy (8bit):5.250324174325004
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXFY8Pc7Zzx+FIbRI6XVW7+0Yum8NqoAvJfbPtdPeUkwRe9:YvXKXFYuc7ZzUYpW7/ZGDV8Ukee9
                                                MD5:E9F735D3AF17E49A8DCE9712DFC1BFA2
                                                SHA1:0BE6CACE3075007EB0CB05C6431ED55D3F9031B1
                                                SHA-256:6285EB88B9EEEBFDA6925987AF68B960DF089A7B11C0CC9D3F477862182606E9
                                                SHA-512:62B1B6643FBD63CECB9A4BC3249A9B4A9196B39F33FF98E18DC087963DBAE0FEE81621D7833A2411717CF80C77C009814E9381DC25B304C151D287897B67DF26
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"2fa42937-bccd-4e21-886c-3b980d3303c8","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714347022948,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):287
                                                Entropy (8bit):5.25121997573805
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXFY8Pc7Zzx+FIbRI6XVW7+0Yum8NqoAvJf21rPeUkwRe9:YvXKXFYuc7ZzUYpW7/ZG+16Ukee9
                                                MD5:7A2048303018B80A39F94F6E51ACFFFA
                                                SHA1:2393D340DFC247665DF8E163963E10E6DD16D4EC
                                                SHA-256:B567FEB21000096C215DCDD2743A7EE05E16B7C5AC86B8E531DD5A81CBFE29FF
                                                SHA-512:FCF4B1E72F40F738577D0BD9A393E2B8401F872CD35F653EFD68D35A6ED40B3AC4243BF4C45604C99F7CDECDE268DFB65840DE6D76C0E14EC61C3A18EF4AAD47
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"2fa42937-bccd-4e21-886c-3b980d3303c8","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714347022948,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):289
                                                Entropy (8bit):5.273088470910507
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXFY8Pc7Zzx+FIbRI6XVW7+0Yum8NqoAvJfbpatdPeUkwRe9:YvXKXFYuc7ZzUYpW7/ZGVat8Ukee9
                                                MD5:6747CB6C7915C950A925E483FD07B8F0
                                                SHA1:932974A1EEC368F4E88E6C38B57BF203405082DB
                                                SHA-256:98955C55E985A17E6427B221866BEAF0E35F48071D3242CD58048FEB934ED2F2
                                                SHA-512:AB4A766A6ADB7F6E739A3E6DE742292BF50E3B38E5910DB0F8498E459C386018AD2C647407B3D9CBA1BD2CB1C18A16EE8487AD83759C988468094568F99B12E2
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"2fa42937-bccd-4e21-886c-3b980d3303c8","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714347022948,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):286
                                                Entropy (8bit):5.225734892284688
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXFY8Pc7Zzx+FIbRI6XVW7+0Yum8NqoAvJfshHHrPeUkwRe9:YvXKXFYuc7ZzUYpW7/ZGUUUkee9
                                                MD5:58F99A586203248394A05545E7850317
                                                SHA1:A3A19438279308C26E8B9AA13F85FC7BF0A6520F
                                                SHA-256:D9987E9EA010F759A3793E5B30D217EDC0744F882B2E4F4F0704D384A602FDBE
                                                SHA-512:0B6E866861F3A8C24A53BA98CB7228805472E7C7AC378D7090B0D4F9E9FFC244CC614A1688966C24CB3A2A9484E627B5F2617708DDF6A070FE9CC840527EFB94
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"2fa42937-bccd-4e21-886c-3b980d3303c8","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714347022948,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):782
                                                Entropy (8bit):5.35988110888098
                                                Encrypted:false
                                                SSDEEP:12:YvXKXFYuc7ZzUYpW7/ZGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWX:Yv6XausBi/1168CgEXX5kcIfANhq
                                                MD5:F63AB33FB959BD6568AF465F4DFE255D
                                                SHA1:77F682920C4FCCB0BFF1720DCBE53B49CB183995
                                                SHA-256:FB6F3EB55E26AED1DCD39214B78CBFB15E4889CC2D05BD1EA1762A20E411D033
                                                SHA-512:F815C43B367EA8B3E56FB580E3F1612ACA1A1A8607C85BA99673152996B0E4F9A7C9556521BBEF2889B53C75B289F41D53B643B6B1704D9C7DB59660CC606580
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"2fa42937-bccd-4e21-886c-3b980d3303c8","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714347022948,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1714170157981}}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):4
                                                Entropy (8bit):0.8112781244591328
                                                Encrypted:false
                                                SSDEEP:3:e:e
                                                MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                Malicious:false
                                                Preview:....

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):2814
                                                Entropy (8bit):5.120751497654895
                                                Encrypted:false
                                                SSDEEP:24:YbKoCtT6JcCAgRsXaNayn/G5b4yQ8G234Njsqj0SXYE72zgI2LSxgRqBM05i9RBL:YzGTMxAKLuKp23mfsSogIrgMM0k9R39
                                                MD5:17CD50F80779006EDC5C608AADD46AB9
                                                SHA1:104B381DA8DBECBEEA7F6C987258B6884ECB85E1
                                                SHA-256:3C45166E5CC71FD954105632A45186186A577164755AFA4CF1F98F13A88AE7EE
                                                SHA-512:F97CACD589EEDB02CFDF9CE3C7A83200B1B4A49794F4746103A1784DAD8FFB53F09EB70DF2F131DED6731F68DBA9C09D6A6ACBEBA45CB1A638DCBE093F78A772
                                                Malicious:false
                                                Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"aab7aaf9fb1552d9aca47ec1c081648f","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1714170157000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"f12dd0fae77d81c785070252ded956b6","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1714170157000},{"id":"Edit_InApp_Aug2020","info":{"dg":"5c5cfb62ef73352a201e0f72c04bcd14","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1714170157000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"ef3b9c1197e913f229a24d3852b1d5ef","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1714170157000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"58ae824b90488b8cc5763fb5fd2e0feb","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1714170157000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"3b7f1dbde3470237914280f74c6cc80b","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1714170157000},

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                                                Category:dropped
                                                Size (bytes):12288
                                                Entropy (8bit):0.9845716907603422
                                                Encrypted:false
                                                SSDEEP:24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/Sps4zJwtNBwtNbRZ6bRZ4hF:TVl2GL7ms6ggOVpXzutYtp6PO
                                                MD5:757E0E4C423EA349D2CA5A73D22632C3
                                                SHA1:5EA541802C7D291E963FA641FECA94CE14211D1D
                                                SHA-256:DAF35D7E0E041D133356B73500E3D5920F5007AE61028AFB5887C61FF6EA111C
                                                SHA-512:D5B45DC63B79B9AD0F843E4C1C7B19E5A3C6FE33A4F52AA5E047E9D4035492D88F1D87FAF81AC0A26D22D91FF3F001D6ADDA33734ABA9290B20581BCFEF4F45D
                                                Malicious:false
                                                Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:SQLite Rollback Journal
                                                Category:dropped
                                                Size (bytes):8720
                                                Entropy (8bit):1.3380630964440772
                                                Encrypted:false
                                                SSDEEP:24:7+tSAD1RZKHs/Ds/SpsPzJwtNBwtNbRZ6bRZWf1RZKvqLBx/XYKQvGJF7ursh:7MSGgOVpQzutYtp6PM6qll2GL7msh
                                                MD5:7F075DDC0518BB7824B2B3934A10622B
                                                SHA1:FB5D7DD93549CC42EC13E043E5A4197B16A5283A
                                                SHA-256:4B7683D0D82BE180C397747480C4704871B0B258403973B374879D797EB6B369
                                                SHA-512:20D7C0EBED89975BCC2BA87FFE75150C6ED2DB594B1CB3934FFC01F2E48D50474741A536535D296C780AAD77C8CA672B7902D45629EB196D3D3B17BDE43CB9CA
                                                Malicious:false
                                                Preview:.... .c.....C..-......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\MSIdc480.LOG

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):246
                                                Entropy (8bit):3.4892154787006566
                                                Encrypted:false
                                                SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K88uH:Qw946cPbiOxDlbYnuRKC
                                                MD5:BD49DA8D2F8BA654BE48E63728AADE2D
                                                SHA1:97DB14C25C7CB03042F4309583CFD42FE1703BFF
                                                SHA-256:9F3C0BD39146B3E9255A13828DC2C51A49971C5230A3568F9B345A4FDC2D248C
                                                SHA-512:DF6177FA7ED9F7B02D9EB5E6D71EF889E56F2E9C92B92B2DD2E8CCB3AE140C69D0E3B87BDCA6CC8ADD46364625B0ABA5B6040CD215AFFF23F6573E0CFD137173
                                                Malicious:false
                                                Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.7./.0.4./.2.0.2.4. . .0.0.:.2.2.:.4.1. .=.=.=.....

                                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91fh6ov0_a5jczy_13w.tmp

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:PDF document, version 1.6, 0 pages
                                                Category:dropped
                                                Size (bytes):358
                                                Entropy (8bit):5.003290810262823
                                                Encrypted:false
                                                SSDEEP:6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOuIbroWn/fIbroWnJCSyAAO:IngVMre9T0HQIDmy9g06JXNoWnooWnJR
                                                MD5:77F4FFA084D91123E4A8382CD6E5109E
                                                SHA1:70734528A6369D48158A95D6E6A7E5271C5841B9
                                                SHA-256:D31CCD613FA5806683FC6FEACBA26DD968ADDEABB29C874C04CAABD5798B8423
                                                SHA-512:6E939A817048F6D060171597BCD74E825B577F2C6C1749CF49DE3180B7B88556DE9E69465EB84164F3DEE80312C94F6C373F9F296BB446F8AC111F9B3B51D8AA
                                                Malicious:false
                                                Preview:%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<CEDBDF0A5334724F8E30017BB60B334B><CEDBDF0A5334724F8E30017BB60B334B>]>>..startxref..127..%%EOF..

                                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-27 00-22-33-788.log

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:ASCII text, with very long lines (393)
                                                Category:dropped
                                                Size (bytes):16525
                                                Entropy (8bit):5.376360055978702
                                                Encrypted:false
                                                SSDEEP:384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
                                                MD5:1336667A75083BF81E2632FABAA88B67
                                                SHA1:46E40800B27D95DAED0DBB830E0D0BA85C031D40
                                                SHA-256:F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
                                                SHA-512:D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
                                                Malicious:false
                                                Preview:SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

                                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):16603
                                                Entropy (8bit):5.329345304805409
                                                Encrypted:false
                                                SSDEEP:384:ySmXu6Lmfw453Hsl8bz1bYVduBaWTfxAneyE4EYxmtC4+3tXaeb/G/W3i4RjOeCN:k+7
                                                MD5:79C29D185B7620EEFBFE182EC286AC55
                                                SHA1:245FA06F1E74269BF39B8A51B7FC13000901FDFB
                                                SHA-256:FAE3EC8798D89E0929E4FE0427691FCFE12CAB5AF4E8AFEE59472EEEDF2C1081
                                                SHA-512:1FE70482E61968DF8E663253FE95D3A2579D758E9778011BE61249AF0DD1E485D10686B872D54757325F1598B8F39AC411EB7B58AD4D1A4AF9F0EA07DA632CBD
                                                Malicious:false
                                                Preview:SessionID=74934b21-0242-4ceb-bd0d-84e3aaf45c17.1714170153819 Timestamp=2024-04-27T00:22:33:819+0200 ThreadID=7332 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=74934b21-0242-4ceb-bd0d-84e3aaf45c17.1714170153819 Timestamp=2024-04-27T00:22:33:819+0200 ThreadID=7332 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=74934b21-0242-4ceb-bd0d-84e3aaf45c17.1714170153819 Timestamp=2024-04-27T00:22:33:819+0200 ThreadID=7332 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=74934b21-0242-4ceb-bd0d-84e3aaf45c17.1714170153819 Timestamp=2024-04-27T00:22:33:820+0200 ThreadID=7332 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=74934b21-0242-4ceb-bd0d-84e3aaf45c17.1714170153819 Timestamp=2024-04-27T00:22:33:820+0200 ThreadID=7332 Component=ngl-lib_NglAppLib Description="SetConf

                                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):29845
                                                Entropy (8bit):5.39271667083634
                                                Encrypted:false
                                                SSDEEP:768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbD:/
                                                MD5:798F7B2E7516FD237EAE4C0A64FCFC35
                                                SHA1:40BBDC8B3C56951008456FBC83CE463D83288387
                                                SHA-256:DA1B8DA75CF4E43FA8431960B404056B47CDCE556C18F2E19E8BD9A1C3C07556
                                                SHA-512:1BA895DDCC24E3DE97F5B23F20473CE223CE7B89FA44D7A4B593FC372E4483139D185EF0FA88E074709C375A2ABEF63BA1652FE163518C81E4DCC576045EC9A1
                                                Malicious:false
                                                Preview:04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

                                                C:\Users\user\AppData\Local\Temp\acrocef_low\5676b202-8b09-4c2b-88da-268520bc96af.tmp

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                                Category:dropped
                                                Size (bytes):1407294
                                                Entropy (8bit):7.97605879016224
                                                Encrypted:false
                                                SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                                                MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                                                SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                                                SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                                                SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                                                Malicious:false
                                                Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                C:\Users\user\AppData\Local\Temp\acrocef_low\60924e0e-bc35-43a7-aac1-615f87c875d1.tmp

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                                Category:dropped
                                                Size (bytes):758601
                                                Entropy (8bit):7.98639316555857
                                                Encrypted:false
                                                SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                                MD5:3A49135134665364308390AC398006F1
                                                SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                                SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                                SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                                Malicious:false
                                                Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                                C:\Users\user\AppData\Local\Temp\acrocef_low\6a73fdd5-714a-4c75-8756-4d36b8df4b26.tmp

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                Category:dropped
                                                Size (bytes):386528
                                                Entropy (8bit):7.9736851559892425
                                                Encrypted:false
                                                SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                                MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                                SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                                SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                                SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                                Malicious:false
                                                Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                                C:\Users\user\AppData\Local\Temp\acrocef_low\71a65796-b4cb-43f9-80d8-7bf352a16432.tmp

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 647360
                                                Category:dropped
                                                Size (bytes):1419751
                                                Entropy (8bit):7.976496077007677
                                                Encrypted:false
                                                SSDEEP:24576:/6ZwYIGNPtdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07teWL57oXGZd:CZwZGD3mlind9i4ufFXpAXkrfUs0MWL7
                                                MD5:5479309A01A2001CFBA6670F53851702
                                                SHA1:76359B101B22948AD695A0BFE125DE2A02A832C0
                                                SHA-256:4F096FBC695DADDC9769A9676179D1EA12FF58D2AB748D516EEAAF3C3AF62771
                                                SHA-512:C8FA6B574BB28B16BB8211BF0C4EF42368E4FFC8C68BBDF94F6A482EB2440AD8ABD94A53350EF5631D151941BB7A54176D4C73FD99EF21D3DCE89B580795D5E2
                                                Malicious:false
                                                Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 21:23:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                Category:dropped
                                                Size (bytes):2677
                                                Entropy (8bit):3.9823094882817327
                                                Encrypted:false
                                                SSDEEP:48:8ZdzjTPTqfHuidAKZdA19ehwiZUklqehDy+3:8/j3qMMy
                                                MD5:A8419B7C4154CCB22E08BE038F064998
                                                SHA1:84DE1B1D10FC0964CC85C69B7C16A881EC60B8A9
                                                SHA-256:8EF0C3011036EFEE1F2C57065CB13667FA68BFF86784959A777BEEE608D90543
                                                SHA-512:57E2E6DB3ED929755312E45AFDC6A414FD43DE8509A885D41E6D30B115438C8986CE1035FF4AD3D15294544892556C10BFC96C23EBBDC9F42E3CDBCE1458582E
                                                Malicious:false
                                                Preview:L..................F.@.. ...$+.,......YL(...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 21:23:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                Category:dropped
                                                Size (bytes):2679
                                                Entropy (8bit):3.995321899714384
                                                Encrypted:false
                                                SSDEEP:48:8ddzjTPTqfHuidAKZdA1weh/iZUkAQkqeh8y+2:8jj3q+9QRy
                                                MD5:ACB801166871C86B3BD35754134082BC
                                                SHA1:77D902142D7B36F411EC2731A1DAB8A9D55D54BE
                                                SHA-256:C6A34E7B0C1F9438F943B750B1A44C2EEF9ECDC74DCAB4E6ED3D18E2246CB317
                                                SHA-512:9447CBA482E495010EC1134ADB387174F2B9D02603DC1C152DB11AB3E8B1D36B37BD6A7E3622A4095FAE989DB32B399FF13881421F7075638A766A36B243C64E
                                                Malicious:false
                                                Preview:L..................F.@.. ...$+.,....g.NL(...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                Category:dropped
                                                Size (bytes):2693
                                                Entropy (8bit):4.00797674649414
                                                Encrypted:false
                                                SSDEEP:48:8xfdzjTPTsHuidAKZdA14tseh7sFiZUkmgqeh7sCy+BX:8xhj3fn4y
                                                MD5:7A54823705A0063B37814C889A28F80A
                                                SHA1:EE5224C52670166B7A2DA38845CF46C5F6CBA4B0
                                                SHA-256:A97C8D1AC6AEB7209D7582574347FFE6170A7009F1F3D593E3EBD517A033A89A
                                                SHA-512:07EAD8A7871CDFD61A59F4FE6C4F8F23A330D748EC581E411901A024F654BF268DBE0A9C47C61E596EFB26EC5FF852928A8EEA35618C23FC32C8620CD05F4B4F
                                                Malicious:false
                                                Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 21:23:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                Category:dropped
                                                Size (bytes):2681
                                                Entropy (8bit):3.994502169118787
                                                Encrypted:false
                                                SSDEEP:48:8QdzjTPTqfHuidAKZdA1vehDiZUkwqehAy+R:80j3qlKy
                                                MD5:9062D2870CF7012F3586613814EDE9BF
                                                SHA1:99A04DBA7F28F88DB746E4E2604C17D56004A1D7
                                                SHA-256:2690B17ABE2AB753E73B17CA1A6A75C3752F8D467E1D74865F3DBC654DE68A89
                                                SHA-512:81AEACD4483D4EC284E8A6F59C03CFEF470B136B04CEF9AE5C8D1269A5EA1E96CA813A2DD30A029570E59A878FD3CA697C962B2FD105B2508507BEE1EE2AB02C
                                                Malicious:false
                                                Preview:L..................F.@.. ...$+.,......HL(...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 21:23:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                Category:dropped
                                                Size (bytes):2681
                                                Entropy (8bit):3.9835521143054153
                                                Encrypted:false
                                                SSDEEP:48:8XldzjTPTqfHuidAKZdA1hehBiZUk1W1qeh+y+C:8bj3q19ey
                                                MD5:2AA57869BF3843F0821D58BD9D4A285B
                                                SHA1:3C57F840E2212FDB7BF3565DDB58EE945A3A24B4
                                                SHA-256:1D144D8FF104017AA59F3C8930089F84498C94FB41AF46168D3FCC1AC234EF23
                                                SHA-512:663DD7F1564941104F4A6E08BB75A80D789DC50B297706D12BC689F70982E3513D421BBCF77D06D940FCC66CF544A2573737C914D0D7DDF13A2EC70EEC1C6AD8
                                                Malicious:false
                                                Preview:L..................F.@.. ...$+.,......TL(...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 21:23:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                Category:dropped
                                                Size (bytes):2683
                                                Entropy (8bit):3.9941282371414863
                                                Encrypted:false
                                                SSDEEP:48:8+dzjTPTqfHuidAKZdA1duT+ehOuTbbiZUk5OjqehOuTb4y+yT+:8Wj3qJT/TbxWOvTb4y7T
                                                MD5:BE76B272759FB65C94D79F5E0382E089
                                                SHA1:1062EBA2BB1F649E689A447169D176705633CA99
                                                SHA-256:9AD6E9A2722639BFEFC845A2DA06FDB911927F5BBBF9FDA7965A63B8578A881C
                                                SHA-512:6449D2F2819850441325A1EB11895E1253F304D5AC0E1763BDBE40146F7B41BA5D6DB96AD73295B55BBAC5BC4294D4CB9BE36045DCB815282FC9F760469E2F94
                                                Malicious:false
                                                Preview:L..................F.@.. ...$+.,.....V@L(...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                Static File Info

                                                General

                                                File type:PDF document, version 1.7, 1 pages
                                                Entropy (8bit):7.956001669519529
                                                TrID:
                                                • Adobe Portable Document Format (5005/1) 100.00%
                                                File name:ReInvest Capital .pdf
                                                File size:128'407 bytes
                                                MD5:fb82e75bc86557f800a9b6a6683cf6b1
                                                SHA1:936a5f0e4eae6e87e68f4eda75d51e3be8bbe526
                                                SHA256:8ae6974611a7ce7d03e22d5d6fc5e6840e1c19e4cfb8b7158ebb748e9ef389df
                                                SHA512:f6261b9f61fac350f409e194a704a207b9e638963a5dd4396e543ce1c1f386a8e3e954b90f4afe83e54b1401d0ad9ca656b31af062fa90cb896b7340faaf88da
                                                SSDEEP:3072:8Z585pIikLQ8jlil3DWQY2sDLJjYrcrt8ojcmj:8Z585peLQ8sl3y5fJjYrItjck
                                                TLSH:31C3021CC1E5BCDEE11126B79E0BB9AF673A3163A0C0805435FC23934B51AB52D57A6B
                                                File Content Preview:%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 18 0 R/MarkInfo<</Marked true>>/Metadata 49 0 R/ViewerPreferences 50 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 1/Kids[ 3 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/R

                                                File Icon

                                                Icon Hash:62cc8caeb29e8ae0

                                                Static PDF Info

                                                General

                                                Header:%PDF-1.7
                                                Total Entropy:7.956002
                                                Total Bytes:128407
                                                Stream Entropy:7.970591
                                                Stream Bytes:123384
                                                Entropy outside Streams:5.259223
                                                Bytes outside Streams:5023
                                                Number of EOF found:2
                                                Bytes after EOF:

                                                Keywords Statistics

                                                NameCount
                                                obj23
                                                endobj23
                                                stream10
                                                endstream10
                                                xref2
                                                trailer2
                                                startxref2
                                                /Page1
                                                /Encrypt0
                                                /ObjStm1
                                                /URI6
                                                /JS0
                                                /JavaScript0
                                                /AA0
                                                /OpenAction0
                                                /AcroForm0
                                                /JBIG2Decode0
                                                /RichMedia0
                                                /Launch0
                                                /EmbeddedFile0

                                                Image Streams

                                                IDDHASHMD5Preview
                                                10c994948accc8cace92f9ae82b1cc16d32c503fe11a6bb0db
                                                11c994948accc8cacec042abf7c34e8133b1b8f2a5c07a8743
                                                138023c86923370080edc5164163bd5d574bafed1f89aadeee
                                                148000000000000080780a9bd91a9a3ec8085a0c4c490ad83e
                                                16d4919ccad5ddd4d21395dfa68087127d156010d691a7e1c2

                                                Network Behavior

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Apr 27, 2024 00:22:29.358407021 CEST49675443192.168.2.523.1.237.91
                                                Apr 27, 2024 00:22:29.358515978 CEST49674443192.168.2.523.1.237.91
                                                Apr 27, 2024 00:22:29.467793941 CEST49673443192.168.2.523.1.237.91
                                                Apr 27, 2024 00:22:38.970958948 CEST49675443192.168.2.523.1.237.91
                                                Apr 27, 2024 00:22:38.970959902 CEST49674443192.168.2.523.1.237.91
                                                Apr 27, 2024 00:22:39.080312967 CEST49673443192.168.2.523.1.237.91
                                                Apr 27, 2024 00:22:40.534140110 CEST4434970323.1.237.91192.168.2.5
                                                Apr 27, 2024 00:22:40.534219027 CEST49703443192.168.2.523.1.237.91
                                                Apr 27, 2024 00:22:41.606653929 CEST49715443192.168.2.523.51.58.94
                                                Apr 27, 2024 00:22:41.606688976 CEST4434971523.51.58.94192.168.2.5
                                                Apr 27, 2024 00:22:41.606760025 CEST49715443192.168.2.523.51.58.94
                                                Apr 27, 2024 00:22:41.608175993 CEST49715443192.168.2.523.51.58.94
                                                Apr 27, 2024 00:22:41.608191013 CEST4434971523.51.58.94192.168.2.5
                                                Apr 27, 2024 00:22:41.795476913 CEST4434971523.51.58.94192.168.2.5
                                                Apr 27, 2024 00:22:41.795553923 CEST49715443192.168.2.523.51.58.94
                                                Apr 27, 2024 00:22:41.797617912 CEST49715443192.168.2.523.51.58.94
                                                Apr 27, 2024 00:22:41.797626972 CEST4434971523.51.58.94192.168.2.5
                                                Apr 27, 2024 00:22:41.797869921 CEST4434971523.51.58.94192.168.2.5
                                                Apr 27, 2024 00:22:41.832078934 CEST49715443192.168.2.523.51.58.94
                                                Apr 27, 2024 00:22:41.876116037 CEST4434971523.51.58.94192.168.2.5
                                                Apr 27, 2024 00:22:42.084994078 CEST4434971523.51.58.94192.168.2.5
                                                Apr 27, 2024 00:22:42.085068941 CEST4434971523.51.58.94192.168.2.5
                                                Apr 27, 2024 00:22:42.085143089 CEST49715443192.168.2.523.51.58.94
                                                Apr 27, 2024 00:22:42.085261106 CEST49715443192.168.2.523.51.58.94
                                                Apr 27, 2024 00:22:42.085287094 CEST4434971523.51.58.94192.168.2.5
                                                Apr 27, 2024 00:22:42.085305929 CEST49715443192.168.2.523.51.58.94
                                                Apr 27, 2024 00:22:42.085311890 CEST4434971523.51.58.94192.168.2.5
                                                Apr 27, 2024 00:22:42.232526064 CEST49716443192.168.2.523.51.58.94
                                                Apr 27, 2024 00:22:42.232552052 CEST4434971623.51.58.94192.168.2.5
                                                Apr 27, 2024 00:22:42.232639074 CEST49716443192.168.2.523.51.58.94
                                                Apr 27, 2024 00:22:42.233143091 CEST49716443192.168.2.523.51.58.94
                                                Apr 27, 2024 00:22:42.233154058 CEST4434971623.51.58.94192.168.2.5
                                                Apr 27, 2024 00:22:42.419080973 CEST4434971623.51.58.94192.168.2.5
                                                Apr 27, 2024 00:22:42.419161081 CEST49716443192.168.2.523.51.58.94
                                                Apr 27, 2024 00:22:42.420186996 CEST49716443192.168.2.523.51.58.94
                                                Apr 27, 2024 00:22:42.420192003 CEST4434971623.51.58.94192.168.2.5
                                                Apr 27, 2024 00:22:42.420506954 CEST4434971623.51.58.94192.168.2.5
                                                Apr 27, 2024 00:22:42.421521902 CEST49716443192.168.2.523.51.58.94
                                                Apr 27, 2024 00:22:42.468126059 CEST4434971623.51.58.94192.168.2.5
                                                Apr 27, 2024 00:22:42.598140955 CEST4434971623.51.58.94192.168.2.5
                                                Apr 27, 2024 00:22:42.598340988 CEST4434971623.51.58.94192.168.2.5
                                                Apr 27, 2024 00:22:42.598445892 CEST49716443192.168.2.523.51.58.94
                                                Apr 27, 2024 00:22:42.598845005 CEST49716443192.168.2.523.51.58.94
                                                Apr 27, 2024 00:22:42.598855972 CEST4434971623.51.58.94192.168.2.5
                                                Apr 27, 2024 00:22:42.598870039 CEST49716443192.168.2.523.51.58.94
                                                Apr 27, 2024 00:22:42.598875046 CEST4434971623.51.58.94192.168.2.5
                                                Apr 27, 2024 00:22:43.742248058 CEST49717443192.168.2.523.47.168.24
                                                Apr 27, 2024 00:22:43.742290974 CEST4434971723.47.168.24192.168.2.5
                                                Apr 27, 2024 00:22:43.742364883 CEST49717443192.168.2.523.47.168.24
                                                Apr 27, 2024 00:22:43.742521048 CEST49717443192.168.2.523.47.168.24
                                                Apr 27, 2024 00:22:43.742543936 CEST4434971723.47.168.24192.168.2.5
                                                Apr 27, 2024 00:22:44.015667915 CEST4434971723.47.168.24192.168.2.5
                                                Apr 27, 2024 00:22:44.015892029 CEST49717443192.168.2.523.47.168.24
                                                Apr 27, 2024 00:22:44.015918970 CEST4434971723.47.168.24192.168.2.5
                                                Apr 27, 2024 00:22:44.017395020 CEST4434971723.47.168.24192.168.2.5
                                                Apr 27, 2024 00:22:44.017455101 CEST49717443192.168.2.523.47.168.24
                                                Apr 27, 2024 00:22:44.019201994 CEST49717443192.168.2.523.47.168.24
                                                Apr 27, 2024 00:22:44.019284964 CEST4434971723.47.168.24192.168.2.5
                                                Apr 27, 2024 00:22:44.019484997 CEST49717443192.168.2.523.47.168.24
                                                Apr 27, 2024 00:22:44.019494057 CEST4434971723.47.168.24192.168.2.5
                                                Apr 27, 2024 00:22:44.070341110 CEST49717443192.168.2.523.47.168.24
                                                Apr 27, 2024 00:22:44.109832048 CEST4434971723.47.168.24192.168.2.5
                                                Apr 27, 2024 00:22:44.110007048 CEST4434971723.47.168.24192.168.2.5
                                                Apr 27, 2024 00:22:44.110078096 CEST49717443192.168.2.523.47.168.24
                                                Apr 27, 2024 00:22:44.110316992 CEST49717443192.168.2.523.47.168.24
                                                Apr 27, 2024 00:22:44.110335112 CEST4434971723.47.168.24192.168.2.5
                                                Apr 27, 2024 00:22:44.110348940 CEST49717443192.168.2.523.47.168.24
                                                Apr 27, 2024 00:22:44.110527992 CEST49717443192.168.2.523.47.168.24
                                                Apr 27, 2024 00:22:49.419701099 CEST49718443192.168.2.513.85.23.86
                                                Apr 27, 2024 00:22:49.419790030 CEST4434971813.85.23.86192.168.2.5
                                                Apr 27, 2024 00:22:49.419893026 CEST49718443192.168.2.513.85.23.86
                                                Apr 27, 2024 00:22:49.420845985 CEST49718443192.168.2.513.85.23.86
                                                Apr 27, 2024 00:22:49.420861959 CEST4434971813.85.23.86192.168.2.5
                                                Apr 27, 2024 00:22:49.833317041 CEST4434971813.85.23.86192.168.2.5
                                                Apr 27, 2024 00:22:49.833409071 CEST49718443192.168.2.513.85.23.86
                                                Apr 27, 2024 00:22:49.836071968 CEST49718443192.168.2.513.85.23.86
                                                Apr 27, 2024 00:22:49.836093903 CEST4434971813.85.23.86192.168.2.5
                                                Apr 27, 2024 00:22:49.836510897 CEST4434971813.85.23.86192.168.2.5
                                                Apr 27, 2024 00:22:49.882817984 CEST49718443192.168.2.513.85.23.86
                                                Apr 27, 2024 00:22:50.201678038 CEST49718443192.168.2.513.85.23.86
                                                Apr 27, 2024 00:22:50.248125076 CEST4434971813.85.23.86192.168.2.5
                                                Apr 27, 2024 00:22:50.464545965 CEST4434971813.85.23.86192.168.2.5
                                                Apr 27, 2024 00:22:50.464608908 CEST4434971813.85.23.86192.168.2.5
                                                Apr 27, 2024 00:22:50.464629889 CEST4434971813.85.23.86192.168.2.5
                                                Apr 27, 2024 00:22:50.464670897 CEST4434971813.85.23.86192.168.2.5
                                                Apr 27, 2024 00:22:50.464687109 CEST49718443192.168.2.513.85.23.86
                                                Apr 27, 2024 00:22:50.464719057 CEST4434971813.85.23.86192.168.2.5
                                                Apr 27, 2024 00:22:50.464740038 CEST4434971813.85.23.86192.168.2.5
                                                Apr 27, 2024 00:22:50.464755058 CEST49718443192.168.2.513.85.23.86
                                                Apr 27, 2024 00:22:50.464766979 CEST49718443192.168.2.513.85.23.86
                                                Apr 27, 2024 00:22:50.464797974 CEST49718443192.168.2.513.85.23.86
                                                Apr 27, 2024 00:22:50.465003014 CEST4434971813.85.23.86192.168.2.5
                                                Apr 27, 2024 00:22:50.465075970 CEST49718443192.168.2.513.85.23.86
                                                Apr 27, 2024 00:22:50.465081930 CEST4434971813.85.23.86192.168.2.5
                                                Apr 27, 2024 00:22:50.465260029 CEST4434971813.85.23.86192.168.2.5
                                                Apr 27, 2024 00:22:50.465313911 CEST49718443192.168.2.513.85.23.86
                                                Apr 27, 2024 00:22:50.673194885 CEST49718443192.168.2.513.85.23.86
                                                Apr 27, 2024 00:22:50.673264980 CEST4434971813.85.23.86192.168.2.5
                                                Apr 27, 2024 00:22:50.673295021 CEST49718443192.168.2.513.85.23.86
                                                Apr 27, 2024 00:22:50.673310995 CEST4434971813.85.23.86192.168.2.5
                                                Apr 27, 2024 00:23:03.967811108 CEST49728443192.168.2.5142.250.80.36
                                                Apr 27, 2024 00:23:03.967840910 CEST44349728142.250.80.36192.168.2.5
                                                Apr 27, 2024 00:23:03.967899084 CEST49728443192.168.2.5142.250.80.36
                                                Apr 27, 2024 00:23:03.968319893 CEST49728443192.168.2.5142.250.80.36
                                                Apr 27, 2024 00:23:03.968333006 CEST44349728142.250.80.36192.168.2.5
                                                Apr 27, 2024 00:23:04.551054955 CEST44349728142.250.80.36192.168.2.5
                                                Apr 27, 2024 00:23:04.551331997 CEST49728443192.168.2.5142.250.80.36
                                                Apr 27, 2024 00:23:04.551362038 CEST44349728142.250.80.36192.168.2.5
                                                Apr 27, 2024 00:23:04.553037882 CEST44349728142.250.80.36192.168.2.5
                                                Apr 27, 2024 00:23:04.553114891 CEST49728443192.168.2.5142.250.80.36
                                                Apr 27, 2024 00:23:04.554208994 CEST49728443192.168.2.5142.250.80.36
                                                Apr 27, 2024 00:23:04.554290056 CEST44349728142.250.80.36192.168.2.5
                                                Apr 27, 2024 00:23:04.603458881 CEST49728443192.168.2.5142.250.80.36
                                                Apr 27, 2024 00:23:04.603485107 CEST44349728142.250.80.36192.168.2.5
                                                Apr 27, 2024 00:23:04.650310040 CEST49728443192.168.2.5142.250.80.36
                                                Apr 27, 2024 00:23:14.529325008 CEST44349728142.250.80.36192.168.2.5
                                                Apr 27, 2024 00:23:14.529464960 CEST44349728142.250.80.36192.168.2.5
                                                Apr 27, 2024 00:23:14.529542923 CEST49728443192.168.2.5142.250.80.36
                                                Apr 27, 2024 00:23:14.591238976 CEST49728443192.168.2.5142.250.80.36
                                                Apr 27, 2024 00:23:14.591259956 CEST44349728142.250.80.36192.168.2.5
                                                Apr 27, 2024 00:23:20.147258997 CEST49703443192.168.2.523.1.237.91
                                                Apr 27, 2024 00:23:20.147471905 CEST49703443192.168.2.523.1.237.91
                                                Apr 27, 2024 00:23:20.147959948 CEST49737443192.168.2.523.1.237.91
                                                Apr 27, 2024 00:23:20.148046970 CEST4434973723.1.237.91192.168.2.5
                                                Apr 27, 2024 00:23:20.148145914 CEST49737443192.168.2.523.1.237.91
                                                Apr 27, 2024 00:23:20.149313927 CEST49737443192.168.2.523.1.237.91
                                                Apr 27, 2024 00:23:20.149363041 CEST4434973723.1.237.91192.168.2.5
                                                Apr 27, 2024 00:23:20.302792072 CEST4434970323.1.237.91192.168.2.5
                                                Apr 27, 2024 00:23:20.302951097 CEST4434970323.1.237.91192.168.2.5
                                                Apr 27, 2024 00:23:20.526118994 CEST4434973723.1.237.91192.168.2.5
                                                Apr 27, 2024 00:23:20.526206970 CEST49737443192.168.2.523.1.237.91
                                                Apr 27, 2024 00:23:20.558583975 CEST49737443192.168.2.523.1.237.91
                                                Apr 27, 2024 00:23:20.558624983 CEST4434973723.1.237.91192.168.2.5
                                                Apr 27, 2024 00:23:20.559672117 CEST4434973723.1.237.91192.168.2.5
                                                Apr 27, 2024 00:23:20.559751034 CEST49737443192.168.2.523.1.237.91
                                                Apr 27, 2024 00:23:20.560229063 CEST49737443192.168.2.523.1.237.91
                                                Apr 27, 2024 00:23:20.560287952 CEST4434973723.1.237.91192.168.2.5
                                                Apr 27, 2024 00:23:20.560648918 CEST49737443192.168.2.523.1.237.91
                                                Apr 27, 2024 00:23:20.560657978 CEST4434973723.1.237.91192.168.2.5
                                                Apr 27, 2024 00:23:20.945996046 CEST4434973723.1.237.91192.168.2.5
                                                Apr 27, 2024 00:23:20.946177959 CEST49737443192.168.2.523.1.237.91
                                                Apr 27, 2024 00:23:20.946468115 CEST49737443192.168.2.523.1.237.91
                                                Apr 27, 2024 00:23:20.946578026 CEST4434973723.1.237.91192.168.2.5
                                                Apr 27, 2024 00:23:20.946651936 CEST49737443192.168.2.523.1.237.91
                                                Apr 27, 2024 00:23:28.030034065 CEST49738443192.168.2.513.85.23.86
                                                Apr 27, 2024 00:23:28.030086994 CEST4434973813.85.23.86192.168.2.5
                                                Apr 27, 2024 00:23:28.030184984 CEST49738443192.168.2.513.85.23.86
                                                Apr 27, 2024 00:23:28.030602932 CEST49738443192.168.2.513.85.23.86
                                                Apr 27, 2024 00:23:28.030621052 CEST4434973813.85.23.86192.168.2.5
                                                Apr 27, 2024 00:23:28.441028118 CEST4434973813.85.23.86192.168.2.5
                                                Apr 27, 2024 00:23:28.441148996 CEST49738443192.168.2.513.85.23.86
                                                Apr 27, 2024 00:23:28.442931890 CEST49738443192.168.2.513.85.23.86
                                                Apr 27, 2024 00:23:28.442944050 CEST4434973813.85.23.86192.168.2.5
                                                Apr 27, 2024 00:23:28.443340063 CEST4434973813.85.23.86192.168.2.5
                                                Apr 27, 2024 00:23:28.452245951 CEST49738443192.168.2.513.85.23.86
                                                Apr 27, 2024 00:23:28.500113010 CEST4434973813.85.23.86192.168.2.5
                                                Apr 27, 2024 00:23:28.827775002 CEST4434973813.85.23.86192.168.2.5
                                                Apr 27, 2024 00:23:28.827837944 CEST4434973813.85.23.86192.168.2.5
                                                Apr 27, 2024 00:23:28.827897072 CEST4434973813.85.23.86192.168.2.5
                                                Apr 27, 2024 00:23:28.828037024 CEST49738443192.168.2.513.85.23.86
                                                Apr 27, 2024 00:23:28.828037024 CEST49738443192.168.2.513.85.23.86
                                                Apr 27, 2024 00:23:28.828062057 CEST4434973813.85.23.86192.168.2.5
                                                Apr 27, 2024 00:23:28.828097105 CEST4434973813.85.23.86192.168.2.5
                                                Apr 27, 2024 00:23:28.828110933 CEST49738443192.168.2.513.85.23.86
                                                Apr 27, 2024 00:23:28.828140020 CEST4434973813.85.23.86192.168.2.5
                                                Apr 27, 2024 00:23:28.828171015 CEST49738443192.168.2.513.85.23.86
                                                Apr 27, 2024 00:23:28.828171968 CEST4434973813.85.23.86192.168.2.5
                                                Apr 27, 2024 00:23:28.828202009 CEST49738443192.168.2.513.85.23.86
                                                Apr 27, 2024 00:23:28.828207016 CEST4434973813.85.23.86192.168.2.5
                                                Apr 27, 2024 00:23:28.828250885 CEST49738443192.168.2.513.85.23.86
                                                Apr 27, 2024 00:23:28.828255892 CEST4434973813.85.23.86192.168.2.5
                                                Apr 27, 2024 00:23:28.828349113 CEST4434973813.85.23.86192.168.2.5
                                                Apr 27, 2024 00:23:28.828392029 CEST49738443192.168.2.513.85.23.86
                                                Apr 27, 2024 00:23:28.833219051 CEST49738443192.168.2.513.85.23.86
                                                Apr 27, 2024 00:23:28.833237886 CEST4434973813.85.23.86192.168.2.5
                                                Apr 27, 2024 00:23:28.833255053 CEST49738443192.168.2.513.85.23.86
                                                Apr 27, 2024 00:23:28.833261013 CEST4434973813.85.23.86192.168.2.5
                                                Apr 27, 2024 00:24:02.434396982 CEST49740443192.168.2.5142.250.80.36
                                                Apr 27, 2024 00:24:02.434479952 CEST44349740142.250.80.36192.168.2.5
                                                Apr 27, 2024 00:24:02.434643030 CEST49740443192.168.2.5142.250.80.36
                                                Apr 27, 2024 00:24:02.434990883 CEST49740443192.168.2.5142.250.80.36
                                                Apr 27, 2024 00:24:02.435028076 CEST44349740142.250.80.36192.168.2.5
                                                Apr 27, 2024 00:24:02.694947004 CEST44349740142.250.80.36192.168.2.5
                                                Apr 27, 2024 00:24:02.695563078 CEST49740443192.168.2.5142.250.80.36
                                                Apr 27, 2024 00:24:02.695621967 CEST44349740142.250.80.36192.168.2.5
                                                Apr 27, 2024 00:24:02.695974112 CEST44349740142.250.80.36192.168.2.5
                                                Apr 27, 2024 00:24:02.696388960 CEST49740443192.168.2.5142.250.80.36
                                                Apr 27, 2024 00:24:02.696480036 CEST44349740142.250.80.36192.168.2.5
                                                Apr 27, 2024 00:24:02.744582891 CEST49740443192.168.2.5142.250.80.36
                                                Apr 27, 2024 00:24:12.705112934 CEST44349740142.250.80.36192.168.2.5
                                                Apr 27, 2024 00:24:12.705185890 CEST44349740142.250.80.36192.168.2.5
                                                Apr 27, 2024 00:24:12.705271006 CEST49740443192.168.2.5142.250.80.36
                                                Apr 27, 2024 00:24:14.592149019 CEST49740443192.168.2.5142.250.80.36
                                                Apr 27, 2024 00:24:14.592217922 CEST44349740142.250.80.36192.168.2.5
                                                Apr 27, 2024 00:25:02.498070955 CEST49742443192.168.2.5142.250.80.36
                                                Apr 27, 2024 00:25:02.498138905 CEST44349742142.250.80.36192.168.2.5
                                                Apr 27, 2024 00:25:02.498362064 CEST49742443192.168.2.5142.250.80.36
                                                Apr 27, 2024 00:25:02.499068022 CEST49742443192.168.2.5142.250.80.36
                                                Apr 27, 2024 00:25:02.499102116 CEST44349742142.250.80.36192.168.2.5
                                                Apr 27, 2024 00:25:02.763825893 CEST44349742142.250.80.36192.168.2.5
                                                Apr 27, 2024 00:25:02.764543056 CEST49742443192.168.2.5142.250.80.36
                                                Apr 27, 2024 00:25:02.764576912 CEST44349742142.250.80.36192.168.2.5
                                                Apr 27, 2024 00:25:02.764940977 CEST44349742142.250.80.36192.168.2.5
                                                Apr 27, 2024 00:25:02.765824080 CEST49742443192.168.2.5142.250.80.36
                                                Apr 27, 2024 00:25:02.765904903 CEST44349742142.250.80.36192.168.2.5
                                                Apr 27, 2024 00:25:02.806984901 CEST49742443192.168.2.5142.250.80.36
                                                Apr 27, 2024 00:25:12.767656088 CEST44349742142.250.80.36192.168.2.5
                                                Apr 27, 2024 00:25:12.767812014 CEST44349742142.250.80.36192.168.2.5
                                                Apr 27, 2024 00:25:12.767884016 CEST49742443192.168.2.5142.250.80.36
                                                Apr 27, 2024 00:25:14.355036974 CEST49742443192.168.2.5142.250.80.36
                                                Apr 27, 2024 00:25:14.355062962 CEST44349742142.250.80.36192.168.2.5

                                                UDP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Apr 27, 2024 00:23:00.120579004 CEST53504271.1.1.1192.168.2.5
                                                Apr 27, 2024 00:23:00.234497070 CEST5247853192.168.2.51.1.1.1
                                                Apr 27, 2024 00:23:00.234641075 CEST5395753192.168.2.51.1.1.1
                                                Apr 27, 2024 00:23:00.322910070 CEST53619711.1.1.1192.168.2.5
                                                Apr 27, 2024 00:23:00.324565887 CEST53539571.1.1.1192.168.2.5
                                                Apr 27, 2024 00:23:00.325809002 CEST53524781.1.1.1192.168.2.5
                                                Apr 27, 2024 00:23:00.326494932 CEST5623953192.168.2.51.1.1.1
                                                Apr 27, 2024 00:23:00.417361975 CEST53562391.1.1.1192.168.2.5
                                                Apr 27, 2024 00:23:00.472013950 CEST6301353192.168.2.58.8.8.8
                                                Apr 27, 2024 00:23:00.472440958 CEST6300153192.168.2.51.1.1.1
                                                Apr 27, 2024 00:23:00.560609102 CEST53630011.1.1.1192.168.2.5
                                                Apr 27, 2024 00:23:00.571613073 CEST53630138.8.8.8192.168.2.5
                                                Apr 27, 2024 00:23:01.025789022 CEST53532211.1.1.1192.168.2.5
                                                Apr 27, 2024 00:23:01.486215115 CEST5962153192.168.2.51.1.1.1
                                                Apr 27, 2024 00:23:01.486963034 CEST6359053192.168.2.51.1.1.1
                                                Apr 27, 2024 00:23:01.577368975 CEST53596211.1.1.1192.168.2.5
                                                Apr 27, 2024 00:23:01.579629898 CEST53635901.1.1.1192.168.2.5
                                                Apr 27, 2024 00:23:03.861740112 CEST5107953192.168.2.51.1.1.1
                                                Apr 27, 2024 00:23:03.862185001 CEST6071953192.168.2.51.1.1.1
                                                Apr 27, 2024 00:23:03.951802015 CEST53510791.1.1.1192.168.2.5
                                                Apr 27, 2024 00:23:03.952521086 CEST53607191.1.1.1192.168.2.5
                                                Apr 27, 2024 00:23:04.420332909 CEST53636001.1.1.1192.168.2.5
                                                Apr 27, 2024 00:23:06.597225904 CEST6263853192.168.2.51.1.1.1
                                                Apr 27, 2024 00:23:06.597465038 CEST5360553192.168.2.51.1.1.1
                                                Apr 27, 2024 00:23:06.686712027 CEST53626381.1.1.1192.168.2.5
                                                Apr 27, 2024 00:23:06.686956882 CEST53536051.1.1.1192.168.2.5
                                                Apr 27, 2024 00:23:06.688550949 CEST5805153192.168.2.51.1.1.1
                                                Apr 27, 2024 00:23:06.780628920 CEST53580511.1.1.1192.168.2.5
                                                Apr 27, 2024 00:23:18.072659969 CEST53582021.1.1.1192.168.2.5
                                                Apr 27, 2024 00:23:33.058851957 CEST5475753192.168.2.51.1.1.1
                                                Apr 27, 2024 00:23:33.230986118 CEST53547571.1.1.1192.168.2.5
                                                Apr 27, 2024 00:23:36.804850101 CEST5084153192.168.2.51.1.1.1
                                                Apr 27, 2024 00:23:36.805067062 CEST6249053192.168.2.51.1.1.1
                                                Apr 27, 2024 00:23:36.855567932 CEST53526541.1.1.1192.168.2.5
                                                Apr 27, 2024 00:23:36.899630070 CEST53624901.1.1.1192.168.2.5
                                                Apr 27, 2024 00:23:37.134198904 CEST53508411.1.1.1192.168.2.5
                                                Apr 27, 2024 00:23:37.135410070 CEST5484953192.168.2.51.1.1.1
                                                Apr 27, 2024 00:23:37.305118084 CEST53548491.1.1.1192.168.2.5
                                                Apr 27, 2024 00:23:53.464845896 CEST5665353192.168.2.51.1.1.1
                                                Apr 27, 2024 00:23:53.558691025 CEST53566531.1.1.1192.168.2.5
                                                Apr 27, 2024 00:23:59.327374935 CEST53544051.1.1.1192.168.2.5
                                                Apr 27, 2024 00:24:01.165611029 CEST53529691.1.1.1192.168.2.5
                                                Apr 27, 2024 00:24:11.996272087 CEST5936353192.168.2.51.1.1.1
                                                Apr 27, 2024 00:24:12.087721109 CEST53593631.1.1.1192.168.2.5
                                                Apr 27, 2024 00:24:27.930052996 CEST53569021.1.1.1192.168.2.5
                                                Apr 27, 2024 00:24:37.358407021 CEST6048153192.168.2.51.1.1.1
                                                Apr 27, 2024 00:24:37.358613968 CEST6371053192.168.2.51.1.1.1
                                                Apr 27, 2024 00:24:37.451714039 CEST53604811.1.1.1192.168.2.5
                                                Apr 27, 2024 00:24:37.453264952 CEST53637101.1.1.1192.168.2.5
                                                Apr 27, 2024 00:24:37.454189062 CEST5707853192.168.2.51.1.1.1
                                                Apr 27, 2024 00:24:37.545886993 CEST53570781.1.1.1192.168.2.5
                                                Apr 27, 2024 00:25:14.446913004 CEST53635311.1.1.1192.168.2.5
                                                Apr 27, 2024 00:25:29.402000904 CEST6452453192.168.2.51.1.1.1
                                                Apr 27, 2024 00:25:29.494379997 CEST53645241.1.1.1192.168.2.5
                                                Apr 27, 2024 00:25:53.981163979 CEST5141753192.168.2.51.1.1.1
                                                Apr 27, 2024 00:25:54.076594114 CEST53514171.1.1.1192.168.2.5

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                Apr 27, 2024 00:23:00.234497070 CEST192.168.2.51.1.1.10xe606Standard query (0)btweb.topA (IP address)IN (0x0001)false
                                                Apr 27, 2024 00:23:00.234641075 CEST192.168.2.51.1.1.10xf153Standard query (0)btweb.top65IN (0x0001)false
                                                Apr 27, 2024 00:23:00.326494932 CEST192.168.2.51.1.1.10xcc5Standard query (0)btweb.topA (IP address)IN (0x0001)false
                                                Apr 27, 2024 00:23:00.472013950 CEST192.168.2.58.8.8.80x5828Standard query (0)google.comA (IP address)IN (0x0001)false
                                                Apr 27, 2024 00:23:00.472440958 CEST192.168.2.51.1.1.10xa55bStandard query (0)google.comA (IP address)IN (0x0001)false
                                                Apr 27, 2024 00:23:01.486215115 CEST192.168.2.51.1.1.10x3a6bStandard query (0)btweb.topA (IP address)IN (0x0001)false
                                                Apr 27, 2024 00:23:01.486963034 CEST192.168.2.51.1.1.10xdf96Standard query (0)btweb.top65IN (0x0001)false
                                                Apr 27, 2024 00:23:03.861740112 CEST192.168.2.51.1.1.10x91d7Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                Apr 27, 2024 00:23:03.862185001 CEST192.168.2.51.1.1.10x8df9Standard query (0)www.google.com65IN (0x0001)false
                                                Apr 27, 2024 00:23:06.597225904 CEST192.168.2.51.1.1.10x3365Standard query (0)btweb.topA (IP address)IN (0x0001)false
                                                Apr 27, 2024 00:23:06.597465038 CEST192.168.2.51.1.1.10x9c38Standard query (0)btweb.top65IN (0x0001)false
                                                Apr 27, 2024 00:23:06.688550949 CEST192.168.2.51.1.1.10x2964Standard query (0)btweb.topA (IP address)IN (0x0001)false
                                                Apr 27, 2024 00:23:33.058851957 CEST192.168.2.51.1.1.10xb426Standard query (0)btweb.topA (IP address)IN (0x0001)false
                                                Apr 27, 2024 00:23:36.804850101 CEST192.168.2.51.1.1.10x5c1aStandard query (0)btweb.topA (IP address)IN (0x0001)false
                                                Apr 27, 2024 00:23:36.805067062 CEST192.168.2.51.1.1.10x2aabStandard query (0)btweb.top65IN (0x0001)false
                                                Apr 27, 2024 00:23:37.135410070 CEST192.168.2.51.1.1.10xa4b9Standard query (0)btweb.topA (IP address)IN (0x0001)false
                                                Apr 27, 2024 00:23:53.464845896 CEST192.168.2.51.1.1.10x4eeaStandard query (0)btweb.topA (IP address)IN (0x0001)false
                                                Apr 27, 2024 00:24:11.996272087 CEST192.168.2.51.1.1.10x6280Standard query (0)btweb.topA (IP address)IN (0x0001)false
                                                Apr 27, 2024 00:24:37.358407021 CEST192.168.2.51.1.1.10x6cb2Standard query (0)btweb.topA (IP address)IN (0x0001)false
                                                Apr 27, 2024 00:24:37.358613968 CEST192.168.2.51.1.1.10x6e9cStandard query (0)btweb.top65IN (0x0001)false
                                                Apr 27, 2024 00:24:37.454189062 CEST192.168.2.51.1.1.10xb827Standard query (0)btweb.topA (IP address)IN (0x0001)false
                                                Apr 27, 2024 00:25:29.402000904 CEST192.168.2.51.1.1.10x5f1bStandard query (0)btweb.topA (IP address)IN (0x0001)false
                                                Apr 27, 2024 00:25:53.981163979 CEST192.168.2.51.1.1.10xdf3dStandard query (0)btweb.topA (IP address)IN (0x0001)false

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                Apr 27, 2024 00:23:00.324565887 CEST1.1.1.1192.168.2.50xf153Name error (3)btweb.topnonenone65IN (0x0001)false
                                                Apr 27, 2024 00:23:00.325809002 CEST1.1.1.1192.168.2.50xe606Name error (3)btweb.topnonenoneA (IP address)IN (0x0001)false
                                                Apr 27, 2024 00:23:00.417361975 CEST1.1.1.1192.168.2.50xcc5Name error (3)btweb.topnonenoneA (IP address)IN (0x0001)false
                                                Apr 27, 2024 00:23:00.560609102 CEST1.1.1.1192.168.2.50xa55bNo error (0)google.com142.250.80.46A (IP address)IN (0x0001)false
                                                Apr 27, 2024 00:23:00.571613073 CEST8.8.8.8192.168.2.50x5828No error (0)google.com142.251.40.142A (IP address)IN (0x0001)false
                                                Apr 27, 2024 00:23:01.577368975 CEST1.1.1.1192.168.2.50x3a6bName error (3)btweb.topnonenoneA (IP address)IN (0x0001)false
                                                Apr 27, 2024 00:23:01.579629898 CEST1.1.1.1192.168.2.50xdf96Name error (3)btweb.topnonenone65IN (0x0001)false
                                                Apr 27, 2024 00:23:03.951802015 CEST1.1.1.1192.168.2.50x91d7No error (0)www.google.com142.250.80.36A (IP address)IN (0x0001)false
                                                Apr 27, 2024 00:23:03.952521086 CEST1.1.1.1192.168.2.50x8df9No error (0)www.google.com65IN (0x0001)false
                                                Apr 27, 2024 00:23:06.686712027 CEST1.1.1.1192.168.2.50x3365Name error (3)btweb.topnonenoneA (IP address)IN (0x0001)false
                                                Apr 27, 2024 00:23:06.686956882 CEST1.1.1.1192.168.2.50x9c38Name error (3)btweb.topnonenone65IN (0x0001)false
                                                Apr 27, 2024 00:23:06.780628920 CEST1.1.1.1192.168.2.50x2964Name error (3)btweb.topnonenoneA (IP address)IN (0x0001)false
                                                Apr 27, 2024 00:23:33.230986118 CEST1.1.1.1192.168.2.50xb426Name error (3)btweb.topnonenoneA (IP address)IN (0x0001)false
                                                Apr 27, 2024 00:23:36.899630070 CEST1.1.1.1192.168.2.50x2aabName error (3)btweb.topnonenone65IN (0x0001)false
                                                Apr 27, 2024 00:23:37.134198904 CEST1.1.1.1192.168.2.50x5c1aName error (3)btweb.topnonenoneA (IP address)IN (0x0001)false
                                                Apr 27, 2024 00:23:37.305118084 CEST1.1.1.1192.168.2.50xa4b9Name error (3)btweb.topnonenoneA (IP address)IN (0x0001)false
                                                Apr 27, 2024 00:23:53.558691025 CEST1.1.1.1192.168.2.50x4eeaName error (3)btweb.topnonenoneA (IP address)IN (0x0001)false
                                                Apr 27, 2024 00:24:12.087721109 CEST1.1.1.1192.168.2.50x6280Name error (3)btweb.topnonenoneA (IP address)IN (0x0001)false
                                                Apr 27, 2024 00:24:37.451714039 CEST1.1.1.1192.168.2.50x6cb2Name error (3)btweb.topnonenoneA (IP address)IN (0x0001)false
                                                Apr 27, 2024 00:24:37.453264952 CEST1.1.1.1192.168.2.50x6e9cName error (3)btweb.topnonenone65IN (0x0001)false
                                                Apr 27, 2024 00:24:37.545886993 CEST1.1.1.1192.168.2.50xb827Name error (3)btweb.topnonenoneA (IP address)IN (0x0001)false
                                                Apr 27, 2024 00:25:29.494379997 CEST1.1.1.1192.168.2.50x5f1bName error (3)btweb.topnonenoneA (IP address)IN (0x0001)false
                                                Apr 27, 2024 00:25:54.076594114 CEST1.1.1.1192.168.2.50xdf3dName error (3)btweb.topnonenoneA (IP address)IN (0x0001)false

                                                HTTP Request Dependency Graph

                                                • fs.microsoft.com
                                                • armmf.adobe.com
                                                • slscr.update.microsoft.com
                                                • https:
                                                  • www.bing.com

                                                HTTPS Proxied Packets

                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                0192.168.2.54971523.51.58.94443
                                                TimestampBytes transferredDirectionData
                                                2024-04-26 22:22:41 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                Connection: Keep-Alive
                                                Accept: */*
                                                Accept-Encoding: identity
                                                User-Agent: Microsoft BITS/7.8
                                                Host: fs.microsoft.com
                                                2024-04-26 22:22:42 UTC466INHTTP/1.1 200 OK
                                                Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                Content-Type: application/octet-stream
                                                ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                Server: ECAcc (chd/079C)
                                                X-CID: 11
                                                X-Ms-ApiVersion: Distribute 1.2
                                                X-Ms-Region: prod-eus-z1
                                                Cache-Control: public, max-age=31274
                                                Date: Fri, 26 Apr 2024 22:22:41 GMT
                                                Connection: close
                                                X-CID: 2


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                1192.168.2.54971623.51.58.94443
                                                TimestampBytes transferredDirectionData
                                                2024-04-26 22:22:42 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                Connection: Keep-Alive
                                                Accept: */*
                                                Accept-Encoding: identity
                                                If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                Range: bytes=0-2147483646
                                                User-Agent: Microsoft BITS/7.8
                                                Host: fs.microsoft.com
                                                2024-04-26 22:22:42 UTC455INHTTP/1.1 200 OK
                                                ApiVersion: Distribute 1.1
                                                Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                Content-Type: application/octet-stream
                                                ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                Server: ECAcc (chd/0778)
                                                X-CID: 11
                                                Cache-Control: public, max-age=31209
                                                Date: Fri, 26 Apr 2024 22:22:42 GMT
                                                Content-Length: 55
                                                Connection: close
                                                X-CID: 2
                                                2024-04-26 22:22:42 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                2192.168.2.54971723.47.168.244435908C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                TimestampBytes transferredDirectionData
                                                2024-04-26 22:22:44 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                                                Host: armmf.adobe.com
                                                Connection: keep-alive
                                                Accept-Language: en-US,en;q=0.9
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                                                Sec-Fetch-Site: same-origin
                                                Sec-Fetch-Mode: no-cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                If-None-Match: "78-5faa31cce96da"
                                                If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                                                2024-04-26 22:22:44 UTC198INHTTP/1.1 304 Not Modified
                                                Content-Type: text/plain; charset=UTF-8
                                                Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                                                ETag: "78-5faa31cce96da"
                                                Date: Fri, 26 Apr 2024 22:22:44 GMT
                                                Connection: close


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                3192.168.2.54971813.85.23.86443
                                                TimestampBytes transferredDirectionData
                                                2024-04-26 22:22:50 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=o7Mc8GUSlbOUKpk&MD=xkXvzFLG HTTP/1.1
                                                Connection: Keep-Alive
                                                Accept: */*
                                                User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                Host: slscr.update.microsoft.com
                                                2024-04-26 22:22:50 UTC560INHTTP/1.1 200 OK
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                Content-Type: application/octet-stream
                                                Expires: -1
                                                Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                MS-CorrelationId: b503b24d-1113-45c5-b13f-5f5570caa75e
                                                MS-RequestId: cd707e73-470c-46cb-8c7e-aa91fe36bebb
                                                MS-CV: xdQ+GrBE/Eu45Lzi.0
                                                X-Microsoft-SLSClientCache: 2880
                                                Content-Disposition: attachment; filename=environment.cab
                                                X-Content-Type-Options: nosniff
                                                Date: Fri, 26 Apr 2024 22:22:50 GMT
                                                Connection: close
                                                Content-Length: 24490
                                                2024-04-26 22:22:50 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                2024-04-26 22:22:50 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                4192.168.2.54973723.1.237.91443
                                                TimestampBytes transferredDirectionData
                                                2024-04-26 22:23:20 UTC2148OUTPOST /threshold/xls.aspx HTTP/1.1
                                                Origin: https://www.bing.com
                                                Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
                                                Accept: */*
                                                Accept-Language: en-CH
                                                Content-type: text/xml
                                                X-Agent-DeviceId: 01000A410900D492
                                                X-BM-CBT: 1696428841
                                                X-BM-DateFormat: dd/MM/yyyy
                                                X-BM-DeviceDimensions: 784x984
                                                X-BM-DeviceDimensionsLogical: 784x984
                                                X-BM-DeviceScale: 100
                                                X-BM-DTZ: 120
                                                X-BM-Market: CH
                                                X-BM-Theme: 000000;0078d7
                                                X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E
                                                X-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22
                                                X-Device-isOptin: false
                                                X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
                                                X-Device-OSSKU: 48
                                                X-Device-Touch: false
                                                X-DeviceID: 01000A410900D492
                                                X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticsh
                                                X-MSEdge-ExternalExpType: JointCoord
                                                X-PositionerType: Desktop
                                                X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
                                                X-Search-CortanaAvailableCapabilities: None
                                                X-Search-SafeSearch: Moderate
                                                X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time
                                                X-UserAgeClass: Unknown
                                                Accept-Encoding: gzip, deflate, br
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                Host: www.bing.com
                                                Content-Length: 2484
                                                Connection: Keep-Alive
                                                Cache-Control: no-cache
                                                Cookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1714170139007&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
                                                2024-04-26 22:23:20 UTC1OUTData Raw: 3c
                                                Data Ascii: <
                                                2024-04-26 22:23:20 UTC2483OUTData Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 33 36 34 34 46 44 37 34 44 46 31 36 36 31 38 46 30 38 46 37 45 43 30 33 44 45 35 35 36 30 30 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 37 35 32 32 38 31 35 36 37 30 33 41 34 30 44 35 42 39 37 45 35 41 36 38 33 36 46 32 41 31 43 45 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49
                                                Data Ascii: ClientInstRequest><CID>3644FD74DF16618F08F7EC03DE556001</CID><Events><E><T>Event.ClientInst</T><IG>75228156703A40D5B97E5A6836F2A1CE</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
                                                2024-04-26 22:23:20 UTC480INHTTP/1.1 204 No Content
                                                Access-Control-Allow-Origin: *
                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                X-MSEdge-Ref: Ref A: 87C244A4A6FC4B63821305F66E650792 Ref B: LAX311000115017 Ref C: 2024-04-26T22:23:20Z
                                                Date: Fri, 26 Apr 2024 22:23:20 GMT
                                                Connection: close
                                                Alt-Svc: h3=":443"; ma=93600
                                                X-CDN-TraceID: 0.57ed0117.1714170200.13e00159


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                5192.168.2.54973813.85.23.86443
                                                TimestampBytes transferredDirectionData
                                                2024-04-26 22:23:28 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=o7Mc8GUSlbOUKpk&MD=xkXvzFLG HTTP/1.1
                                                Connection: Keep-Alive
                                                Accept: */*
                                                User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                Host: slscr.update.microsoft.com
                                                2024-04-26 22:23:28 UTC560INHTTP/1.1 200 OK
                                                Cache-Control: no-cache
                                                Pragma: no-cache
                                                Content-Type: application/octet-stream
                                                Expires: -1
                                                Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"
                                                MS-CorrelationId: 349e8dfd-9d79-4724-8c3e-78ce9b33ee5f
                                                MS-RequestId: bb999244-4c77-4c6e-994e-f3dc5cc6b717
                                                MS-CV: 3cHLKm+68EWlTvFu.0
                                                X-Microsoft-SLSClientCache: 2160
                                                Content-Disposition: attachment; filename=environment.cab
                                                X-Content-Type-Options: nosniff
                                                Date: Fri, 26 Apr 2024 22:23:28 GMT
                                                Connection: close
                                                Content-Length: 25457
                                                2024-04-26 22:23:28 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92
                                                Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
                                                2024-04-26 22:23:28 UTC9633INData Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a
                                                Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq


                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                General

                                                Target ID:0
                                                Start time:00:22:29
                                                Start date:27/04/2024
                                                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\ReInvest Capital .pdf"
                                                Imagebase:0x7ff686a00000
                                                File size:5'641'176 bytes
                                                MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:moderate
                                                Has exited:true

                                                General

                                                Target ID:2
                                                Start time:00:22:30
                                                Start date:27/04/2024
                                                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                                Imagebase:0x7ff6413e0000
                                                File size:3'581'912 bytes
                                                MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:moderate
                                                Has exited:true

                                                General

                                                Target ID:4
                                                Start time:00:22:30
                                                Start date:27/04/2024
                                                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1636,i,6048400525593136051,16366284519615366679,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                Imagebase:0x7ff6413e0000
                                                File size:3'581'912 bytes
                                                MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:moderate
                                                Has exited:true

                                                General

                                                Target ID:8
                                                Start time:00:22:55
                                                Start date:27/04/2024
                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://btweb.top"
                                                Imagebase:0x7ff715980000
                                                File size:3'242'272 bytes
                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:false

                                                General

                                                Target ID:9
                                                Start time:00:22:56
                                                Start date:27/04/2024
                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1992,i,8589298334556741863,1996516174095378037,262144 /prefetch:8
                                                Imagebase:0x7ff715980000
                                                File size:3'242'272 bytes
                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:false

                                                Disassembly

                                                No disassembly