Edit tour

Windows Analysis Report
Autonomous Medical Devices Incorporated - AGREEMENT.pdf

Overview

General Information

Sample name:	Autonomous Medical Devices Incorporated - AGREEMENT.pdf
Analysis ID:	1446161
MD5:	ca582ffeae72d8fbd737b4a2e96308ca
SHA1:	30c4037e4709a98bda7701f07a8dbf84cfc1e5a1
SHA256:	08fc670b30bb5fef3eca1af88c9942436d18124e81dfe7218016943d391a2134
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Detected non-DNS traffic on DNS port

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 6672 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Autonomous Medical Devices Incorporated - AGREEMENT.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 4892 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 2132 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1648,i,4191106680192970004,18016106100581973552,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

chrome.exe (PID: 8560 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://newagreeement.myvnc.com/?hqggurcl" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 8776 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=2004,i,15282803744765296114,16279532205535429777,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 23.211.8.90:443 -> 192.168.2.7:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.8.90:443 -> 192.168.2.7:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.7:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.95.31.18:443 -> 192.168.2.7:62737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.7:62738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.7:62740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.7:62743 version: TLS 1.2

Source: global traffic	TCP traffic: 192.168.2.7:62497 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.7:62736 -> 162.159.36.2:53

Source: Joe Sandbox View	IP Address: 23.47.168.24 23.47.168.24
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=12RlovCz5wnCBda&MD=5Mf31wCR HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /clientwebservice/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: fe3cr.delivery.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /sls/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=12RlovCz5wnCBda&MD=5Mf31wCR HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=12RlovCz5wnCBda&MD=5Mf31wCR HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: newagreeement.myvnc.com
Source: global traffic	DNS traffic detected: DNS query: google.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: 18.31.95.13.in-addr.arpa

Source: Autonomous Medical Devices Incorporated - AGREEMENT.pdf	String found in binary or memory: https://newagreeement.myvnc.com/?hqggurcl)
Source: ReaderMessages.0.dr	String found in binary or memory: https://www.adobe.co

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62503 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62738
Source: unknown	Network traffic detected: HTTP traffic on port 62740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62501 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62503
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62740
Source: unknown	Network traffic detected: HTTP traffic on port 62743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62501

Source: unknown	HTTPS traffic detected: 23.211.8.90:443 -> 192.168.2.7:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.8.90:443 -> 192.168.2.7:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.7:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.95.31.18:443 -> 192.168.2.7:62737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.7:62738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.7:62740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.7:62743 version: TLS 1.2

Source: classification engine

Classification label: clean1.winPDF@45/50@18/7

Source: Autonomous Medical Devices Incorporated - AGREEMENT.pdf

Initial sample: https://newagreeement.myvnc.com/?hqggurcl

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-05-22 18-14-11-194.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Autonomous Medical Devices Incorporated - AGREEMENT.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1648,i,4191106680192970004,18016106100581973552,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://newagreeement.myvnc.com/?hqggurcl"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=2004,i,15282803744765296114,16279532205535429777,262144 /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1648,i,4191106680192970004,18016106100581973552,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=2004,i,15282803744765296114,16279532205535429777,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Autonomous Medical Devices Incorporated - AGREEMENT.pdf	Initial sample: PDF keyword /JS count = 0
Source: Autonomous Medical Devices Incorporated - AGREEMENT.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Autonomous Medical Devices Incorporated - AGREEMENT.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: Autonomous Medical Devices Incorporated - AGREEMENT.pdf

Initial sample: PDF keyword /ObjStm count = 7

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Spearphishing Link	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://www.adobe.co	0%	URL Reputation	safe
https://newagreeement.myvnc.com/?hqggurcl)	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
google.com	142.250.185.206	true	false	unknown
www.google.com	142.250.184.228	true	false	unknown
18.31.95.13.in-addr.arpa	unknown	unknown	false	unknown
newagreeement.myvnc.com	unknown	unknown	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.adobe.co	ReaderMessages.0.dr	false	URL Reputation: safe	unknown
https://newagreeement.myvnc.com/?hqggurcl)	Autonomous Medical Devices Incorporated - AGREEMENT.pdf	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
23.47.168.24	unknown	United States	16625	AKAMAI-ASUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.100	unknown	United States	15169	GOOGLEUS	false
142.250.184.228	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.7
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1446161
Start date and time:	2024-05-23 00:13:16 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 36s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	27
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Autonomous Medical Devices Incorporated - AGREEMENT.pdf
Detection:	CLEAN
Classification:	clean1.winPDF@45/50@18/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, backgroundTaskHost.exe, WmiPrvSE.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.211.8.250, 107.22.247.231, 18.207.85.246, 54.144.73.197, 34.193.227.236, 172.64.41.3, 162.159.61.3, 2.19.126.143, 2.19.126.149, 199.232.214.172, 192.229.221.95, 2.19.122.216, 2.19.122.199, 216.58.212.131, 142.250.186.78, 64.233.166.84, 34.104.35.123, 142.250.184.234, 142.250.185.170, 142.250.186.170, 216.58.206.42, 142.250.181.234, 172.217.16.202, 142.250.184.202, 172.217.18.10, 142.250.186.74, 216.58.206.74, 142.250.185.234, 172.217.16.138, 216.58.212.170, 142.250.186.106, 142.250.186.42, 142.250.185.202, 88.221.110.59, 88.221.110.99, 2.16.164.66, 2.16.164.41, 2.16.164.51, 2.16.164.83, 2.16.164.48, 2.16.164.120, 2.16.164.43, 2.16.164.74, 2.16.164.58, 2.16.164.130, 2.16.164.122, 2.16.164.123, 2.16.164.88, 2.16.164.105, 2.16.164.59, 2.16.164.50, 2.16.164.33, 2.16.164.73, 2.16.164.16, 2.16.164.34, 2.16.164.26, 2.16.164.42, 23.44.133.36, 23.44.133.32, 142.250.185.195, 142.250.185.142
Excluded domains from analysis (whitelisted): clients1.google.com, e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, clientservices.googleapis.com, time.windows.com, p13n.adobe.io, acroipm2.adobe.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, clients.l.google.com, geo2.adobe.com, optimizationguide-pa.googleapis.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: Autonomous Medical Devices Incorporated - AGREEMENT.pdf

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
23.47.168.24	PIO88938MB.docx.doc	Get hash	malicious	Unknown	Browse
	http://jimdo-storage.global.ssl.fastly.net/file/a45fef49-77a5-4e4b-b081-f19dd1b9626e/b0aa30c8-07ba-4acf-a6e6-856aaa7da320.pdf	Get hash	malicious	Unknown	Browse
	http://6.imimg.com/data6/Rfq/2024/3/404696953/HX/AW/IV/217882449/square-breathing-pdf.pdf	Get hash	malicious	Unknown	Browse
	phish_alert_iocp_v1.4.48 (23).eml	Get hash	malicious	HTMLPhisher	Browse
	https://app.nihaocloud.com/f/bf027d5695e84bac920c/	Get hash	malicious	Unknown	Browse
	MDE_File_Sample_f29ce0d93859cca71356213c6e187a644debf0c9.zip	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse
	https://docvmentdrive.au1.cdn-alpha.com/wordplusnero/Payment.pdf	Get hash	malicious	Unknown	Browse
	qqeng.pdf.lnk	Get hash	malicious	RHADAMANTHYS	Browse
	D21 .pdf.exe	Get hash	malicious	Unknown	Browse
	D21 .pdf.exe	Get hash	malicious	Unknown	Browse
239.255.255.250	https://solve-page.github.io/remove	Get hash	malicious	Unknown	Browse
	https://gallery.bel-photo.com/EU/	Get hash	malicious	HTMLPhisher	Browse
	https://greettive-tke-783743.pages.dev/help/contact/95094729232531	Get hash	malicious	Unknown	Browse
	https://x1-44h.pages.dev/appeal_case_ID/	Get hash	malicious	Unknown	Browse
	https://poshuk.pw/polon	Get hash	malicious	Unknown	Browse
	https://github.com/Edoumou/T-Grant/files/15404347/2023.COMPLETE.TAX.ORGANIZER.pdf.zip	Get hash	malicious	Unknown	Browse
	https://l.mypad.in/Hxfu5y	Get hash	malicious	Unknown	Browse
	http://url599.estatementdelivery.com/ls/click?upn=u001.h5yowTV3YgByQ5KXv1aN2pQO1uBIjzSapKitRxKpKQh0sh5wI56jHfE4mYqC-2B6lSGdWfyJHEygBc6XW0vr79x5uE-2FqYNP2X2U5-2FpRLVdm6QvkCoZ5ATzgfZheQHogS7LHtxocFujMZgRpnuMqIpa8f4a1NemcucNTwddc4eoETo-3D_QLR_BZBi33829kV7bjXXEEzfpMVvkQCl2LPaHTAPGsIqmJywGabIgW3Muh5uWXw2ss9M49NIf3bDg9aqG-2F8h3Ujwt3ii0602q7OtTg9ja1FJ9GnQ7lutOUPdNa8nVI1tXntmQBbEW1T3cIBeEbuizwr7xcukeZjuyKGv-2B9kh8u4Tscym-2BygnOJkLYuTHlnsZNMcODCh5uMAaZza-2BJzCvX3eLa3l1xpZil1tZsd1Hz0xZv8-2FS81qu3d7etILzRIPCT-2F8fw0ZXFdFSnN30mOFeMGveVQ-3D-3D	Get hash	malicious	Unknown	Browse
	http://url599.estatementdelivery.com/ls/click?upn=u001.h5yowTV3YgByQ5KXv1aN2pQO1uBIjzSapKitRxKpKQh0sh5wI56jHfE4mYqC-2B6lSGdWfyJHEygBc6XW0vr79x5uE-2FqYNP2X2U5-2FpRLVdm6QvkCoZ5ATzgfZheQHogS7LHtxocFujMZgRpnuMqIpa8f4a1NemcucNTwddc4eoETo-3D_QLR_BZBi33829kV7bjXXEEzfpMVvkQCl2LPaHTAPGsIqmJywGabIgW3Muh5uWXw2ss9M49NIf3bDg9aqG-2F8h3Ujwt3ii0602q7OtTg9ja1FJ9GnQ7lutOUPdNa8nVI1tXntmQBbEW1T3cIBeEbuizwr7xcukeZjuyKGv-2B9kh8u4Tscym-2BygnOJkLYuTHlnsZNMcODCh5uMAaZza-2BJzCvX3eLa3l1xpZil1tZsd1Hz0xZv8-2FS81qu3d7etILzRIPCT-2F8fw0ZXFdFSnN30mOFeMGveVQ-3D-3D	Get hash	malicious	Unknown	Browse
	http://url599.estatementdelivery.com/ls/click?upn=u001.h5yowTV3YgByQ5KXv1aN2pQO1uBIjzSapKitRxKpKQh0sh5wI56jHfE4mYqC-2B6lSGdWfyJHEygBc6XW0vr79x5uE-2FqYNP2X2U5-2FpRLVdm6QvkCoZ5ATzgfZheQHogS7LHtxocFujMZgRpnuMqIpa8f4a1NemcucNTwddc4eoETo-3D_QLR_BZBi33829kV7bjXXEEzfpMVvkQCl2LPaHTAPGsIqmJywGabIgW3Muh5uWXw2ss9M49NIf3bDg9aqG-2F8h3Ujwt3ii0602q7OtTg9ja1FJ9GnQ7lutOUPdNa8nVI1tXntmQBbEW1T3cIBeEbuizwr7xcukeZjuyKGv-2B9kh8u4Tscym-2BygnOJkLYuTHlnsZNMcODCh5uMAaZza-2BJzCvX3eLa3l1xpZil1tZsd1Hz0xZv8-2FS81qu3d7etILzRIPCT-2F8fw0ZXFdFSnN30mOFeMGveVQ-3D-3D	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
google.com	https://solve-page.github.io/remove	Get hash	malicious	Unknown	Browse	142.250.185.132
	https://gallery.bel-photo.com/EU/	Get hash	malicious	HTMLPhisher	Browse	142.250.185.132
	https://greettive-tke-783743.pages.dev/help/contact/95094729232531	Get hash	malicious	Unknown	Browse	216.58.206.36
	https://x1-44h.pages.dev/appeal_case_ID/	Get hash	malicious	Unknown	Browse	142.250.184.196
	https://poshuk.pw/polon	Get hash	malicious	Unknown	Browse	142.250.186.100
	https://github.com/Edoumou/T-Grant/files/15404347/2023.COMPLETE.TAX.ORGANIZER.pdf.zip	Get hash	malicious	Unknown	Browse	142.250.185.68
	https://l.mypad.in/Hxfu5y	Get hash	malicious	Unknown	Browse	172.217.18.4
	http://url599.estatementdelivery.com/ls/click?upn=u001.h5yowTV3YgByQ5KXv1aN2pQO1uBIjzSapKitRxKpKQh0sh5wI56jHfE4mYqC-2B6lSGdWfyJHEygBc6XW0vr79x5uE-2FqYNP2X2U5-2FpRLVdm6QvkCoZ5ATzgfZheQHogS7LHtxocFujMZgRpnuMqIpa8f4a1NemcucNTwddc4eoETo-3D_QLR_BZBi33829kV7bjXXEEzfpMVvkQCl2LPaHTAPGsIqmJywGabIgW3Muh5uWXw2ss9M49NIf3bDg9aqG-2F8h3Ujwt3ii0602q7OtTg9ja1FJ9GnQ7lutOUPdNa8nVI1tXntmQBbEW1T3cIBeEbuizwr7xcukeZjuyKGv-2B9kh8u4Tscym-2BygnOJkLYuTHlnsZNMcODCh5uMAaZza-2BJzCvX3eLa3l1xpZil1tZsd1Hz0xZv8-2FS81qu3d7etILzRIPCT-2F8fw0ZXFdFSnN30mOFeMGveVQ-3D-3D	Get hash	malicious	Unknown	Browse	216.58.206.36
	http://url599.estatementdelivery.com/ls/click?upn=u001.h5yowTV3YgByQ5KXv1aN2pQO1uBIjzSapKitRxKpKQh0sh5wI56jHfE4mYqC-2B6lSGdWfyJHEygBc6XW0vr79x5uE-2FqYNP2X2U5-2FpRLVdm6QvkCoZ5ATzgfZheQHogS7LHtxocFujMZgRpnuMqIpa8f4a1NemcucNTwddc4eoETo-3D_QLR_BZBi33829kV7bjXXEEzfpMVvkQCl2LPaHTAPGsIqmJywGabIgW3Muh5uWXw2ss9M49NIf3bDg9aqG-2F8h3Ujwt3ii0602q7OtTg9ja1FJ9GnQ7lutOUPdNa8nVI1tXntmQBbEW1T3cIBeEbuizwr7xcukeZjuyKGv-2B9kh8u4Tscym-2BygnOJkLYuTHlnsZNMcODCh5uMAaZza-2BJzCvX3eLa3l1xpZil1tZsd1Hz0xZv8-2FS81qu3d7etILzRIPCT-2F8fw0ZXFdFSnN30mOFeMGveVQ-3D-3D	Get hash	malicious	Unknown	Browse	142.250.184.228
	Dados Do Hospede.ppam	Get hash	malicious	Njrat	Browse	142.250.186.129

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASUS	a6lzHWp4pa.exe	Get hash	malicious	LummaC, CryptOne, LummaC Stealer, SmokeLoader, Vidar	Browse	23.195.238.96
	https://app.frame.io/presentations/52095d75-78f4-40d2-8ecd-505b67097ee1?component_clicked=digest_call_to_action&email_id=1d128434-b5ec-4195-8c8c-860eac345853&email_type=pending-reviewer-invite	Get hash	malicious	Unknown	Browse	23.56.162.185
	https://cs-server-s2s.yellowblue.io/sync-iframe	Get hash	malicious	Unknown	Browse	88.221.168.23
	Quarantined Messages.zip	Get hash	malicious	Unknown	Browse	2.19.126.160
	http://sallywilliamson.com	Get hash	malicious	Unknown	Browse	2.22.155.216
	New Voicemail Vote.html	Get hash	malicious	HTMLPhisher	Browse	104.97.44.213
	http://phantym-wallett.weebly.com/	Get hash	malicious	Unknown	Browse	23.37.48.101
	https://innate-acidic-slip.glitch.me/public/zn0u.htm?/NATWESTB.ANKCR.CARD/info.htm	Get hash	malicious	Unknown	Browse	23.36.234.187
	file.exe	Get hash	malicious	Vidar	Browse	92.122.104.90
	https://bizzerba.com/?ksoxtyqh&qrc=eaastsales@tronicsamerica.com	Get hash	malicious	HTMLPhisher	Browse	23.38.98.103

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://solve-page.github.io/remove	Get hash	malicious	Unknown	Browse	23.211.8.90 13.95.31.18 52.165.165.26
	https://gallery.bel-photo.com/EU/	Get hash	malicious	HTMLPhisher	Browse	23.211.8.90 13.95.31.18 52.165.165.26
	https://greettive-tke-783743.pages.dev/help/contact/95094729232531	Get hash	malicious	Unknown	Browse	23.211.8.90 13.95.31.18 52.165.165.26
	https://x1-44h.pages.dev/appeal_case_ID/	Get hash	malicious	Unknown	Browse	23.211.8.90 13.95.31.18 52.165.165.26
	https://github.com/Edoumou/T-Grant/files/15404347/2023.COMPLETE.TAX.ORGANIZER.pdf.zip	Get hash	malicious	Unknown	Browse	23.211.8.90 13.95.31.18 52.165.165.26
	http://url599.estatementdelivery.com/ls/click?upn=u001.h5yowTV3YgByQ5KXv1aN2pQO1uBIjzSapKitRxKpKQh0sh5wI56jHfE4mYqC-2B6lSGdWfyJHEygBc6XW0vr79x5uE-2FqYNP2X2U5-2FpRLVdm6QvkCoZ5ATzgfZheQHogS7LHtxocFujMZgRpnuMqIpa8f4a1NemcucNTwddc4eoETo-3D_QLR_BZBi33829kV7bjXXEEzfpMVvkQCl2LPaHTAPGsIqmJywGabIgW3Muh5uWXw2ss9M49NIf3bDg9aqG-2F8h3Ujwt3ii0602q7OtTg9ja1FJ9GnQ7lutOUPdNa8nVI1tXntmQBbEW1T3cIBeEbuizwr7xcukeZjuyKGv-2B9kh8u4Tscym-2BygnOJkLYuTHlnsZNMcODCh5uMAaZza-2BJzCvX3eLa3l1xpZil1tZsd1Hz0xZv8-2FS81qu3d7etILzRIPCT-2F8fw0ZXFdFSnN30mOFeMGveVQ-3D-3D	Get hash	malicious	Unknown	Browse	23.211.8.90 13.95.31.18 52.165.165.26
	https://microsrcft.com/route/3a2badc2e16ee67306027e92dfee2e7779d7afcd/	Get hash	malicious	Unknown	Browse	23.211.8.90 13.95.31.18 52.165.165.26
	http://inclucedhealth.com	Get hash	malicious	Unknown	Browse	23.211.8.90 13.95.31.18 52.165.165.26
	https://u32291210.ct.sendgrid.net/ls/click?upn=u001.zoYnZnzT1aNmxJyDpkt5-2F7ByDXhgHLoQINYxAMxqgpvOMLVzh2duB66JhsxmyNA-2B2oB29Sr-2BzUY3wsjUhL2w9w-3D-3DzLYR_E9PZ-2BNd-2BL-2FR-2FOsoqChC9LPbvFaV0s1njwxE0n9wyiNepBnXObnHyQf0Ox16EAtw0HITpr4QufWYHU-2FMF-2FYtG-2FUx1lneU2A8oshW8vQCDJT7V1aDwmGHrGPEUfNk-2BL7E29MeLQRurIdmGI6J2wW-2FHEHY-2FH2k1w8pcozxtLO-2FQcWd1Z75RHd6z6Rz-2FnYMpLiQR-2Ba6Xi9bSq62ph-2Fx4Wy5rEk14P2SsQkC1xAglbpMaIkGPriUiu1i-2B2SPtsxmQMUBDZ0yuyPlCYenGmrBDISDo28mqVRcU7H9gbpI-2BGBc7gVvsoFobGAujAwtvMDY6syXbecDgXgdAVZExexA5-2F-2BFj7hlD0KLoX1l18-2BMJWP6EQm4PLE1aaEf0CHd6Mv-2BtQe6ZVAV5UWiNWin1lJTOw7s646pCT7jQ-2BhEQUnqUx0NFHFw-2Bmufqblk5fJLT3I406XkF5yEDer67L0oXESfK4NfFP-2BSZQvG4M7Tdk7ilnyg4drSCxHDQjMQAiPuXIU-2F2jNL8okF8RQHSnGCCGSV-2FVhyiLxgTtwXulPsS2Pfu3VxcWTGee78ZvvJoPAMjUdELlc4orywF-2FtAFJFvQt1NfXJsHy53Ndf0bsLTzh5WDP36wbQGeqd29Fs7BRhhcsd7mwtzgDqbZIMmTLITIpAaSwSNsjJHx9DSMOeCo7pD2ZqTLCQ3vBDZPdARAZD3UIFbhBFKI-2FbBs-2FupWBBB7aPI45C-2BdGElT5AypObmE5PKEgXVuF3lxA5Y2t6mEIsVXGmQpPfKtAJaHYluOvTRB9DW7q9KOyI4Pcsi3FxeuuIe-2FTG0c9MAyO2HO1TSdYaqyoLpLsqtTsqyQMnFO0Yl8NPB6XwEOt9-2Bu9Rp-2F4LbHJTfJDyJ3Sh7-2FZwLkAx6u6SdyfnvRSGc93MbM37LnWS7aV-2F77ZN4aNVDIeDxxgTg34QEKNiFOrZiwODBLc0alaLuPjMMmsuwyWIiooz6VWDGfL0TJ-2FAMbeLtjov46V1xT-2Fg9WWXArp-2FAn7hYl6g1dGriic0McSexm	Get hash	malicious	Unknown	Browse	23.211.8.90 13.95.31.18 52.165.165.26
	https://github.com/ustaxes/UsTaxes/files/15378217/All.2023.Tax.Documents.zip	Get hash	malicious	Unknown	Browse	23.211.8.90 13.95.31.18 52.165.165.26

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	300
Entropy (8bit):	5.287780813279463
Encrypted:	false
SSDEEP:	6:Dsd2cO+q2PcNwi2nKuAl9OmbnIFUt86sd2cjZZmw+6sd2cjNVkwOcNwi2nKuAl91:D0/vLZHAahFUt860jZ/+60jz54ZHAaSJ
MD5:	FE8DBCBD4F100213CC55EFA9BE25652D
SHA1:	CB1F4A98154F0C5D7226EBFFBEA3FF80B72A9AB7
SHA-256:	874B06D3DFFA05E30E0F601127DC7AF2BDB9EF6B53AD4AE82E448F0E08D3DA23
SHA-512:	CDDB1B1C15F1A310834CB5874F6BD8DFB1BEE1283B96A592897DE08055A6747590D8D20EDE124EA9D9E731ED3E6365542D76CE8043B8F9E873985B2521FC152A
Malicious:	false
Reputation:	low
Preview:	2024/05/22-18:14:09.313 1788 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/05/22-18:14:09.316 1788 Recovering log #3.2024/05/22-18:14:09.316 1788 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	300
Entropy (8bit):	5.287780813279463
Encrypted:	false
SSDEEP:	6:Dsd2cO+q2PcNwi2nKuAl9OmbnIFUt86sd2cjZZmw+6sd2cjNVkwOcNwi2nKuAl91:D0/vLZHAahFUt860jZ/+60jz54ZHAaSJ
MD5:	FE8DBCBD4F100213CC55EFA9BE25652D
SHA1:	CB1F4A98154F0C5D7226EBFFBEA3FF80B72A9AB7
SHA-256:	874B06D3DFFA05E30E0F601127DC7AF2BDB9EF6B53AD4AE82E448F0E08D3DA23
SHA-512:	CDDB1B1C15F1A310834CB5874F6BD8DFB1BEE1283B96A592897DE08055A6747590D8D20EDE124EA9D9E731ED3E6365542D76CE8043B8F9E873985B2521FC152A
Malicious:	false
Reputation:	low
Preview:	2024/05/22-18:14:09.313 1788 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/05/22-18:14:09.316 1788 Recovering log #3.2024/05/22-18:14:09.316 1788 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	344
Entropy (8bit):	5.208731502607292
Encrypted:	false
SSDEEP:	6:Dsd2cIgL+q2PcNwi2nKuAl9Ombzo2jMGIFUt86sd2cnGHz1Zmw+6sd2cuEFLVkw/:D0IgyvLZHAa8uFUt860neZ/+60ZR54Zg
MD5:	89F306C89AD1DD344EF1704648B8A757
SHA1:	C74C8B1B97352CADD222E951A150200D80FC5DB9
SHA-256:	D9964D43F01DB7B97C78B634FEA157CAD0BEA3CF17F832E5EE3DD7B849394DA7
SHA-512:	6B36729AE33F62C16E12C3F6A7D4D9E10E0287710775C7640C0D9856CB77FD8FC3DBA4EE756740738DDAA224ADD650BE74ECCEA25D8458F1273469E3F7923282
Malicious:	false
Reputation:	low
Preview:	2024/05/22-18:14:09.351 1ac8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/05/22-18:14:09.352 1ac8 Recovering log #3.2024/05/22-18:14:09.353 1ac8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	344
Entropy (8bit):	5.208731502607292
Encrypted:	false
SSDEEP:	6:Dsd2cIgL+q2PcNwi2nKuAl9Ombzo2jMGIFUt86sd2cnGHz1Zmw+6sd2cuEFLVkw/:D0IgyvLZHAa8uFUt860neZ/+60ZR54Zg
MD5:	89F306C89AD1DD344EF1704648B8A757
SHA1:	C74C8B1B97352CADD222E951A150200D80FC5DB9
SHA-256:	D9964D43F01DB7B97C78B634FEA157CAD0BEA3CF17F832E5EE3DD7B849394DA7
SHA-512:	6B36729AE33F62C16E12C3F6A7D4D9E10E0287710775C7640C0D9856CB77FD8FC3DBA4EE756740738DDAA224ADD650BE74ECCEA25D8458F1273469E3F7923282
Malicious:	false
Reputation:	low
Preview:	2024/05/22-18:14:09.351 1ac8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/05/22-18:14:09.352 1ac8 Recovering log #3.2024/05/22-18:14:09.353 1ac8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\9a2478de-034a-48b7-b39f-9749d77e5c30.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.969814904260269
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4T3y:Y2sRdsRdMHSOL3QYhbSpDa7nby
MD5:	7BE9C8316EB1B7252CB363207744A145
SHA1:	57861355BE6541501AED40F896891579DCF473BF
SHA-256:	B8F7FC35C094B26B18BB46BB695F1D520904FF063398D86C5B06FD3E20F1881D
SHA-512:	2C7A056CDC3EF05D5E62822CC0BD835FA80CD06131CB76BF559B1D06F735A279C7DCEDE51F1E3A418596573CC960BAFAA038A45966E8007F671F7B6BFFD885DB
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341052428587673","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146366},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.969814904260269
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4T3y:Y2sRdsRdMHSOL3QYhbSpDa7nby
MD5:	7BE9C8316EB1B7252CB363207744A145
SHA1:	57861355BE6541501AED40F896891579DCF473BF
SHA-256:	B8F7FC35C094B26B18BB46BB695F1D520904FF063398D86C5B06FD3E20F1881D
SHA-512:	2C7A056CDC3EF05D5E62822CC0BD835FA80CD06131CB76BF559B1D06F735A279C7DCEDE51F1E3A418596573CC960BAFAA038A45966E8007F671F7B6BFFD885DB
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341052428587673","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146366},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF43ee32.TMP (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.969814904260269
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4T3y:Y2sRdsRdMHSOL3QYhbSpDa7nby
MD5:	7BE9C8316EB1B7252CB363207744A145
SHA1:	57861355BE6541501AED40F896891579DCF473BF
SHA-256:	B8F7FC35C094B26B18BB46BB695F1D520904FF063398D86C5B06FD3E20F1881D
SHA-512:	2C7A056CDC3EF05D5E62822CC0BD835FA80CD06131CB76BF559B1D06F735A279C7DCEDE51F1E3A418596573CC960BAFAA038A45966E8007F671F7B6BFFD885DB
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341052428587673","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146366},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\d2ed1165-7796-4f70-a73b-75e70b9d6b8d.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.969096082385961
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqDgIsBdOg2HZ5caq3QYiubSpDyP7E4T3y:Y2sRdsWgddMHC3QYhbSpDa7nby
MD5:	F350A705F870618E8E7F8F55BE8F0047
SHA1:	78E184DB00D722328EB09011B7402E73CC3A7F0A
SHA-256:	5195419803F8691A230F788E0DEB1F37A4D227651B8AE552AA9592A7262D3E8A
SHA-512:	1AE55261DB494B150FBA6BE4736BD514F6989B4ADDAD4BC89D2A9E9BC490FE70A828698640CEAA55D8D5F3007F67924C4E2F875BA52DF8D27CC35B4AC87825CB
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13360976061322060","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":141120},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4509
Entropy (8bit):	5.23492839406304
Encrypted:	false
SSDEEP:	96:CwNwpDGHqPySfkcr2smSX8I2OQCDh28wDtP+F48C4lF1FZ:CwNw1GHqPySfkcigoO3h28ytP+F48Cyh
MD5:	E7A84A03D25A6452FB67A30532BA12E4
SHA1:	096ECB4DE469E7757139008DAEBC2D33F4AC119E
SHA-256:	39B6DEBCCADC683D63AB0104D4C0A697E1A60F9EF5971D468B84B097A3AAC88A
SHA-512:	25F0811F5369E594EBB2B53ABEDBF07FAEBEC124D6BCCF0E8435C10517462CF418EFE408EB1F76276D1B657C7C057C3B650AC63A05C27F4100CBEE5D02D47347
Malicious:	false
Preview:	...#................version.1..namespace-.aw.o................next-map-id.1.Pnamespace-aa11265e_f35e_4e5d_85db_f163e1c0f691-https://rna-resource.acrobat.com/.0I.$.r................next-map-id.2.Snamespace-9a9aa6d6_c307_4dda_b6c0_dc91084c8e68-https://rna-v2-resource.acrobat.com/.1!...r................next-map-id.3.Snamespace-1fbd9dc5_70a3_4975_91b4_966e0915c27a-https://rna-v2-resource.acrobat.com/.2..N.o................next-map-id.4.Pnamespace-0e0aed8d_6d6f_4be0_b28f_8e02158bc792-https://rna-resource.acrobat.com/.3.z.o................next-map-id.5.Pnamespace-52652c26_09c2_43f2_adf7_da56a1f00d32-https://rna-resource.acrobat.com/.4.{.^...............Pnamespace-aa11265e_f35e_4e5d_85db_f163e1c0f691-https://rna-resource.acrobat.com/.C..r................next-map-id.6.Snamespace-3a89c6b0_72b9_411a_9e44_fa247f34ac91-https://rna-v2-resource.acrobat.com/.5.q._r................next-map-id.7.Snamespace-02b23955_9103_42e0_ba64_3f8683969652-https://rna-v2-resource.acrobat.com/.6..d.o..............

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	332
Entropy (8bit):	5.210629845640339
Encrypted:	false
SSDEEP:	6:Dsd2crL+q2PcNwi2nKuAl9OmbzNMxIFUt86sd2cXdFz1Zmw+6sd2cXdFlLVkwOcy:D0ryvLZHAa8jFUt860J/+601R54ZHAab
MD5:	6AC5BA6ABC110694305DFDB1A74D44CC
SHA1:	B5CC43D978F467B99017CDBE7B012B0B81877CB7
SHA-256:	2C815F1733CA37FE1FF5803EC15CCB262CAE48D2CA0C1E74CDE42120C9587940
SHA-512:	6130B7ED58C603C5704477A9B8BA03CB62D827A382506C0A5090C8B45770468A68CCA343EF17EA35396088E510ABE1FF020B21BE424D8485ACE553F89581E770
Malicious:	false
Preview:	2024/05/22-18:14:09.553 1ac8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/05/22-18:14:09.555 1ac8 Recovering log #3.2024/05/22-18:14:09.555 1ac8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	332
Entropy (8bit):	5.210629845640339
Encrypted:	false
SSDEEP:	6:Dsd2crL+q2PcNwi2nKuAl9OmbzNMxIFUt86sd2cXdFz1Zmw+6sd2cXdFlLVkwOcy:D0ryvLZHAa8jFUt860J/+601R54ZHAab
MD5:	6AC5BA6ABC110694305DFDB1A74D44CC
SHA1:	B5CC43D978F467B99017CDBE7B012B0B81877CB7
SHA-256:	2C815F1733CA37FE1FF5803EC15CCB262CAE48D2CA0C1E74CDE42120C9587940
SHA-512:	6130B7ED58C603C5704477A9B8BA03CB62D827A382506C0A5090C8B45770468A68CCA343EF17EA35396088E510ABE1FF020B21BE424D8485ACE553F89581E770
Malicious:	false
Preview:	2024/05/22-18:14:09.553 1ac8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/05/22-18:14:09.555 1ac8 Recovering log #3.2024/05/22-18:14:09.555 1ac8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240522221413Z-161.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 164 x -102 x 32, cbSize 66966, bits offset 54
Category:	dropped
Size (bytes):	66966
Entropy (8bit):	5.073596645829244
Encrypted:	false
SSDEEP:	768:F9l81RnWWmWjQuvj9DEbp4ZCY44rnFw6fJ:FrWnWWXQ2j9DEbp4ZCY44rnFw6fJ
MD5:	CEE55DCC6DB807E15FEC83045D1DF9D8
SHA1:	5EA13D13C68D3DD94E7073291D6FC0B867657684
SHA-256:	E73D4B7A74F38134144868ED7FFC362FF99FB1B45476E9A84D943512F8D520ED
SHA-512:	C13E3D50A70525FAC4A096B34356CC49C0CADB2E533ED88CF864381B822F4E92EEC1795964C88EA1593DC8A3A8B0FC9BDA2F21E59B130C05616711F1218F659C
Malicious:	false
Preview:	BM........6...(............. .........................{{{.{{{.nnn.jjj.lll.lll.jjj.nnn.hhh.ttt.fff.sss.hhh.ooo.iii.mmm.kkk.lll.ooo.jjj.rrr.hhh.ttt.eee.qqq.kkk.ppp.lll.lll.ppp.lll.rrr.iii.ttt.hhh.rrr.hhh.ooo.kkk.mmm.ooo.jjj.ooo.hhh.qqq.ggg.rrr.ggg.ppp.iii.nnn.lll.lll.ooo.jjj.rrr.ggg.sss.ggg.qqq.iii.ooo.kkk.mmm.mmm.kkk.ppp.hhh.ttt.ggg.rrr.hhh.ppp.lll.mmm.nnn.kkk.qqq.iii.rrr.fff.sss.hhh.ppp.kkk.ooo.mmm.lll.ooo.jjj.rrr.iii.ttt.ggg.rrr.iii.ppp.mmm.nnn.ppp.lll.rrr.iii.ttt.hhh.sss.iii.ppp.kkk.ooo.mmm.lll.rrr.jjj.uuu.hhh.sss.hhh.qqq.jjj.ooo.nnn.mmm.ppp.kkk.qqq.iii.ttt.iii.sss.kkk.ooo.mmm.nnn.ooo.lll.rrr.jjj.sss.iii.sss.kkk.qqq.mmm.ppp.ppp.mmm.qqq.kkk.ttt.iii.ttt.iii.rrr.lll.qqq.ooo.ooo.rrr.lll.uuu.jjj.vvv.jjj.SSS.SSS.999.:::.???.@@@.AAA.AAA.@@@.>>>.@@@.MMM.JJJ.:::.777.666.777.===.BBB.@@@.>>>.FFF.HHH.@@@.???.FFF.CCC.<<<.:::.>>>.FFF.DDD.@@@.EEE.III.@@@.:::.;;;.:::.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.99

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 16, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 16
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.439065490260169
Encrypted:	false
SSDEEP:	384:Cexci5GPiBA7vEmzKNURFXoD1NC1SK0gkzPlrFzqFK/WY+lUTTcKqZ5bEmzVz:e3urVgazUpUTTGt
MD5:	E0BC72884CA2BB563D6F6DE0F9101A73
SHA1:	1C3313878D5780B37A571CC36BA9A7CA3544BFCB
SHA-256:	B4626E85F49900DA10055743C446E07B50F0749F65A748A6B050271D5F37847B
SHA-512:	80FB292E5A8C53897923CDFA5E5FD28D35B7C5B4B959FE2BE39A5AC6967C80FFBAE9014D7F8D877AEC1585B78762803CBFAE23C695B8B2D3CE72C89C4369FD8E
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	2.217350034710809
Encrypted:	false
SSDEEP:	24:7+tLgj6wKFqL7zkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9MW:7MwWFq/mFTIF3XmHjBoGGR+jMz+LhT
MD5:	A2307AB4FBFA75631D0336D56504CE8B
SHA1:	2C1FC41D8BC0AAAE4879BEF2E8FFECF4AA07A1DF
SHA-256:	DA527ECA398C9F85D38A2DCB64FCEE86D41C6434560C3E5F67050047FFBD6F48
SHA-512:	1D8E4CBBFB1F2426CF73F584DF2CD528E07A0F83147F037B856C4E24D4A0C81E9BFFCF3F745A9111998DCDF99A0FD70AA127485FBE03FD8DEC1839482638B861
Malicious:	false
Preview:	.... .c.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7040

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	228346
Entropy (8bit):	3.3890581331110528
Encrypted:	false
SSDEEP:	1536:qMKP+iyzDtrh1cK3XEivK7VK/3AYvYwgf/rRoL+sn:FKPoJ/3AYvYwgXFoL+sn
MD5:	2F8A4655789D955BD1CC67B790AF3179
SHA1:	E9F56CC175D0D792B1CD57A2210DD955F0739BAC
SHA-256:	09958248E59EC060D4345471BA55CD61481D6EA52A04AEC4B46B8B4826C3ED4F
SHA-512:	32755A4320EB0F05CD71280765424E9752F817E931C8E582BE93C589FAD3AFB48987DCF6D43768298D3A66D685297E82BD07AB2F604D43B9FF40C11F0391A66C
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.352649924669396
Encrypted:	false
SSDEEP:	6:YEQXJ2HXpPAVVy53O4WsGiIPEeOF0Y8aEeoAvJM3g98kUwPeUkwRe9:YvXKXX5+bsdTeOcPVGMbLUkee9
MD5:	CF83B2D71F6DB8F918692082C068ED89
SHA1:	85214DB33C2AD8DEFEBA1FBB1C1D872A91F7554B
SHA-256:	E881E24731C2FF6B99E80977FC08451036D7C570F8AB182243B813642AA14056
SHA-512:	B1B09837E6DDA6F807CB00B4DB197841B594636FE355FAAE2212F96EDFDE0AE266F4FB3867D8AE56EB86CCA59F1AFB734453A893DF11DE5F49618DA175520773
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9e0154bd-e843-4bce-aead-0da187e2cc06","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1716594090402,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.2856220798152105
Encrypted:	false
SSDEEP:	6:YEQXJ2HXpPAVVy53O4WsGiIPEeOF0Y8aEeoAvJfBoTfXpnrPeUkwRe9:YvXKXX5+bsdTeOcPVGWTfXcUkee9
MD5:	2CC868C950D975BD504F28D7E185DC53
SHA1:	0390186F81C6C8BCA4ACDD42E1FE436CEE7AEA48
SHA-256:	CF45A8CDB7716B018D5C1B1DD5407D520B0384081E703E43C164A14FEFA55C6A
SHA-512:	0B20E6AF2A67A06221F9383B49D294433C382C73749AACD9E1C9E58E4561AC47E4F14CEE32BAD8037E0CF944184F48C501C90916A131B6A0090BC267AC572610
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9e0154bd-e843-4bce-aead-0da187e2cc06","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1716594090402,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.264537600873066
Encrypted:	false
SSDEEP:	6:YEQXJ2HXpPAVVy53O4WsGiIPEeOF0Y8aEeoAvJfBD2G6UpnrPeUkwRe9:YvXKXX5+bsdTeOcPVGR22cUkee9
MD5:	E033CED2E478E30578FEB67665874091
SHA1:	D9C890FFA62654826AABA2453E58500333993331
SHA-256:	116D5F976910060A92138DA80DC09D092AAC0431628CA42E2C3BA40F47E23817
SHA-512:	4F88806D6E6CAB08C8B86C5ECEB06D2792F735630A53CB31D118D43FFBF4EA743DF5CCBB3BBC4E1B98D3C59E2638CC7BC94409D5532BAFEAFF5E0DA99FCDA629
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9e0154bd-e843-4bce-aead-0da187e2cc06","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1716594090402,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.3391523168892006
Encrypted:	false
SSDEEP:	6:YEQXJ2HXpPAVVy53O4WsGiIPEeOF0Y8aEeoAvJfPmwrPeUkwRe9:YvXKXX5+bsdTeOcPVGH56Ukee9
MD5:	DD1BEE3001789B29E4AC554C63BF79EB
SHA1:	B490D5FCCD80F84B18B3B263636327E7C0E3AC70
SHA-256:	D51C12F90B00F6B9FDF7A5FB574A3E67FC048824E09CD3968660828BADE51906
SHA-512:	B337CA8B71BC37880A9FF7A4D38AB3911A7ABAD4291AC83EA41F8922299B79539509C92812AAA3412CBD16C5C89B6E6F2A314D31F1F00D9F0872355388FBA9D6
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9e0154bd-e843-4bce-aead-0da187e2cc06","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1716594090402,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.2838253646984334
Encrypted:	false
SSDEEP:	6:YEQXJ2HXpPAVVy53O4WsGiIPEeOF0Y8aEeoAvJfJWCtMdPeUkwRe9:YvXKXX5+bsdTeOcPVGBS8Ukee9
MD5:	362F277456E3DF555F433D1361F2838D
SHA1:	A0DE84296EA554FDC737F0912226C6B0D4523A6D
SHA-256:	1E5E9A5B0532D0598D95915565000CC3EAA994B4AB8971B5D8F1341A801DACBB
SHA-512:	865860DDB92373DA280542AA3874F1942FBED373F03CA69A34D73793DC459149599902B0A484CE063ED3252CFE95E76F115315AAE6337737D04122C965DBF446
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9e0154bd-e843-4bce-aead-0da187e2cc06","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1716594090402,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.270150036517956
Encrypted:	false
SSDEEP:	6:YEQXJ2HXpPAVVy53O4WsGiIPEeOF0Y8aEeoAvJf8dPeUkwRe9:YvXKXX5+bsdTeOcPVGU8Ukee9
MD5:	8D8BE857B5AC0E2A5F0C8EA2F1FF919D
SHA1:	E2491AFB562503AC9984E4518BC9EF358991A7A5
SHA-256:	86CAD644400946EC69E2F385AC64A1770CE2CCB3A240A528013ED89257B3A945
SHA-512:	C8E7CA1A6AC966846F51B25A461D3D85FC052448DDA00374AD38070FADB6B8E90F99DAEF9168054C242F2153A8A1C5B11366EE1A32A06FFE2B2FDBDC4DF6408C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9e0154bd-e843-4bce-aead-0da187e2cc06","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1716594090402,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.273866223710769
Encrypted:	false
SSDEEP:	6:YEQXJ2HXpPAVVy53O4WsGiIPEeOF0Y8aEeoAvJfQ1rPeUkwRe9:YvXKXX5+bsdTeOcPVGY16Ukee9
MD5:	DBCEABEAB3092971303261C08FE2BA82
SHA1:	0A9796B3E353DA1DDB9F718B2B18ACFF153FF797
SHA-256:	DC2125CAF01BE08A698D1B4DE752CF6D29315DB3CDB31AFCF08F0747D9EE5224
SHA-512:	551EEA06198EDB51FB774252AD8376292081ACDA0BE1377D925A9830EE58AE639C1B43F885E5982B0BA4643B115C6C11FC2AD21D9F1DAA2FFA4210928CC51E63
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9e0154bd-e843-4bce-aead-0da187e2cc06","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1716594090402,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.289229789768682
Encrypted:	false
SSDEEP:	6:YEQXJ2HXpPAVVy53O4WsGiIPEeOF0Y8aEeoAvJfFldPeUkwRe9:YvXKXX5+bsdTeOcPVGz8Ukee9
MD5:	2573A6F51D3266AF93C1384F7D2D1E98
SHA1:	13A0553E6A27D0F5768EB96EBACE5A604D1A2580
SHA-256:	C7FD9FEEB3AED053BF3C6ECF80CF3E72552FC122644CCBABDB8ED46AF7566833
SHA-512:	0CD8E6D460BF092008B72018B1BBB66FB81B305F52F1EC7815C75BBBF984E213422FB4089027D83D688A4488B8AD58A952B6F015ABDF00E3D3157CB1E44F9C73
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9e0154bd-e843-4bce-aead-0da187e2cc06","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1716594090402,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1372
Entropy (8bit):	5.733063130495596
Encrypted:	false
SSDEEP:	24:Yv6Xp+bmeOcPBKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNk:YvYlehZEgigrNt0wSJn+ns8cvFJW
MD5:	2C0E84271A1BC538B5803A82560A1DC4
SHA1:	A93854C83803FF3E8358BE6411AC6EF77A3E03BD
SHA-256:	314667AFD7BE4C9FA10706599B26491C0999218CA7F9268018D2BE36CF2DEB01
SHA-512:	3FDD39BE912BCB9916C183793F1FDBF2231558F2DFEFA4C2608D07667EE713D398C83B493E9FA7AFB1329E84BDA3A8091AB2FFF38B83444124F66DA7A550A16E
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9e0154bd-e843-4bce-aead-0da187e2cc06","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1716594090402,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.2767307608485385
Encrypted:	false
SSDEEP:	6:YEQXJ2HXpPAVVy53O4WsGiIPEeOF0Y8aEeoAvJfYdPeUkwRe9:YvXKXX5+bsdTeOcPVGg8Ukee9
MD5:	E23A95212D04C753B09885B109096A33
SHA1:	29FDFBC234DB08C836E029FE56AFF1F5E89EC71C
SHA-256:	4BCADAEBD5009F8C3DFC76722AF71BB7E906BB5022A9C2C49C50CAAA4E7977EF
SHA-512:	8143983CC17ED330882D6F8AF14E5EAF55D0039BE9183E58948914B3D12053B8D3203F11FA518FB2F555F5C051C2EF72DCE2F671347F2F8C26F4B4524759DE24
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9e0154bd-e843-4bce-aead-0da187e2cc06","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1716594090402,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.768615801719065
Encrypted:	false
SSDEEP:	24:Yv6Xp+bmeOcPMrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNs:YvYleh0HgDv3W2aYQfgB5OUupHrQ9FJq
MD5:	11620E630A5ED404788F2FC3C1F27C54
SHA1:	A29E4345D1BA96F6A62BC55F6783BF401889D11E
SHA-256:	01B89E551F520864676326E1A8E73449F9DE495F8724FAFC92DE4A94110CB3A2
SHA-512:	A473948D864CBB6981D176652AB0AAECFA53CDBDADE6C1FC329DF89906AE5AFBD387B18450D9C998FB4CECD90843B4D09C06011189AE0DD19A5A769F0C013EFB
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9e0154bd-e843-4bce-aead-0da187e2cc06","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1716594090402,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.260437784564682
Encrypted:	false
SSDEEP:	6:YEQXJ2HXpPAVVy53O4WsGiIPEeOF0Y8aEeoAvJfbPtdPeUkwRe9:YvXKXX5+bsdTeOcPVGDV8Ukee9
MD5:	DA8C975F536149BD2EEECDF6CCF67425
SHA1:	99DF4BE8613A432DA8F2B3FA13AA954B65C6E7A2
SHA-256:	E7E28975617B81181A81EEAAEA721900D4F50AB74C6071B6D5CDEC36FE39C390
SHA-512:	6BE27A6110996021B8553753C8F2C67AC0B3337EA5E09B9F233133DC33DFF7A5A742E12D074076CBA45FE82D1060E5DAC12CE95CAE6EF0B3ED0EC1B75DB81166
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9e0154bd-e843-4bce-aead-0da187e2cc06","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1716594090402,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.265063021768897
Encrypted:	false
SSDEEP:	6:YEQXJ2HXpPAVVy53O4WsGiIPEeOF0Y8aEeoAvJf21rPeUkwRe9:YvXKXX5+bsdTeOcPVG+16Ukee9
MD5:	D874FC3654EA0697241AB1C2F0457383
SHA1:	6E2F6A1FEEC913FBB2681DC54BA02849CF5DA5A2
SHA-256:	AEEFF5D8DDD2748057B74041C28D47FC4314773C0BFA79B4AF6E14CBD4E124CB
SHA-512:	5C7F5A784912BB55B295DF8C5CCA565EA2C1EA19F9051EFCEAC0981E2E54D704E2BBBA557824B07B206A68B45FDC2A908DE711FBE3D64948E21C5D1F8885C87C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9e0154bd-e843-4bce-aead-0da187e2cc06","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1716594090402,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.284355932014648
Encrypted:	false
SSDEEP:	6:YEQXJ2HXpPAVVy53O4WsGiIPEeOF0Y8aEeoAvJfbpatdPeUkwRe9:YvXKXX5+bsdTeOcPVGVat8Ukee9
MD5:	AC7EF2CD4944D6A0DF4A82A83041E7A7
SHA1:	05DC61841B625503DEA6CE95B5D16698B6F429DF
SHA-256:	FA799F82E3EF86A571A6AE90CEA4B47C77284075C1F5427C8D6DA7F2F8E20DA4
SHA-512:	DCF50E763E91D03C86DF57D6AEF7EBF427DC16070BBC4D66A3320206DD915E89C78DB4D78C1187260117D3C89CFEE974931FECDF4D3FE7885D3AF31DA17F4F51
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9e0154bd-e843-4bce-aead-0da187e2cc06","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1716594090402,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.24028023622398
Encrypted:	false
SSDEEP:	6:YEQXJ2HXpPAVVy53O4WsGiIPEeOF0Y8aEeoAvJfshHHrPeUkwRe9:YvXKXX5+bsdTeOcPVGUUUkee9
MD5:	EB12BDBD4F0C4C8F5E17452F2AFB272E
SHA1:	7A1F47B1FA93FB9EA6B4CFF80BE923561DAE58A0
SHA-256:	DD3C026931C06EECB6A6C5E88FDBFF0699B99CDF1D328C61F71EF09310FE1B26
SHA-512:	6A73B615C549058628B0AAEDFC6E0D4ABE0AEBBE8B15335DECF5AF524A209797C995A5C8712C8EB94B11B3930FDB2A158D192B7F3C13C1E3AF2D5AB5AC70B0FE
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9e0154bd-e843-4bce-aead-0da187e2cc06","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1716594090402,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.361275260834837
Encrypted:	false
SSDEEP:	12:YvXKXX5+bsdTeOcPVGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWI:Yv6Xp+bmeOcPx168CgEXX5kcIfANhd
MD5:	FFC426049DCECA4D36AE050B66299F7F
SHA1:	3BB793861CFE1B88184D94EADDECDE3180C73934
SHA-256:	30F22A5E1A50427C2DCC3D1C578FDC81CF6A30FE176D791928477CC50CB4F2E4
SHA-512:	613AB36E5143D0FA1D8FEC4388B2A8950786957811CA8F706DA237BF567C98B19CC74EEFEAAFEB809488E522AAD2EC3EE4256B460BBA47074BB5DE2D2FFD1BF8
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9e0154bd-e843-4bce-aead-0da187e2cc06","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1716594090402,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1716416055434}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2814
Entropy (8bit):	5.126125761317433
Encrypted:	false
SSDEEP:	24:YZFct4XCJ5QlrXYBPhrgwacayaRsj/sj0SMR4BqI2yAb2LSWY7H5dd9fR9udOG:YzV4QlMBPh/+U45dW4eHZ95M
MD5:	E0AEF709E5D714275A6A4A8E1124525A
SHA1:	ACFB0DA9B635B4B28268D57C5A9B716EED48C618
SHA-256:	FF52B33B48669A6268BBA8326C4EEC37B8FBF0752E9E12AE0142B5B2D7CAA3AD
SHA-512:	D3482CFFB66CBABF4DF4014E8376F0191D65EAA87F3E728216960131C5D60F5561E9DD038A59644A75763909796AA00228FD342D134E6734A7D839621AE7FCBF
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"ebe9b2e28e938b0ffc6bb5d0134967d7","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1716416054000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"f709d4255db7d351d9165f2731d58c4c","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1716416054000},{"id":"Edit_InApp_Aug2020","info":{"dg":"f6aef0dade04d2be1dbd81606f3a97aa","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1716416054000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"d99169b14b13f1317814ecc2e73d0faf","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1716416054000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"e5c95ca582b5ac3d200fe79482a8a9e2","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1716416054000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"69774ce71f9756ae049635681223fa23","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1716416054000},

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 26, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 26
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.447020525300151
Encrypted:	false
SSDEEP:	48:Tll2GL7msKvrBd6dHtbGIbPe0K3+fDy2dsYV6vVKRVq:fVmso3SHtbDbPe0K3+fDZdLOgq
MD5:	D45EE84514F926BAC9DC7026A58F016B
SHA1:	5B1CCD1954CB5E55BE07922F8B180BC618F362BA
SHA-256:	28219E99009549305AE284BAD412B79D12AAD46DDD87AC1F40D20D034242BC21
SHA-512:	191F8533494E24DD0738B6DCDF295C6704FE43507D86FBB7B96E467E5D157A31F329BE05A4250EDFA843368ABE5ADBD903D1DCEE7E137B4A74AA14667C6A344E
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.9549734458241637
Encrypted:	false
SSDEEP:	48:7M3GvrBd6dHtbGIbPe0K3+fDy2ds8VIlGVtqGufl2GL7ms6M:7Z3SHtbDbPe0K3+fDZd3dtKNVmsf
MD5:	41564AD175CEE3E3D6800BFD522EC4BE
SHA1:	ACDAB07DE0A4BE5E21443E7FDE901CB2AC696803
SHA-256:	0FCC2F62738685C42E2676D76E4113053EA030A5AED4B90E52EDFD75AAD08C3F
SHA-512:	7C178130F15E2E6E316510C3EFCD41ABFE0C7603EA3FAC1BB197A888537B5B8D10157157272733686ADCE95C5ACD3CAB6AFD3EE162D93EE42BBF06AC27562AC5
Malicious:	false
Preview:	.... .c.......E.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................v.../../..././....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI2e212.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5209238895127717
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8lFGlEYle:Qw946cPbiOxDlbYnuRKvbw
MD5:	70436DC41CBF78BEB88FC1DFE1C6B0B2
SHA1:	97191B4793653BAC1F39A4CF5DDB5B08B73EAD37
SHA-256:	80238095C7C8281C140D56BB7BF038375609E86E5EB5DBB656E36E247B9A12AE
SHA-512:	4F7EE55A623C192CCD285048FF83B844ABA9B65DE00E06940F83F6E918DBF16CA6CCBB164D151CEC42ABD9C545DB8A3AF2D1AA6FBBEF28F731FF6C74D212201A
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.2./.0.5./.2.0.2.4. . .1.8.:.1.4.:.1.6. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A99c247b_1i1flqc_5fk.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
Category:	dropped
Size (bytes):	127214
Entropy (8bit):	7.992938944970855
Encrypted:	true
SSDEEP:	3072:uswQeDPMQviqN8xfRmKMPcSnWlG1SS7Zqc6DOR44IxtUsi5:uswtPMMrSx+0SWlG1SSO6cYsi
MD5:	997CE5ED3633E8FF84C2F7D1F0E48E53
SHA1:	D22617BDF6D8DCE13E5FCBE9BDD57A812EE1E237
SHA-256:	E06C221FB5B43F5A25220D326EB501573C2E0CC9FBB31007BF79054B6F613907
SHA-512:	CE187CD9CE4CAC28B91CD0B090A70B15E28BC59BE0CC2A1E58F4257ACBAD5C05B40D7E1ECC8F16B626BC51AFE6817E524A4326F09C3FBA85637285EA1F3291D8
Malicious:	false
Preview:	PK........,C.X...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........>.X..lz............message.xml.]Ys..~...r..S.c...-.K....v.Y.KEK...E.H.......Z(...V.N.... ..p.s....(...$...o..=:.D..A.....w.....#....8..4;nGq.<.}?.>.#?.........,.Bq..G..v08....G.=.i.....~..Q.......4.....h...`............Z... ..~(.X.g.>..;8=...7.x.G.....v.{..^.y}s...#u+.. ...s.$.2.._t...Gyuz....x...&gO..8..$.hp#.W.@..V...x.OW.c.........."S.x...>.Y....L..1..I<..vL.{$......#.i...7X\l....S..^..?.)..9tX..V.=.3qL.a...b.Bv.....X\|..O. y.5u.19...d..}{..q.d..p}......)..l..r.fk..<..v..(..o......-.f_....h..e ......Z....K.;Ka..cB<....:..x.(...v{(..!@.Z...Bg.n.<..PD.".+..0.A..5.Y...x....9.]..........d.2.h......<.j........~.+.g...8r.....].lS.9..RX@.;..........9.....8.A.......?tq....&....0..t..]...aW.....<.....Ka.=XO..C........~.F3.+.b..Y.\.,..Cq6.n..8..b`..b..{.8.......2o.S.J3U.bx;S..L..Y..L.v..LU.g....%..0U.....\...P>...Q..e..p0#yKN.H.Br..Nh r..D..?..Vuh..q)o.D.]#h.M.A

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-05-22 18-14-11-194.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.386483451061953
Encrypted:	false
SSDEEP:	384:A2+jkjVj8jujXj+jPjghjKj0jLjmF/FRFO7t75NsXNsbNsgNssNsNNsaNsliNsTY:AXg5IqTS7Mh+oXChrYhFiQHXiz1W60ID
MD5:	F49CA270724D610D1589E217EA78D6D1
SHA1:	22D43D4BB9BDC1D1DEA734399D2D71E264AA3DD3
SHA-256:	D2FFBB2EF8FCE09991C2EFAA91B6784497E8C55845807468A3385CF6029A2F8D
SHA-512:	181B42465DE41E298329CBEB80181CBAB77CFD1701DBA31E61B2180B483BC35E2EFAFFA14C98F1ED0EDDE67F997EE4219C5318CE846BB0116A908FB2EAB61D29
Malicious:	false
Preview:	SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:808+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-05-22 19-26-43-707.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	15280
Entropy (8bit):	5.307256364064334
Encrypted:	false
SSDEEP:	384:KfTILPsWAYkxG9hlGFnPBYH2GjCunPTP+7CgmyAD0bTaJXmsS10YSpS9G1jQV0EC:jac
MD5:	F8C4CDE46BF9449B0A6C17AA97861C3E
SHA1:	8C8CCE4F9A118E6FE1152E1C345FFEDD1953C90A
SHA-256:	1AFAC1CC08D3DCADA95903304ACF1F39DE5258D4C8CE9BC23C43B04AE724EDB8
SHA-512:	C4BB91D9C76117DA74C6D8FF079FFB8B4E6314EC0622FF38720CBB27B84FF3150583F55C58AF348DE9B8505919EC74839A9EA419207783DA7F5C2E00D99AD7FF
Malicious:	false
Preview:	SessionID=2d2abcfa-8e86-4902-9a54-8ba251125f12.1716416051233 Timestamp=2024-05-22T18:14:11:233-0400 ThreadID=5392 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=2d2abcfa-8e86-4902-9a54-8ba251125f12.1716416051233 Timestamp=2024-05-22T18:14:11:239-0400 ThreadID=5392 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=2d2abcfa-8e86-4902-9a54-8ba251125f12.1716416051233 Timestamp=2024-05-22T18:14:11:239-0400 ThreadID=5392 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=2d2abcfa-8e86-4902-9a54-8ba251125f12.1716416051233 Timestamp=2024-05-22T18:14:11:239-0400 ThreadID=5392 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=2d2abcfa-8e86-4902-9a54-8ba251125f12.1716416051233 Timestamp=2024-05-22T18:14:11:239-0400 ThreadID=5392 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1255
Entropy (8bit):	5.216447649991315
Encrypted:	false
SSDEEP:	24:mh70Hwt1vWvZOFth70Hwt1vWN82Bh70HwtNch70H/V0Ah70H/VFw5h70H/V88Zvn:ZHA1OvxHA1ON8JHAhH/VuH/VFwEH/VL
MD5:	5FDFD4E9A6C4694F4929A02E87A48A36
SHA1:	4B4328870A44B4F6C25C8989FAC0B32514B865EF
SHA-256:	FCC7EB28A40CBED56E85B2ADE2E40CDF94430A4B0565FADB66C229570F5F5E22
SHA-512:	4585945A87C0AFF6A27F42B1988B5111E2AE26C9717F01804B7F966A0F0D6834EFE77A83E271B7FE7EAF6D66D7A8FC4ACDE453A36EC21E466FDEFE96CFD7DFEA
Malicious:	false
Preview:	SessionID=2d2abcfa-8e86-4902-9a54-8ba251125f12.1716416051233 Timestamp=2024-05-22T19:26:43:724-0400 ThreadID=2920 Component=ngl-lib_ NglIngestManager Description="ProcessSpecialEventBeforeClose : Ingest - Checking & Processing for Special Events"..SessionID=2d2abcfa-8e86-4902-9a54-8ba251125f12.1716416051233 Timestamp=2024-05-22T19:26:43:724-0400 ThreadID=2920 Component=ngl-lib_ NglIngestManager Description="ProcessNglIngestEvents : Ingest Process - Finished"..SessionID=2d2abcfa-8e86-4902-9a54-8ba251125f12.1716416051233 Timestamp=2024-05-22T19:26:43:724-0400 ThreadID=4220 Component=ngl-lib_ NglIngestManager Description="CleanEventQ : Cleared Ingest Event"..SessionID=2d2abcfa-8e86-4902-9a54-8ba251125f12.1716416051233 Timestamp=2024-05-22T19:26:43:725-0400 ThreadID=4220 Component=ngl-lib_ NglIngestManager Description="Shutdown : Ingest manager shutdown."..SessionID=2d2abcfa-8e86-4902-9a54-8ba251125f12.1716416051233 Timestamp=2024-05-22T19:26:43:725-0400 ThreadID=4220 Component=ngl-lib_Ht

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	35814
Entropy (8bit):	5.412327394051546
Encrypted:	false
SSDEEP:	768:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gRldy0+AyxkHBDgRh9gRV:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gRT
MD5:	8FF12177CB8AF4899511DE16E63C0A72
SHA1:	57A181ED2F771D239FC8009B12053F00ADE96105
SHA-256:	7104FD8D6FEB7E935E9E0A0033AB4C4FF91756E31D50CC7EAEFF5145686C926E
SHA-512:	FF459FA0BCC072BBF4EA1BA00D42D229655BF4C13815D41685EE49788F5A246D92B1BBB0929ED12FA5ECCBB45F627BBC30D50C5C6FA4A433398C8B67073E4AB0
Malicious:	false
Preview:	05-10-2023 08:41:17:.---2---..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : *************************************..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : ***********************************..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 08:41:17:.Closing File..05-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\06cbdbb7-0893-4952-b4d6-fd4dbb9ec03f.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/xaWL07oXGZGwYIGNPJwdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JaWLxXGZGwZGM3mlind9i4ufFXpAXkru
MD5:	0A347312E361322436D1AF1D5145D2AB
SHA1:	1D6C06A274705F8A295F62AD90CF8CA27555C226
SHA-256:	094501B3CA4E93F626ABFCAE800645C533B61409DC3D1D233F4D053CE6A124D7
SHA-512:	9856C231513B47DD996488DF19EEE44DBB320E55432984C0C041EF568B6EC5C05F5340831132890D1D162E0505CA243D579582EDB9157CF722A86EC8CE2FEAFE
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\614e123d-4665-4015-9e62-b853da51a26c.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
MD5:	A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:	54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:	74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\7fcbd5d1-d763-41f4-a08d-8d5c0c053682.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\aa435028-5dc1-451d-94e4-faaa114a856d.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	24
Entropy (8bit):	3.66829583405449
Encrypted:	false
SSDEEP:	3:So6FwHn:So6FwHn
MD5:	DD4A3BD8B9FF61628346391EA9987E1D
SHA1:	474076C122CACAAF112469FC62976BB69187AA2B
SHA-256:	7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486
SHA-512:	FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491
Malicious:	false
Preview:	<</Settings [/c <<>>].>>

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	85893
Entropy (8bit):	6.4285188239971465
Encrypted:	false
SSDEEP:	1536:Lh3s60i02RwxwFnZNt0zfIagnbSLDII+DY:LVs/i0C4IZN+gbE8pDY
MD5:	B7A9A5A223B9DCE0E7D10E2B32A0BA07
SHA1:	FFB925FA80873CF50D8CB6DA530BA8CD7F0D9922
SHA-256:	4EF52E63D45F5230C47DBD3764AA90768F708B24885579375724473BB3FFB255
SHA-512:	A46488535961F26B7E41E1BA98E2015627917366BE08B172B0A5377E5A4EC1C0BD14F1A4E2473B5831A7538B3554E818FE3349DA42C0F40E03B3474EC77532F4
Malicious:	false
Preview:	0..O.0..Mg...0....H........0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1..240403114831Z..240410114831Z0..L.0!.......0.E....[0...210531000001Z0!...7g...(..^`.x.l...210531000001Z0!...\./M.8..>.f.....210531000001Z0!...B.Sh...f...s.0..210531000001Z0!..../n...h..7....>..210601000001Z0!....0..>5..aN.u{D..210601000001Z0!...-...qpWa.!n.....210601000001Z0!..."f...\..N.....X..210601000001Z0!......S....fNj'.wy..210602000001Z0!...in.H...[u...]....210602000001Z0!......`......._.]...210602000001Z0!...{..e..i......=..210602000001Z0!......C.lm..B.*.....210602000001Z0!... .}...\|.,dk...+..210603000001Z0!...U.K....o.".Rj..210603000001Z0!.....A...K.ZpK..'h..210603000001Z0!.....&}{ ......l..210603000001Z0!...:.m...I.p.;..v..210604000001Z0!...1"uw3..Gou.qg.q..210607000001Z0!...1.o}...c/...-R}..210608000001Z0!................210608000001Z0!...[.N.d............210609000001Z0!......x..i........210610000001Z0!...(... (..#.^.f...210

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	737
Entropy (8bit):	7.5099882082938105
Encrypted:	false
SSDEEP:	12:yeRLaWQMnFQlRmyOFfBS9i7u8meIHKbw2O9TrU/Y/QmpFlT1xaOu8OAbsHqvNDVk:y2GWnSmyOtci7umNbQ9TrUw/QmxT1xsD
MD5:	152F65AAA856C44E87C8ED561AE43C0F
SHA1:	B6440383DBC4D3446E91CBB58EEB8C8BD6671F50
SHA-256:	48AC59FC9FA38016B6D5A4CB5D89A2C0CABCD8A0404AF29FBE995B4AA647A292
SHA-512:	106287A2EA36511D229E6991638D99B796B24B05D4BC8AE75BE5E9B79EA7A324330A26B3B4028FC4A8523FB82D7E3F9A793AE0E9C1F377939956C5667E44381E
Malicious:	false
Preview:	0...0.....0....H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G4..240401194722Z..240422194722Z.00.0...U.#..0.......q]dL..g?....O0...U........0....H............._..T...?..G).L/..K..5...3.j(..G.D0...>...bH.p.O{..Y....^.]I.G......~r.Ye...Sy.....X...1........8'../...O...P;QO.-O.BUq......1s..(,....v....L.q..H.6j %..R.p..H..).;vt.....6...r]/.....4.%....G....J..3Y.....d....N....tu...q....2.wm..$...d...w...G?..h.?.+E...$d.........80X45[...A.7,.....s`...sS.g.]...].i...y].bu.U.......AP....T.d!...eB.`...u.....Z....&.....*$mY..q7.;.5..s..x.$.._..5.W..F?p@.+Ud-...&'...po$..4R7L.`.g.......J...........h...M(./>)..;.g....B..F.?>...Q{%.i.....!lm\|\|..cxb..

Static File Info

General

File type:	PDF document, version 1.7 (zip deflate encoded)
Entropy (8bit):	7.489417409130376
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Autonomous Medical Devices Incorporated - AGREEMENT.pdf
File size:	138'519 bytes
MD5:	ca582ffeae72d8fbd737b4a2e96308ca
SHA1:	30c4037e4709a98bda7701f07a8dbf84cfc1e5a1
SHA256:	08fc670b30bb5fef3eca1af88c9942436d18124e81dfe7218016943d391a2134
SHA512:	8292025299c85352271b73a92e1460b43f64f3fe6664aa5b62d55cfde5fc714de4a4ed7beb14f7d3933cf8943a82471379f42534fc6d7bb170b3631cd2905012
SSDEEP:	3072:0CyFdVXzXJaKOT2NqwsWm0qm099dDCXin9:7yZX/Q2PM739vAQ9
TLSH:	59D3CF9CA590C4C9C5FBCBF9D74BE6E7A22D4703258119B6725F4AC0070BE8EFA5B406
File Content Preview:	%PDF-1.7.%......905 0 obj.<</Filter/FlateDecode/First 5/Length 99/N 1/Type/ObjStm>>stream..h.24V0P...wq...H.)..B..D....K.P.5/9?%3/...pqs.O..(.Z..............M.@..Q..I..... %..9)...vv.......'..endstream.endobj.906 0 obj.<</Filter/FlateDecode/First 4/Length

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.7
Total Entropy:	7.489417
Total Bytes:	138519
Stream Entropy:	7.662569
Stream Bytes:	115837
Entropy outside Streams:	4.232210
Bytes outside Streams:	22682
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	22
endobj	22
stream	15
endstream	15
xref	0
trailer	0
startxref	1
/Page	0
/Encrypt	0
/ObjStm	7
/URI	2
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	1
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
18	33d6d6e6e6e66666	98d36d87a2b712c4f6ba87283b937df1

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 23, 2024 00:14:05.628051043 CEST	49671	443	192.168.2.7	204.79.197.203
May 23, 2024 00:14:05.940138102 CEST	49671	443	192.168.2.7	204.79.197.203
May 23, 2024 00:14:05.940160990 CEST	49674	443	192.168.2.7	104.98.116.138
May 23, 2024 00:14:05.940160990 CEST	49675	443	192.168.2.7	104.98.116.138
May 23, 2024 00:14:06.049407959 CEST	49672	443	192.168.2.7	104.98.116.138
May 23, 2024 00:14:06.549621105 CEST	49671	443	192.168.2.7	204.79.197.203
May 23, 2024 00:14:07.752527952 CEST	49671	443	192.168.2.7	204.79.197.203
May 23, 2024 00:14:10.158854008 CEST	49671	443	192.168.2.7	204.79.197.203
May 23, 2024 00:14:14.170051098 CEST	49677	443	192.168.2.7	20.50.201.200
May 23, 2024 00:14:14.642888069 CEST	49677	443	192.168.2.7	20.50.201.200
May 23, 2024 00:14:15.049149036 CEST	49706	443	192.168.2.7	23.211.8.90
May 23, 2024 00:14:15.049181938 CEST	443	49706	23.211.8.90	192.168.2.7
May 23, 2024 00:14:15.049254894 CEST	49706	443	192.168.2.7	23.211.8.90
May 23, 2024 00:14:15.050796032 CEST	49706	443	192.168.2.7	23.211.8.90
May 23, 2024 00:14:15.050806046 CEST	443	49706	23.211.8.90	192.168.2.7
May 23, 2024 00:14:15.079838037 CEST	49671	443	192.168.2.7	204.79.197.203
May 23, 2024 00:14:15.449966908 CEST	49677	443	192.168.2.7	20.50.201.200
May 23, 2024 00:14:15.652987957 CEST	49674	443	192.168.2.7	104.98.116.138
May 23, 2024 00:14:15.653017044 CEST	49675	443	192.168.2.7	104.98.116.138
May 23, 2024 00:14:15.699505091 CEST	443	49706	23.211.8.90	192.168.2.7
May 23, 2024 00:14:15.699595928 CEST	49706	443	192.168.2.7	23.211.8.90
May 23, 2024 00:14:15.707264900 CEST	49706	443	192.168.2.7	23.211.8.90
May 23, 2024 00:14:15.707281113 CEST	443	49706	23.211.8.90	192.168.2.7
May 23, 2024 00:14:15.707511902 CEST	443	49706	23.211.8.90	192.168.2.7
May 23, 2024 00:14:15.750185966 CEST	49672	443	192.168.2.7	104.98.116.138
May 23, 2024 00:14:15.750200033 CEST	49706	443	192.168.2.7	23.211.8.90
May 23, 2024 00:14:15.760066986 CEST	49706	443	192.168.2.7	23.211.8.90
May 23, 2024 00:14:15.806516886 CEST	443	49706	23.211.8.90	192.168.2.7
May 23, 2024 00:14:16.001012087 CEST	443	49706	23.211.8.90	192.168.2.7
May 23, 2024 00:14:16.001087904 CEST	443	49706	23.211.8.90	192.168.2.7
May 23, 2024 00:14:16.001523972 CEST	49706	443	192.168.2.7	23.211.8.90
May 23, 2024 00:14:16.004888058 CEST	49706	443	192.168.2.7	23.211.8.90
May 23, 2024 00:14:16.004909992 CEST	443	49706	23.211.8.90	192.168.2.7
May 23, 2024 00:14:16.004921913 CEST	49706	443	192.168.2.7	23.211.8.90
May 23, 2024 00:14:16.004926920 CEST	443	49706	23.211.8.90	192.168.2.7
May 23, 2024 00:14:16.105199099 CEST	49709	443	192.168.2.7	23.211.8.90
May 23, 2024 00:14:16.105236053 CEST	443	49709	23.211.8.90	192.168.2.7
May 23, 2024 00:14:16.105304003 CEST	49709	443	192.168.2.7	23.211.8.90
May 23, 2024 00:14:16.105700970 CEST	49709	443	192.168.2.7	23.211.8.90
May 23, 2024 00:14:16.105715036 CEST	443	49709	23.211.8.90	192.168.2.7
May 23, 2024 00:14:16.744592905 CEST	443	49709	23.211.8.90	192.168.2.7
May 23, 2024 00:14:16.744659901 CEST	49709	443	192.168.2.7	23.211.8.90
May 23, 2024 00:14:16.970808029 CEST	49709	443	192.168.2.7	23.211.8.90
May 23, 2024 00:14:16.970844030 CEST	443	49709	23.211.8.90	192.168.2.7
May 23, 2024 00:14:16.971091032 CEST	443	49709	23.211.8.90	192.168.2.7
May 23, 2024 00:14:16.972368002 CEST	49709	443	192.168.2.7	23.211.8.90
May 23, 2024 00:14:17.018543005 CEST	443	49709	23.211.8.90	192.168.2.7
May 23, 2024 00:14:17.052978039 CEST	49677	443	192.168.2.7	20.50.201.200
May 23, 2024 00:14:17.152903080 CEST	443	49709	23.211.8.90	192.168.2.7
May 23, 2024 00:14:17.159293890 CEST	443	49709	23.211.8.90	192.168.2.7
May 23, 2024 00:14:17.159384012 CEST	49709	443	192.168.2.7	23.211.8.90
May 23, 2024 00:14:17.159490108 CEST	49709	443	192.168.2.7	23.211.8.90
May 23, 2024 00:14:17.159507036 CEST	443	49709	23.211.8.90	192.168.2.7
May 23, 2024 00:14:17.159517050 CEST	49709	443	192.168.2.7	23.211.8.90
May 23, 2024 00:14:17.159523010 CEST	443	49709	23.211.8.90	192.168.2.7
May 23, 2024 00:14:17.530500889 CEST	443	49699	104.98.116.138	192.168.2.7
May 23, 2024 00:14:17.534066916 CEST	49699	443	192.168.2.7	104.98.116.138
May 23, 2024 00:14:20.041822910 CEST	49677	443	192.168.2.7	20.50.201.200
May 23, 2024 00:14:22.145220995 CEST	49711	443	192.168.2.7	23.47.168.24
May 23, 2024 00:14:22.145270109 CEST	443	49711	23.47.168.24	192.168.2.7
May 23, 2024 00:14:22.145581961 CEST	49711	443	192.168.2.7	23.47.168.24
May 23, 2024 00:14:22.145581961 CEST	49711	443	192.168.2.7	23.47.168.24
May 23, 2024 00:14:22.145618916 CEST	443	49711	23.47.168.24	192.168.2.7
May 23, 2024 00:14:22.830662966 CEST	443	49711	23.47.168.24	192.168.2.7
May 23, 2024 00:14:22.831536055 CEST	49711	443	192.168.2.7	23.47.168.24
May 23, 2024 00:14:22.831590891 CEST	443	49711	23.47.168.24	192.168.2.7
May 23, 2024 00:14:22.832674026 CEST	443	49711	23.47.168.24	192.168.2.7
May 23, 2024 00:14:22.832748890 CEST	49711	443	192.168.2.7	23.47.168.24
May 23, 2024 00:14:22.836587906 CEST	49711	443	192.168.2.7	23.47.168.24
May 23, 2024 00:14:22.836675882 CEST	443	49711	23.47.168.24	192.168.2.7
May 23, 2024 00:14:22.837116957 CEST	49711	443	192.168.2.7	23.47.168.24
May 23, 2024 00:14:22.837133884 CEST	443	49711	23.47.168.24	192.168.2.7
May 23, 2024 00:14:22.877716064 CEST	49711	443	192.168.2.7	23.47.168.24
May 23, 2024 00:14:22.978290081 CEST	443	49711	23.47.168.24	192.168.2.7
May 23, 2024 00:14:22.978785038 CEST	49711	443	192.168.2.7	23.47.168.24
May 23, 2024 00:14:22.978877068 CEST	443	49711	23.47.168.24	192.168.2.7
May 23, 2024 00:14:22.978931904 CEST	49711	443	192.168.2.7	23.47.168.24
May 23, 2024 00:14:24.690247059 CEST	49671	443	192.168.2.7	204.79.197.203
May 23, 2024 00:14:26.002789974 CEST	49677	443	192.168.2.7	20.50.201.200
May 23, 2024 00:14:27.189470053 CEST	49714	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:27.189508915 CEST	443	49714	52.165.165.26	192.168.2.7
May 23, 2024 00:14:27.189574957 CEST	49714	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:27.190905094 CEST	49714	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:27.190922976 CEST	443	49714	52.165.165.26	192.168.2.7
May 23, 2024 00:14:28.142415047 CEST	443	49714	52.165.165.26	192.168.2.7
May 23, 2024 00:14:28.142653942 CEST	49714	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:28.144349098 CEST	49714	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:28.144357920 CEST	443	49714	52.165.165.26	192.168.2.7
May 23, 2024 00:14:28.144570112 CEST	443	49714	52.165.165.26	192.168.2.7
May 23, 2024 00:14:28.190321922 CEST	49714	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:28.695065975 CEST	49714	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:28.738498926 CEST	443	49714	52.165.165.26	192.168.2.7
May 23, 2024 00:14:28.923350096 CEST	443	49714	52.165.165.26	192.168.2.7
May 23, 2024 00:14:28.923374891 CEST	443	49714	52.165.165.26	192.168.2.7
May 23, 2024 00:14:28.923382998 CEST	443	49714	52.165.165.26	192.168.2.7
May 23, 2024 00:14:28.923392057 CEST	443	49714	52.165.165.26	192.168.2.7
May 23, 2024 00:14:28.923424006 CEST	49714	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:28.923425913 CEST	443	49714	52.165.165.26	192.168.2.7
May 23, 2024 00:14:28.923450947 CEST	443	49714	52.165.165.26	192.168.2.7
May 23, 2024 00:14:28.923474073 CEST	49714	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:28.923507929 CEST	49714	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:28.936197996 CEST	443	49714	52.165.165.26	192.168.2.7
May 23, 2024 00:14:28.936255932 CEST	49714	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:28.936275005 CEST	443	49714	52.165.165.26	192.168.2.7
May 23, 2024 00:14:28.936286926 CEST	443	49714	52.165.165.26	192.168.2.7
May 23, 2024 00:14:28.936322927 CEST	49714	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:29.529465914 CEST	49714	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:29.529490948 CEST	443	49714	52.165.165.26	192.168.2.7
May 23, 2024 00:14:29.529501915 CEST	49714	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:29.529508114 CEST	443	49714	52.165.165.26	192.168.2.7
May 23, 2024 00:14:37.912486076 CEST	49677	443	192.168.2.7	20.50.201.200
May 23, 2024 00:14:39.315881014 CEST	49722	443	192.168.2.7	142.250.184.228
May 23, 2024 00:14:39.315927029 CEST	443	49722	142.250.184.228	192.168.2.7
May 23, 2024 00:14:39.316010952 CEST	49722	443	192.168.2.7	142.250.184.228
May 23, 2024 00:14:39.316235065 CEST	49722	443	192.168.2.7	142.250.184.228
May 23, 2024 00:14:39.316242933 CEST	443	49722	142.250.184.228	192.168.2.7
May 23, 2024 00:14:40.055979013 CEST	443	49722	142.250.184.228	192.168.2.7
May 23, 2024 00:14:40.056407928 CEST	49722	443	192.168.2.7	142.250.184.228
May 23, 2024 00:14:40.056433916 CEST	443	49722	142.250.184.228	192.168.2.7
May 23, 2024 00:14:40.057828903 CEST	443	49722	142.250.184.228	192.168.2.7
May 23, 2024 00:14:40.057903051 CEST	49722	443	192.168.2.7	142.250.184.228
May 23, 2024 00:14:40.059545040 CEST	49722	443	192.168.2.7	142.250.184.228
May 23, 2024 00:14:40.059612036 CEST	443	49722	142.250.184.228	192.168.2.7
May 23, 2024 00:14:40.112160921 CEST	49722	443	192.168.2.7	142.250.184.228
May 23, 2024 00:14:40.112166882 CEST	443	49722	142.250.184.228	192.168.2.7
May 23, 2024 00:14:40.159041882 CEST	49722	443	192.168.2.7	142.250.184.228
May 23, 2024 00:14:42.716803074 CEST	62736	53	192.168.2.7	162.159.36.2
May 23, 2024 00:14:42.722532034 CEST	53	62736	162.159.36.2	192.168.2.7
May 23, 2024 00:14:42.722642899 CEST	62736	53	192.168.2.7	162.159.36.2
May 23, 2024 00:14:42.780828953 CEST	53	62736	162.159.36.2	192.168.2.7
May 23, 2024 00:14:43.416183949 CEST	62736	53	192.168.2.7	162.159.36.2
May 23, 2024 00:14:43.421410084 CEST	62736	53	192.168.2.7	162.159.36.2
May 23, 2024 00:14:43.428539991 CEST	53	62736	162.159.36.2	192.168.2.7
May 23, 2024 00:14:43.428663969 CEST	62736	53	192.168.2.7	162.159.36.2
May 23, 2024 00:14:43.439184904 CEST	62737	443	192.168.2.7	13.95.31.18
May 23, 2024 00:14:43.439274073 CEST	443	62737	13.95.31.18	192.168.2.7
May 23, 2024 00:14:43.439379930 CEST	62737	443	192.168.2.7	13.95.31.18
May 23, 2024 00:14:43.439739943 CEST	62737	443	192.168.2.7	13.95.31.18
May 23, 2024 00:14:43.439779043 CEST	443	62737	13.95.31.18	192.168.2.7
May 23, 2024 00:14:44.336518049 CEST	443	62737	13.95.31.18	192.168.2.7
May 23, 2024 00:14:44.336663008 CEST	62737	443	192.168.2.7	13.95.31.18
May 23, 2024 00:14:44.339560986 CEST	62737	443	192.168.2.7	13.95.31.18
May 23, 2024 00:14:44.339601040 CEST	443	62737	13.95.31.18	192.168.2.7
May 23, 2024 00:14:44.339869022 CEST	443	62737	13.95.31.18	192.168.2.7
May 23, 2024 00:14:44.345067024 CEST	62737	443	192.168.2.7	13.95.31.18
May 23, 2024 00:14:44.386518002 CEST	443	62737	13.95.31.18	192.168.2.7
May 23, 2024 00:14:44.633523941 CEST	443	62737	13.95.31.18	192.168.2.7
May 23, 2024 00:14:44.633809090 CEST	62737	443	192.168.2.7	13.95.31.18
May 23, 2024 00:14:44.633836031 CEST	443	62737	13.95.31.18	192.168.2.7
May 23, 2024 00:14:44.633850098 CEST	62737	443	192.168.2.7	13.95.31.18
May 23, 2024 00:14:44.634016991 CEST	443	62737	13.95.31.18	192.168.2.7
May 23, 2024 00:14:44.634046078 CEST	443	62737	13.95.31.18	192.168.2.7
May 23, 2024 00:14:44.634072065 CEST	62737	443	192.168.2.7	13.95.31.18
May 23, 2024 00:14:44.634113073 CEST	62737	443	192.168.2.7	13.95.31.18
May 23, 2024 00:14:44.706655979 CEST	62738	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:44.706691027 CEST	443	62738	52.165.165.26	192.168.2.7
May 23, 2024 00:14:44.707438946 CEST	62738	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:44.708198071 CEST	62738	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:44.708209038 CEST	443	62738	52.165.165.26	192.168.2.7
May 23, 2024 00:14:45.537322044 CEST	443	62738	52.165.165.26	192.168.2.7
May 23, 2024 00:14:45.537484884 CEST	62738	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:45.539124012 CEST	62738	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:45.539134979 CEST	443	62738	52.165.165.26	192.168.2.7
May 23, 2024 00:14:45.539359093 CEST	443	62738	52.165.165.26	192.168.2.7
May 23, 2024 00:14:45.540651083 CEST	62738	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:45.582499981 CEST	443	62738	52.165.165.26	192.168.2.7
May 23, 2024 00:14:45.769926071 CEST	443	62738	52.165.165.26	192.168.2.7
May 23, 2024 00:14:45.770380974 CEST	62738	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:45.770409107 CEST	443	62738	52.165.165.26	192.168.2.7
May 23, 2024 00:14:45.770420074 CEST	62738	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:45.770566940 CEST	443	62738	52.165.165.26	192.168.2.7
May 23, 2024 00:14:45.770598888 CEST	443	62738	52.165.165.26	192.168.2.7
May 23, 2024 00:14:45.770639896 CEST	62738	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:46.836359978 CEST	62740	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:46.836405993 CEST	443	62740	52.165.165.26	192.168.2.7
May 23, 2024 00:14:46.836478949 CEST	62740	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:46.836847067 CEST	62740	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:46.836860895 CEST	443	62740	52.165.165.26	192.168.2.7
May 23, 2024 00:14:47.540389061 CEST	443	62740	52.165.165.26	192.168.2.7
May 23, 2024 00:14:47.540498972 CEST	62740	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:47.541729927 CEST	62740	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:47.541738987 CEST	443	62740	52.165.165.26	192.168.2.7
May 23, 2024 00:14:47.541971922 CEST	443	62740	52.165.165.26	192.168.2.7
May 23, 2024 00:14:47.543003082 CEST	62740	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:47.586498022 CEST	443	62740	52.165.165.26	192.168.2.7
May 23, 2024 00:14:47.856643915 CEST	443	62740	52.165.165.26	192.168.2.7
May 23, 2024 00:14:47.856666088 CEST	443	62740	52.165.165.26	192.168.2.7
May 23, 2024 00:14:47.856848001 CEST	443	62740	52.165.165.26	192.168.2.7
May 23, 2024 00:14:47.856888056 CEST	62740	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:47.856957912 CEST	443	62740	52.165.165.26	192.168.2.7
May 23, 2024 00:14:47.857002020 CEST	62740	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:47.857024908 CEST	62740	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:47.879120111 CEST	443	62740	52.165.165.26	192.168.2.7
May 23, 2024 00:14:47.879188061 CEST	443	62740	52.165.165.26	192.168.2.7
May 23, 2024 00:14:47.879343033 CEST	62740	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:47.879343033 CEST	62740	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:47.879381895 CEST	62740	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:47.879381895 CEST	62740	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:47.879400969 CEST	443	62740	52.165.165.26	192.168.2.7
May 23, 2024 00:14:47.879412889 CEST	443	62740	52.165.165.26	192.168.2.7
May 23, 2024 00:14:47.992599010 CEST	62743	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:47.992645025 CEST	443	62743	52.165.165.26	192.168.2.7
May 23, 2024 00:14:47.992724895 CEST	62743	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:47.993081093 CEST	62743	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:47.993096113 CEST	443	62743	52.165.165.26	192.168.2.7
May 23, 2024 00:14:48.783996105 CEST	443	62743	52.165.165.26	192.168.2.7
May 23, 2024 00:14:48.784200907 CEST	62743	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:48.788549900 CEST	62743	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:48.788567066 CEST	443	62743	52.165.165.26	192.168.2.7
May 23, 2024 00:14:48.788826942 CEST	443	62743	52.165.165.26	192.168.2.7
May 23, 2024 00:14:48.789700031 CEST	62743	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:48.834495068 CEST	443	62743	52.165.165.26	192.168.2.7
May 23, 2024 00:14:49.071032047 CEST	443	62743	52.165.165.26	192.168.2.7
May 23, 2024 00:14:49.071050882 CEST	443	62743	52.165.165.26	192.168.2.7
May 23, 2024 00:14:49.071065903 CEST	443	62743	52.165.165.26	192.168.2.7
May 23, 2024 00:14:49.071120024 CEST	62743	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:49.071140051 CEST	443	62743	52.165.165.26	192.168.2.7
May 23, 2024 00:14:49.071197033 CEST	62743	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:49.077482939 CEST	443	62743	52.165.165.26	192.168.2.7
May 23, 2024 00:14:49.077527046 CEST	443	62743	52.165.165.26	192.168.2.7
May 23, 2024 00:14:49.077564001 CEST	62743	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:49.077574968 CEST	443	62743	52.165.165.26	192.168.2.7
May 23, 2024 00:14:49.077615023 CEST	62743	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:49.077619076 CEST	443	62743	52.165.165.26	192.168.2.7
May 23, 2024 00:14:49.077719927 CEST	62743	443	192.168.2.7	52.165.165.26
May 23, 2024 00:14:49.077724934 CEST	443	62743	52.165.165.26	192.168.2.7
May 23, 2024 00:14:49.077740908 CEST	443	62743	52.165.165.26	192.168.2.7
May 23, 2024 00:14:49.939068079 CEST	443	49722	142.250.184.228	192.168.2.7
May 23, 2024 00:14:49.939222097 CEST	443	49722	142.250.184.228	192.168.2.7
May 23, 2024 00:14:49.939338923 CEST	49722	443	192.168.2.7	142.250.184.228
May 23, 2024 00:14:50.633500099 CEST	49722	443	192.168.2.7	142.250.184.228
May 23, 2024 00:14:50.633526087 CEST	443	49722	142.250.184.228	192.168.2.7
May 23, 2024 00:15:23.236470938 CEST	62497	53	192.168.2.7	1.1.1.1
May 23, 2024 00:15:23.261161089 CEST	53	62497	1.1.1.1	192.168.2.7
May 23, 2024 00:15:23.261317968 CEST	62497	53	192.168.2.7	1.1.1.1
May 23, 2024 00:15:23.261508942 CEST	62497	53	192.168.2.7	1.1.1.1
May 23, 2024 00:15:23.293230057 CEST	53	62497	1.1.1.1	192.168.2.7
May 23, 2024 00:15:23.764055014 CEST	53	62497	1.1.1.1	192.168.2.7
May 23, 2024 00:15:23.764410973 CEST	62497	53	192.168.2.7	1.1.1.1
May 23, 2024 00:15:23.771353006 CEST	53	62497	1.1.1.1	192.168.2.7
May 23, 2024 00:15:23.771425962 CEST	62497	53	192.168.2.7	1.1.1.1
May 23, 2024 00:15:39.375905037 CEST	62501	443	192.168.2.7	142.250.186.100
May 23, 2024 00:15:39.375946999 CEST	443	62501	142.250.186.100	192.168.2.7
May 23, 2024 00:15:39.376028061 CEST	62501	443	192.168.2.7	142.250.186.100
May 23, 2024 00:15:39.376246929 CEST	62501	443	192.168.2.7	142.250.186.100
May 23, 2024 00:15:39.376260996 CEST	443	62501	142.250.186.100	192.168.2.7
May 23, 2024 00:15:40.018583059 CEST	443	62501	142.250.186.100	192.168.2.7
May 23, 2024 00:15:40.019026995 CEST	62501	443	192.168.2.7	142.250.186.100
May 23, 2024 00:15:40.019046068 CEST	443	62501	142.250.186.100	192.168.2.7
May 23, 2024 00:15:40.019366980 CEST	443	62501	142.250.186.100	192.168.2.7
May 23, 2024 00:15:40.019659996 CEST	62501	443	192.168.2.7	142.250.186.100
May 23, 2024 00:15:40.019717932 CEST	443	62501	142.250.186.100	192.168.2.7
May 23, 2024 00:15:40.067953110 CEST	62501	443	192.168.2.7	142.250.186.100
May 23, 2024 00:15:50.129873037 CEST	443	62501	142.250.186.100	192.168.2.7
May 23, 2024 00:15:50.129940987 CEST	443	62501	142.250.186.100	192.168.2.7
May 23, 2024 00:15:50.130024910 CEST	62501	443	192.168.2.7	142.250.186.100
May 23, 2024 00:15:51.532253981 CEST	62501	443	192.168.2.7	142.250.186.100
May 23, 2024 00:15:51.532286882 CEST	443	62501	142.250.186.100	192.168.2.7
May 23, 2024 00:16:39.428383112 CEST	62503	443	192.168.2.7	142.250.186.100
May 23, 2024 00:16:39.428431988 CEST	443	62503	142.250.186.100	192.168.2.7
May 23, 2024 00:16:39.428576946 CEST	62503	443	192.168.2.7	142.250.186.100
May 23, 2024 00:16:39.428786039 CEST	62503	443	192.168.2.7	142.250.186.100
May 23, 2024 00:16:39.428798914 CEST	443	62503	142.250.186.100	192.168.2.7
May 23, 2024 00:16:40.085113049 CEST	443	62503	142.250.186.100	192.168.2.7
May 23, 2024 00:16:40.085630894 CEST	62503	443	192.168.2.7	142.250.186.100
May 23, 2024 00:16:40.085655928 CEST	443	62503	142.250.186.100	192.168.2.7
May 23, 2024 00:16:40.085935116 CEST	443	62503	142.250.186.100	192.168.2.7
May 23, 2024 00:16:40.086219072 CEST	62503	443	192.168.2.7	142.250.186.100
May 23, 2024 00:16:40.086272955 CEST	443	62503	142.250.186.100	192.168.2.7
May 23, 2024 00:16:40.129431009 CEST	62503	443	192.168.2.7	142.250.186.100
May 23, 2024 00:16:49.998027086 CEST	443	62503	142.250.186.100	192.168.2.7
May 23, 2024 00:16:49.998095036 CEST	443	62503	142.250.186.100	192.168.2.7
May 23, 2024 00:16:49.998286963 CEST	62503	443	192.168.2.7	142.250.186.100
May 23, 2024 00:16:51.210113049 CEST	62503	443	192.168.2.7	142.250.186.100
May 23, 2024 00:16:51.210170031 CEST	443	62503	142.250.186.100	192.168.2.7

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 23, 2024 00:14:18.947841883 CEST	123	123	192.168.2.7	20.101.57.9
May 23, 2024 00:14:19.487376928 CEST	123	123	20.101.57.9	192.168.2.7
May 23, 2024 00:14:20.480156898 CEST	123	123	192.168.2.7	20.101.57.9
May 23, 2024 00:14:20.667413950 CEST	123	123	20.101.57.9	192.168.2.7
May 23, 2024 00:14:34.669244051 CEST	52352	53	192.168.2.7	1.1.1.1
May 23, 2024 00:14:34.669379950 CEST	60471	53	192.168.2.7	1.1.1.1
May 23, 2024 00:14:34.687520027 CEST	53	60656	1.1.1.1	192.168.2.7
May 23, 2024 00:14:34.741693020 CEST	53	52352	1.1.1.1	192.168.2.7
May 23, 2024 00:14:34.741715908 CEST	53	60471	1.1.1.1	192.168.2.7
May 23, 2024 00:14:34.796147108 CEST	53	64630	1.1.1.1	192.168.2.7
May 23, 2024 00:14:34.813633919 CEST	49861	53	192.168.2.7	1.1.1.1
May 23, 2024 00:14:34.828535080 CEST	53	49861	1.1.1.1	192.168.2.7
May 23, 2024 00:14:34.942210913 CEST	59071	53	192.168.2.7	8.8.8.8
May 23, 2024 00:14:34.942728996 CEST	61034	53	192.168.2.7	1.1.1.1
May 23, 2024 00:14:34.950237989 CEST	53	59071	8.8.8.8	192.168.2.7
May 23, 2024 00:14:34.959103107 CEST	53	61034	1.1.1.1	192.168.2.7
May 23, 2024 00:14:35.998192072 CEST	51751	53	192.168.2.7	1.1.1.1
May 23, 2024 00:14:35.998436928 CEST	65057	53	192.168.2.7	1.1.1.1
May 23, 2024 00:14:36.039530039 CEST	53	51751	1.1.1.1	192.168.2.7
May 23, 2024 00:14:36.063661098 CEST	53	65057	1.1.1.1	192.168.2.7
May 23, 2024 00:14:36.175298929 CEST	53	62991	1.1.1.1	192.168.2.7
May 23, 2024 00:14:39.300590992 CEST	50499	53	192.168.2.7	1.1.1.1
May 23, 2024 00:14:39.300785065 CEST	60483	53	192.168.2.7	1.1.1.1
May 23, 2024 00:14:39.308018923 CEST	53	50499	1.1.1.1	192.168.2.7
May 23, 2024 00:14:39.321274996 CEST	53	60483	1.1.1.1	192.168.2.7
May 23, 2024 00:14:41.101504087 CEST	64872	53	192.168.2.7	1.1.1.1
May 23, 2024 00:14:41.101763010 CEST	56013	53	192.168.2.7	1.1.1.1
May 23, 2024 00:14:41.111540079 CEST	53	64872	1.1.1.1	192.168.2.7
May 23, 2024 00:14:41.121543884 CEST	53	56013	1.1.1.1	192.168.2.7
May 23, 2024 00:14:41.293339968 CEST	62128	53	192.168.2.7	1.1.1.1
May 23, 2024 00:14:41.308209896 CEST	53	62128	1.1.1.1	192.168.2.7
May 23, 2024 00:14:42.716344118 CEST	53	50809	162.159.36.2	192.168.2.7
May 23, 2024 00:14:43.422525883 CEST	54203	53	192.168.2.7	1.1.1.1
May 23, 2024 00:14:43.437150955 CEST	53	54203	1.1.1.1	192.168.2.7
May 23, 2024 00:15:11.338406086 CEST	59908	53	192.168.2.7	1.1.1.1
May 23, 2024 00:15:11.351263046 CEST	53	59908	1.1.1.1	192.168.2.7
May 23, 2024 00:15:14.674089909 CEST	138	138	192.168.2.7	192.168.2.255
May 23, 2024 00:15:23.235801935 CEST	53	57682	1.1.1.1	192.168.2.7
May 23, 2024 00:15:39.366216898 CEST	53537	53	192.168.2.7	1.1.1.1
May 23, 2024 00:15:39.374819040 CEST	53	53537	1.1.1.1	192.168.2.7
May 23, 2024 00:16:11.373878002 CEST	58696	53	192.168.2.7	1.1.1.1
May 23, 2024 00:16:11.426182985 CEST	53	58696	1.1.1.1	192.168.2.7
May 23, 2024 00:16:31.629957914 CEST	50387	53	192.168.2.7	1.1.1.1
May 23, 2024 00:16:31.639273882 CEST	53	50387	1.1.1.1	192.168.2.7
May 23, 2024 00:16:59.851113081 CEST	51227	53	192.168.2.7	1.1.1.1
May 23, 2024 00:16:59.862391949 CEST	53	51227	1.1.1.1	192.168.2.7

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
May 23, 2024 00:14:36.063762903 CEST	192.168.2.7	1.1.1.1	c229	(Port unreachable)	Destination Unreachable
May 23, 2024 00:14:39.321346045 CEST	192.168.2.7	1.1.1.1	c200	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
May 23, 2024 00:14:34.669244051 CEST	192.168.2.7	1.1.1.1	0xbdd0	Standard query (0)	newagreeement.myvnc.com	A (IP address)	IN (0x0001)	false
May 23, 2024 00:14:34.669379950 CEST	192.168.2.7	1.1.1.1	0x271	Standard query (0)	newagreeement.myvnc.com	65	IN (0x0001)	false
May 23, 2024 00:14:34.813633919 CEST	192.168.2.7	1.1.1.1	0x206b	Standard query (0)	newagreeement.myvnc.com	A (IP address)	IN (0x0001)	false
May 23, 2024 00:14:34.942210913 CEST	192.168.2.7	8.8.8.8	0x172	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
May 23, 2024 00:14:34.942728996 CEST	192.168.2.7	1.1.1.1	0xd013	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
May 23, 2024 00:14:35.998192072 CEST	192.168.2.7	1.1.1.1	0x8311	Standard query (0)	newagreeement.myvnc.com	A (IP address)	IN (0x0001)	false
May 23, 2024 00:14:35.998436928 CEST	192.168.2.7	1.1.1.1	0xb815	Standard query (0)	newagreeement.myvnc.com	65	IN (0x0001)	false
May 23, 2024 00:14:39.300590992 CEST	192.168.2.7	1.1.1.1	0x3b27	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
May 23, 2024 00:14:39.300785065 CEST	192.168.2.7	1.1.1.1	0x3d24	Standard query (0)	www.google.com	65	IN (0x0001)	false
May 23, 2024 00:14:41.101504087 CEST	192.168.2.7	1.1.1.1	0x65ab	Standard query (0)	newagreeement.myvnc.com	A (IP address)	IN (0x0001)	false
May 23, 2024 00:14:41.101763010 CEST	192.168.2.7	1.1.1.1	0x4f7d	Standard query (0)	newagreeement.myvnc.com	65	IN (0x0001)	false
May 23, 2024 00:14:41.293339968 CEST	192.168.2.7	1.1.1.1	0x5130	Standard query (0)	newagreeement.myvnc.com	A (IP address)	IN (0x0001)	false
May 23, 2024 00:14:43.422525883 CEST	192.168.2.7	1.1.1.1	0x83bb	Standard query (0)	18.31.95.13.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false
May 23, 2024 00:15:11.338406086 CEST	192.168.2.7	1.1.1.1	0x6688	Standard query (0)	newagreeement.myvnc.com	A (IP address)	IN (0x0001)	false
May 23, 2024 00:15:39.366216898 CEST	192.168.2.7	1.1.1.1	0x1379	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
May 23, 2024 00:16:11.373878002 CEST	192.168.2.7	1.1.1.1	0xa7a5	Standard query (0)	newagreeement.myvnc.com	A (IP address)	IN (0x0001)	false
May 23, 2024 00:16:31.629957914 CEST	192.168.2.7	1.1.1.1	0xaa8d	Standard query (0)	newagreeement.myvnc.com	A (IP address)	IN (0x0001)	false
May 23, 2024 00:16:59.851113081 CEST	192.168.2.7	1.1.1.1	0x385e	Standard query (0)	newagreeement.myvnc.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
May 23, 2024 00:14:34.950237989 CEST	8.8.8.8	192.168.2.7	0x172	No error (0)	google.com		142.250.185.206	A (IP address)	IN (0x0001)	false
May 23, 2024 00:14:34.959103107 CEST	1.1.1.1	192.168.2.7	0xd013	No error (0)	google.com		142.250.185.78	A (IP address)	IN (0x0001)	false
May 23, 2024 00:14:39.308018923 CEST	1.1.1.1	192.168.2.7	0x3b27	No error (0)	www.google.com		142.250.184.228	A (IP address)	IN (0x0001)	false
May 23, 2024 00:14:39.321274996 CEST	1.1.1.1	192.168.2.7	0x3d24	No error (0)	www.google.com			65	IN (0x0001)	false
May 23, 2024 00:14:43.437150955 CEST	1.1.1.1	192.168.2.7	0x83bb	Name error (3)	18.31.95.13.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false
May 23, 2024 00:15:39.374819040 CEST	1.1.1.1	192.168.2.7	0x1379	No error (0)	www.google.com		142.250.186.100	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

fs.microsoft.com

armmf.adobe.com

slscr.update.microsoft.com

fe3cr.delivery.mp.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49706	23.211.8.90	443

Timestamp	Bytes transferred	Direction	Data
2024-05-22 22:14:15 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-22 22:14:15 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=64547 Date: Wed, 22 May 2024 22:14:15 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49709	23.211.8.90	443

Timestamp	Bytes transferred	Direction	Data
2024-05-22 22:14:16 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-22 22:14:17 UTC	534	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=64545 Date: Wed, 22 May 2024 22:14:17 GMT Content-Length: 55 Connection: close X-CID: 2
2024-05-22 22:14:17 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49711	23.47.168.24	443	2132	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-22 22:14:22 UTC	475	OUT	GET /onboarding/smskillreader.txt HTTP/1.1 Host: armmf.adobe.com Connection: keep-alive Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br If-None-Match: "78-5faa31cce96da" If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
2024-05-22 22:14:22 UTC	198	IN	HTTP/1.1 304 Not Modified Content-Type: text/plain; charset=UTF-8 Last-Modified: Mon, 01 May 2023 15:02:33 GMT ETag: "78-5faa31cce96da" Date: Wed, 22 May 2024 22:14:22 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49714	52.165.165.26	443

Timestamp	Bytes transferred	Direction	Data
2024-05-22 22:14:28 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=12RlovCz5wnCBda&MD=5Mf31wCR HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-05-22 22:14:28 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 13a690f7-ca5c-4c53-bc9d-07bc4f8b76dc MS-RequestId: f4b535a6-0152-4348-847f-1cf81d03df8b MS-CV: 7Z+BloWr00WZioF3.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 22 May 2024 22:14:27 GMT Connection: close Content-Length: 24490
2024-05-22 22:14:28 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-05-22 22:14:28 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	62737	13.95.31.18	443

Timestamp	Bytes transferred	Direction	Data
2024-05-22 22:14:44 UTC	142	OUT	GET /clientwebservice/ping HTTP/1.1 Connection: Keep-Alive User-Agent: DNS resiliency checker/1.0 Host: fe3cr.delivery.mp.microsoft.com
2024-05-22 22:14:44 UTC	234	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Expires: -1 Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET X-Content-Type-Options: nosniff Date: Wed, 22 May 2024 22:14:44 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.7	62738	52.165.165.26	443

Timestamp	Bytes transferred	Direction	Data
2024-05-22 22:14:45 UTC	124	OUT	GET /sls/ping HTTP/1.1 Connection: Keep-Alive User-Agent: DNS resiliency checker/1.0 Host: slscr.update.microsoft.com
2024-05-22 22:14:45 UTC	318	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Expires: -1 MS-CV: cWcN9sWQ90+0/qe1.0 MS-RequestId: 771f981a-065f-4ceb-8371-1bb5a25b8f9d MS-CorrelationId: ddab97cc-9d10-498d-bd7b-f49384be1822 X-Content-Type-Options: nosniff Date: Wed, 22 May 2024 22:14:45 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.7	62740	52.165.165.26	443

Timestamp	Bytes transferred	Direction	Data
2024-05-22 22:14:47 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=12RlovCz5wnCBda&MD=5Mf31wCR HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-05-22 22:14:47 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 0b19e2db-5492-4f14-9832-2a8489f79df5 MS-RequestId: c6b544d2-8d7a-46ac-bba7-59a34cf99d41 MS-CV: mptE0zPpS0iOTEQg.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 22 May 2024 22:14:46 GMT Connection: close Content-Length: 24490
2024-05-22 22:14:47 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-05-22 22:14:47 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.7	62743	52.165.165.26	443

Timestamp	Bytes transferred	Direction	Data
2024-05-22 22:14:48 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=12RlovCz5wnCBda&MD=5Mf31wCR HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-05-22 22:14:49 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_1440" MS-CorrelationId: 92b3f0b6-5380-4781-a6c2-3b3f48a7daa7 MS-RequestId: d281893f-938f-475e-a77e-225fa7a8f11d MS-CV: Qc8h7DeNOU+lFwFn.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 22 May 2024 22:14:48 GMT Connection: close Content-Length: 25457
2024-05-22 22:14:49 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-05-22 22:14:49 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 6672, Parent PID: 4056

General

Target ID:	0
Start time:	18:14:07
Start date:	22/05/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Autonomous Medical Devices Incorporated - AGREEMENT.pdf"
Imagebase:	0x7ff702560000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 4892, Parent PID: 6672

General

Target ID:	2
Start time:	18:14:08
Start date:	22/05/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff6c3ff0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 2132, Parent PID: 4892

General

Target ID:	4
Start time:	18:14:09
Start date:	22/05/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1648,i,4191106680192970004,18016106100581973552,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff6c3ff0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 8560, Parent PID: 5796

General

Target ID:	19
Start time:	18:14:32
Start date:	22/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://newagreeement.myvnc.com/?hqggurcl"
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 8776, Parent PID: 8560

General

Target ID:	20
Start time:	18:14:33
Start date:	22/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=2004,i,15282803744765296114,16279532205535429777,262144 /prefetch:8
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems. Spearphishing with a link is a specific variant of spearphishing. It is different from other forms of spearphishing in that it employs the use of links to download malware contained in email, instead of attaching malicious files to the email itself, to avoid defenses that may inspect email attachments. Spearphishing may also involve social engineering techniques, such as posing as a trusted source.
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Google Workspace, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Autonomous Medical Devices Incorporated - AGREEMENT.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\9a2478de-034a-48b7-b39f-9749d77e5c30.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF43ee32.TMP (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\d2ed1165-7796-4f70-a73b-75e70b9d6b8d.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240522221413Z-161.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7040

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Windows Analysis Report
Autonomous Medical Devices Incorporated - AGREEMENT.pdf