Edit tour

Windows Analysis Report
http://jimdo-storage.global.ssl.fastly.net/file/a45fef49-77a5-4e4b-b081-f19dd1b9626e/b0aa30c8-07ba-4acf-a6e6-856aaa7da320.pdf

Overview

General Information

Sample URL:	http://jimdo-storage.global.ssl.fastly.net/file/a45fef49-77a5-4e4b-b081-f19dd1b9626e/b0aa30c8-07ba-4acf-a6e6-856aaa7da320.pdf
Analysis ID:	1435396
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for dropped file

Found potential malicious PDF (bad image similarity)

Drops files with a non-matching file extension (content does not match file extension)

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3496 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6156 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1996,i,7356032450195835472,9200173800373287896,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2108 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:/// MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6432 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1988,i,15459531492648321926,73943692017131894,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6448 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://jimdo-storage.global.ssl.fastly.net/file/a45fef49-77a5-4e4b-b081-f19dd1b9626e/b0aa30c8-07ba-4acf-a6e6-856aaa7da320.pdf" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

Acrobat.exe (PID: 6092 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\downloaded.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 6728 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 5884 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1544,i,12707823887346907515,10968351140534429478,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A410900D492X-BM-CBT: 1696428841X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A410900D492X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticshX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 2484Connection: Keep-AliveCache-Control: no-cacheCookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1714660597023&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: keep-aliveContent-Length: 146Content-Type: text/htmlStrict-Transport-Security: max-age=15724800; includeSubDomainsVia: 1.1 varnish, 1.1 varnishAccess-Control-Allow-Origin: *Accept-Ranges: bytesAge: 3562Date: Thu, 02 May 2024 14:37:24 GMTX-Served-By: cache-fra-eddf8230094-FRA, cache-lga21978-LGAX-Cache: HIT, HITX-Cache-Hits: 107, 0X-Timer: S1714660644.275830,VS0,VE1

Source: chromecache_161.2.dr, 4285c631-1dd7-4316-b18a-b9f7cc4f00d9.tmp.0.dr, downloaded.pdf.crdownload.0.dr

String found in binary or memory: https://nabot.yftejum.com/9565112701457389466222?fopulenabatovadalatoludupozalabogufanexebopegopamuj

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 69.192.108.161:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.192.108.161:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.5:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.5:49734 version: TLS 1.2

System Summary

Found potential malicious PDF (bad image similarity)

Source: downloaded.pdf.crdownload.0.dr	Static PDF information: Image stream: 7
Source: 4285c631-1dd7-4316-b18a-b9f7cc4f00d9.tmp.0.dr	Static PDF information: Image stream: 7
Source: chromecache_161.2.dr	Static PDF information: Image stream: 7

Source: classification engine

Classification label: mal56.win@43/51@6/7

Source: chromecache_161.2.dr

Initial sample: https://nabot.yftejum.com/9565112701457389466222?fopulenabatovadalatoludupozalabogufanexebopegopamujenavufusefiwovawugekezuzuwubobogegoro=desoxefebovizoluregedolamoliwebererixitebaxivonesajevigekavumupirigaliwalegetokutivemapinozezobefedovefojojagusabumawukifudoxikufaletiviwinujovugodolozupanilalavegabavozusunaritiferibajefakoninavojugedevedifa&keyword=cbt+downward+arrow+worksheet&wupetobigojaritomozupunixezejuwokapezotomigexudugefuraza=xezajajajiwasozeserusuworanebosutamototevafebuwusubipizedibimedekabotudivatawexenokezuxujagipalunegaketizoganoxewivujov

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-05-02 16-38-40-477.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1996,i,7356032450195835472,9200173800373287896,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1988,i,15459531492648321926,73943692017131894,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://jimdo-storage.global.ssl.fastly.net/file/a45fef49-77a5-4e4b-b081-f19dd1b9626e/b0aa30c8-07ba-4acf-a6e6-856aaa7da320.pdf"
Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\downloaded.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1544,i,12707823887346907515,10968351140534429478,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1996,i,7356032450195835472,9200173800373287896,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1988,i,15459531492648321926,73943692017131894,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1544,i,12707823887346907515,10968351140534429478,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\crash_reporter.cfg

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 161
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 161			Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Spearphishing Link	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	11 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://jimdo-storage.global.ssl.fastly.net/file/a45fef49-77a5-4e4b-b081-f19dd1b9626e/b0aa30c8-07ba-4acf-a6e6-856aaa7da320.pdf	0%	Avira URL Cloud	safe

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\Downloads\downloaded.pdf.crdownload	100%	Avira	HTML/Malicious.PDF.Gen2

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
chrome.cloudflare-dns.com	0%	Virustotal		Browse
jimdo-storage.global.ssl.fastly.net	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://chrome.cloudflare-dns.com/dns-query	0%	URL Reputation	safe
http://jimdo-storage.global.ssl.fastly.net/favicon.ico	0%	Avira URL Cloud	safe
file:///C:/Users/user/Downloads/downloaded.pdf	0%	Avira URL Cloud	safe
https://nabot.yftejum.com/9565112701457389466222?fopulenabatovadalatoludupozalabogufanexebopegopamuj	0%	Avira URL Cloud	safe
http://jimdo-storage.global.ssl.fastly.net/favicon.ico	1%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
jimdo-storage.global.ssl.fastly.net	151.101.1.194	true	false	0%, Virustotal, Browse	unknown
chrome.cloudflare-dns.com	162.159.61.3	true	false	0%, Virustotal, Browse	unknown
www.google.com	142.250.80.68	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.google.com/async/ddljson?async=ntp:2	false		high
http://jimdo-storage.global.ssl.fastly.net/favicon.ico	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://jimdo-storage.global.ssl.fastly.net/file/a45fef49-77a5-4e4b-b081-f19dd1b9626e/b0aa30c8-07ba-4acf-a6e6-856aaa7da320.pdf	false		unknown
https://www.google.com/async/newtab_promos	false		high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	false		high
https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS_YJbhGIbKzrEGIjC_ctmlDx7YqMpMx5sM2DgP4-8JlawZxKWBMknbr_T3JOusNUS6noQ2G0-mq239JYwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false		high
https://chrome.cloudflare-dns.com/dns-query	false	URL Reputation: safe	unknown
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS_YJbhGIbKzrEGIjB1EW_vl-qdTy4rg5nzC_ZH7PLGov5GNaTYBf5XVILu4QW1fAhuq2iuY0eLCAw7uOIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false		high
file:///C:/Users/user/Downloads/downloaded.pdf	false	Avira URL Cloud: safe	low

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://nabot.yftejum.com/9565112701457389466222?fopulenabatovadalatoludupozalabogufanexebopegopamuj	chromecache_161.2.dr, 4285c631-1dd7-4316-b18a-b9f7cc4f00d9.tmp.0.dr, downloaded.pdf.crdownload.0.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.80.68	www.google.com	United States	15169	GOOGLEUS	false
151.101.1.194	jimdo-storage.global.ssl.fastly.net	United States	54113	FASTLYUS	false
162.159.61.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
23.41.168.139	unknown	United States	6461	ZAYO-6461US	false
107.22.247.231	unknown	United States	14618	AMAZON-AESUS	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1435396
Start date and time:	2024-05-02 16:36:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 14s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://jimdo-storage.global.ssl.fastly.net/file/a45fef49-77a5-4e4b-b081-f19dd1b9626e/b0aa30c8-07ba-4acf-a6e6-856aaa7da320.pdf
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@43/51@6/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.65.195, 142.250.80.14, 172.253.62.84, 34.104.35.123, 146.19.181.20, 199.232.210.172, 192.229.211.108, 142.251.40.131, 142.251.40.110, 23.223.209.217, 23.223.209.213, 142.250.65.227, 142.250.176.195
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, clientservices.googleapis.com, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, a122.dscd.akamai.net, update.googleapis.com, clients.l.google.com, www.gstatic.com
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.240163065421456
Encrypted:	false
SSDEEP:	6:DjHdXN+q2P92nKuAl9OmbnIFUt86jHGJZmw+6jHPtVkwO92nKuAl9OmbjLJ:Dj9XIv4HAahFUt86jU/+6jvT5LHAaSJ
MD5:	95B8A2BDA7B2FBF01D61249E8731779C
SHA1:	DCDE6111DD48DEE701697C304543CF37C347E697
SHA-256:	BF099B36008442FF161823F312D90D3A5AAD4B357A68B0068D7C42FCF4798DD6
SHA-512:	5795E962A5AB64F82D131E3DDC883A3D6A427378B813330D9638B49BD90A8073D42E20FE2F8B81F30B0E821401A9C032A39DA9B90E639628F809DFCD606051EC
Malicious:	false
Reputation:	low
Preview:	2024/05/02-16:38:37.431 628 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/05/02-16:38:37.432 628 Recovering log #3.2024/05/02-16:38:37.433 628 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

Source: http://jimdo-storage.global.ssl.fastly.net/file/a45fef49-77a5-4e4b-b081-f19dd1b9626e/b0aa30c8-07ba-4acf-a6e6-856aaa7da320.pdf	HTTP Parser: No favicon
Source: file:///C:/Users/user/Downloads/downloaded.pdf	HTTP Parser: No favicon

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.108.161
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.108.161
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.108.161
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.108.161
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.108.161
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.108.161
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.108.161
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.108.161
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.108.161
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.108.161
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.108.161
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.108.161
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.108.161
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.108.161
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.108.161
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.108.161
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.108.161
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.108.161
Source: unknown	TCP traffic detected without corresponding DNS query: 69.192.108.161
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91

Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS_YJbhGIbKzrEGIjC_ctmlDx7YqMpMx5sM2DgP4-8JlawZxKWBMknbr_T3JOusNUS6noQ2G0-mq239JYwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-05-02-14; NID=513=kwEx4KrgkFEuTqTiVHb9Mfrt4tvphXSr3M6o-xwf4-YjZ6q0_nEGdSsrflFsmbRGvAOPUBc1a8mV9LO7PFVJ8u_b65igg2v1c6RYrPdnJRDDFth_jNRN1jR6O9f4AM7WiwqrHqFukwRt2U573AYoSV7LrtAwqiWO07ZupQRqKj4
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS_YJbhGIbKzrEGIjB1EW_vl-qdTy4rg5nzC_ZH7PLGov5GNaTYBf5XVILu4QW1fAhuq2iuY0eLCAw7uOIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-05-02-14; NID=513=YpC-RKooBlSOD762VM_TiB2lc5GO_uifQiSF6V54qbg2n4JDUHD26ejZa-YbITcOJq3050xROnRfhr5l6QNXGaGtq_b1xDEhU6p2fQrui3HmTVDD59bjOlmCb8cUvwrTATugxQzaCo5ODGFckr_jpLBl69C7Gzvjde0kLFKsLBg
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS_YJbhGIbKzrEGIjAFQcor-5S19X7DrXTPfINS-a6YX-Q-2DXPotl5HRTYFy57jTa18xaABvlRtFqryjkyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-05-02-14; NID=513=KfBNQP_EFjBqVTvonbJdvQebl753y5zpBipb34jB1kl3et_gtMCEckto5EJdZDU2ciYLXVkmzcOQzYKHPc3RzdYZYVAhQR1z_BG0Gls-9s1zgRxZLcW5KQ8VCNI8ofT5oUFPpDoksXVIPrMXcdlvnt1eSclEbnKnbqm71APjpPc
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=pyLR6UbKhO8dEtW&MD=PxBTmzEf HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=pyLR6UbKhO8dEtW&MD=PxBTmzEf HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: geo2.adobe.comConnection: keep-aliveAccept: application/jsonAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1Host: p13n.adobe.ioConnection: keep-alivesec-ch-ua: "Chromium";v="105"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01x-adobe-uuid: 89d789c4-e7e5-4f75-95a4-57139ab6811fx-adobe-uuid-type: visitorIdx-api-key: AdobeReader9sec-ch-ua-platform: "Windows"Origin: https://rna-resource.acrobat.comAccept-Language: en-US,en;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://rna-resource.acrobat.com/Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global traffic	HTTP traffic detected: GET /file/a45fef49-77a5-4e4b-b081-f19dd1b9626e/b0aa30c8-07ba-4acf-a6e6-856aaa7da320.pdf HTTP/1.1Host: jimdo-storage.global.ssl.fastly.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: jimdo-storage.global.ssl.fastly.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://jimdo-storage.global.ssl.fastly.net/file/a45fef49-77a5-4e4b-b081-f19dd1b9626e/b0aa30c8-07ba-4acf-a6e6-856aaa7da320.pdfAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /file/a45fef49-77a5-4e4b-b081-f19dd1b9626e/b0aa30c8-07ba-4acf-a6e6-856aaa7da320.pdf HTTP/1.1Host: jimdo-storage.global.ssl.fastly.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: jimdo-storage.global.ssl.fastly.net
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu May 2 13:36:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9750199989119226
Encrypted:	false
SSDEEP:	48:8DdTTbr3HnGidAKZdA19ehwiZUklqehay+3:8prcZy
MD5:	99FDF13B9073E090614E03BE808B5444
SHA1:	5249BFDE8C650FCD25E32991C3D38E6173EEB25F
SHA-256:	05053AD81F1C161C2834C41A5DB8890B69170C9417DDB5F5CD441D7C3025813F
SHA-512:	01D9597B7EE959531510357B957808DF616B3EDAA986D809A192FE1F048DD926C7FE335F83B0459A16643B8B634A219D2460286CEE0AE692D2BA06918A0C07D7
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....J.......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.t....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.t....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.t....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.t..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.t...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............d......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 2, 2024 16:36:53.281277895 CEST	53	57059	1.1.1.1	192.168.2.5
May 2, 2024 16:36:53.286485910 CEST	53	54317	1.1.1.1	192.168.2.5
May 2, 2024 16:36:54.236363888 CEST	61419	53	192.168.2.5	1.1.1.1
May 2, 2024 16:36:54.236787081 CEST	54108	53	192.168.2.5	1.1.1.1
May 2, 2024 16:36:54.287975073 CEST	53	54862	1.1.1.1	192.168.2.5
May 2, 2024 16:36:54.324942112 CEST	53	54108	1.1.1.1	192.168.2.5
May 2, 2024 16:36:54.324986935 CEST	53	61419	1.1.1.1	192.168.2.5
May 2, 2024 16:37:11.776601076 CEST	53	51412	1.1.1.1	192.168.2.5
May 2, 2024 16:37:21.254829884 CEST	53747	53	192.168.2.5	1.1.1.1
May 2, 2024 16:37:21.255356073 CEST	63778	53	192.168.2.5	1.1.1.1
May 2, 2024 16:37:21.345515013 CEST	53	63778	1.1.1.1	192.168.2.5
May 2, 2024 16:37:21.346379995 CEST	53	53747	1.1.1.1	192.168.2.5
May 2, 2024 16:37:33.114738941 CEST	53	64843	1.1.1.1	192.168.2.5
May 2, 2024 16:37:54.582487106 CEST	53	54330	1.1.1.1	192.168.2.5
May 2, 2024 16:37:58.936445951 CEST	53	55307	1.1.1.1	192.168.2.5
May 2, 2024 16:38:27.961400986 CEST	53	63417	1.1.1.1	192.168.2.5
May 2, 2024 16:38:43.765177965 CEST	53125	53	192.168.2.5	1.1.1.1
May 2, 2024 16:38:43.870956898 CEST	53	53125	1.1.1.1	192.168.2.5
May 2, 2024 16:38:44.690037012 CEST	56488	443	192.168.2.5	162.159.61.3
May 2, 2024 16:38:44.780190945 CEST	443	56488	162.159.61.3	192.168.2.5
May 2, 2024 16:38:44.780493021 CEST	443	56488	162.159.61.3	192.168.2.5
May 2, 2024 16:38:44.780513048 CEST	443	56488	162.159.61.3	192.168.2.5
May 2, 2024 16:38:44.786900043 CEST	56488	443	192.168.2.5	162.159.61.3
May 2, 2024 16:38:44.793514967 CEST	56488	443	192.168.2.5	162.159.61.3
May 2, 2024 16:38:44.793683052 CEST	56488	443	192.168.2.5	162.159.61.3
May 2, 2024 16:38:44.794068098 CEST	56488	443	192.168.2.5	162.159.61.3
May 2, 2024 16:38:44.882251024 CEST	443	56488	162.159.61.3	192.168.2.5
May 2, 2024 16:38:44.882278919 CEST	443	56488	162.159.61.3	192.168.2.5
May 2, 2024 16:38:44.882627964 CEST	56488	443	192.168.2.5	162.159.61.3
May 2, 2024 16:38:44.882649899 CEST	443	56488	162.159.61.3	192.168.2.5
May 2, 2024 16:38:44.882667065 CEST	443	56488	162.159.61.3	192.168.2.5
May 2, 2024 16:38:44.882800102 CEST	56488	443	192.168.2.5	162.159.61.3
May 2, 2024 16:38:44.883564949 CEST	443	56488	162.159.61.3	192.168.2.5
May 2, 2024 16:38:44.886972904 CEST	443	56488	162.159.61.3	192.168.2.5
May 2, 2024 16:38:44.912138939 CEST	56488	443	192.168.2.5	162.159.61.3
May 2, 2024 16:38:44.971194983 CEST	443	56488	162.159.61.3	192.168.2.5
May 2, 2024 16:38:44.997448921 CEST	56488	443	192.168.2.5	162.159.61.3
May 2, 2024 16:38:46.370582104 CEST	56488	443	192.168.2.5	162.159.61.3
May 2, 2024 16:38:46.461847067 CEST	443	56488	162.159.61.3	192.168.2.5
May 2, 2024 16:38:46.462662935 CEST	443	56488	162.159.61.3	192.168.2.5
May 2, 2024 16:38:46.492228985 CEST	56488	443	192.168.2.5	162.159.61.3
May 2, 2024 16:38:51.369211912 CEST	56488	443	192.168.2.5	162.159.61.3
May 2, 2024 16:38:51.459440947 CEST	443	56488	162.159.61.3	192.168.2.5
May 2, 2024 16:38:51.460818052 CEST	443	56488	162.159.61.3	192.168.2.5
May 2, 2024 16:38:51.623300076 CEST	443	56488	162.159.61.3	192.168.2.5
May 2, 2024 16:38:51.751888037 CEST	56488	443	192.168.2.5	162.159.61.3
May 2, 2024 16:39:05.173629999 CEST	63582	53	192.168.2.5	1.1.1.1
May 2, 2024 16:39:05.262203932 CEST	53	63582	1.1.1.1	192.168.2.5

Timestamp	Bytes transferred	Direction	Data
May 2, 2024 16:37:21.436167002 CEST	532	OUT	GET /file/a45fef49-77a5-4e4b-b081-f19dd1b9626e/b0aa30c8-07ba-4acf-a6e6-856aaa7da320.pdf HTTP/1.1 Host: jimdo-storage.global.ssl.fastly.net Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 2, 2024 16:37:21.524970055 CEST	583	IN	HTTP/1.1 200 OK Connection: keep-alive Content-Length: 322193 Content-Type: application/pdf referrer-policy: same-origin cache-control: max-age=31536000,public x-frame-options: DENY content-language: en x-content-type-options: nosniff Strict-Transport-Security: max-age=15724800; includeSubDomains Via: 1.1 varnish, 1.1 varnish Access-Control-Allow-Origin: * Accept-Ranges: bytes Age: 1210861 Date: Thu, 02 May 2024 14:37:21 GMT X-Served-By: cache-fra-etou8220078-FRA, cache-lga21978-LGA X-Cache: MISS, HIT X-Cache-Hits: 0, 0 X-Timer: S1714660641.477706,VS0,VE1
May 2, 2024 16:37:21.526226044 CEST	1289	IN	Data Raw: 25 50 44 46 2d 31 2e 34 0a 25 c3 a2 c3 a3 0a 31 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 54 69 74 6c 65 20 28 29 0a 2f 43 72 65 61 74 6f 72 20 28 fe ff 00 77 00 6b 00 68 00 74 00 6d 00 6c 00 74 00 6f 00 70 00 64 00 66 00 20 00 30 00 2e 00 31 00 32 00 2e Data Ascii: %PDF-1.4%1 0 obj<</Title ()/Creator (wkhtmltopdf 0.12.5)/Producer (Qt 5.11.3)/CreationDate (D:20231008032855+03'00')>>endobj2 0 obj<</Type /Catalog/Pages 3 0 R>>endobj4 0 obj<</Type /ExtGSta
May 2, 2024 16:37:21.526379108 CEST	1289	IN	Data Raw: fa 63 fc f3 4d 6c 4b dd 2f eb a7 63 9d 9b e1 07 86 d2 43 9d 39 49 72 48 53 73 29 2d eb fc 5f ca 9a 3e 0c 78 75 65 04 d8 12 1f 24 8f 3a 63 e9 df 77 15 d3 ba 85 70 39 03 1b 71 db eb e8 33 48 9b c4 6d 80 e1 87 76 39 38 1e 98 eb fc fa 50 b6 29 bb cb Data Ascii: cMlK/cC9IrHSs)-_>xue$:cwp9q3Hmv98P)Ts?\|4gqw7i370'POL!s@?'9/fL%C 93ryp~nMfqL4R2Wfc8
May 2, 2024 16:37:21.526437998 CEST	1289	IN	Data Raw: d7 87 22 04 36 9c 24 c3 f7 9e 5c 0e 49 e3 e6 eb 83 8f 7c 57 4b 18 d9 33 0d ea 59 8f 7e 31 fd 7a e7 f2 eb ea a4 b4 05 d8 21 2a 07 23 1c e3 3c 90 07 24 f7 fc a9 be c2 8b da 4f a5 ff 00 af eb fc ce 64 fc 22 f0 fc b2 02 9a 73 fc 8d c6 2e e6 00 91 c0 Data Ascii: "6$\I\|WK3Y~1z!#<$Od"s.Up~lzS.y;HR6y0?uBA,@JEG3{n:>oilVIo\wwm@BG_O^VVa%)#J~=v9xsk
May 2, 2024 16:37:21.526496887 CEST	1289	IN	Data Raw: a4 04 24 0f 5e d9 f4 ff 00 1a 58 47 ef 09 57 0e ad 95 e4 8e 3a 71 f9 e6 81 ab df 5f eb fa fe bc f9 a3 f0 73 c3 6f 20 df a6 ed 00 e3 fe 3e 26 c7 5e 3f 8b d4 ff 00 9e 70 37 c2 5d 02 4c ee b0 3b 58 82 36 cd 37 1e c7 e6 e9 9c 57 4c 30 80 11 9c 07 e7 Data Ascii: $^XGW:q_so >&^?p7]L;X67WL0#B(bAaLsMAv]9h'zSeG)_/W8?p7sOV9H\|]~xj@i'nCZX>x~JXsJ}7u}N<
May 2, 2024 16:37:21.526551962 CEST	1289	IN	Data Raw: d9 24 10 30 e5 9b 90 9c 72 41 cf 19 c7 23 af 5e 9d e9 32 24 95 b6 b1 c0 1b 58 1e 7b 76 ed 9f d3 9a 22 1e 52 6d d9 b6 46 cf dd e8 3b fb 64 64 ff 00 fa a8 b0 39 5f 44 3b 76 1a 43 91 86 21 57 60 3c 1e e3 8e fe ff 00 4a 54 50 55 b0 0e d6 c9 20 f4 c7 Data Ascii: $0rA#^2$X{v"RmF;dd9_D;vC!W`<JTPU 3Nxs1*#9/9}}~B0NdL28=d$;8T@rF<?COFteNzm*J,iz8y[&
May 2, 2024 16:37:21.526616096 CEST	1289	IN	Data Raw: 18 48 48 ce d0 dc 74 04 36 47 ff 00 af f5 a8 fe 58 27 45 79 23 5f 37 e5 8f 76 14 b9 00 93 f5 c8 52 71 8e d9 a4 68 c8 84 37 2a d1 a9 55 dd 93 f9 e4 ff 00 3f 6e 7b d3 b1 31 6d 5d a5 eb fd 7c ef ff 00 0e 4c e3 c9 8d 48 52 c1 14 9c 92 06 07 f9 fc 38 Data Ascii: HHt6GX'Ey#_7vRqh7*U?n{1m]\|LHR8M%fA9sBm%W#ryfF I<T=ShB?SfKE==5".s-2[JfD\`c#< ?t?f
May 2, 2024 16:37:21.526665926 CEST	1214	IN	Data Raw: b6 df b1 6f 03 a9 2c c5 8f 2b d3 23 f1 fe 86 88 95 16 dd 48 00 2a f2 a7 af 1e b9 e7 b7 7e f9 af 2c ff 00 86 b1 f0 c4 52 ba 2e 9f ad 32 ff 00 08 fb 3c 41 48 eb d0 c9 df 39 e9 df 9e 94 df f8 6b bf 0f 43 0b 95 b0 d7 18 a9 c0 fd cc 4c 47 3c 1e 24 27 Data Ascii: o,+#H*~,R.2<AH9kCLG<$'MZw=Y8i499yb~^Z,D=(Hln+bcih^`+zF8^<+zs^W7q7El<i'\|4f[/V,
May 2, 2024 16:37:21.526768923 CEST	1289	IN	Data Raw: c7 e8 28 00 79 6d 99 32 4f 42 3a 01 9e 3f 4c 0a 5c f9 51 33 32 1c 0c ed 20 e4 e0 d1 7e 82 51 5b fc ff 00 e1 ed e4 20 da 8a db 40 50 e4 b3 70 09 3d 3f 3e 28 dc 18 92 7f e5 9b 65 7d ba f1 cf e3 fe 34 65 89 0a a1 95 9f 82 76 f0 bf d3 34 c9 26 fb 39 Data Ascii: (ym2OB:?L\Q32 ~Q[ @Pp=?>(e}4ev4&914V^CpYN;:fu98TFb[lQ[m#6/N?^?4,r~yMPqtpvNp;=})\k_EO=
May 2, 2024 16:37:21.526801109 CEST	1289	IN	Data Raw: 1f 75 3c d7 17 03 f1 cd 0c e5 cb 0f c8 e1 52 2a ed 6e 9a ee 9f e9 f9 9f 5d 9a 65 15 30 b6 9b 92 69 ed d3 5f 35 e4 7a ff 00 ec f5 ff 00 05 83 f8 a7 fb 39 7e ce 9a ef c3 bd 3e e7 ed f6 9a 8c 6c 96 37 97 0c 64 9f 4a 52 3e 65 43 c8 da 54 9e b9 23 23 Data Ascii: u<R*n]e0i_5z9~>l7dJR>eCT##})^\\xfy[I=~)k8x==k{$(9#F>q+1eRPrij2LV6;^.2dy&e9aqzT\|
May 2, 2024 16:37:21.528805017 CEST	1289	IN	Data Raw: 6f c2 f7 7c 2f ca be bf 7b 1c 70 6a 4d ad f3 63 0e a4 64 64 02 07 a6 3d 7f fa d4 f6 32 56 95 a4 bf af eb 6f f8 61 8d 3a dd 94 20 6f eb b5 80 fb bd b3 9f 5c 1a 91 9c 2b 87 1b 78 05 47 6c 63 fa 71 42 28 90 02 4a c9 9e 01 c7 63 8e f9 f6 cf e3 42 b1 Data Ascii: o\|/{pjMcdd=2Voa: o\+xGlcqB(JcB!FbrHY~t-]k.FF:;rpNO~=sO'h%$9Q})(BH!GcS\|TC&1#&k_(qdLno*C>h >})%<[8?#
May 2, 2024 16:37:24.233200073 CEST	496	OUT	GET /favicon.ico HTTP/1.1 Host: jimdo-storage.global.ssl.fastly.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://jimdo-storage.global.ssl.fastly.net/file/a45fef49-77a5-4e4b-b081-f19dd1b9626e/b0aa30c8-07ba-4acf-a6e6-856aaa7da320.pdf Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 2, 2024 16:37:24.322540045 CEST	431	IN	HTTP/1.1 404 Not Found Connection: keep-alive Content-Length: 146 Content-Type: text/html Strict-Transport-Security: max-age=15724800; includeSubDomains Via: 1.1 varnish, 1.1 varnish Access-Control-Allow-Origin: * Accept-Ranges: bytes Age: 3562 Date: Thu, 02 May 2024 14:37:24 GMT X-Served-By: cache-fra-eddf8230094-FRA, cache-lga21978-LGA X-Cache: HIT, HIT X-Cache-Hits: 107, 0 X-Timer: S1714660644.275830,VS0,VE1
May 2, 2024 16:37:24.935820103 CEST	357	OUT	GET /file/a45fef49-77a5-4e4b-b081-f19dd1b9626e/b0aa30c8-07ba-4acf-a6e6-856aaa7da320.pdf HTTP/1.1 Host: jimdo-storage.global.ssl.fastly.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 2, 2024 16:37:25.024219990 CEST	583	IN	HTTP/1.1 200 OK Connection: keep-alive Content-Length: 322193 Content-Type: application/pdf referrer-policy: same-origin cache-control: max-age=31536000,public x-frame-options: DENY content-language: en x-content-type-options: nosniff Strict-Transport-Security: max-age=15724800; includeSubDomains Via: 1.1 varnish, 1.1 varnish Access-Control-Allow-Origin: * Accept-Ranges: bytes Date: Thu, 02 May 2024 14:37:24 GMT Age: 1210864 X-Served-By: cache-fra-etou8220078-FRA, cache-lga21978-LGA X-Cache: MISS, HIT X-Cache-Hits: 0, 1 X-Timer: S1714660645.977039,VS0,VE1

Timestamp	Bytes transferred	Direction	Data
2024-05-02 14:36:54 UTC	615	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-02 14:36:54 UTC	1191	IN	HTTP/1.1 200 OK Date: Thu, 02 May 2024 14:36:54 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-maU0c26pLQ6QoFEYbOfimA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-05-02 14:36:54 UTC	64	IN	Data Raw: 36 34 33 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 61 6d 61 7a 69 6e 67 20 72 61 63 65 20 73 65 61 73 6f 6e 20 33 36 22 2c 22 6e 65 77 20 6d 61 74 68 20 64 72 69 76 69 6e 67 20 63 61 72 20 77 68 Data Ascii: 643)]}'["",["amazing race season 36","new math driving car wh
2024-05-02 14:36:54 UTC	1255	IN	Data Raw: 65 65 6c 73 20 66 61 6c 6c 20 6f 66 66 22 2c 22 70 68 69 6c 61 64 65 6c 70 68 69 61 20 65 61 67 6c 65 73 22 2c 22 61 70 70 6c 65 20 69 70 68 6f 6e 65 20 61 6c 61 72 6d 73 22 2c 22 72 69 67 68 74 20 68 65 72 65 20 72 69 67 68 74 20 6e 6f 77 20 67 68 6f 73 74 20 6d 6f 76 69 65 22 2c 22 6d 61 72 74 69 6e 65 6c 6c 69 20 61 70 70 6c 65 20 6a 75 69 63 65 20 61 72 73 65 6e 69 63 22 2c 22 73 61 6e 20 6a 61 63 69 6e 74 6f 20 72 69 76 65 72 20 66 6c 6f 6f 64 69 6e 67 22 2c 22 6f 6b 6c 61 68 6f 6d 61 20 74 6f 72 6e 61 64 6f 65 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 Data Ascii: eels fall off","philadelphia eagles","apple iphone alarms","right here right now ghost movie","martinelli apple juice arsenic","san jacinto river flooding","oklahoma tornadoes"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"
2024-05-02 14:36:54 UTC	291	IN	Data Raw: 30 56 56 5a 6e 64 51 5a 45 59 7a 64 43 74 73 56 30 39 48 51 6e 5a 5a 62 6d 6c 6d 61 6d 4a 55 54 6d 52 36 57 55 5a 68 4d 55 77 34 55 45 64 52 56 31 52 70 56 33 6c 48 62 6d 39 56 51 33 64 50 5a 30 6c 53 4f 47 52 76 4e 55 30 76 54 45 68 36 64 6d 70 75 62 54 64 33 4d 45 74 4b 51 6b 4a 51 5a 6d 39 36 53 6e 4a 76 4b 32 68 4d 5a 53 38 76 63 6b 34 77 4d 7a 49 77 56 44 4a 6e 59 56 63 31 4e 57 78 34 56 32 78 4c 52 53 39 6f 63 55 52 42 62 30 68 4d 63 31 59 35 63 6d 39 32 61 54 63 31 4e 30 70 45 59 31 42 33 4c 31 49 78 62 6e 46 44 51 57 68 53 51 57 74 43 4d 32 78 61 63 55 45 76 4f 44 67 7a 52 6c 49 76 59 32 46 30 53 32 38 35 4f 44 5a 56 5a 6c 64 31 5a 31 56 73 52 57 70 6e 64 32 4a 68 51 6b 70 6e 4d 6d 6f 31 56 6a 46 56 4c 32 31 59 56 6b 4a 47 4f 54 41 79 65 6b 70 54 Data Ascii: 0VVZndQZEYzdCtsV09HQnZZbmlmamJUTmR6WUZhMUw4UEdRV1RpV3lHbm9VQ3dPZ0lSOGRvNU0vTEh6dmpubTd3MEtKQkJQZm96SnJvK2hMZS8vck4wMzIwVDJnYVc1NWx4V2xLRS9ocURBb0hMc1Y5cm92aTc1N0pEY1B3L1IxbnFDQWhSQWtCM2xacUEvODgzRlIvY2F0S285ODZVZld1Z1VsRWpnd2JhQkpnMmo1VjFVL21YVkJGOTAyekpT
2024-05-02 14:36:54 UTC	91	IN	Data Raw: 35 35 0d 0a 6c 35 53 55 70 51 51 57 4e 76 62 55 46 54 59 30 67 7a 53 44 6c 59 4d 33 64 51 52 48 70 6b 4b 32 6c 59 57 46 4e 33 52 6c 68 78 5a 55 59 31 63 45 56 5a 59 32 67 7a 62 53 39 74 51 58 52 45 55 55 46 35 4b 32 55 7a 4d 33 59 78 56 32 35 51 64 33 68 4e 54 6e 52 0d 0a Data Ascii: 55l5SUpQQWNvbUFTY0gzSDlYM3dQRHpkK2lYWFN3RlhxZUY1cEVZY2gzbS9tQXREUUF5K2UzM3YxV25Qd3hNTnR
2024-05-02 14:36:54 UTC	1255	IN	Data Raw: 35 36 37 0d 0a 71 4c 7a 6c 30 5a 54 64 53 65 58 46 35 65 6d 46 6e 54 6b 46 5a 64 57 6b 34 4d 31 41 72 62 6a 5a 68 64 31 6f 32 62 55 5a 32 63 45 68 6e 4d 6e 56 54 4c 33 4e 6e 5a 54 45 76 51 55 68 48 5a 32 6b 72 55 6b 6c 47 51 6d 5a 4c 4d 33 5a 56 4d 48 49 34 55 32 35 33 62 54 64 47 54 7a 68 77 54 58 42 6e 59 53 38 35 4e 6e 46 50 57 57 78 56 54 46 68 54 63 6e 6f 7a 61 6a 56 43 54 47 70 49 52 7a 4e 72 63 45 4a 4b 5a 6a 5a 44 4f 56 68 4a 64 30 4e 4d 52 32 63 72 62 6c 52 71 63 31 4e 57 57 47 51 33 62 30 52 44 54 6c 64 53 57 46 55 77 56 44 56 6c 53 47 51 34 59 6b 5a 47 56 47 6f 79 53 32 35 34 59 30 38 33 4d 6a 52 61 55 30 6c 45 57 56 6b 76 5a 6a 46 47 4e 6d 70 6c 63 6b 64 71 61 57 74 4e 64 44 4d 30 65 45 56 51 62 54 51 30 63 54 4d 79 52 55 68 54 4d 56 42 73 51 Data Ascii: 567qLzl0ZTdSeXF5emFnTkFZdWk4M1ArbjZhd1o2bUZ2cEhnMnVTL3NnZTEvQUhHZ2krUklGQmZLM3ZVMHI4U253bTdGTzhwTXBnYS85NnFPWWxVTFhTcnozajVCTGpIRzNrcEJKZjZDOVhJd0NMR2crblRqc1NWWGQ3b0RDTldSWFUwVDVlSGQ4YkZGVGoyS254Y083MjRaU0lEWVkvZjFGNmplckdqaWtNdDM0eEVQbTQ0cTMyRUhTMVBsQ
2024-05-02 14:36:54 UTC	135	IN	Data Raw: 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 45 4e 54 49 54 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 5d 7d 5d 0d 0a Data Ascii: 3,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","ENTITY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]
2024-05-02 14:36:54 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-05-02 14:36:54 UTC	353	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-02 14:36:55 UTC	1303	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS_YJbhGIbKzrEGIjC_ctmlDx7YqMpMx5sM2DgP4-8JlawZxKWBMknbr_T3JOusNUS6noQ2G0-mq239JYwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgsIh8rOsQYQu43SBxIEv2CW4Q Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Permissions-Policy: unload=() P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Date: Thu, 02 May 2024 14:36:55 GMT Server: gws Content-Length: 427 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-05-02-14; expires=Sat, 01-Jun-2024 14:36:55 GMT; path=/; domain=.google.com; Secure; SameSite=none Set-Cookie: NID=513=kwEx4KrgkFEuTqTiVHb9Mfrt4tvphXSr3M6o-xwf4-YjZ6q0_nEGdSsrflFsmbRGvAOPUBc1a8mV9LO7PFVJ8u_b65igg2v1c6RYrPdnJRDDFth_jNRN1jR6O9f4AM7WiwqrHqFukwRt2U573AYoSV7LrtAwqiWO07ZupQRqKj4; expires=Fri, 01-Nov-2024 14:36:54 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-05-02 14:36:55 UTC	427	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 64 64 6c 6a 73 6f 6e 25 33 46 61 73 79 6e Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasyn

Timestamp	Bytes transferred	Direction	Data
2024-05-02 14:36:54 UTC	518	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-02 14:36:55 UTC	1331	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS_YJbhGIbKzrEGIjAFQcor-5S19X7DrXTPfINS-a6YX-Q-2DXPotl5HRTYFy57jTa18xaABvlRtFqryjkyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgwIh8rOsQYQ66b8uwESBL9gluE Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Permissions-Policy: unload=() P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Date: Thu, 02 May 2024 14:36:55 GMT Server: gws Content-Length: 458 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-05-02-14; expires=Sat, 01-Jun-2024 14:36:55 GMT; path=/; domain=.google.com; Secure; SameSite=none Set-Cookie: NID=513=KfBNQP_EFjBqVTvonbJdvQebl753y5zpBipb34jB1kl3et_gtMCEckto5EJdZDU2ciYLXVkmzcOQzYKHPc3RzdYZYVAhQR1z_BG0Gls-9s1zgRxZLcW5KQ8VCNI8ofT5oUFPpDoksXVIPrMXcdlvnt1eSclEbnKnbqm71APjpPc; expires=Fri, 01-Nov-2024 14:36:54 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-05-02 14:36:55 UTC	458	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 25 33 46 68 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fh

Timestamp	Bytes transferred	Direction	Data
2024-05-02 14:36:54 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-02 14:36:55 UTC	1249	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS_YJbhGIbKzrEGIjB1EW_vl-qdTy4rg5nzC_ZH7PLGov5GNaTYBf5XVILu4QW1fAhuq2iuY0eLCAw7uOIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgwIh8rOsQYQ-bjymgESBL9gluE Content-Type: text/html; charset=UTF-8 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Permissions-Policy: unload=() P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Date: Thu, 02 May 2024 14:36:55 GMT Server: gws Content-Length: 417 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-05-02-14; expires=Sat, 01-Jun-2024 14:36:55 GMT; path=/; domain=.google.com; Secure; SameSite=none Set-Cookie: NID=513=YpC-RKooBlSOD762VM_TiB2lc5GO_uifQiSF6V54qbg2n4JDUHD26ejZa-YbITcOJq3050xROnRfhr5l6QNXGaGtq_b1xDEhU6p2fQrui3HmTVDD59bjOlmCb8cUvwrTATugxQzaCo5ODGFckr_jpLBl69C7Gzvjde0kLFKsLBg; expires=Fri, 01-Nov-2024 14:36:54 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-05-02 14:36:55 UTC	6	IN	Data Raw: 3c 48 54 4d 4c 3e Data Ascii: <HTML>
2024-05-02 14:36:55 UTC	411	IN	Data Raw: 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 26 61 6d 70 3b 71 3d Data Ascii: <HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=

Timestamp	Bytes transferred	Direction	Data
2024-05-02 14:36:55 UTC	742	OUT	GET /sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS_YJbhGIbKzrEGIjC_ctmlDx7YqMpMx5sM2DgP4-8JlawZxKWBMknbr_T3JOusNUS6noQ2G0-mq239JYwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2024-05-02-14; NID=513=kwEx4KrgkFEuTqTiVHb9Mfrt4tvphXSr3M6o-xwf4-YjZ6q0_nEGdSsrflFsmbRGvAOPUBc1a8mV9LO7PFVJ8u_b65igg2v1c6RYrPdnJRDDFth_jNRN1jR6O9f4AM7WiwqrHqFukwRt2U573AYoSV7LrtAwqiWO07ZupQRqKj4
2024-05-02 14:36:55 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Thu, 02 May 2024 14:36:55 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3131 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-05-02 14:36:55 UTC	899	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 64 64 6c 6a 73 6f 6e 3f 61 73 79 6e 63 3d 6e 74 70 3a 32 3c 2f 74 69 74 6c 65 3e Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/ddljson?async=ntp:2</title>
2024-05-02 14:36:55 UTC	1255	IN	Data Raw: 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 41 59 66 4d 31 55 2d 63 47 75 65 4f 54 53 7a 78 74 79 6c 65 34 30 54 6c 74 53 43 Data Ascii: tCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="AYfM1U-cGueOTSzxtyle40TltSC
2024-05-02 14:36:55 UTC	977	IN	Data Raw: 65 61 72 73 20 77 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49 6e 20 74 68 65 20 6d 65 61 6e Data Ascii: ears when Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly after those requests stop. In the mean

Timestamp	Bytes transferred	Direction	Data
2024-05-02 14:36:57 UTC	738	OUT	GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS_YJbhGIbKzrEGIjB1EW_vl-qdTy4rg5nzC_ZH7PLGov5GNaTYBf5XVILu4QW1fAhuq2iuY0eLCAw7uOIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2024-05-02-14; NID=513=YpC-RKooBlSOD762VM_TiB2lc5GO_uifQiSF6V54qbg2n4JDUHD26ejZa-YbITcOJq3050xROnRfhr5l6QNXGaGtq_b1xDEhU6p2fQrui3HmTVDD59bjOlmCb8cUvwrTATugxQzaCo5ODGFckr_jpLBl69C7Gzvjde0kLFKsLBg
2024-05-02 14:36:57 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Thu, 02 May 2024 14:36:57 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3113 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-05-02 14:36:57 UTC	899	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_promos</title></head
2024-05-02 14:36:57 UTC	1255	IN	Data Raw: 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 32 63 69 41 2d 30 74 70 76 49 6f 5f 42 57 64 4a 69 31 4a 32 75 61 6e 32 66 71 79 33 79 33 6c 67 4e Data Ascii: ack = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="2ciA-0tpvIo_BWdJi1J2uan2fqy3y3lgN
2024-05-02 14:36:57 UTC	959	IN	Data Raw: 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49 6e 20 74 68 65 20 6d 65 61 6e 74 69 6d 65 2c 20 73 6f 6c 76 69 6e Data Ascii: ogle automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly after those requests stop. In the meantime, solvin

Timestamp	Bytes transferred	Direction	Data
2024-05-02 14:36:57 UTC	920	OUT	GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS_YJbhGIbKzrEGIjAFQcor-5S19X7DrXTPfINS-a6YX-Q-2DXPotl5HRTYFy57jTa18xaABvlRtFqryjkyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2024-05-02-14; NID=513=KfBNQP_EFjBqVTvonbJdvQebl753y5zpBipb34jB1kl3et_gtMCEckto5EJdZDU2ciYLXVkmzcOQzYKHPc3RzdYZYVAhQR1z_BG0Gls-9s1zgRxZLcW5KQ8VCNI8ofT5oUFPpDoksXVIPrMXcdlvnt1eSclEbnKnbqm71APjpPc
2024-05-02 14:36:58 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Thu, 02 May 2024 14:36:58 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3185 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-05-02 14:36:58 UTC	899	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 3f 68 6c 3d 65 6e 2d 55 53 26 61 6d 70 3b 61 73 79 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_ogb?hl=en-US&asy
2024-05-02 14:36:58 UTC	1255	IN	Data Raw: 0a 3c 73 63 72 69 70 74 3e 76 61 72 20 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 46 61 39 6e 52 76 6b 61 4e Data Ascii: <script>var submitCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="Fa9nRvkaN
2024-05-02 14:36:58 UTC	1031	IN	Data Raw: 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 22 3e 0a 54 68 69 73 20 70 61 67 65 20 61 70 70 65 61 72 73 20 77 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 Data Ascii: ; line-height:1.4em;">This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly aft

Timestamp	Bytes transferred	Direction	Data
2024-05-02 14:37:04 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-02 14:37:04 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/079C) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=39633 Date: Thu, 02 May 2024 14:37:04 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-05-02 14:37:05 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-02 14:37:05 UTC	530	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0rcGnYgAAAAANOnx9vccHTr21ROgX9ESTU0pDRURHRTAzMDkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=59113 Date: Thu, 02 May 2024 14:37:05 GMT Content-Length: 55 Connection: close X-CID: 2
2024-05-02 14:37:05 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-05-02 14:37:08 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=pyLR6UbKhO8dEtW&MD=PxBTmzEf HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-05-02 14:37:08 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 46ca703d-2240-4c5f-a10f-d412ae9c4a37 MS-RequestId: 1eb39a72-3092-40c1-aa54-e0f4612a44ca MS-CV: OIeIYWO/lEux+D3l.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 02 May 2024 14:37:07 GMT Connection: close Content-Length: 24490
2024-05-02 14:37:08 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-05-02 14:37:08 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-05-02 14:37:08 UTC	2148	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Content-type: text/xml X-Agent-DeviceId: 01000A410900D492 X-BM-CBT: 1696428841 X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 120 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E X-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22 X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A410900D492 X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticsh X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Content-Length: 2484 Connection: Keep-Alive Cache-Control: no-cache Cookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1714660597023&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
2024-05-02 14:37:08 UTC	1	OUT	Data Raw: 3c Data Ascii: <
2024-05-02 14:37:08 UTC	2483	OUT	Data Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 33 36 34 34 46 44 37 34 44 46 31 36 36 31 38 46 30 38 46 37 45 43 30 33 44 45 35 35 36 30 30 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 37 35 32 32 38 31 35 36 37 30 33 41 34 30 44 35 42 39 37 45 35 41 36 38 33 36 46 32 41 31 43 45 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49 Data Ascii: ClientInstRequest><CID>3644FD74DF16618F08F7EC03DE556001</CID><Events><E><T>Event.ClientInst</T><IG>75228156703A40D5B97E5A6836F2A1CE</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
2024-05-02 14:37:09 UTC	475	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: * Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: BD3FD72C6F02414396B098A800FC4367 Ref B: BY3EDGE0507 Ref C: 2024-05-02T14:37:09Z Date: Thu, 02 May 2024 14:37:09 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.57ed0117.1714660629.93abc90

Timestamp	Bytes transferred	Direction	Data
2024-05-02 14:37:50 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=pyLR6UbKhO8dEtW&MD=PxBTmzEf HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-05-02 14:37:50 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: 29daacbb-d485-4447-934a-02192b41cbac MS-RequestId: bcbc3839-2802-42b4-b2ac-88977c3ccbdd MS-CV: 5LEl8BBmCUeEP5ci.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 02 May 2024 14:37:50 GMT Connection: close Content-Length: 25457
2024-05-02 14:37:50 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-05-02 14:37:50 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Timestamp	Bytes transferred	Direction	Data
2024-05-02 14:38:44 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-05-02 14:38:44 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-05-02 14:38:44 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Thu, 02 May 2024 14:38:44 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 87d8c1b81ace0f95-EWR alt-svc: h3=":443"; ma=86400
2024-05-02 14:38:44 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 84 00 04 8e fa 41 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomA)

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://jimdo-storage.global.ssl.fastly.net/file/a45fef49-77a5-4e4b-b081-f19dd1b9626e/b0aa30c8-07ba-4acf-a6e6-856aaa7da320.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240502143843Z-205.bmp

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Windows Analysis Report
http://jimdo-storage.global.ssl.fastly.net/file/a45fef49-77a5-4e4b-b081-f19dd1b9626e/b0aa30c8-07ba-4acf-a6e6-856aaa7da320.pdf

Timestamp	Bytes transferred	Direction	Data
2024-05-02 14:38:45 UTC	378	OUT	GET / HTTP/1.1 Host: geo2.adobe.com Connection: keep-alive Accept: application/json Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br
2024-05-02 14:38:45 UTC	219	IN	HTTP/1.1 200 OK Content-Length: 50 Date: Thu, 02 May 2024 14:38:45 GMT Connection: close Content-Type: application/json Throughput: vhigh Network-Type: Country: US Cross-Origin-Resource-Policy: cross-origin
2024-05-02 14:38:45 UTC	50	IN	Data Raw: 43 6f 75 6e 74 72 79 3a 20 22 55 53 22 20 73 74 61 74 65 3a 20 22 4e 59 22 20 41 63 63 65 70 74 2d 4c 61 6e 67 75 61 67 65 3a 20 22 65 6e 2d 55 53 22 Data Ascii: Country: "US" state: "NY" Accept-Language: "en-US"

Timestamp	Bytes transferred	Direction	Data
2024-05-02 14:38:46 UTC	1353	OUT	OPTIONS /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1 Host: p13n.adobe.io Connection: keep-alive Accept: / Access-Control-Request-Method: GET Access-Control-Request-Headers: x-adobe-uuid,x-adobe-uuid-type,x-api-key Origin: https://rna-resource.acrobat.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Sec-Fetch-Dest: empty Referer: https://rna-resource.acrobat.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-02 14:38:46 UTC	508	IN	HTTP/1.1 204 No Content Server: openresty Date: Thu, 02 May 2024 14:38:46 GMT Content-Type: text/plain Content-Length: 0 Connection: close Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Headers: Authorization,Content-Type,X-Api-Key,cache-control,User-Agent,If-None-Match,x-adobe-uuid,x-adobe-uuid-type, X-Request-Id Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: x-request-id X-Request-Id: ZmOBKggBsM51OInK1EAswRHrgyACMPaj

Timestamp	Bytes transferred	Direction	Data
2024-05-02 14:38:47 UTC	1473	OUT	GET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1 Host: p13n.adobe.io Connection: keep-alive sec-ch-ua: "Chromium";v="105" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 x-adobe-uuid: 89d789c4-e7e5-4f75-95a4-57139ab6811f x-adobe-uuid-type: visitorId x-api-key: AdobeReader9 sec-ch-ua-platform: "Windows" Origin: https://rna-resource.acrobat.com Accept-Language: en-US,en;q=0.9 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://rna-resource.acrobat.com/ Accept-Encoding: gzip, deflate, br
2024-05-02 14:38:47 UTC	544	IN	HTTP/1.1 200 Server: openresty Date: Thu, 02 May 2024 14:38:47 GMT Content-Type: application/json;charset=UTF-8 Content-Length: 3120 Connection: close x-request-id: 2COWhoRDjE9DditDFKZuiE60jCcGaY7T vary: accept-encoding Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Headers: Authorization,Content-Type,X-Api-Key,cache-control,User-Agent,If-None-Match,x-adobe-uuid,x-adobe-uuid-type, X-Request-Id Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: x-request-id
2024-05-02 14:38:47 UTC	3120	IN	Data Raw: 7b 22 73 75 72 66 61 63 65 73 22 3a 7b 22 44 43 5f 52 65 61 64 65 72 5f 52 48 50 5f 42 61 6e 6e 65 72 22 3a 7b 22 63 6f 6e 74 61 69 6e 65 72 73 22 3a 5b 7b 22 63 6f 6e 74 61 69 6e 65 72 49 64 22 3a 31 2c 22 63 6f 6e 74 61 69 6e 65 72 4c 61 62 65 6c 22 3a 22 4a 53 4f 4e 20 66 6f 72 20 52 65 61 64 65 72 20 44 43 20 52 48 50 20 42 61 6e 6e 65 72 22 2c 22 64 61 74 61 54 79 70 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 22 2c 22 64 61 74 61 22 3a 22 65 79 4a 6a 64 47 45 69 4f 6e 73 69 64 48 6c 77 5a 53 49 36 49 6d 4a 31 64 48 52 76 62 69 49 73 49 6e 52 6c 65 48 51 69 4f 69 4a 47 63 6d 56 6c 49 44 63 74 52 47 46 35 49 46 52 79 61 57 46 73 49 69 77 69 5a 32 39 66 64 58 4a 73 49 6a 6f 69 61 48 52 30 63 48 4d 36 4c 79 39 68 59 33 4a 76 59 6d 46 30 Data Ascii: {"surfaces":{"DC_Reader_RHP_Banner":{"containers":[{"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","dataType":"application/json","data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0

Timestamp	Bytes transferred	Direction	Data
2024-05-02 14:38:52 UTC	475	OUT	GET /onboarding/smskillreader.txt HTTP/1.1 Host: armmf.adobe.com Connection: keep-alive Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br If-None-Match: "78-5faa31cce96da" If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
2024-05-02 14:38:52 UTC	198	IN	HTTP/1.1 304 Not Modified Content-Type: text/plain; charset=UTF-8 Last-Modified: Mon, 01 May 2023 15:02:33 GMT ETag: "78-5faa31cce96da" Date: Thu, 02 May 2024 14:38:52 GMT Connection: close

Target ID:	0
Start time:	16:36:47
Start date:	02/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	16:36:51
Start date:	02/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1996,i,7356032450195835472,9200173800373287896,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	3
Start time:	16:36:52
Start date:	02/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	7
Start time:	16:37:20
Start date:	02/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://jimdo-storage.global.ssl.fastly.net/file/a45fef49-77a5-4e4b-b081-f19dd1b9626e/b0aa30c8-07ba-4acf-a6e6-856aaa7da320.pdf"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	9
Start time:	16:38:36
Start date:	02/05/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\downloaded.pdf"
Imagebase:	0x7ff686a00000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	10
Start time:	16:38:37
Start date:	02/05/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff6413e0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false