Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ABSA NOTIFICATION(.......pdf

Overview

General Information

Sample name:ABSA NOTIFICATION(.......pdf
Analysis ID:1466688
MD5:129c1bc576c8197b402f59fefa3b4019
SHA1:1dbb164b3d56105c25cfa0dddc8ec16c02249539
SHA256:fd30933c1b495d122d1cd1ec0cc5d5f26238c1d235c726c2c50f041f013864b6
Infos:

Detection

HTMLPhisher
Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Snort IDS alert for network traffic
Yara detected HtmlPhish10
AI detected suspicious PDF
Blob-based file download detected
Phishing site detected (based on image similarity)
HTML body contains low number of good links
HTML body contains password input but no form action
HTML title does not match URL
Invalid 'forgot password' link found
None HTTPS page querying sensitive user data (password, username or email)
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • Acrobat.exe (PID: 6944 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\ABSA NOTIFICATION(.......pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 1824 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 6220 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2144 --field-trial-handle=1576,i,17271244858394642547,3672951165571450406,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
    • chrome.exe (PID: 7756 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://wingtransfer.com/dl/OxONWNLQvS MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 7940 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1848,i,12477411342204849092,6402656225560337503,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\Downloads\2aeeebe1-258b-4f2d-976b-74484013452b.tmpJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
    C:\Users\user\Downloads\2aeeebe1-258b-4f2d-976b-74484013452b.tmpJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security

      HTML

      SourceRuleDescriptionAuthorStrings
      1.2.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
        1.4.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
          1.2.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            Timestamp:07/03/24-09:26:54.237167
            SID:2043234
            Source Port:1912
            Destination Port:49730
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-09:26:54.055105
            SID:2046045
            Source Port:49730
            Destination Port:1912
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-09:26:54.055105
            SID:2043231
            Source Port:49730
            Destination Port:1912
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            Phishing

            barindex
            Yara detected HtmlPhish10
            Source: Yara matchFile source: 1.2.pages.csv, type: HTML
            Source: Yara matchFile source: C:\Users\user\Downloads\2aeeebe1-258b-4f2d-976b-74484013452b.tmp, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\Downloads\2aeeebe1-258b-4f2d-976b-74484013452b.tmp, type: DROPPED
            Source: Yara matchFile source: 1.4.pages.csv, type: HTML
            Source: Yara matchFile source: 1.2.pages.csv, type: HTML
            Phishing site detected (based on image similarity)
            Source: file:///C:/Users/user/Downloads/datatransfer-pro-jlpfs-wing-transfer-newalx7.htmlMatcher: Found strong image similarity, brand: MICROSOFT
            Source: file:///C:/Users/user/Downloads/datatransfer-pro-jlpfs-wing-transfer-newalx7.htmlHTTP Parser: Number of links: 0
            Source: file:///C:/Users/user/Downloads/datatransfer-pro-jlpfs-wing-transfer-newalx7.htmlHTTP Parser: <input type="password" .../> found but no <form action="...
            Source: file:///C:/Users/user/Downloads/datatransfer-pro-jlpfs-wing-transfer-newalx7.htmlHTTP Parser: Title: document does not match URL
            Source: file:///C:/Users/user/Downloads/datatransfer-pro-jlpfs-wing-transfer-newalx7.htmlHTTP Parser: Invalid link: Forgot Password?
            Source: file:///C:/Users/user/Downloads/datatransfer-pro-jlpfs-wing-transfer-newalx7.htmlHTTP Parser: Has password / email / username input fields
            Source: file:///C:/Users/user/Downloads/datatransfer-pro-jlpfs-wing-transfer-newalx7.htmlHTTP Parser: <input type="password" .../> found
            Source: file:///C:/Users/user/Downloads/datatransfer-pro-jlpfs-wing-transfer-newalx7.htmlHTTP Parser: No favicon
            Source: file:///C:/Users/user/Downloads/datatransfer-pro-jlpfs-wing-transfer-newalx7.htmlHTTP Parser: No favicon
            Source: file:///C:/Users/user/Downloads/datatransfer-pro-jlpfs-wing-transfer-newalx7.htmlHTTP Parser: No <meta name="author".. found
            Source: file:///C:/Users/user/Downloads/datatransfer-pro-jlpfs-wing-transfer-newalx7.htmlHTTP Parser: No <meta name="author".. found
            Source: file:///C:/Users/user/Downloads/datatransfer-pro-jlpfs-wing-transfer-newalx7.htmlHTTP Parser: No <meta name="copyright".. found
            Source: file:///C:/Users/user/Downloads/datatransfer-pro-jlpfs-wing-transfer-newalx7.htmlHTTP Parser: No <meta name="copyright".. found
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries
            Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49841 version: TLS 1.2

            Networking

            barindex
            Snort IDS alert for network traffic
            Source: TrafficSnort IDS: 2046045 ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) 192.168.2.4:49730 -> 178.23.190.118:1912
            Source: TrafficSnort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.4:49730 -> 178.23.190.118:1912
            Source: TrafficSnort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 178.23.190.118:1912 -> 192.168.2.4:49730
            Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 23.43.252.185
            Source: unknownTCP traffic detected without corresponding DNS query: 23.43.252.185
            Source: unknownTCP traffic detected without corresponding DNS query: 23.43.252.185
            Source: unknownTCP traffic detected without corresponding DNS query: 23.43.252.185
            Source: unknownTCP traffic detected without corresponding DNS query: 23.43.252.185
            Source: unknownTCP traffic detected without corresponding DNS query: 23.43.252.185
            Source: unknownTCP traffic detected without corresponding DNS query: 23.43.252.185
            Source: unknownTCP traffic detected without corresponding DNS query: 23.43.252.185
            Source: unknownTCP traffic detected without corresponding DNS query: 23.43.252.185
            Source: unknownTCP traffic detected without corresponding DNS query: 23.43.252.185
            Source: unknownTCP traffic detected without corresponding DNS query: 23.43.252.185
            Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
            Source: unknownTCP traffic detected without corresponding DNS query: 89.117.55.168
            Source: unknownTCP traffic detected without corresponding DNS query: 89.117.55.168
            Source: unknownTCP traffic detected without corresponding DNS query: 89.117.55.168
            Source: unknownTCP traffic detected without corresponding DNS query: 89.117.55.168
            Source: unknownTCP traffic detected without corresponding DNS query: 89.117.55.168
            Source: unknownTCP traffic detected without corresponding DNS query: 89.117.55.168
            Source: unknownTCP traffic detected without corresponding DNS query: 89.117.55.168
            Source: unknownTCP traffic detected without corresponding DNS query: 89.117.55.168
            Source: unknownTCP traffic detected without corresponding DNS query: 89.117.55.168
            Source: unknownTCP traffic detected without corresponding DNS query: 89.117.55.168
            Source: unknownTCP traffic detected without corresponding DNS query: 89.117.55.168
            Source: unknownTCP traffic detected without corresponding DNS query: 89.117.55.168
            Source: unknownTCP traffic detected without corresponding DNS query: 89.117.55.168
            Source: unknownTCP traffic detected without corresponding DNS query: 89.117.55.168
            Source: unknownTCP traffic detected without corresponding DNS query: 89.117.55.168
            Source: unknownTCP traffic detected without corresponding DNS query: 89.117.55.168
            Source: unknownTCP traffic detected without corresponding DNS query: 89.117.55.168
            Source: unknownTCP traffic detected without corresponding DNS query: 89.117.55.168
            Source: unknownTCP traffic detected without corresponding DNS query: 89.117.55.168
            Source: unknownTCP traffic detected without corresponding DNS query: 89.117.55.168
            Source: unknownTCP traffic detected without corresponding DNS query: 89.117.55.168
            Source: unknownTCP traffic detected without corresponding DNS query: 89.117.55.168
            Source: unknownTCP traffic detected without corresponding DNS query: 89.117.55.168
            Source: unknownTCP traffic detected without corresponding DNS query: 89.117.55.168
            Source: unknownTCP traffic detected without corresponding DNS query: 89.117.55.168
            Source: unknownTCP traffic detected without corresponding DNS query: 89.117.55.168
            Source: unknownTCP traffic detected without corresponding DNS query: 89.117.55.168
            Source: unknownTCP traffic detected without corresponding DNS query: 89.117.55.168
            Source: unknownTCP traffic detected without corresponding DNS query: 89.117.55.168
            Source: unknownTCP traffic detected without corresponding DNS query: 89.117.55.168
            Source: unknownTCP traffic detected without corresponding DNS query: 89.117.55.168
            Source: unknownTCP traffic detected without corresponding DNS query: 89.117.55.168
            Source: unknownTCP traffic detected without corresponding DNS query: 89.117.55.168
            Source: unknownTCP traffic detected without corresponding DNS query: 89.117.55.168
            Source: unknownTCP traffic detected without corresponding DNS query: 89.117.55.168
            Source: global trafficDNS traffic detected: DNS query: api.wingtransfer.com
            Source: global trafficDNS traffic detected: DNS query: www.google.com
            Source: global trafficDNS traffic detected: DNS query: api.datatransferpro.com
            Source: global trafficDNS traffic detected: DNS query: cdn.jsdelivr.net
            Source: global trafficDNS traffic detected: DNS query: l2.io
            Source: global trafficDNS traffic detected: DNS query: api.emailjs.com
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
            Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
            Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
            Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
            Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
            Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
            Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
            Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
            Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
            Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
            Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
            Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
            Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
            Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
            Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
            Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
            Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
            Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
            Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
            Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
            Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
            Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
            Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
            Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
            Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
            Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
            Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
            Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
            Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
            Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
            Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
            Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
            Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
            Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
            Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
            Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
            Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
            Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49960 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
            Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
            Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
            Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
            Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
            Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 443
            Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49841 version: TLS 1.2

            System Summary

            barindex
            Blob-based file download detected
            Source: C:\Users\user\Downloads\datatransfer-pro-jlpfs-wing-transfer-newalx7.htmlFile download: blob:https://wingtransfer.com/3a5f0fe1-bd46-4037-8976-32015329e5fc
            Source: classification engineClassification label: mal68.phis.winPDF@33/39@18/190
            Source: ABSA NOTIFICATION(.......pdfInitial sample: https://wingtransfer.com/dl/OxONWNLQvS
            Source: ABSA NOTIFICATION(.......pdfInitial sample: https://wingtransfer.com/dl/oxonwnlqvs
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\Dictionaries
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-07-03 03-28-28-526.log
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
            Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\ABSA NOTIFICATION(.......pdf"
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2144 --field-trial-handle=1576,i,17271244858394642547,3672951165571450406,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2144 --field-trial-handle=1576,i,17271244858394642547,3672951165571450406,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
            Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
            Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding B34ABD200EF421FBA3F54C373C24FA31
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://wingtransfer.com/dl/OxONWNLQvS
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1848,i,12477411342204849092,6402656225560337503,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://wingtransfer.com/dl/OxONWNLQvS
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1848,i,12477411342204849092,6402656225560337503,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries
            Source: ABSA NOTIFICATION(.......pdfInitial sample: PDF keyword /JS count = 0
            Source: ABSA NOTIFICATION(.......pdfInitial sample: PDF keyword /JavaScript count = 0
            Source: ABSA NOTIFICATION(.......pdfInitial sample: PDF keyword /EmbeddedFile count = 0

            Persistence and Installation Behavior

            barindex
            AI detected suspicious PDF
            Source: PDF shotLLM: Score: 9 Reasons: The PDF document contains several indicators of a potential phishing attempt. Firstly, there is a visually prominent button labeled 'OPEN PROOF OF PAYMENT' which is designed to attract the user's attention. The text 'Microsoft Secured Documents 2024' and the use of the 'Microsoft Cloud' logo suggest an attempt to impersonate a well-known brand, which can mislead users into believing the document is legitimate. Additionally, the phrase 'OPEN PROOF OF PAYMENT' creates a sense of urgency and interest, encouraging the user to click the button. The combination of these elements strongly suggests that the document could be used to direct users to a phishing page or a malware download.
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformation

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire Infrastructure1
            Spearphishing Link            		Windows Management Instrumentation1
            Browser Extensions            		1
            Process Injection            		3
            Masquerading            		OS Credential Dumping1
            Process Discovery            		Remote ServicesData from Local System2
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/Job1
            Registry Run Keys / Startup Folder            		1
            Registry Run Keys / Startup Folder            		1
            Process Injection            		LSASS Memory1
            System Information Discovery            		Remote Desktop ProtocolData from Removable Media1
            Non-Application Layer Protocol            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
            Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            ABSA NOTIFICATION(.......pdf2%VirustotalBrowse

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            www.google.com0%VirustotalBrowse
            cdn.jsdelivr.net0%VirustotalBrowse
            l2.io0%VirustotalBrowse
            api.emailjs.com1%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            file:///C:/Users/user/Downloads/datatransfer-pro-jlpfs-wing-transfer-newalx7.html0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            api.datatransferpro.com
            		167.86.118.58
            		truefalse
              		unknown
              send-emailjs.us-west-2.elasticbeanstalk.com
              		35.83.61.114
              		truefalse
                		unknown
                l2.io
                		195.80.159.133
                		truefalseunknown
                www.google.com
                		142.250.186.68
                		truefalseunknown
                cdn.jsdelivr.net
                		unknown
                		unknownfalseunknown
                api.wingtransfer.com
                		unknown
                		unknownfalse
                  		unknown
                  api.emailjs.com
                  		unknown
                  		unknownfalseunknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  file:///C:/Users/user/Downloads/datatransfer-pro-jlpfs-wing-transfer-newalx7.htmltrue
                  • Avira URL Cloud: safe
                  		unknown
                  https://wingtransfer.com/transfers/public-download/U2FsdGVkX19jVnYJ7SjqRThQUO0yOzsYpy0pYjYdlnY2CUXoPor21LdnFvofrtxHTvhMpF4KoZzNeKyWFV0tEzsYTdcwQXitVcGryIHpzNXaYTiHTp4iWJdqdlFsJqvKley5GrrmEmV7UThGTSeo1Sbfcz8ndOryG9fBz1hNR2Q4xMl3JkMXN9QyFyc2wc4BCfTE9aK28qtqRRKgwdO7rs5aX58oBojRXuMBpJsIXcte9OnjtwLZOyrFXzB94fIPor21Ldw85yHabV6vDaJJOtVEaRuKLLNUmB5hU6A8kaXwIO4Oa3VYwlmB14gvk9ejdDdGGsPor21LdZbaS0zZqydOYHBird7W6QryDN8SiomRBPtaVJETYFUXIPor21LdXKVuqxMl3JkmPor21LdD9NjmqUFn7t2JK46PNoUrfalse
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    2.18.96.131
                    		unknownEuropean Union
                    		20940AKAMAI-ASN1EUfalse
                    142.250.186.68
                    		www.google.comUnited States
                    		15169GOOGLEUSfalse
                    142.250.186.46
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    1.1.1.1
                    		unknownAustralia
                    		13335CLOUDFLARENETUSfalse
                    104.18.187.31
                    		unknownUnited States
                    		13335CLOUDFLARENETUSfalse
                    35.83.61.114
                    		send-emailjs.us-west-2.elasticbeanstalk.comUnited States
                    		237MERIT-AS-14USfalse
                    142.250.186.163
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    3.233.129.217
                    		unknownUnited States
                    		14618AMAZON-AESUSfalse
                    89.117.55.168
                    		unknownLithuania
                    		15419LRTC-ASLTfalse
                    167.86.118.58
                    		api.datatransferpro.comGermany
                    		51167CONTABODEfalse
                    239.255.255.250
                    		unknownReserved
                    		unknownunknownfalse
                    142.250.185.142
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    195.80.159.133
                    		l2.ioFrance
                    		29152DECKNET-ASFRfalse
                    23.43.252.185
                    		unknownUnited States
                    		16625AKAMAI-ASUSfalse
                    142.250.186.110
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    199.232.210.172
                    		unknownUnited States
                    		54113FASTLYUSfalse
                    172.64.41.3
                    		unknownUnited States
                    		13335CLOUDFLARENETUSfalse
                    142.250.74.195
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    142.250.186.104
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    2.16.202.123
                    		unknownEuropean Union
                    		16625AKAMAI-ASUSfalse
                    66.102.1.84
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    142.250.184.202
                    		unknownUnited States
                    		15169GOOGLEUSfalse

                    Private

                    IP
                    192.168.2.16

                    General Information

                    Joe Sandbox version:40.0.0 Tourmaline
                    Analysis ID:1466688
                    Start date and time:2024-07-03 09:27:59 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:defaultwindowsinteractivecookbook.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:20
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • EGA enabled
                    Analysis Mode:stream
                    Analysis stop reason:Timeout
                    Sample name:ABSA NOTIFICATION(.......pdf
                    Detection:MAL
                    Classification:mal68.phis.winPDF@33/39@18/190
                    Cookbook Comments:
                    • Found application associated with file extension: .pdf

                    Warnings

                    • Exclude process from analysis (whitelisted): dllhost.exe
                    • Excluded IPs from analysis (whitelisted): 2.18.96.131, 3.233.129.217, 52.22.41.97, 3.219.243.226, 52.6.155.20, 172.64.41.3, 162.159.61.3
                    • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, ssl-delivery.adobe.com.edgekey.net, ctldl.windowsupdate.com, p13n.adobe.io, geo2.adobe.com, fe3cr.delivery.mp.microsoft.com
                    • Not all processes where analyzed, report is missing behavior information

                    LLM Input / Output

                    InputOutput
                    URL: PDF Model: gpt-4o
                    ```json{  "riskscore": 9,  "reasons": "The PDF document contains several indicators of a potential phishing attempt. Firstly, there is a visually prominent button labeled 'OPEN PROOF OF PAYMENT' which is designed to attract the user's attention. The text 'Microsoft Secured Documents 2024' and the use of the 'Microsoft Cloud' logo suggest an attempt to impersonate a well-known brand, which can mislead users into believing the document is legitimate. Additionally, the phrase 'OPEN PROOF OF PAYMENT' creates a sense of urgency and interest, encouraging the user to click the button. The combination of these elements strongly suggests that the document could be used to direct users to a phishing page or a malware download."}
                    URL: https://wingtransfer.com/transfers/public-download/U2FsdGVkX19jVnYJ7SjqRThQUO0yOzsYpy0pYjYdlnY2CUXoPor21LdnFvofrtxHTvhMpF4KoZzNeKyWFV0tEzsYTdcwQXitVcGryIHpzNXaYTiHTp4iWJdqdlFsJqvKley5GrrmEmV7UThGTSeo1Sbfcz8ndOryG9fBz1hNR2Q4xMl3JkMXN9QyFyc2wc4BCfTE9aK28qtq Model: Perplexity: mixtral-8x7b-instruct
                    {"loginform": false,"urgency": false,"captcha": false,"reasons": ["The webpage does not contain a login form explicitly requesting sensitive information.","The text does not create a sense of urgency.","The webpage does not contain a CAPTCHA or any other anti-robot detection mechanism."]}
                    Title: Veri Transferinde gvenlik sorunlarn ortadan kaldrn OCR: wing swing Wingtransfer File Security is Our Priority: We Keep Your Data Safe in Storage! No one can access the files you send, Hello , except when you ask them to. Datatransfer PRO has shared a secure file with Wingtransfer for you. You can safely download your file below now Absa payment Notification datatransfer-pro-jlpfs-wing-transfer-newalx7.html Download (642.7 KB)
                    URL: file:///C:/Users/user/Downloads/datatransfer-pro-jlpfs-wing-transfer-newalx7.html Model: Perplexity: mixtral-8x7b-instruct
                    {"loginform": true,"urgency": false,
                    Title: document OCR: Receipt - Word AutoSave  Off Search File Refere n ces Mailings Review View Design Help Home Insert Layout Breaks v 2 : Line Numbers Group Microsoft Size Columns Send Selection Margins Orientation Position Wrap Hyphenation v Rotate v Text v Forward v Backward v Pane Sign in page Setup Arrange SIGN-IN WITH YOUR EMAIL TO VIEW DOCUMENT Email Password C) Keep me sign in Forgot Password? Next English (United States) Page 1 of 1 O words
                    URL: https://wingtransfer.com/transfers/public-download/U2FsdGVkX19jVnYJ7SjqRThQUO0yOzsYpy0pYjYdlnY2CUXoPor21LdnFvofrtxHTvhMpF4KoZzNeKyWFV0tEzsYTdcwQXitVcGryIHpzNXaYTiHTp4iWJdqdlFsJqvKley5GrrmEmV7UThGTSeo1Sbfcz8ndOryG9fBz1hNR2Q4xMl3JkMXN9QyFyc2wc4BCfTE9aK28qtq Model: Perplexity: mixtral-8x7b-instruct
                    {"loginform": false,"urgency": false,"captcha": false,"reasons": ["The webpage does not contain a login form explicitly requesting sensitive information.","The text does not create a sense of urgency.","The webpage does not contain a CAPTCHA or any other anti-robot detection mechanism."]}
                    Title: Veri Transferinde gvenlik sorunlarn ortadan kaldrn OCR: wing swing Wingtransfer File Security is Our Priority: We Keep Your Data Safe in Storage! No one can access the files you send, Hello , except when you ask them to. Datatransfer PRO has shared a secure file with Wingtransfer for you. You can safely download your file below now Absa payment Notification datatransfer- ro-l fs-win -transfer-newalx7.html Download (642.7 KB)
                    URL: file:///C:/Users/user/Downloads/datatransfer-pro-jlpfs-wing-transfer-newalx7.html Model: Perplexity: mixtral-8x7b-instruct
                    {"loginform": true,"urgency": false,
                    Title: document OCR: Receipt - Word AutoSave  Off Search File Refere n ces Mailings Review View Design Help Home Insert Layout Breaks v 2 : Line Numbers Group Microsoft Size Columns Send Selection Margins Orientation Position Wrap Hyphenation v Rotate v Text v Forward v Backward v Pane Sign in page Setup Arrange SIGN-IN WITH YOUR EMAIL TO VIEW DOCUMENT Wron email or assword real@gmaill Keep me sign in Forgot Password? Next English (United States) Page 1 of 1 O words

                    Created / dropped Files

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\8a9c2a19-38c1-4868-a40d-6f0ada60b828.tmp

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):403
                    Entropy (8bit):4.975230988805674
                    Encrypted:false
                    SSDEEP:
                    MD5:CCA89F997E30A355F78BFBAFBBB94979
                    SHA1:4A371136087A6BD52ED3B18578BECFEFD21BE60E
                    SHA-256:BA8C27B3585A3A1A535B74D5918DE38C4223E1ECD5AFBA3109CBA608D8A2E35B
                    SHA-512:4AA45F7E60571DC7442ED2FA070EDB979162B333BCB497F80931BBE898587AAD43ABEB272C1037385740A3F4AC7F725A1DC5F4029548D4D2E7BF39803A8DE115
                    Malicious:false
                    Reputation:unknown
                    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13364551732975551","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":137419},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):0
                    Entropy (8bit):0.0
                    Encrypted:false
                    SSDEEP:
                    MD5:CCA89F997E30A355F78BFBAFBBB94979
                    SHA1:4A371136087A6BD52ED3B18578BECFEFD21BE60E
                    SHA-256:BA8C27B3585A3A1A535B74D5918DE38C4223E1ECD5AFBA3109CBA608D8A2E35B
                    SHA-512:4AA45F7E60571DC7442ED2FA070EDB979162B333BCB497F80931BBE898587AAD43ABEB272C1037385740A3F4AC7F725A1DC5F4029548D4D2E7BF39803A8DE115
                    Malicious:false
                    Reputation:unknown
                    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13364551732975551","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":137419},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240703072830Z-160.bmp

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                    Category:dropped
                    Size (bytes):65110
                    Entropy (8bit):1.2640055981572227
                    Encrypted:false
                    SSDEEP:
                    MD5:D5D152607908309E25120411A2C1FDE1
                    SHA1:8AB947C2AB82D85DA9D602F83B6A91480F5EAB4D
                    SHA-256:DF5525018DC45F528049F86A9F7AA137BBFC64DBFCF818827B5D340A2AFBE3B6
                    SHA-512:BEB5687D74C689222D69A488FA0EE00921FB9EC9B8CC27082C105FDFD6C059669DF4D196F07B59B67D8A1A5F74B3860F1E41DC778CF1AC03EC1FDEA0F0AC777D
                    Malicious:false
                    Reputation:unknown
                    Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                    Category:dropped
                    Size (bytes):57344
                    Entropy (8bit):3.291927920232006
                    Encrypted:false
                    SSDEEP:
                    MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
                    SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
                    SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
                    SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
                    Malicious:false
                    Reputation:unknown
                    Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:SQLite Rollback Journal
                    Category:dropped
                    Size (bytes):16928
                    Entropy (8bit):1.213510763546065
                    Encrypted:false
                    SSDEEP:
                    MD5:5BDA7772AE8D68B5F711EFB500FA3344
                    SHA1:ED973F78E47D64A95F2667E5532112BA57B5438E
                    SHA-256:A84B9BBCE9DE20A6314F9FE4DF4458D44643DE3EC61670D27B0A190B39788BAF
                    SHA-512:22FDDAE6773E3A6B3DC7C4C1917E121D7BAD3B4D1BA8B90E2B49CAEB7A8638F5459C3CE1AB40DCEE1894BD1050507020DD41DEAB650A431D0038CBBB81741204
                    Malicious:false
                    Reputation:unknown
                    Preview:.... .c......t..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                    Category:modified
                    Size (bytes):71954
                    Entropy (8bit):7.996617769952133
                    Encrypted:true
                    SSDEEP:
                    MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                    SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                    SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                    SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                    Malicious:false
                    Reputation:unknown
                    Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):893
                    Entropy (8bit):7.366016576663508
                    Encrypted:false
                    SSDEEP:
                    MD5:D4AE187B4574036C2D76B6DF8A8C1A30
                    SHA1:B06F409FA14BAB33CBAF4A37811B8740B624D9E5
                    SHA-256:A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
                    SHA-512:1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C
                    Malicious:false
                    Reputation:unknown
                    Preview:0..y..*.H.........j0..f...1.0...*.H.........N0..J0..2.......D....'..09...@k0...*.H........0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30...000930211219Z..210930140115Z0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30.."0...*.H.............0..........P..W..be......,k0.[...}.@......3vI*.?!I..N..>H.e...!.e.*.2....w..{........s.z..2..~..0....*8.y.1.P..e.Qc...a.Ka..Rk...K.(.H......>.... .[.*....p....%.tr.{j.4.0...h.{T....Z...=d.....Ap..r.&.8U9C....\@........%.......:..n.>..\..<.i....*.)W..=....]......B0@0...U.......0....0...U...........0...U.........{,q...K.u...`...0...*.H...............,...\...(f7:...?K.... ]..YD.>.>..K.t.....t..~.....K. D....}..j.....N..:.pI...........:^H...X._..Z.....Y..n......f3.Y[...sG.+..7H..VK....r2...D.SrmC.&H.Rg.X..gvqx...V..9$1....Z0G..P.......dc`........}...=2.e..|.Wv..(9..e...w.j..w.......)...55.1.

                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):328
                    Entropy (8bit):3.247897867253901
                    Encrypted:false
                    SSDEEP:
                    MD5:8DDF75F76668D3695BB69302D75257FC
                    SHA1:6BA8229B86B33B77C871A458DE303CDB0631473D
                    SHA-256:63FDC76234B016468217303869D08943F20726B6AA676EED2FB781A2D4B5F21E
                    SHA-512:686F90FA31CA4F725C600CCBF7AB270F65D02030C61AB7A6763DF4A8C50FEF3E9E742F556D8E65AD70566DFD8260F4EC60D8F629ED6C6A33842FE6B1E497B628
                    Malicious:false
                    Reputation:unknown
                    Preview:p...... ..........*.....(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):252
                    Entropy (8bit):3.034404395079139
                    Encrypted:false
                    SSDEEP:
                    MD5:6D99CFC5131AFC734B660AFB12144933
                    SHA1:620591D1CCCFA39D68BA2C611E1899CB8E1DE2B5
                    SHA-256:329014195E611C22D89116F235A62F7DEB848B0BB0661DA29049D491F55CFDB1
                    SHA-512:79CCA68A75F93A9CE94BAEEB922A3CF00064D6692F3690634E0BED0A93B25727BD9C8C077CCBC606B22E80A9D49FA9225322E646BAC3C2E0121459FA5D8C6B3C
                    Malicious:false
                    Reputation:unknown
                    Preview:p...... ....`...C.......(....................................................... ........!.M........(...........}...h.t.t.p.:././.a.p.p.s...i.d.e.n.t.r.u.s.t...c.o.m./.r.o.o.t.s./.d.s.t.r.o.o.t.c.a.x.3...p.7.c...".3.7.d.-.6.0.7.9.b.8.c.0.9.2.9.c.0."...

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):295
                    Entropy (8bit):5.371697318635684
                    Encrypted:false
                    SSDEEP:
                    MD5:F145AC53C7E790FC869211F865F4A792
                    SHA1:80FB18C13B619CE745E3AF8DEE77258874C98488
                    SHA-256:966BE0D2CF002ABC422E9C0A189AB6B9B8A95395962157EB4F71A917A916C8D1
                    SHA-512:375665216BADA7240AFEC7B999E396A8A505453118C5E2F0CD636CA7486A78ECE54555A98CEB2F3C71A6E5BFBA6D0699C1347706B4B7464C632F26B9158D7003
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"0ecda5ab-5b3c-4746-a5fb-621be5b81b2d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720169687586,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):294
                    Entropy (8bit):5.31984701211488
                    Encrypted:false
                    SSDEEP:
                    MD5:80B7D96E210A1D4AABEF1EED5582FCE3
                    SHA1:F36E263C85B32BA3F1B56E3AEF9D7F6C3E1276E8
                    SHA-256:DB63F2EFAB41D7189B24AADD2E6BCA67C03E8D3F1A562C2BB0E2A3ED0068BC07
                    SHA-512:2B0EB31902C3D57032D4147C4AACA07EA15A819A9D1AEB1A51435AA114A2EF022592247C4AF26C36A3BFA1A941A74F879121C4975C61AE6D5E02E9B22F6CC719
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"0ecda5ab-5b3c-4746-a5fb-621be5b81b2d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720169687586,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):294
                    Entropy (8bit):5.2983953286408845
                    Encrypted:false
                    SSDEEP:
                    MD5:AC33DD98758F4384890A7F01ABCF579D
                    SHA1:90FE52CB8228ADA4B38810F786581A3FE9BF4F9C
                    SHA-256:D319BEC24AAF8876F6E5AA193CC0C13D1F5244FF746F6F800D01DA2D2D618EEF
                    SHA-512:D8C346B90AE6740AA7E7F3E9DCD5CF66AB81AFB3ED83AEF05BE4D10A5B2B2A2DBD4A234B85CBF2453ABC6E68034D819A40F30B879A4CA10EDE429853357D9203
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"0ecda5ab-5b3c-4746-a5fb-621be5b81b2d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720169687586,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):285
                    Entropy (8bit):5.360369926054521
                    Encrypted:false
                    SSDEEP:
                    MD5:6BEB713FB2680CAC4FAAC6472AA3C83D
                    SHA1:B6710BB378D3960214D4AEA92F0A070EE056BEE5
                    SHA-256:F92594A460523A53344090B561052F7AB5B9B311D1998665A8FAD312337546DB
                    SHA-512:ABB269D106DD1DF45950B738425FC17B98D2482A0EA9D1A0A556D1AE378A27B272D2870459F3D87D5143C2B406F85FAC1A8E8D0FD15710BE85A673B394BE157C
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"0ecda5ab-5b3c-4746-a5fb-621be5b81b2d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720169687586,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):292
                    Entropy (8bit):5.319647692649038
                    Encrypted:false
                    SSDEEP:
                    MD5:B8721A0A45AE5CDD0A442379DC2ACDEC
                    SHA1:A4A645B4614B8CB23D5D14F8FD73FA4E86E4D1ED
                    SHA-256:E7AA8255F613BFECBEFF9FBE86C7BF95AE1BBBAADBFF96E1D6999EB868357C2C
                    SHA-512:F8A74BDB97803F1200A1E0282A46DA038198016290B1887ECCE0987F55EDD6C64479A8C65DD2BD59918F5A6BB8737DB79F5FA189769166BB1B117B32F769DEF0
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"0ecda5ab-5b3c-4746-a5fb-621be5b81b2d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720169687586,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):289
                    Entropy (8bit):5.306634266000889
                    Encrypted:false
                    SSDEEP:
                    MD5:676A544ABE31FA4C697D7863E3F3A5D8
                    SHA1:B803CD5804FB395F89AF2F79635B7069E2A7723C
                    SHA-256:B765FB6A56EF74A36324A1B60475B16842E7A2B74F49D020FCAE032E9C0F9A60
                    SHA-512:3B9DE59BC3A751239707B08D42D14166D221E6D5E5BBA1F0B95C9E6C6BB5BBFEFCB4AF6063D1234427D6DE36F46478CFE318834E2B207A61BEEA887C7803A874
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"0ecda5ab-5b3c-4746-a5fb-621be5b81b2d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720169687586,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):292
                    Entropy (8bit):5.309509157271959
                    Encrypted:false
                    SSDEEP:
                    MD5:48C3F00E18CAB329830B3C9C2721B700
                    SHA1:77D3D52A3A2C23C7B61B3210848FA9646C80B79B
                    SHA-256:70BFF5F75A09B2B9CCCEF54DEF9B1790B86D30590F2B168854173AA788EDE731
                    SHA-512:AA66A4E01E898B99C350B6E61A9924EC46E3B35E5F4E55DE0954FA09D807A1B812442FAF01B15E0BB5FD46243CD7AA5527C0C516ED4F297AE62864944385CAEC
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"0ecda5ab-5b3c-4746-a5fb-621be5b81b2d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720169687586,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):289
                    Entropy (8bit):5.3159373500583
                    Encrypted:false
                    SSDEEP:
                    MD5:3315C2077635A6FDEB3CE35731375F97
                    SHA1:F38653486AB19109B665359862BA30CA141DD9FC
                    SHA-256:31446AD8473DEABC3924189B65184EDC9B823C58E216D6C29AD20EB3EF994D13
                    SHA-512:31710B22DCF3DBAC5055357B5D6CF0821A2221DA6DF47D713E938B66E08354838208614783201208D4F191E0F16F82D70F0CBA53F20CCA241D81EC0ECFE5F22C
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"0ecda5ab-5b3c-4746-a5fb-621be5b81b2d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720169687586,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):1372
                    Entropy (8bit):5.736761814760445
                    Encrypted:false
                    SSDEEP:
                    MD5:4AB13724620E2E30D58641778DF6EA79
                    SHA1:94719FD1EC782D382818D49D10F3D176299B9D67
                    SHA-256:446697B58A474919ED20E54A5034D0529B7D6D22A82B9A524C1C784287A610BA
                    SHA-512:C1B995B5ABCECB343C7EED5308F79226CCAFDEB395ABC1FE711320D8C6DC5F4C7EDE4AF3288AB41DFD8B60294F0295C66C962E9F8B67107505B29FFFC36ADF0D
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"0ecda5ab-5b3c-4746-a5fb-621be5b81b2d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720169687586,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):289
                    Entropy (8bit):5.312924946874759
                    Encrypted:false
                    SSDEEP:
                    MD5:6D6FB75DFA3065E510B77157EDD2985E
                    SHA1:FECB9BF8C42C8672E21FE5B3C6EBD5032258588E
                    SHA-256:99CF0B8E444282345A777AC7DCA70489256CB31F453A7714A361963043A52C2C
                    SHA-512:683FC88A62A735D56D89F919B77FFA5584F3AE0B4F563FE06A6E8A2005719E6FC8FA67470F40A2436DDCBFAF1F9FD4CD0AF0A7BF4722EF4FBC1D23682448CE03
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"0ecda5ab-5b3c-4746-a5fb-621be5b81b2d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720169687586,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):1395
                    Entropy (8bit):5.772779777024909
                    Encrypted:false
                    SSDEEP:
                    MD5:86B6C00938AB940F45693A621FC025D5
                    SHA1:AE3C5463D11982BB4B5AF34047B1ACF5D913E396
                    SHA-256:3CD9A50D867A672B153E64C529EEC4A111A543EE70F592A689CB7343D2CAE4D3
                    SHA-512:AFFFB0365A5B91236EAD8F442724A850DB6B3EBF8897FED50A9FC4FF3ED2A5359CD83A8345E065030F2431512A2BCC6B8CD2E8B828C7D7C8A999AD5EAF12334E
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"0ecda5ab-5b3c-4746-a5fb-621be5b81b2d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720169687586,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):291
                    Entropy (8bit):5.296383213298623
                    Encrypted:false
                    SSDEEP:
                    MD5:F45E18B5ED3DDFD0DF64485FD440FE35
                    SHA1:2DA8412EC5B07B6D54373FA256C7D99F04C08ED8
                    SHA-256:1AE7D0F7D142F7AF22D6EBE1F7EBBFCA61F821993DB6355B8FF8968109F6F578
                    SHA-512:FFA78DE7B6D2C58F89CC99B2B9FFE036B8F07821B46EF1CC94A97ACA13E7E3AC98EFD5684AE44BEB6B70B9C93F4F592BE36F67BB8CF24C262C262221B800732E
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"0ecda5ab-5b3c-4746-a5fb-621be5b81b2d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720169687586,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):287
                    Entropy (8bit):5.300239299765331
                    Encrypted:false
                    SSDEEP:
                    MD5:ACDB3C6CC8C3493B34B4EA656582267A
                    SHA1:F01FFA2770DC42A12A5D151A7E5325A3D9324447
                    SHA-256:6725DB33882D3BF1236C10B1AD1AD9CB57CDC6294C20787F7E7F38B505B3DB21
                    SHA-512:583518948B28E51F48C9A887EED525E07E00D395B61E4CE76F7D5EFF64DC5881462A9553D1513410DD244603F5D43F5C2A6DAFB6BAC23B9A72BD30D17015B383
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"0ecda5ab-5b3c-4746-a5fb-621be5b81b2d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720169687586,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):289
                    Entropy (8bit):5.319760075632907
                    Encrypted:false
                    SSDEEP:
                    MD5:85AC1869F20AC359D439BE36412738B2
                    SHA1:642410797255D3F0F93C34978A73C805B9720906
                    SHA-256:FE3F8A6CA24541005AA401916FC2EC2180C225BF89C4297D9148AFF379891DC3
                    SHA-512:BB4D27913B87CA40C7DE173209ABF0CE6EE20CA535F185D0ACA6EB7E48736B7A5083F1F0ACA168C8A607326C0C028B2EBA11C5E31FE7176DCE10E0ADCDE5650C
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"0ecda5ab-5b3c-4746-a5fb-621be5b81b2d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720169687586,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):286
                    Entropy (8bit):5.2756258461864345
                    Encrypted:false
                    SSDEEP:
                    MD5:6FB9E2385F2CA71D6DC28069B35E090E
                    SHA1:A3298E0B3B0F91F1D4F9E9F4C230A98D844EA366
                    SHA-256:A0E98CF76CC00310797F39B7F7C69126E9CAB7C480631FB9FA60FB0364B158B3
                    SHA-512:C2057C68A7AA912199DA5E3B984789E56F0E626B02C356E7CB5E6568810234A6E4D12CD9E043C3ABAF3572C2BD235D232979A0CC3EB3BE6FEC380EB5D00AEED0
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"0ecda5ab-5b3c-4746-a5fb-621be5b81b2d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720169687586,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):782
                    Entropy (8bit):5.37072643803887
                    Encrypted:false
                    SSDEEP:
                    MD5:AAF437A7C3B111611BEEDB8799A8A639
                    SHA1:37BF8D1A97E27B50F2BA046A702760538A8BB595
                    SHA-256:4F3672A7C0E5252A939B5FEFC21D2175AE1E75C6E18C1E649194B6AEF3EDF98A
                    SHA-512:FBFE759A70F40F92D6FF67AFF97D6C9C5C061CCE88F0EFA70CFAB4AF928DB505ACC7603626DF40511F0AE82EA0FAE882183B1F6AA1631108B9271C6761B794AA
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"0ecda5ab-5b3c-4746-a5fb-621be5b81b2d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720169687586,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1719991712618}}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):4
                    Entropy (8bit):0.8112781244591328
                    Encrypted:false
                    SSDEEP:
                    MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                    SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                    SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                    SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                    Malicious:false
                    Reputation:unknown
                    Preview:....

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):2814
                    Entropy (8bit):5.132984348642277
                    Encrypted:false
                    SSDEEP:
                    MD5:8C6469FCA171A42B843D2FEEC542FC10
                    SHA1:32E67424EFD86046163F97CC69E437B5D1655522
                    SHA-256:D8BF1DAB0B52F3B56D42A97ACEA4A3A3F086CB89A0B187E393ACB866D7DE40BA
                    SHA-512:41079B04899D92CB8BAC36A086280D7A81CD069ACBF0D827F2E973E7C001A618ED9EA4FD5FA3E3A0A8CBB44AFE6A011A2E3341C78D6F52BFB60C80EFA4B9E94D
                    Malicious:false
                    Reputation:unknown
                    Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"df88183209664d6da712545ba9d1974f","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1719991732000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"718e642cd2898c8d908b61bf68c4b889","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1719991731000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"349be80bd9a1ae5b3ec638f4fe889cdd","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1719991731000},{"id":"Edit_InApp_Aug2020","info":{"dg":"266be43afe044cd627c1d6e5a2345116","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1719991731000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"d4121b5f41ec91f8cc123eabb05ab6ac","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1719991731000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"38e55f301d2ce9c97648f0454ddc3f13","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1719991731000},

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                    Category:dropped
                    Size (bytes):12288
                    Entropy (8bit):0.9890104374986791
                    Encrypted:false
                    SSDEEP:
                    MD5:F84D72734E172B16A3801474BF3CD9DC
                    SHA1:87F61B6D11237D62AC57C63ACD68E9ACC5C3BC2C
                    SHA-256:4DD87FBDF41C0B5A187904526314AE1E908AF84F6545300D23A91C15FA3F6CFE
                    SHA-512:46A8823A5FF4D05C6C6CACBF09EA61109D52A68BD790CEEEA81E40E01056B5B3E6F4B12CA5947852FC5E9434AC804A030342CCA2EABDCF77EC0134B755A44D2C
                    Malicious:false
                    Reputation:unknown
                    Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:SQLite Rollback Journal
                    Category:dropped
                    Size (bytes):8720
                    Entropy (8bit):1.3464327530026214
                    Encrypted:false
                    SSDEEP:
                    MD5:8AC98BEFE83019C3EA2DDEB48FF7C0BF
                    SHA1:DA5208FC05CE6DE216B327E065DCFC8A62CC5ED0
                    SHA-256:B869B2C8A83A704B40C8AA7713918C174B1D3C7B58DA7E7DA46D070EA6260147
                    SHA-512:07E9F64B01A143936056693B3AB81BD3BAE1B85B96FE028626FD4D69F8A2513EAA0BD5868C2848C4B1599942E554D0104FB96043B4E1F10A00CBBB6A5F78DC6E
                    Malicious:false
                    Reputation:unknown
                    Preview:.... .c.......x.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\MSIf44fa.LOG

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):246
                    Entropy (8bit):3.5274671434738973
                    Encrypted:false
                    SSDEEP:
                    MD5:131A364EBDF4D04358E53B3EA5A96465
                    SHA1:B8745F8C5AB519BB5279D1D7900BDCF11DC3096A
                    SHA-256:AC0D0A8E18631D47E16BC55AFCB27BC729EF2C523DB8A1FE9407DCD5875F9ECE
                    SHA-512:6FBD9E1E981182FFAAF2422D24DBE551353E3D5D5B4A367DE12AB89670292B2FBE01843B762B7ED7DD7AD85321BA8447F824A58E3FE83DC4CE87AB9DF8E2CB93
                    Malicious:false
                    Reputation:unknown
                    Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.3./.0.7./.2.0.2.4. . .0.3.:.2.8.:.5.2. .=.=.=.....

                    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-07-03 03-28-28-526.log

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:ASCII text, with very long lines (393)
                    Category:dropped
                    Size (bytes):16525
                    Entropy (8bit):5.353642815103214
                    Encrypted:false
                    SSDEEP:
                    MD5:91F06491552FC977E9E8AF47786EE7C1
                    SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
                    SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
                    SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
                    Malicious:false
                    Reputation:unknown
                    Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

                    C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:ASCII text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):29752
                    Entropy (8bit):5.419239219192113
                    Encrypted:false
                    SSDEEP:
                    MD5:FB4A05587C1A748DCF74C69650DBC52E
                    SHA1:B2552800B037251FDBCEB41DD99E694C73949801
                    SHA-256:553F313CCBF0A6968E301A77622EC0E365DA7578CFE30EFCF07CDF4DF0FC6D78
                    SHA-512:8065F68FB9733EF0DE6D9E4E2BEF94190CFDD822B1D98BD4D25568F7C4C6CB28B6613E7B357181295B884F818D5A94E1239C8C50331C58DE0F1BBEE3735D6B17
                    Malicious:false
                    Reputation:unknown
                    Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 06:28:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2673
                    Entropy (8bit):3.9879068236166737
                    Encrypted:false
                    SSDEEP:
                    MD5:A8915D7143310FEF251B56528141B49F
                    SHA1:E840D8A99E5CFFD361127AEEB6ED91C130FF9DC7
                    SHA-256:6584E52D19517F8D87E9B27574A6A9A5BEC1B7FAEE1E35F914A29635506B8AF2
                    SHA-512:5D1D6D23DE473424043D89251EA2A97B5EDF1E3D32C56771CF9D3E2935EA79CCA68B39EBED9C1885E661AD5B88862602759286A89503FADBBF77A36099967785
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.@.. ...$+.,.....9.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.;....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.;....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.;....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.;..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.;...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........a..2.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 06:28:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2675
                    Entropy (8bit):4.003322345218134
                    Encrypted:false
                    SSDEEP:
                    MD5:1419B97782336C8AB601A2FFF6DC21B5
                    SHA1:9C7D01384F90D857922B921A329880CEF6DE6757
                    SHA-256:C61013EA570D38CA46E643149C073924BAB3AB58AB659228137CAE630FE45AD0
                    SHA-512:B7BAE9B16F7C9DC6A3D9A39E7C4B9F0D491A48090555032008933D0B4950CCB03B3A60193E616150DD9D238121AF6B7FD230CC91AC164764D282BE29DAAE474E
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.;....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.;....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.;....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.;..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.;...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........a..2.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2689
                    Entropy (8bit):4.009409611987924
                    Encrypted:false
                    SSDEEP:
                    MD5:3F2BC0085CDB77EBB057FE55E4C35D34
                    SHA1:6140C2C1C747993EA43167A274F1CE599FF3AF0C
                    SHA-256:5B538E9F2379C5BC367BA02FB7D515914521DC2F206375AF144C11887C41CDE8
                    SHA-512:90169B65407C14E3BF3877A462C49203AC800BBE0C94CA3A9E199D482EBCF533810DF90356ADF21143286673F57F80DFA48E7DCF1721108386B0B18448654612
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.;....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.;....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.;....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.;..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........a..2.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 06:28:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2677
                    Entropy (8bit):4.000765501852157
                    Encrypted:false
                    SSDEEP:
                    MD5:C5A2CE59437DA8912310B48EA8B7D72F
                    SHA1:EE5653A50009B08516526C3AEDA4572C47EECACB
                    SHA-256:7FF9FA07A23775816F95F399512A12FB4113E67D44B6CB7B2C4F89AD9E69549F
                    SHA-512:DB32C8A8FE32BBB1AC4FC4E1B8EBA610CD8B8F5B800DD6069F9D3B833CC9D1A7B4F1B456134637BC336E3B6DE9554927AAB27274A859674CFFCD431A757C992C
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.@.. ...$+.,.....p.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.;....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.;....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.;....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.;..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.;...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........a..2.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 06:28:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2677
                    Entropy (8bit):3.9906783394148246
                    Encrypted:false
                    SSDEEP:
                    MD5:66DC3A0159DEE5ABD77C84AE6694CCD9
                    SHA1:05D04B1EEEB4B4857C900197A93F272E1033A6A7
                    SHA-256:A46692D052BAD7642C707034C57B31FD7112F744983107979891E0E66CB83E45
                    SHA-512:DAC176F8000E7C953FA5483AC5341E2C572F709B057F49A34B0FBB416683CB677F03C839FC996A294877692AA2F7EE3A777DE774B06DC2FA43B0DEB24D66A177
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.;....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.;....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.;....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.;..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.;...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........a..2.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 06:28:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2679
                    Entropy (8bit):4.003562918790079
                    Encrypted:false
                    SSDEEP:
                    MD5:5E342B587FD963E4F43A20FCFDCB5E16
                    SHA1:460E3A687053341E94814532763F7EF1ECCA16FB
                    SHA-256:6926784D8C7934C9ACCF4A80B113C79547A366A46A6BA812D4AC29753095E7C2
                    SHA-512:9375C565F43892E382EE70DCB3C3EECC5310935687408AED14686FEB75DA60461AD9AB88FA4607EA4F07BD050E13849DD9EAB4AF6F75C1CF0DAEC8289E766967
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.@.. ...$+.,.....!......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.;....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.;....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.;....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.;..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.;...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........a..2.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\Downloads\2aeeebe1-258b-4f2d-976b-74484013452b.tmp

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:HTML document, ASCII text, with very long lines (755)
                    Category:dropped
                    Size (bytes):658162
                    Entropy (8bit):6.1118503313637484
                    Encrypted:false
                    SSDEEP:
                    MD5:9BE63CB3B08CE183092CB4F10B6FB51A
                    SHA1:45A4BEF9932477A54BD0405CBA042575C3C3D28C
                    SHA-256:406D491B7C33EAFCAE2718F919E072C2CCDCE1CAA3AB7F20F0E0B7A80686FA75
                    SHA-512:FBD7DC1E25082789E7F957192B042DC33AD4425A9168F9F364246B0DE4D96C3E608DED4AEF4D897C491A983ADD33D8AA4BE0E2DCC8A625AE763BF64B5FF0DC0C
                    Malicious:true
                    Yara Hits:
                    • Rule: JoeSecurity_HtmlPhish_10, Description: Yara detected HtmlPhish_10, Source: C:\Users\user\Downloads\2aeeebe1-258b-4f2d-976b-74484013452b.tmp, Author: Joe Security
                    • Rule: JoeSecurity_HtmlPhish_10, Description: Yara detected HtmlPhish_10, Source: C:\Users\user\Downloads\2aeeebe1-258b-4f2d-976b-74484013452b.tmp, Author: Joe Security
                    Reputation:unknown
                    Preview:<html lang="en">.<head>. <meta http-equiv="x-ua-compatible" content="EmulateIE9" />.<meta charset="utf-8" />.<meta.name="viewport".content="width=device-width, initial-scale=1, shrink-to-fit=no"./>..<title>document</title>.<meta http-equiv="imagetoolbar" content="no" />..<style type="text/css">./*!. * Bootstrap v4.0.0 (https://getbootstrap.com). * Copyright 2011-2018 The Bootstrap Authors. * Copyright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root {.--blue: #007bff;.--indigo: #6610f2;.--purple: #6f42c1;.--pink: #e83e8c;.--red: #dc3545;.--orange: #fd7e14;.--yellow: #ffc107;.--green: #28a745;.--teal: #20c997;.--cyan: #17a2b8;.--white: #fff;.--gray: #6c757d;.--gray-dark: #343a40;.--primary: #007bff;.--secondary: #6c757d;.--success: #28a745;.--info: #17a2b8;.--warning: #ffc107;.--danger: #dc3545;.--light: #f8f9fa;.--dark: #343a40;.--breakpoint-xs: 0;.--breakpoint-sm: 576px;.--breakpoint-md: 768px

                    C:\Users\user\Downloads\datatransfer-pro-jlpfs-wing-transfer-newalx7.html (copy)

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:HTML document, ASCII text, with very long lines (755)
                    Category:dropped
                    Size (bytes):0
                    Entropy (8bit):0.0
                    Encrypted:false
                    SSDEEP:
                    MD5:9BE63CB3B08CE183092CB4F10B6FB51A
                    SHA1:45A4BEF9932477A54BD0405CBA042575C3C3D28C
                    SHA-256:406D491B7C33EAFCAE2718F919E072C2CCDCE1CAA3AB7F20F0E0B7A80686FA75
                    SHA-512:FBD7DC1E25082789E7F957192B042DC33AD4425A9168F9F364246B0DE4D96C3E608DED4AEF4D897C491A983ADD33D8AA4BE0E2DCC8A625AE763BF64B5FF0DC0C
                    Malicious:true
                    Reputation:unknown
                    Preview:<html lang="en">.<head>. <meta http-equiv="x-ua-compatible" content="EmulateIE9" />.<meta charset="utf-8" />.<meta.name="viewport".content="width=device-width, initial-scale=1, shrink-to-fit=no"./>..<title>document</title>.<meta http-equiv="imagetoolbar" content="no" />..<style type="text/css">./*!. * Bootstrap v4.0.0 (https://getbootstrap.com). * Copyright 2011-2018 The Bootstrap Authors. * Copyright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root {.--blue: #007bff;.--indigo: #6610f2;.--purple: #6f42c1;.--pink: #e83e8c;.--red: #dc3545;.--orange: #fd7e14;.--yellow: #ffc107;.--green: #28a745;.--teal: #20c997;.--cyan: #17a2b8;.--white: #fff;.--gray: #6c757d;.--gray-dark: #343a40;.--primary: #007bff;.--secondary: #6c757d;.--success: #28a745;.--info: #17a2b8;.--warning: #ffc107;.--danger: #dc3545;.--light: #f8f9fa;.--dark: #343a40;.--breakpoint-xs: 0;.--breakpoint-sm: 576px;.--breakpoint-md: 768px

                    C:\Users\user\Downloads\datatransfer-pro-jlpfs-wing-transfer-newalx7.html.crdownload (copy)

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:HTML document, ASCII text, with very long lines (755)
                    Category:dropped
                    Size (bytes):0
                    Entropy (8bit):0.0
                    Encrypted:false
                    SSDEEP:
                    MD5:9BE63CB3B08CE183092CB4F10B6FB51A
                    SHA1:45A4BEF9932477A54BD0405CBA042575C3C3D28C
                    SHA-256:406D491B7C33EAFCAE2718F919E072C2CCDCE1CAA3AB7F20F0E0B7A80686FA75
                    SHA-512:FBD7DC1E25082789E7F957192B042DC33AD4425A9168F9F364246B0DE4D96C3E608DED4AEF4D897C491A983ADD33D8AA4BE0E2DCC8A625AE763BF64B5FF0DC0C
                    Malicious:true
                    Reputation:unknown
                    Preview:<html lang="en">.<head>. <meta http-equiv="x-ua-compatible" content="EmulateIE9" />.<meta charset="utf-8" />.<meta.name="viewport".content="width=device-width, initial-scale=1, shrink-to-fit=no"./>..<title>document</title>.<meta http-equiv="imagetoolbar" content="no" />..<style type="text/css">./*!. * Bootstrap v4.0.0 (https://getbootstrap.com). * Copyright 2011-2018 The Bootstrap Authors. * Copyright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root {.--blue: #007bff;.--indigo: #6610f2;.--purple: #6f42c1;.--pink: #e83e8c;.--red: #dc3545;.--orange: #fd7e14;.--yellow: #ffc107;.--green: #28a745;.--teal: #20c997;.--cyan: #17a2b8;.--white: #fff;.--gray: #6c757d;.--gray-dark: #343a40;.--primary: #007bff;.--secondary: #6c757d;.--success: #28a745;.--info: #17a2b8;.--warning: #ffc107;.--danger: #dc3545;.--light: #f8f9fa;.--dark: #343a40;.--breakpoint-xs: 0;.--breakpoint-sm: 576px;.--breakpoint-md: 768px

                    Static File Info

                    General

                    File type:PDF document, version 1.4, 1 pages
                    Entropy (8bit):7.812293460885919
                    TrID:
                    • Adobe Portable Document Format (5005/1) 100.00%
                    File name:ABSA NOTIFICATION(.......pdf
                    File size:71'162 bytes
                    MD5:129c1bc576c8197b402f59fefa3b4019
                    SHA1:1dbb164b3d56105c25cfa0dddc8ec16c02249539
                    SHA256:fd30933c1b495d122d1cd1ec0cc5d5f26238c1d235c726c2c50f041f013864b6
                    SHA512:cb0535f5214077cf2886d207af6103eb4f8ef04c7304aa54eaf485c94c862ec74e78368ff69ab056264192812ec0ca5d910e84255874a1037a9f52aa59b28be0
                    SSDEEP:1536:J9NIxv3RcS7aaizpa65pZBBvGkzzV7K6tB:J8x/RTaBla6LvvGkzzgs
                    TLSH:3563D042D956768EF8815495AD36398D881AB30F81C97CD3342CCF9BBB41B622E613CF
                    File Content Preview:%PDF-1.4.%.....5 0 obj.<</Ordering(Identity)/Registry(Adobe)/Supplement 0>>.endobj.8 0 obj.<</Type/Metadata/Subtype/XML/Length 1463>>stream.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?><x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="3.1-701">.<rdf:RD

                    File Icon

                    Icon Hash:62cc8caeb29e8ae0

                    Static PDF Info

                    General

                    Header:%PDF-1.4
                    Total Entropy:7.812293
                    Total Bytes:71162
                    Stream Entropy:7.867720
                    Stream Bytes:64266
                    Entropy outside Streams:5.312337
                    Bytes outside Streams:6896
                    Number of EOF found:1
                    Bytes after EOF:

                    Keywords Statistics

                    NameCount
                    obj47
                    endobj47
                    stream14
                    endstream14
                    xref1
                    trailer1
                    startxref1
                    /Page1
                    /Encrypt0
                    /ObjStm0
                    /URI2
                    /JS0
                    /JavaScript0
                    /AA0
                    /OpenAction0
                    /AcroForm0
                    /JBIG2Decode0
                    /RichMedia0
                    /Launch0
                    /EmbeddedFile0

                    Image Streams

                    IDDHASHMD5Preview
                    39703460574e991d4ccde7576776d44860082306a036f15a4c
                    418e2e662e2e26a6ae588ce8e6fbae0209e74560e19dcc9088
                    408a2e262e2e26262ea4c191f389e3b46a4d928eadde7b589e
                    425571713113515111f22417cba6b87766f237f20d8cad2e55