Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https:/sterling-prod-acumatica.s3.amazonaws.com/9189038_142739N.pdf?AWSAccessKeyId=AKIAIYFV2RUQHU32EZPQ&Expires=1730052721&Signature=Q6nX6CSG3roHKmU5gHtiFWgx1ck%3D

Overview

General Information

Sample URL:https:/sterling-prod-acumatica.s3.amazonaws.com/9189038_142739N.pdf?AWSAccessKeyId=AKIAIYFV2RUQHU32EZPQ&Expires=1730052721&Signature=Q6nX6CSG3roHKmU5gHtiFWgx1ck%3D
Analysis ID:1466895
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Drops files with a non-matching file extension (content does not match file extension)
Stores files to the Windows start menu directory
Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5612 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 4912 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1956,i,3880261074420648777,6952740187572368295,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 3488 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https:/sterling-prod-acumatica.s3.amazonaws.com/9189038_142739N.pdf?AWSAccessKeyId=AKIAIYFV2RUQHU32EZPQ&Expires=1730052721&Signature=Q6nX6CSG3roHKmU5gHtiFWgx1ck%3D" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • Acrobat.exe (PID: 4416 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\downloaded.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 4132 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 2292 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1604,i,1224235668784677000,16595986004613818999,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://sterling-prod-acumatica.s3.amazonaws.com/9189038_142739N.pdf?AWSAccessKeyId=AKIAIYFV2RUQHU32EZPQ&Expires=1730052721&Signature=Q6nX6CSG3roHKmU5gHtiFWgx1ck%3DHTTP Parser: No favicon
Source: file:///C:/Users/user/Downloads/downloaded.pdfHTTP Parser: No favicon
Source: file:///C:/Users/user/Downloads/downloaded.pdfHTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 23.206.229.226:443 -> 192.168.2.8:49721 version: TLS 1.0
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.8:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.8:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.206.229.226:443 -> 192.168.2.8:49721 version: TLS 1.0
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: global trafficHTTP traffic detected: GET /9189038_142739N.pdf?AWSAccessKeyId=AKIAIYFV2RUQHU32EZPQ&Expires=1730052721&Signature=Q6nX6CSG3roHKmU5gHtiFWgx1ck%3D HTTP/1.1Host: sterling-prod-acumatica.s3.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: sterling-prod-acumatica.s3.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sterling-prod-acumatica.s3.amazonaws.com/9189038_142739N.pdf?AWSAccessKeyId=AKIAIYFV2RUQHU32EZPQ&Expires=1730052721&Signature=Q6nX6CSG3roHKmU5gHtiFWgx1ck%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /9189038_142739N.pdf?AWSAccessKeyId=AKIAIYFV2RUQHU32EZPQ&Expires=1730052721&Signature=Q6nX6CSG3roHKmU5gHtiFWgx1ck%3D HTTP/1.1Host: sterling-prod-acumatica.s3.amazonaws.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Na+N4heufNlmKus&MD=4HxM3wxd HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Na+N4heufNlmKus&MD=4HxM3wxd HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficDNS traffic detected: DNS query: sterling-prod-acumatica.s3.amazonaws.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: unknownHTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A4109008217X-BM-CBT: 1696494873X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: 229C124F14F843F693B4EF574DFCAAABX-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A4109008217X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40X-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 516Connection: Keep-AliveCache-Control: no-cacheCookie: SRCHUID=V=2&GUID=7A0479E0E07C4D7D91A8C7552F34E6D4&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231005; SRCHHPGUSR=SRCHLANG=en&LUT=1696493908190&IPMH=7bc3b11d&IPMID=1696494873321&HV=1696494765; CortanaAppUID=0A2376201E427A029407F32A9072506A; MUID=4E6D5F19647E45969740B90CC0355D4C; _SS=SID=1F4D6C7F4B26664337657FDE4A3767CB&CPID=1696494874312&AC=1&CPH=893a1c21; _EDGE_S=SID=1F4D6C7F4B26664337657FDE4A3767CB; MUIDB=4E6D5F19647E45969740B90CC0355D4C
Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddenx-amz-request-id: C26KSVC8T9567ZXMx-amz-id-2: rMre0Ctpc80TMPwQAQtjTXBPXtNI3Tw7OUTT0X8QrpyV/RUW3P6SBskTRlUylc3qWxG6C/259ZE=Content-Type: application/xmlTransfer-Encoding: chunkedDate: Wed, 03 Jul 2024 12:51:27 GMTServer: AmazonS3Connection: close
Source: E0F5C59F9FA661F6F4C50B87FEF3A15A0.11.drString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: 77EC63BDA74BD0D0E0426DC8F80085060.11.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.8:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.8:49722 version: TLS 1.2
Source: classification engineClassification label: clean1.win@38/59@5/6
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-07-03 08-52-45-406.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1956,i,3880261074420648777,6952740187572368295,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https:/sterling-prod-acumatica.s3.amazonaws.com/9189038_142739N.pdf?AWSAccessKeyId=AKIAIYFV2RUQHU32EZPQ&Expires=1730052721&Signature=Q6nX6CSG3roHKmU5gHtiFWgx1ck%3D"
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\downloaded.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1604,i,1224235668784677000,16595986004613818999,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1956,i,3880261074420648777,6952740187572368295,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1604,i,1224235668784677000,16595986004613818999,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\crash_reporter.cfgJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: Chrome Cache Entry: 228
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: Chrome Cache Entry: 228Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		11
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https:/sterling-prod-acumatica.s3.amazonaws.com/9189038_142739N.pdf?AWSAccessKeyId=AKIAIYFV2RUQHU32EZPQ&Expires=1730052721&Signature=Q6nX6CSG3roHKmU5gHtiFWgx1ck%3D0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://chrome.cloudflare-dns.com/dns-query0%URL Reputationsafe
file:///C:/Users/user/Downloads/downloaded.pdf0%Avira URL Cloudsafe
https://sterling-prod-acumatica.s3.amazonaws.com/favicon.ico0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
s3-w.us-east-1.amazonaws.com
54.231.228.41
truefalse
    		unknown
    chrome.cloudflare-dns.com
    		162.159.61.3
    		truefalse
      		unknown
      bg.microsoft.map.fastly.net
      		199.232.214.172
      		truefalse
        		unknown
        www.google.com
        		216.58.212.132
        		truefalse
          		unknown
          sterling-prod-acumatica.s3.amazonaws.com
          		unknown
          		unknownfalse
            		unknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            file:///C:/Users/user/Downloads/downloaded.pdffalse
            • Avira URL Cloud: safe
            		unknown
            https://sterling-prod-acumatica.s3.amazonaws.com/favicon.icofalse
            • Avira URL Cloud: safe
            		unknown
            https://chrome.cloudflare-dns.com/dns-queryfalse
            • URL Reputation: safe
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            216.58.212.132
            		www.google.comUnited States
            		15169GOOGLEUSfalse
            54.231.228.41
            		s3-w.us-east-1.amazonaws.comUnited States
            		16509AMAZON-02USfalse
            162.159.61.3
            		chrome.cloudflare-dns.comUnited States
            		13335CLOUDFLARENETUSfalse
            239.255.255.250
            		unknownReserved
            		unknownunknownfalse

            Private

            IP
            192.168.2.8
            192.168.2.17

            General Information

            Joe Sandbox version:40.0.0 Tourmaline
            Analysis ID:1466895
            Start date and time:2024-07-03 14:50:29 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 3m 44s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:browseurl.jbs
            Sample URL:https:/sterling-prod-acumatica.s3.amazonaws.com/9189038_142739N.pdf?AWSAccessKeyId=AKIAIYFV2RUQHU32EZPQ&Expires=1730052721&Signature=Q6nX6CSG3roHKmU5gHtiFWgx1ck%3D
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:15
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Detection:CLEAN
            Classification:clean1.win@38/59@5/6
            Cookbook Comments:
            • Found PDF document
            • Close Viewer

            Warnings

            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe, svchost.exe
            • Excluded IPs from analysis (whitelisted): 142.250.185.67, 216.58.212.174, 66.102.1.84, 34.104.35.123, 192.229.221.95, 172.217.18.99, 184.28.88.176, 50.16.47.176, 34.237.241.83, 54.224.241.105, 18.213.11.84, 95.101.54.195, 2.16.202.123, 199.232.214.172, 2.19.126.149, 2.19.126.143, 93.184.221.240, 142.251.40.195, 142.250.64.99, 23.47.168.24
            • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, slscr.update.microsoft.com, e4578.dscb.akamaiedge.net, clientservices.googleapis.com, acroipm2.adobe.com, wu.azureedge.net, a1952.dscq.akamai.net, clients2.google.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, update.googleapis.com, hlb.apr-52dd2-0.edgecastdns.net, www.gstatic.com, apps.identrust.com, wu-b-net.trafficmanager.net, fs.microsoft.com, identrust.edgesuite.net, accounts.google.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, edgedl.me.gvt1.com, armmf.adobe.com, clients.l.google.com, geo2.adobe.com
            • Not all processes where analyzed, report is missing behavior information
            • Report size exceeded maximum capacity and may have missing behavior information.
            • Report size getting too big, too many NtCreateFile calls found.
            • Report size getting too big, too many NtOpenFile calls found.
            • Report size getting too big, too many NtSetInformationFile calls found.
            • VT rate limit hit for: https:/sterling-prod-acumatica.s3.amazonaws.com/9189038_142739N.pdf?AWSAccessKeyId=AKIAIYFV2RUQHU32EZPQ&Expires=1730052721&Signature=Q6nX6CSG3roHKmU5gHtiFWgx1ck%3D

            Simulations

            Behavior and APIs

            TimeTypeDescription
            08:52:55API Interceptor2x Sleep call for process: AcroCEF.exe modified

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            No context

            ASNs

            No context

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):294
            Entropy (8bit):5.210870459218237
            Encrypted:false
            SSDEEP:6:BOWIvTYFlyq2PCHhJ2nKuAl9OmbnIFUt84OWIvTjS1Zmw+4OWIvTjERkwOCHhJ2C:EP7YFIvBHAahFUt81P7jS1/+1P7jE56C
            MD5:FBF1C7FE497A7ABD1472EC21C68F2BB6
            SHA1:53AF7BBEC0824847B35DF52E572FB20D168C842E
            SHA-256:C3711FBF29A2AFF177191774C47CDE91006131F952782C7FD60F6D57A03816C6
            SHA-512:5CEB3BDF5454AE82602817EF18A4ADCBD4036BDA4860F6D87B4188AAC46A0E58B6117AD451A92E89512144C066CF88FC8F5C50B41EC4DB03EDB4061F74733068
            Malicious:false
            Reputation:low
            Preview:2024/07/03-08:52:43.035 1314 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/07/03-08:52:43.039 1314 Recovering log #3.2024/07/03-08:52:43.039 1314 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):294
            Entropy (8bit):5.210870459218237
            Encrypted:false
            SSDEEP:6:BOWIvTYFlyq2PCHhJ2nKuAl9OmbnIFUt84OWIvTjS1Zmw+4OWIvTjERkwOCHhJ2C:EP7YFIvBHAahFUt81P7jS1/+1P7jE56C
            MD5:FBF1C7FE497A7ABD1472EC21C68F2BB6
            SHA1:53AF7BBEC0824847B35DF52E572FB20D168C842E
            SHA-256:C3711FBF29A2AFF177191774C47CDE91006131F952782C7FD60F6D57A03816C6
            SHA-512:5CEB3BDF5454AE82602817EF18A4ADCBD4036BDA4860F6D87B4188AAC46A0E58B6117AD451A92E89512144C066CF88FC8F5C50B41EC4DB03EDB4061F74733068
            Malicious:false
            Reputation:low
            Preview:2024/07/03-08:52:43.035 1314 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/07/03-08:52:43.039 1314 Recovering log #3.2024/07/03-08:52:43.039 1314 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):335
            Entropy (8bit):5.164385962875535
            Encrypted:false
            SSDEEP:6:BOWIvTg62+q2PCHhJ2nKuAl9Ombzo2jMGIFUt84OWIvTgaZmw+4OWIvTgU2VkwOS:EP7LvBHAa8uFUt81P7J/+1P7Zm56HAaU
            MD5:636ED70BE304453751CF9FB5FBB031DF
            SHA1:9260E0838F9F80C1506CBCF8709AA3A0DC180722
            SHA-256:BEF85485DE8EE23AAB983F2AABB23784E090751C0EEBC83B63AFD0FDBCF7B427
            SHA-512:C2B1E523B0991592C83E97DF44B8D5A5534572D5887CA2A990DBD38407BEA084C078ABCA57B0EE01BE7B4F17970A9F247CB7A3597372FD7685A34F9D1CC20646
            Malicious:false
            Reputation:low
            Preview:2024/07/03-08:52:43.101 4e8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/07/03-08:52:43.102 4e8 Recovering log #3.2024/07/03-08:52:43.103 4e8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):335
            Entropy (8bit):5.164385962875535
            Encrypted:false
            SSDEEP:6:BOWIvTg62+q2PCHhJ2nKuAl9Ombzo2jMGIFUt84OWIvTgaZmw+4OWIvTgU2VkwOS:EP7LvBHAa8uFUt81P7J/+1P7Zm56HAaU
            MD5:636ED70BE304453751CF9FB5FBB031DF
            SHA1:9260E0838F9F80C1506CBCF8709AA3A0DC180722
            SHA-256:BEF85485DE8EE23AAB983F2AABB23784E090751C0EEBC83B63AFD0FDBCF7B427
            SHA-512:C2B1E523B0991592C83E97DF44B8D5A5534572D5887CA2A990DBD38407BEA084C078ABCA57B0EE01BE7B4F17970A9F247CB7A3597372FD7685A34F9D1CC20646
            Malicious:false
            Reputation:low
            Preview:2024/07/03-08:52:43.101 4e8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/07/03-08:52:43.102 4e8 Recovering log #3.2024/07/03-08:52:43.103 4e8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\46b0d6a2-944e-45df-9e95-df5abb2cb61d.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:JSON data
            Category:modified
            Size (bytes):475
            Entropy (8bit):4.967961042110297
            Encrypted:false
            SSDEEP:12:YH/um3RA8sqbUvcsBdOg2HXcaq3QYiub6P7E4T3y:Y2sRdsWcdMHW3QYhbS7nby
            MD5:95148E29609AD4519EA73B0915407BF4
            SHA1:D80DCAC6A9BC8EBBFE9C6EE93D3A78E72495F0E5
            SHA-256:3F4D3A8C7479430C78629ADADD4CDE7BD73DF0A8AD9FCE5D19A825F110D9DA5C
            SHA-512:265092DF107A9A34D2D16875CFA1A28FEDEB76E9EE7F448F4282FB1658E37A613F6623F696362C786D2161053BA6682A88F497BC61BAACFCCCC9D3A1240BE8B8
            Malicious:false
            Reputation:low
            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13364571175640145","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":159961},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.8","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):475
            Entropy (8bit):4.967961042110297
            Encrypted:false
            SSDEEP:12:YH/um3RA8sqbUvcsBdOg2HXcaq3QYiub6P7E4T3y:Y2sRdsWcdMHW3QYhbS7nby
            MD5:95148E29609AD4519EA73B0915407BF4
            SHA1:D80DCAC6A9BC8EBBFE9C6EE93D3A78E72495F0E5
            SHA-256:3F4D3A8C7479430C78629ADADD4CDE7BD73DF0A8AD9FCE5D19A825F110D9DA5C
            SHA-512:265092DF107A9A34D2D16875CFA1A28FEDEB76E9EE7F448F4282FB1658E37A613F6623F696362C786D2161053BA6682A88F497BC61BAACFCCCC9D3A1240BE8B8
            Malicious:false
            Reputation:low
            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13364571175640145","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":159961},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.8","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:data
            Category:dropped
            Size (bytes):4288
            Entropy (8bit):5.237389462166677
            Encrypted:false
            SSDEEP:96:S4bz5vsZ4CzSAsfTxiVud4TxY0CIOr3MCWO3VxBaw+bnUMdmWcjdOWZ:S43C4mS7fFi0KFYDjr3LWO3V3aw+bnU7
            MD5:F5B3D2B0F4145CEA97CB653706EE85E4
            SHA1:EDB1B490185850FF08A9DB51DB2459B34B2685CC
            SHA-256:AF13B806CD029EE1AFC91A4B278720A72CD6581DC45D06C29BA59F4A3EF1AA78
            SHA-512:4C472F22F3CB9B2185AFC2CD6AE143305309217C0F9F502ED6BEC73D6F6E4047EECB6E0A0FE9B1D4621D70ECBFA4FFE56B2DC5AFC699DDE090773DEF242F3765
            Malicious:false
            Reputation:low
            Preview:*...#................version.1..namespace-8..|o................next-map-id.1.Pnamespace-656dc224_0825_4dad_892f_a4fe9098071c-https://rna-resource.acrobat.com/.0...dr................next-map-id.2.Snamespace-ef12e1ab_9f14_41d7_aae3_3f05adf09ebc-https://rna-v2-resource.acrobat.com/.1....r................next-map-id.3.Snamespace-07eb38e9_046b_46c4_bd67_b1578df56145-https://rna-v2-resource.acrobat.com/.2.$..o................next-map-id.4.Pnamespace-f0c0a73c_e89b_42d5_bb63_4f8a3b04cf3a-https://rna-resource.acrobat.com/.3+...^...............Pnamespace-656dc224_0825_4dad_892f_a4fe9098071c-https://rna-resource.acrobat.com/....^...............Pnamespace-f0c0a73c_e89b_42d5_bb63_4f8a3b04cf3a-https://rna-resource.acrobat.com/T.3.a...............Snamespace-ef12e1ab_9f14_41d7_aae3_3f05adf09ebc-https://rna-v2-resource.acrobat.com/.U..a...............Snamespace-07eb38e9_046b_46c4_bd67_b1578df56145-https://rna-v2-resource.acrobat.com/.$..o................next-map-id.5.Pnamespace-c66013b9_73b6_4b3f_b279_

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):323
            Entropy (8bit):5.188300730751389
            Encrypted:false
            SSDEEP:6:BOWIvTMU+q2PCHhJ2nKuAl9OmbzNMxIFUt84OWIvTkJZmw+4OWIvTiIVkwOCHhJS:EP7yvBHAa8jFUt81P7G/+1P7ig56HAab
            MD5:8FE610FBAB9EDA7F15D68F58A6AC98A1
            SHA1:FA94E86B7B75C505353AA4E19AD50F8A8723547B
            SHA-256:DC8B72EB2AB2C379888F90ACBCDF8C1EE3375250B61736E1C18AFD2DE3131170
            SHA-512:E476AA958037EDB31ACFF39DAF8CFED5AC0C292FBC2FB9455CD05B65019D6B13BB9E0050615C29717A50D522D2EFF75EA40510A243521BA52D626EF817AFCE3B
            Malicious:false
            Reputation:low
            Preview:2024/07/03-08:52:43.298 4e8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/07/03-08:52:43.299 4e8 Recovering log #3.2024/07/03-08:52:43.300 4e8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):323
            Entropy (8bit):5.188300730751389
            Encrypted:false
            SSDEEP:6:BOWIvTMU+q2PCHhJ2nKuAl9OmbzNMxIFUt84OWIvTkJZmw+4OWIvTiIVkwOCHhJS:EP7yvBHAa8jFUt81P7G/+1P7ig56HAab
            MD5:8FE610FBAB9EDA7F15D68F58A6AC98A1
            SHA1:FA94E86B7B75C505353AA4E19AD50F8A8723547B
            SHA-256:DC8B72EB2AB2C379888F90ACBCDF8C1EE3375250B61736E1C18AFD2DE3131170
            SHA-512:E476AA958037EDB31ACFF39DAF8CFED5AC0C292FBC2FB9455CD05B65019D6B13BB9E0050615C29717A50D522D2EFF75EA40510A243521BA52D626EF817AFCE3B
            Malicious:false
            Reputation:low
            Preview:2024/07/03-08:52:43.298 4e8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/07/03-08:52:43.299 4e8 Recovering log #3.2024/07/03-08:52:43.300 4e8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240703125247Z-157.bmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
            Category:dropped
            Size (bytes):71190
            Entropy (8bit):1.3912228272303144
            Encrypted:false
            SSDEEP:96:lX92MMM719PMgPMMylCmNMIEOM6A5zZnc6b1lk4gBs9fjFMMkxMMMMM9/gMRMmh9:/L9SyeNQjF51B
            MD5:6FD5557B953F470E4B7A0629689BE74E
            SHA1:07C3F0B878BD149C931CC86323C517B746805866
            SHA-256:E66CE0D21ED6E82A0D8A1B8F59E9033BB2A96EEFBC210417D747F7ABD8164DBF
            SHA-512:FAF7F8BC050CEE54C348B5A88FD2D99A6CD2AACCF3DB27689DDF53EBAAD2CF3898B56A68C7007FE14FACD0EDADA4441424F6FE8C81E995FF78BDCCD2A8179C4F
            Malicious:false
            Reputation:low
            Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
            Category:dropped
            Size (bytes):71954
            Entropy (8bit):7.996617769952133
            Encrypted:true
            SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
            MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
            SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
            SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
            SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
            Malicious:false
            Reputation:low
            Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:data
            Category:dropped
            Size (bytes):893
            Entropy (8bit):7.366016576663508
            Encrypted:false
            SSDEEP:24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
            MD5:D4AE187B4574036C2D76B6DF8A8C1A30
            SHA1:B06F409FA14BAB33CBAF4A37811B8740B624D9E5
            SHA-256:A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
            SHA-512:1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C
            Malicious:false
            Reputation:low
            Preview:0..y..*.H.........j0..f...1.0...*.H.........N0..J0..2.......D....'..09...@k0...*.H........0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30...000930211219Z..210930140115Z0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30.."0...*.H.............0..........P..W..be......,k0.[...}.@......3vI*.?!I..N..>H.e...!.e.*.2....w..{........s.z..2..~..0....*8.y.1.P..e.Qc...a.Ka..Rk...K.(.H......>.... .[.*....p....%.tr.{j.4.0...h.{T....Z...=d.....Ap..r.&.8U9C....\@........%.......:..n.>..\..<.i....*.)W..=....]......B0@0...U.......0....0...U...........0...U.........{,q...K.u...`...0...*.H...............,...\...(f7:...?K.... ]..YD.>.>..K.t.....t..~.....K. D....}..j.....N..:.pI...........:^H...X._..Z.....Y..n......f3.Y[...sG.+..7H..VK....r2...D.SrmC.&H.Rg.X..gvqx...V..9$1....Z0G..P.......dc`........}...=2.e..|.Wv..(9..e...w.j..w.......)...55.1.

            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:data
            Category:modified
            Size (bytes):328
            Entropy (8bit):3.2418003062782916
            Encrypted:false
            SSDEEP:6:kKI9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:rDImsLNkPlE99SNxAhUe/3
            MD5:7E5820ABB9CF2506FA793C89E440979B
            SHA1:F6689340D1A0BDF46E31BE42E012B78C8A2FE32B
            SHA-256:8597132D918FB236700A29D858EE0F431A25FA18C8502E6A9A127ADA826F729B
            SHA-512:EC8B34CC4BD3B0CCEBF41B55AADA1E9634CAEA38750020CF33588527709E83BB3D630133C71C18C965CF8BABE7BAD99152A23F450BE5E6AB33995AA0D844A57E
            Malicious:false
            Reputation:low
            Preview:p...... .........?..G...(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:data
            Category:dropped
            Size (bytes):252
            Entropy (8bit):3.026467887142631
            Encrypted:false
            SSDEEP:3:kkFklxRsVXfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7ln3:kKIYxliBAIdQZV7I7kc3
            MD5:4F70720B2BF7514C39642733647247AD
            SHA1:8BB7422A6129BF4390A0813188116C8F3B74FB69
            SHA-256:2AD24A864B01AA6592CCDDBD449C5D68FD42179CBD9CA096C2BCDB3C152DAB0A
            SHA-512:CF2F3E6535D0EC41402E74A0F4179B5229782561F80A5B50EEBD70237F0302319B23782E087618DBFDFB6BE0712514F84CAC1F24CF1F0C1B7A200F9554393B31
            Malicious:false
            Reputation:low
            Preview:p...... ....`......G...(....................................................... ........!.M........(...........}...h.t.t.p.:././.a.p.p.s...i.d.e.n.t.r.u.s.t...c.o.m./.r.o.o.t.s./.d.s.t.r.o.o.t.c.a.x.3...p.7.c...".3.7.d.-.6.0.7.9.b.8.c.0.9.2.9.c.0."...

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5856

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:PostScript document text
            Category:dropped
            Size (bytes):185099
            Entropy (8bit):5.182478651346149
            Encrypted:false
            SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
            MD5:94185C5850C26B3C6FC24ABC385CDA58
            SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
            SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
            SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
            Malicious:false
            Reputation:low
            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:PostScript document text
            Category:dropped
            Size (bytes):185099
            Entropy (8bit):5.182478651346149
            Encrypted:false
            SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
            MD5:94185C5850C26B3C6FC24ABC385CDA58
            SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
            SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
            SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
            Malicious:false
            Reputation:low
            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:data
            Category:dropped
            Size (bytes):227002
            Entropy (8bit):3.392780893644728
            Encrypted:false
            SSDEEP:1536:qKPC4iyzDtrh1cK3XEiv07VK/3AYvYwgF/rRoL+sn:XPCaL/3AYvYwglFoL+sn
            MD5:27094DF6D14B4D6728D59FFC4E31294B
            SHA1:CC768A8693F9C122496C2BE949E13F0C36AE7888
            SHA-256:B26846BECCDB3792F05A996D2863C7A1D286BD9F997DBC2112604EBDD206FEAC
            SHA-512:681F8D3F21AF1B1898F6572DB44AE92CF2AF56B3E8C9421C679DF0962A6CABE44753A5327368DAB97BC9AF997EFD86B803847285BB64F427196C65C8B0348BE8
            Malicious:false
            Reputation:low
            Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):295
            Entropy (8bit):5.3407864060635895
            Encrypted:false
            SSDEEP:6:YEQXJ2HXUJ+z2vB3/dVlPIHAR0YOgEeoAvJM3g98kUwPeUkwRe9:YvXKXUJfvR/ZwHAgGMbLUkee9
            MD5:26EB31CE2C0A458587BD0D3E99377557
            SHA1:666560ADC1EB5F7D3260CF454D80393E2E0FFF1F
            SHA-256:CFCD1CEBB4C28344AAE4D06D5530D799D153CD6B04170792B1D74B7ECF84B39E
            SHA-512:C43CF00863610F941C718DDD54D120C3D7DEE7BD7B4918852253A34414DF1CCBDABFB347E275EE449C3F6107CC4B8BAA0BC229EBF49199F68CD44055FAB98B7C
            Malicious:false
            Reputation:low
            Preview:{"analyticsData":{"responseGUID":"9f8b2144-9258-4dc6-a06e-f1c2686b62a8","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1720187030164,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):294
            Entropy (8bit):5.276802157995061
            Encrypted:false
            SSDEEP:6:YEQXJ2HXUJ+z2vB3/dVlPIHAR0YOgEeoAvJfBoTfXpnrPeUkwRe9:YvXKXUJfvR/ZwHAgGWTfXcUkee9
            MD5:81D5B4A1E8F33B75C76775107C9CE890
            SHA1:E025564E7F85CA12A4E6C0A7BD619B7470E2992B
            SHA-256:98766EC46DB1D5F97D366B076BE4070D6062EB6EFA123563CDB9AAB8A9A41059
            SHA-512:45CFB692404CF586D3B173241EA2B4D79A1F04402B3FA30184F2BE5558AC634010E2F2E44B45351A2EDC20D681D26D22AE2B6A8278C788ADF775B247B9B6B684
            Malicious:false
            Reputation:low
            Preview:{"analyticsData":{"responseGUID":"9f8b2144-9258-4dc6-a06e-f1c2686b62a8","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1720187030164,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):294
            Entropy (8bit):5.255061653352868
            Encrypted:false
            SSDEEP:6:YEQXJ2HXUJ+z2vB3/dVlPIHAR0YOgEeoAvJfBD2G6UpnrPeUkwRe9:YvXKXUJfvR/ZwHAgGR22cUkee9
            MD5:20EBA5E99FE2B5C62BC040FAAE041E21
            SHA1:ADE60E62AA3C128CC0F77E224CFF8C70A3AABA55
            SHA-256:873313A83EC49EA58BF128B9515CBF3820C14A115220AD1DA66FBE2025AB4BC7
            SHA-512:B3ED1CA3515A302A3DE4D8404851BAF1D7B7C3E7C2E67F921EBA7A144DEA91873251B621696CE488D6A622ED92831D6646254B1A2E270B9E41649D925762E17B
            Malicious:false
            Reputation:low
            Preview:{"analyticsData":{"responseGUID":"9f8b2144-9258-4dc6-a06e-f1c2686b62a8","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1720187030164,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):285
            Entropy (8bit):5.316942777863145
            Encrypted:false
            SSDEEP:6:YEQXJ2HXUJ+z2vB3/dVlPIHAR0YOgEeoAvJfPmwrPeUkwRe9:YvXKXUJfvR/ZwHAgGH56Ukee9
            MD5:45D8966E0F051B566559638DB9BC51A8
            SHA1:D4757167A55574F78C34275EE5179A1ADB93A556
            SHA-256:D34F24930E471007987CE33385F7F436C72C0992AA6D00528B2C32B2A9B09483
            SHA-512:DEB63E92E737E2BC26ABFD5C26B148A366ACA59BD7E3F95EBC005DE3C497BDB453D5CB6F09E3B499517ABB5EC2FF6E39570E3A6F396B89C157CA25DF56B6C262
            Malicious:false
            Reputation:low
            Preview:{"analyticsData":{"responseGUID":"9f8b2144-9258-4dc6-a06e-f1c2686b62a8","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1720187030164,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):292
            Entropy (8bit):5.2821112775348595
            Encrypted:false
            SSDEEP:6:YEQXJ2HXUJ+z2vB3/dVlPIHAR0YOgEeoAvJfJWCtMdPeUkwRe9:YvXKXUJfvR/ZwHAgGBS8Ukee9
            MD5:4BE46114803C495FEC1E062C8D02CF67
            SHA1:FAACE4AE74A031A8E00C83CAFE6F130CC54C586D
            SHA-256:7A6061928AB912120BB0530C276D2D5E105FF71A4D3832563C358EDD4CDCA6C2
            SHA-512:6CB15CE6FBC22B24DE87416FB2EF5A498357E2A144156FB5C2B4FB519E02CC3BEE2B32E403443796AA05A604F80BCD7342A8695CF97B2CBF2E18382CFCA21648
            Malicious:false
            Reputation:low
            Preview:{"analyticsData":{"responseGUID":"9f8b2144-9258-4dc6-a06e-f1c2686b62a8","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1720187030164,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):289
            Entropy (8bit):5.266867126336802
            Encrypted:false
            SSDEEP:6:YEQXJ2HXUJ+z2vB3/dVlPIHAR0YOgEeoAvJf8dPeUkwRe9:YvXKXUJfvR/ZwHAgGU8Ukee9
            MD5:46A83F2966B936593EB52EDDB39F44EA
            SHA1:91F5EAECD8C18953ADBFAF332A4CD3077431A546
            SHA-256:9D5561235EE4F6EA863107BFE6EB05591A47493244BD1D339881B24349765042
            SHA-512:50E318E455DFC11C0A6E310972B31889CE5B47B372762C8270C0112077383F181985BD93EAAF2576FE0856B40A4200D78A1BB82430A4491621412D7BFDEF586B
            Malicious:false
            Reputation:low
            Preview:{"analyticsData":{"responseGUID":"9f8b2144-9258-4dc6-a06e-f1c2686b62a8","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1720187030164,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):292
            Entropy (8bit):5.265886500214572
            Encrypted:false
            SSDEEP:6:YEQXJ2HXUJ+z2vB3/dVlPIHAR0YOgEeoAvJfQ1rPeUkwRe9:YvXKXUJfvR/ZwHAgGY16Ukee9
            MD5:BAA2FD9CA1009BDE6D34337451B6EC0F
            SHA1:87ED5FDA5EDBDC2707005B07E2F18A091FAAF79B
            SHA-256:0F005A7DD31F5B8BEAB1FD7B818617A2B0ED2974106D402F8D775A0A8923F6D2
            SHA-512:85F1F3129A4163870C5CF704C886B931E9C4625B06A2DFB3EDB72F714FB39825C8373E4F8A2159B70EE300BC6146C176CE9F1359DFF8A55190F2189DBEB50FE1
            Malicious:false
            Reputation:low
            Preview:{"analyticsData":{"responseGUID":"9f8b2144-9258-4dc6-a06e-f1c2686b62a8","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1720187030164,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):289
            Entropy (8bit):5.2823398724675705
            Encrypted:false
            SSDEEP:6:YEQXJ2HXUJ+z2vB3/dVlPIHAR0YOgEeoAvJfFldPeUkwRe9:YvXKXUJfvR/ZwHAgGz8Ukee9
            MD5:109D1DECADB10959E7B27A6F5A117983
            SHA1:32E7A6AEE1BFB23B6CC5C45235AB5867B933FE74
            SHA-256:785C4FE215A7A5EA8CF054F7AB99E2162076834D4C17FD2645702A085DA607FB
            SHA-512:98116A45A4147AC8A730114A92F1B81AF90DDB677D8FF7C10BDEBC9D8686FA49BC6AE6FBFB008144C8CD74F77FC02D17A6ACBFE3649EDA504C09610EA4540AC3
            Malicious:false
            Reputation:low
            Preview:{"analyticsData":{"responseGUID":"9f8b2144-9258-4dc6-a06e-f1c2686b62a8","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1720187030164,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):1372
            Entropy (8bit):5.7396829065655
            Encrypted:false
            SSDEEP:24:Yv6XaJh8KLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNZO:Yv7Jh8EgigrNt0wSJn+ns8cvFJzO
            MD5:6F9AB7F4AF880EDA04D94A22EC7B8F6F
            SHA1:D635FFA900122152B1C2F4C2B3A0239F31C93CE5
            SHA-256:ACED2728D1175DACE75D1DAD6070CF3EFDF9633366B2038F35F855363FD1B12A
            SHA-512:F45B204F1BB75336F2CFD3C2B5CF0A6D79A1566B99BCBB3FCBD22A03318477F0467243C9799E2D1028D0047E8D8A8615315619FE0C9225B94CC31D804A88C429
            Malicious:false
            Reputation:low
            Preview:{"analyticsData":{"responseGUID":"9f8b2144-9258-4dc6-a06e-f1c2686b62a8","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1720187030164,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):289
            Entropy (8bit):5.276004050134664
            Encrypted:false
            SSDEEP:6:YEQXJ2HXUJ+z2vB3/dVlPIHAR0YOgEeoAvJfYdPeUkwRe9:YvXKXUJfvR/ZwHAgGg8Ukee9
            MD5:BD2A0E31EF5FF47DC75FCCBEB5134540
            SHA1:2959D40F131DFE93BBD7857E716CCCE90876354F
            SHA-256:0AEC2C612AD0204C74007FC985437B77C804F7FB9349CFFB115EC6A5A36877C7
            SHA-512:2CA59D0B840751A9FE0B17B54EA8DD832EFC38A72E12B38FEE56A4F0AEDB922FEA18FC0BFC8219027FDFAB5394C912D88947E9C84FB05E6A686E37F6E0BE74F3
            Malicious:false
            Reputation:low
            Preview:{"analyticsData":{"responseGUID":"9f8b2144-9258-4dc6-a06e-f1c2686b62a8","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1720187030164,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):1395
            Entropy (8bit):5.776851276199195
            Encrypted:false
            SSDEEP:24:Yv6XaJhzrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNBO:Yv7JhzHgDv3W2aYQfgB5OUupHrQ9FJfO
            MD5:6CF51D468D7EA390D54A611A9CFABFA7
            SHA1:1877A4764A2AA2E50EC1565B29BDDA66F135B5E9
            SHA-256:4EA99D3AFF926CB08D840E13804AACB02BD4F67AF36C87EB2800C6ACEA06431C
            SHA-512:9F16D7490669EEE3407F49450C0582BA0AA524B762D6510BF988EF601D44733766DD728B1495CA108ABE12F11CEB3951E66BF2A27209FEE948F1A2A5D6B70836
            Malicious:false
            Reputation:low
            Preview:{"analyticsData":{"responseGUID":"9f8b2144-9258-4dc6-a06e-f1c2686b62a8","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1720187030164,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):291
            Entropy (8bit):5.259716068426159
            Encrypted:false
            SSDEEP:6:YEQXJ2HXUJ+z2vB3/dVlPIHAR0YOgEeoAvJfbPtdPeUkwRe9:YvXKXUJfvR/ZwHAgGDV8Ukee9
            MD5:279F19207EA76DA8E1C7B46C5A435DDC
            SHA1:5A046D8C035B52C132AB212EEED17D2DC97C607C
            SHA-256:6093FCDCAA51161D130929B0D74C72ADEEEAB8BDC39A45CD183743F11E663D6A
            SHA-512:970D2161AE7B53580AFCE0DC9576BD98BB88D0E0F0C42895A825A8FC406FDAFBA4D2142F486E3D4581E24F01B1C02EF6822D0FCC6A1F26D6B2E3D7CD0B5AC37F
            Malicious:false
            Reputation:low
            Preview:{"analyticsData":{"responseGUID":"9f8b2144-9258-4dc6-a06e-f1c2686b62a8","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1720187030164,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):287
            Entropy (8bit):5.258426877886678
            Encrypted:false
            SSDEEP:6:YEQXJ2HXUJ+z2vB3/dVlPIHAR0YOgEeoAvJf21rPeUkwRe9:YvXKXUJfvR/ZwHAgG+16Ukee9
            MD5:D5B18B917D70E23AE9290B8AF4FA8060
            SHA1:2104A09BF2E78E2DE5AF5895A0C9E1DF0D873473
            SHA-256:CB673BE7C195A0761A1BA8FF37FE22E1D5DC2B29A9D1237FBCF6EDD23593C0BF
            SHA-512:5038DFC26246D858446A95DEDC668DF05A313BD393B01B12135A8B5165EA14916D87A6D19616CDDFE5B41C9D308C213E2E9737DD38F8008F2F6D20580E309CD6
            Malicious:false
            Reputation:low
            Preview:{"analyticsData":{"responseGUID":"9f8b2144-9258-4dc6-a06e-f1c2686b62a8","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1720187030164,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):289
            Entropy (8bit):5.28254536081859
            Encrypted:false
            SSDEEP:6:YEQXJ2HXUJ+z2vB3/dVlPIHAR0YOgEeoAvJfbpatdPeUkwRe9:YvXKXUJfvR/ZwHAgGVat8Ukee9
            MD5:8D60EBD38EE799D76D4866EEC8250EBA
            SHA1:31023B98584920FFE5D30903E9FE2346B3B130DF
            SHA-256:8248F3E335F6C0CD33C786DB115CF43B82AE164CBD47D60C4B6AE77BB85F3369
            SHA-512:DADDA1271AD1DEE713C3BCDF5A8FB900192B8A6D79929BAA3E6B943966C6E56DA7BA40A7D55F91C3C236C850F517FCEB3665B1B1ECE4674CC813D9A6DADB2454
            Malicious:false
            Reputation:low
            Preview:{"analyticsData":{"responseGUID":"9f8b2144-9258-4dc6-a06e-f1c2686b62a8","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1720187030164,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):286
            Entropy (8bit):5.2336672270284845
            Encrypted:false
            SSDEEP:6:YEQXJ2HXUJ+z2vB3/dVlPIHAR0YOgEeoAvJfshHHrPeUkwRe9:YvXKXUJfvR/ZwHAgGUUUkee9
            MD5:83B121D3493F2129A43065ED202EC144
            SHA1:DF52A9B391D360C38F935F3D23AFF0C32F3C2F0E
            SHA-256:CF118D44598D5AE5053BF8E247D31A8AA0E9B22D53E0B5185FD8EFB7AF569F1B
            SHA-512:EB2F5AB9D1B7020496D7557DC02CD6E2DE88CE127A87A365EA1712B8A8688F4C37997471844DAB9B391A4911FD544FA53E5908697B16E302BCB053643045A6BD
            Malicious:false
            Reputation:low
            Preview:{"analyticsData":{"responseGUID":"9f8b2144-9258-4dc6-a06e-f1c2686b62a8","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1720187030164,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):782
            Entropy (8bit):5.365113799039468
            Encrypted:false
            SSDEEP:12:YvXKXUJfvR/ZwHAgGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWFO:Yv6XaJhK168CgEXX5kcIfANhoO
            MD5:B2E72568058C1E9C7E52DC4D3A55E7F2
            SHA1:191A50376A68018F9CAF4D0EF9D4567088B21B97
            SHA-256:43364751AD0EDD454DE16CB43D9198B0B1186D4E05398F2221BBB3A8A55728BD
            SHA-512:8D77C9DE6C3F9CB081A45A0C8D79DF9E3836E6AA0FDC17AE70826DC41EB29E37C0B6B335A3F38051C70EE37072479142E8D93BB4B724DCF33612075E3FE8F9A2
            Malicious:false
            Reputation:low
            Preview:{"analyticsData":{"responseGUID":"9f8b2144-9258-4dc6-a06e-f1c2686b62a8","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1720187030164,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1720011170197}}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:data
            Category:dropped
            Size (bytes):4
            Entropy (8bit):0.8112781244591328
            Encrypted:false
            SSDEEP:3:e:e
            MD5:DC84B0D741E5BEAE8070013ADDCC8C28
            SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
            SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
            SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
            Malicious:false
            Reputation:low
            Preview:....

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):2814
            Entropy (8bit):5.102774995415939
            Encrypted:false
            SSDEEP:48:Y/L93kzXJdAjavbExrgUYmrgFNNaJTN1GlpIn0HP4ROwh9JEimIb:Zzf0avyGlNKTNhS4F/a6
            MD5:569A23CFB57EC8DE938C661DC18F1551
            SHA1:D4310C20C365A476D1F7477D24F173E9E92A84DF
            SHA-256:13C670F2887274C93035F87A488E06F73AAA31526D46C61C088141873A252701
            SHA-512:9602E2723D3DFB4ABC5E389A253367144CD5C185AF4A7B75F91412B0E82645BF607A59363DFF6AA887FC4372D5F8C7B3C08F097B4D539E885166910E872CC414
            Malicious:false
            Reputation:low
            Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"b62b62d22dcfb7f9b64518c2b61ca070","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1720011169000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"40ff342d1c85bf71f363fc1e1c66ac1a","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1720011169000},{"id":"Edit_InApp_Aug2020","info":{"dg":"8375b994e71ffac22c3532ee56ca657a","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1720011169000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"6d572e4905100be7f03fce5f0d50597c","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1720011169000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"f0f6b099dfcad051824fda444f43dbd8","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1720011169000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"deb01c8cf2b0e23bdaeaa73d84b36b8c","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1720011169000},

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
            Category:dropped
            Size (bytes):12288
            Entropy (8bit):1.3189171789207417
            Encrypted:false
            SSDEEP:24:TLKufx/XYKQvGJF7urs9Ohn07oz7oF0Hl0FopUEiP66UEiPbnPnNknNMebytqVpU:TGufl2GL7ms9WR1CPmPbPahbkypilI5y
            MD5:BA13CD34AF3FCCEF3A09F4FEF3A039C2
            SHA1:E6F9C3DC26A96370922468D24AAE114BEA7BFBF5
            SHA-256:0C3B4D48FE92F12A1DB9799B6D26A32AC13180A0B9D5EF750257026776EAD96E
            SHA-512:007DCEAEB9EE05D1FA144011DB8A927EEA27C21175BCC62BA799350617440BF8C376B90753C29726C703F74DE7F4F350DDCC446D6A6A456D00BB10FD7E920091
            Malicious:false
            Reputation:low
            Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:SQLite Rollback Journal
            Category:dropped
            Size (bytes):8720
            Entropy (8bit):1.7803035008916455
            Encrypted:false
            SSDEEP:24:7+tWwlhn07oz7oF0Hl0FopUEiP66UEiPbnPnNknNMeby4qVpaVrScVr0InWqLhxT:7MuWR1CPmPbPahbBypilIvqFl2GL7msN
            MD5:C76B7CAF97133ED8EFF0AA322AC95BB7
            SHA1:759037A20ADE5FEEE20D0120EE40B2741A3D3B0D
            SHA-256:0BAD4B0CE440E9D4C06EACA7379CE82960E3C1EC9331553DCF82F7A802353612
            SHA-512:2DC183B71225CF7D5A6124269DFE1A1F6D050AE59D1CC54875032E7A574B581D2CC88CFC7AB76D1112247A924A7B0CF9D83E1A9026FB7C1D38F672C6E27D7421
            Malicious:false
            Reputation:low
            Preview:.... .c.......L...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................^..^.^.^.^.^.^.^.p.p.p.p.p.p.p.p.p.p..........................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\MSI7c685.LOG

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
            Category:dropped
            Size (bytes):246
            Entropy (8bit):3.5274671434738973
            Encrypted:false
            SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K82A0l4oYH:Qw946cPbiOxDlbYnuRKXA7oYH
            MD5:865DC099AFE0A0FE8BDBFC582CD53296
            SHA1:F35716C65C723AA81F02B15DB4851F4DC04FDA09
            SHA-256:E1A8F69E47703BEF6A229AD7A7F44233190355CC7722FAA4B13FBCFB78E4A614
            SHA-512:F9DD04F9A97202B940455FE69A99D922359A58735438CD5E77F55F83768AD92883E114067C966EBCC0BA6D80BEB1DF9D036A6F5F863A3702AEB7F9917E3EB322
            Malicious:false
            Reputation:low
            Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.3./.0.7./.2.0.2.4. . .0.8.:.5.2.:.5.0. .=.=.=.....

            C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-07-03 08-52-45-406.log

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:ASCII text, with very long lines (393)
            Category:dropped
            Size (bytes):16525
            Entropy (8bit):5.33860678500249
            Encrypted:false
            SSDEEP:384:IC2heaVGJMUPhP80d0Wc+9eG/CCihFomva7RVRkfKhZmWWyC7rjgNgXo6ge5iaW0:X8B
            MD5:C3FEDB046D1699616E22C50131AAF109
            SHA1:C9EEA5A1A16BD2CD8154E8C308C8A336E990CA8D
            SHA-256:EA948BAC75D609B74084113392C9F0615D447B7F4AACA78D818205503EACC3FD
            SHA-512:845CDB5166B35B39215A051144452BEF9161FFD735B3F8BD232FB9A7588BA016F7939D91B62E27D6728686DFA181EFC3F3CC9954B2EDAB7FC73FCCE850915185
            Malicious:false
            Reputation:low
            Preview:SessionID=29b7f1b4-edf3-467e-b302-20b20356cfee.1696494928080 Timestamp=2023-10-05T10:35:28:080+0200 ThreadID=6832 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=29b7f1b4-edf3-467e-b302-20b20356cfee.1696494928080 Timestamp=2023-10-05T10:35:28:081+0200 ThreadID=6832 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=29b7f1b4-edf3-467e-b302-20b20356cfee.1696494928080 Timestamp=2023-10-05T10:35:28:081+0200 ThreadID=6832 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=29b7f1b4-edf3-467e-b302-20b20356cfee.1696494928080 Timestamp=2023-10-05T10:35:28:081+0200 ThreadID=6832 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=29b7f1b4-edf3-467e-b302-20b20356cfee.1696494928080 Timestamp=2023-10-05T10:35:28:081+0200 ThreadID=6832 Component=ngl-lib_NglAppLib Description="SetConfig:

            C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:ASCII text, with very long lines (392), with CRLF line terminators
            Category:dropped
            Size (bytes):15089
            Entropy (8bit):5.382435882474414
            Encrypted:false
            SSDEEP:384:mtRFFwMJSRdqCHFn7JnGJLyT7QviEihVaMb9p7f7RYzCfW5Y8eHaeGrGruPRWIFp:mONg
            MD5:1AD84EE10B4781DCF4000F52A06B8A6D
            SHA1:7EC5C2EA6854D1AC782031DBF121CE7538280D04
            SHA-256:3C3C051F9C1082BDA8AB867E265C3A0FD39EDA06B5CB30E92DED3846D3FCAE4F
            SHA-512:69A825F4052F181FC988B912AB1DF22B206DFB6918822224D643FE00FAB6DEE5D85C29BD4ADA250C8623281C717DB8B37595CC8A996EA42414E68A1193B74B00
            Malicious:false
            Reputation:low
            Preview:SessionID=f9d68bd8-c915-47b1-b39b-faf4e6e7c386.1720011165421 Timestamp=2024-07-03T08:52:45:421-0400 ThreadID=6920 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=f9d68bd8-c915-47b1-b39b-faf4e6e7c386.1720011165421 Timestamp=2024-07-03T08:52:45:422-0400 ThreadID=6920 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=f9d68bd8-c915-47b1-b39b-faf4e6e7c386.1720011165421 Timestamp=2024-07-03T08:52:45:422-0400 ThreadID=6920 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=f9d68bd8-c915-47b1-b39b-faf4e6e7c386.1720011165421 Timestamp=2024-07-03T08:52:45:423-0400 ThreadID=6920 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=f9d68bd8-c915-47b1-b39b-faf4e6e7c386.1720011165421 Timestamp=2024-07-03T08:52:45:423-0400 ThreadID=6920 Component=ngl-lib_NglAppLib Description="SetConf

            C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):29752
            Entropy (8bit):5.411975370780219
            Encrypted:false
            SSDEEP:192:TcbeIewcbVcbqI4ucbrcbQIrJcb6cbCIC4cbHcbmIHNcbt:ceo4+rsCOHW
            MD5:A557665B8AA310D559A1C6763A919A8D
            SHA1:2807A15DFB3AE1C2FA94258B27C2288FAFAF4932
            SHA-256:BF91036451DF65AE09E438436495BD01A8B5DC4F642201F2844F5BB9742208B6
            SHA-512:75E84109997267C48B197FF199557F9A4177E2656CFAD08465AD59CD5E0DC5AF25ECEC18FCD09E1CA8E2AD1D952273BE90AFFEDE45BCE44DCF51875F15D1B1B8
            Malicious:false
            Reputation:low
            Preview:05-10-2023 10:18:29:.---2---..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 10:18:29:.Closing File..05-10-

            C:\Users\user\AppData\Local\Temp\acrocef_low\8883e01d-4c6d-49a9-bf96-80766f096380.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
            Category:dropped
            Size (bytes):1407294
            Entropy (8bit):7.97605879016224
            Encrypted:false
            SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
            MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
            SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
            SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
            SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
            Malicious:false
            Reputation:low
            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

            C:\Users\user\AppData\Local\Temp\acrocef_low\ba036d21-c281-4f2f-9ee2-7baac9601696.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
            Category:dropped
            Size (bytes):386528
            Entropy (8bit):7.9736851559892425
            Encrypted:false
            SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
            MD5:5C48B0AD2FEF800949466AE872E1F1E2
            SHA1:337D617AE142815EDDACB48484628C1F16692A2F
            SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
            SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
            Malicious:false
            Reputation:low
            Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

            C:\Users\user\AppData\Local\Temp\acrocef_low\eac8a83c-a527-47b8-99a8-81004482feb5.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
            Category:dropped
            Size (bytes):758601
            Entropy (8bit):7.98639316555857
            Encrypted:false
            SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
            MD5:3A49135134665364308390AC398006F1
            SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
            SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
            SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
            Malicious:false
            Reputation:low
            Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

            C:\Users\user\AppData\Local\Temp\acrocef_low\ec1510ff-8f44-4129-ade9-c8cb700138b9.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
            Category:dropped
            Size (bytes):1419751
            Entropy (8bit):7.976496077007677
            Encrypted:false
            SSDEEP:24576:/rwYIGNP4mOWL07oBGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:TwZG6bWLxBGZN3mlind9i4ufFXpAXkru
            MD5:95F182500FC92778102336D2D5AADCC8
            SHA1:BEC510B6B3D595833AF46B04C5843B95D2A0A6C9
            SHA-256:9F9C041D7EE1DA404E53022D475B9E6D5924A17C08D5FDEC58C0A1DCDCC4D4C9
            SHA-512:D7C022459486D124CC6CDACEAD8D46E16EDC472F4780A27C29D98B35AD01A9BA95F62155433264CC12C32BFF384C7ECAFCE0AC45853326CBC622AE65EE0D90BA
            Malicious:false
            Reputation:low
            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 11:51:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2677
            Entropy (8bit):3.977939266399265
            Encrypted:false
            SSDEEP:48:8y0dtT1JVHDidAKZdA1oehwiZUklqeh3y+3:8ySTa8y
            MD5:D27F16B0EB8FBF35C4CCAC4E7CFC108F
            SHA1:228FD7E292C59A2F8F968593AB7AF49574B0FC30
            SHA-256:228EABDFCF1154622211B7CC25DA404E46F8580FE087923892F9E4BA43A13DA4
            SHA-512:C7693CC1211292D0162A0B72363F56B2A4AACC503AE13C6F7E3EC16B999CFB5F70336EDC57876D99A50C186026DD15E95AACC66D3D0088DA8A92E08AA192492F
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,.......G...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.Xkf....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xkf....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xkf....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xkf..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xmf...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............oP.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 11:51:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2679
            Entropy (8bit):3.9911578148363764
            Encrypted:false
            SSDEEP:48:8k0dtT1JVHDidAKZdA1leh/iZUkAQkqehsy+2:8kSTw9Qly
            MD5:EA7914B3EF4DB157D1CF786BADD050B0
            SHA1:D9DD92DB7166713BA97248920430EF3674015D9D
            SHA-256:A69DF6D3313E9604F33F79D650EA9DCB10CF2EC270D9C416EBB04B793D0B6754
            SHA-512:184C702135E4F715BAEC1B8C396C7CBECBE19AC139C0E7E020F2220BB5B8A39C74DD2158B9D75F2D1212D13F32C3A8A4E558319E63CB9BD226005863641199EC
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,....;..G...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.Xkf....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xkf....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xkf....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xkf..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xmf...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............oP.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2693
            Entropy (8bit):4.003440485511762
            Encrypted:false
            SSDEEP:48:8g0dtT1JbHDidAKZdA14t5eh7sFiZUkmgqeh7syy+BX:8gSTSngy
            MD5:1DB4BDA44E7721EC7CEC0AEBBD0C6935
            SHA1:0F838219DB73E3EB7E7E4ECAA131B88753ABDB91
            SHA-256:5E3407AA51AB9C71B1603B929456F664A84DABB7102899D90F8DDA066523D0F1
            SHA-512:05477EB97FF945F4C163E38E42AD52B8A23071E734BBC2BCDC870C15229DF46A8874FD32458DD65F7EA150896562086BB843A47981264EC56EBC9DF784E1382C
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,.....C..b...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.Xkf....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xkf....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xkf....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xkf..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VEW.@...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............oP.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 11:51:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2681
            Entropy (8bit):3.986102493729921
            Encrypted:false
            SSDEEP:48:8D0dtT1JVHDidAKZdA16ehDiZUkwqeh4y+R:8DSTrKy
            MD5:DADDA82624CE21759F56A133C1A3749D
            SHA1:D4CA31E0FD00E5EB514300FB2828A030201F7F96
            SHA-256:2A9326258562DA1F226C67CFCF623E7581340C3DC8AECBD9EA0BD9D5A15DA20E
            SHA-512:AD30035ABFAF47F79793B7FDD286E6C2F3BDA0234A136780605ABBA6468B4002D8DE9035A12419E71703B4A36B4B700B3E82F9CEFDFE586DC139B2296CF7FD70
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,....lt..G...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.Xkf....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xkf....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xkf....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xkf..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xmf...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............oP.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 11:51:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2681
            Entropy (8bit):3.9815646143809453
            Encrypted:false
            SSDEEP:48:850dtT1JVHDidAKZdA1UehBiZUk1W1qehmy+C:85STL9Gy
            MD5:954C0EDA9F81B3D0CE260CDF05ED0742
            SHA1:AEE6657B37F9E70EE3E2E9086637732A1F9DDCD6
            SHA-256:05E2502D21AD262593741BE7A7736545E3F2AC31C877FFBE12BD3FBB0AD9CA7E
            SHA-512:FA7AE32D52E945FD74410F7F6AD7B852604AED6B83E06B5EF8A4AEBE1AA1DFEE3388251FB7CF61007D57BD28C17855334CD541702B89B7334C1D9F5BFD80EEDD
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,.......G...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.Xkf....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xkf....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xkf....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xkf..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xmf...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............oP.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 11:51:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2683
            Entropy (8bit):3.99210246472408
            Encrypted:false
            SSDEEP:48:8xh0dtT1JVHDidAKZdA1duTrehOuTbbiZUk5OjqehOuTbgy+yT+:8bSTETYTbxWOvTbgy7T
            MD5:3AFE32C3EFA89F727AD3F7DB7367CD70
            SHA1:250103C70FEB63F00191CE3CBAD848ED4286223F
            SHA-256:4879872A671E2D74956B32580F96CFCC4C67EA0F31A9C636B5B30C612A2AEA06
            SHA-512:6F9BDC1C199333893F40A761EE0BA3ADD33F98B9A814CD5E3A57EE508C403198C9A0926EA6B3A06398BEB0DDC977082A789DD9EA0BED585C57A14DBD73FFB592
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,....'...G...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.Xkf....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xkf....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xkf....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xkf..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xmf...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............oP.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

            C:\Users\user\Downloads\50558ba6-003a-437f-b40b-90cdad421604.tmp

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:PDF document, version 1.5, 1 pages
            Category:dropped
            Size (bytes):24972
            Entropy (8bit):7.513461749332853
            Encrypted:false
            SSDEEP:768:x/HBRmNMZ88dZxt61mzzAeWSVBUKG4sw9KhwikD:5G8dZ/YAgSV6KG4BKzG
            MD5:73F1BD18DA9F1963C1C93CCAF9D68128
            SHA1:16E41B58446C9EDAF32F26758B1BB6408BDC1267
            SHA-256:A1DAFA5B4206C93DAAD1E1BA7B6A672ED143E4AB1E215275E7FDD6C6E4CA1137
            SHA-512:FB825A7FC5244B61E74A8CB087D412CA1F7AC7DC005BE79ED114D8D73A677CEB797DBE8634769AD5F610B1B751C238A3E7222E655E635D554E6D7B965140BDF6
            Malicious:false
            Reputation:low
            Preview:%PDF-1.5.%.....2 0 obj..<<../Type/Page../Parent 1 0 R../MediaBox[0 0 612.0 792.0]../Contents 8 0 R../Resources 9 0 R..>>..endobj..9 0 obj..<<../ProcSet [/PDF/Text/ImageB/ImageC/ImageI]../Font..<<../Font4 4 0 R../Font6 6 0 R..>>../XObject..<<../im3 3 0 R..>>..>>..endobj..8 0 obj..<<../Filter [/FlateDecode]../Length 2465..>>..stream..x..Z.n.8.}7..( .`..x.I.i}Iv.HlO.3.d.d...tK.I.......E...&.M.NT-V.O]X,.A...#.(...X}..}......_.;..a......3.>j..Ci..T..w..`.}..X.8.vw~5?q...R...S.V..X....;4.Q...w.!..I........o........ov..n.j .T...;..$LD...8B..n......-.....l).....5<4..c..B.(..u.8^(..)..be..)......U.Kx..._vw.,:..aig=.2I#..e...B.X,i..e...".f.=..9...J...Q.(6.....%X.1.H.Hc"6l.d3.W..l..h..J.T.M6.f&.8.'L.`F.Z...P;~.T..;U....L......4R...,K..i.N...*;. %.9.g..!L.)..6...9...J.q.=...O.!..Jp..P|@...1.2GlTE1...............1n.X0....,0N]..,..7.....B.......F...0......`.I'6...}<.9-...n_(.I.}b>..KXT.Of..d#...IG8...m...k.;....M.vd..IV....>c....Q...X...,.l.'U..mV.......pcf.6..F..K

            C:\Users\user\Downloads\6f5b59ea-f236-4073-9598-c6a2c2b825a5.tmp

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:PDF document, version 1.5, 1 pages
            Category:dropped
            Size (bytes):24972
            Entropy (8bit):7.513461749332853
            Encrypted:false
            SSDEEP:768:x/HBRmNMZ88dZxt61mzzAeWSVBUKG4sw9KhwikD:5G8dZ/YAgSV6KG4BKzG
            MD5:73F1BD18DA9F1963C1C93CCAF9D68128
            SHA1:16E41B58446C9EDAF32F26758B1BB6408BDC1267
            SHA-256:A1DAFA5B4206C93DAAD1E1BA7B6A672ED143E4AB1E215275E7FDD6C6E4CA1137
            SHA-512:FB825A7FC5244B61E74A8CB087D412CA1F7AC7DC005BE79ED114D8D73A677CEB797DBE8634769AD5F610B1B751C238A3E7222E655E635D554E6D7B965140BDF6
            Malicious:false
            Reputation:low
            Preview:%PDF-1.5.%.....2 0 obj..<<../Type/Page../Parent 1 0 R../MediaBox[0 0 612.0 792.0]../Contents 8 0 R../Resources 9 0 R..>>..endobj..9 0 obj..<<../ProcSet [/PDF/Text/ImageB/ImageC/ImageI]../Font..<<../Font4 4 0 R../Font6 6 0 R..>>../XObject..<<../im3 3 0 R..>>..>>..endobj..8 0 obj..<<../Filter [/FlateDecode]../Length 2465..>>..stream..x..Z.n.8.}7..( .`..x.I.i}Iv.HlO.3.d.d...tK.I.......E...&.M.NT-V.O]X,.A...#.(...X}..}......_.;..a......3.>j..Ci..T..w..`.}..X.8.vw~5?q...R...S.V..X....;4.Q...w.!..I........o........ov..n.j .T...;..$LD...8B..n......-.....l).....5<4..c..B.(..u.8^(..)..be..)......U.Kx..._vw.,:..aig=.2I#..e...B.X,i..e...".f.=..9...J...Q.(6.....%X.1.H.Hc"6l.d3.W..l..h..J.T.M6.f&.8.'L.`F.Z...P;~.T..;U....L......4R...,K..i.N...*;. %.9.g..!L.)..6...9...J.q.=...O.!..Jp..P|@...1.2GlTE1...............1n.X0....,0N]..,..7.....B.......F...0......`.I'6...}<.9-...n_(.I.}b>..KXT.Of..d#...IG8...m...k.;....M.vd..IV....>c....Q...X...,.l.'U..mV.......pcf.6..F..K

            C:\Users\user\Downloads\downloaded.pdf (copy)

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:PDF document, version 1.5, 1 pages
            Category:dropped
            Size (bytes):24972
            Entropy (8bit):7.513461749332853
            Encrypted:false
            SSDEEP:768:x/HBRmNMZ88dZxt61mzzAeWSVBUKG4sw9KhwikD:5G8dZ/YAgSV6KG4BKzG
            MD5:73F1BD18DA9F1963C1C93CCAF9D68128
            SHA1:16E41B58446C9EDAF32F26758B1BB6408BDC1267
            SHA-256:A1DAFA5B4206C93DAAD1E1BA7B6A672ED143E4AB1E215275E7FDD6C6E4CA1137
            SHA-512:FB825A7FC5244B61E74A8CB087D412CA1F7AC7DC005BE79ED114D8D73A677CEB797DBE8634769AD5F610B1B751C238A3E7222E655E635D554E6D7B965140BDF6
            Malicious:false
            Reputation:low
            Preview:%PDF-1.5.%.....2 0 obj..<<../Type/Page../Parent 1 0 R../MediaBox[0 0 612.0 792.0]../Contents 8 0 R../Resources 9 0 R..>>..endobj..9 0 obj..<<../ProcSet [/PDF/Text/ImageB/ImageC/ImageI]../Font..<<../Font4 4 0 R../Font6 6 0 R..>>../XObject..<<../im3 3 0 R..>>..>>..endobj..8 0 obj..<<../Filter [/FlateDecode]../Length 2465..>>..stream..x..Z.n.8.}7..( .`..x.I.i}Iv.HlO.3.d.d...tK.I.......E...&.M.NT-V.O]X,.A...#.(...X}..}......_.;..a......3.>j..Ci..T..w..`.}..X.8.vw~5?q...R...S.V..X....;4.Q...w.!..I........o........ov..n.j .T...;..$LD...8B..n......-.....l).....5<4..c..B.(..u.8^(..)..be..)......U.Kx..._vw.,:..aig=.2I#..e...B.X,i..e...".f.=..9...J...Q.(6.....%X.1.H.Hc"6l.d3.W..l..h..J.T.M6.f&.8.'L.`F.Z...P;~.T..;U....L......4R...,K..i.N...*;. %.9.g..!L.)..6...9...J.q.=...O.!..Jp..P|@...1.2GlTE1...............1n.X0....,0N]..,..7.....B.......F...0......`.I'6...}<.9-...n_(.I.}b>..KXT.Of..d#...IG8...m...k.;....M.vd..IV....>c....Q...X...,.l.'U..mV.......pcf.6..F..K

            C:\Users\user\Downloads\downloaded.pdf.crdownload (copy)

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:PDF document, version 1.5, 1 pages
            Category:dropped
            Size (bytes):24972
            Entropy (8bit):7.513461749332853
            Encrypted:false
            SSDEEP:768:x/HBRmNMZ88dZxt61mzzAeWSVBUKG4sw9KhwikD:5G8dZ/YAgSV6KG4BKzG
            MD5:73F1BD18DA9F1963C1C93CCAF9D68128
            SHA1:16E41B58446C9EDAF32F26758B1BB6408BDC1267
            SHA-256:A1DAFA5B4206C93DAAD1E1BA7B6A672ED143E4AB1E215275E7FDD6C6E4CA1137
            SHA-512:FB825A7FC5244B61E74A8CB087D412CA1F7AC7DC005BE79ED114D8D73A677CEB797DBE8634769AD5F610B1B751C238A3E7222E655E635D554E6D7B965140BDF6
            Malicious:false
            Reputation:low
            Preview:%PDF-1.5.%.....2 0 obj..<<../Type/Page../Parent 1 0 R../MediaBox[0 0 612.0 792.0]../Contents 8 0 R../Resources 9 0 R..>>..endobj..9 0 obj..<<../ProcSet [/PDF/Text/ImageB/ImageC/ImageI]../Font..<<../Font4 4 0 R../Font6 6 0 R..>>../XObject..<<../im3 3 0 R..>>..>>..endobj..8 0 obj..<<../Filter [/FlateDecode]../Length 2465..>>..stream..x..Z.n.8.}7..( .`..x.I.i}Iv.HlO.3.d.d...tK.I.......E...&.M.NT-V.O]X,.A...#.(...X}..}......_.;..a......3.>j..Ci..T..w..`.}..X.8.vw~5?q...R...S.V..X....;4.Q...w.!..I........o........ov..n.j .T...;..$LD...8B..n......-.....l).....5<4..c..B.(..u.8^(..)..be..)......U.Kx..._vw.,:..aig=.2I#..e...B.X,i..e...".f.=..9...J...Q.(6.....%X.1.H.Hc"6l.d3.W..l..h..J.T.M6.f&.8.'L.`F.Z...P;~.T..;U....L......4R...,K..i.N...*;. %.9.g..!L.)..6...9...J.q.=...O.!..Jp..P|@...1.2GlTE1...............1n.X0....,0N]..,..7.....B.......F...0......`.I'6...}<.9-...n_(.I.}b>..KXT.Of..d#...IG8...m...k.;....M.vd..IV....>c....Q...X...,.l.'U..mV.......pcf.6..F..K

            Chrome Cache Entry: 227

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:XML 1.0 document, ASCII text
            Category:downloaded
            Size (bytes):243
            Entropy (8bit):5.551513252377009
            Encrypted:false
            SSDEEP:6:TMVBd/ZbZjZvKtWRVzjm9EAiDGO2hq5XTJBUYcBan:TMHd9BZKtWRnFFixBa
            MD5:1470312FC89F1BD3C639C7D308D30156
            SHA1:26B0CB382BCE0084CF83F755FC96975E9CEEC372
            SHA-256:CF685E0F7EDCC6AF1081831CFB7ABC298BD87AAFE7F40C47DE0E07D431B9661F
            SHA-512:E8D6C17CDFE20F010AE410B4056FABB94C5C8A83F198DBECA719D2C809F21905508BC2BB39262E6EC9C46401F4A1DDBC69D3F088D4F06479E1CF2A6F84034F46
            Malicious:false
            Reputation:low
            URL:https://sterling-prod-acumatica.s3.amazonaws.com/favicon.ico
            Preview:<?xml version="1.0" encoding="UTF-8"?>.<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>C26KSVC8T9567ZXM</RequestId><HostId>rMre0Ctpc80TMPwQAQtjTXBPXtNI3Tw7OUTT0X8QrpyV/RUW3P6SBskTRlUylc3qWxG6C/259ZE=</HostId></Error>

            Chrome Cache Entry: 228

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:PDF document, version 1.5, 1 pages
            Category:downloaded
            Size (bytes):24972
            Entropy (8bit):7.513461749332853
            Encrypted:false
            SSDEEP:768:x/HBRmNMZ88dZxt61mzzAeWSVBUKG4sw9KhwikD:5G8dZ/YAgSV6KG4BKzG
            MD5:73F1BD18DA9F1963C1C93CCAF9D68128
            SHA1:16E41B58446C9EDAF32F26758B1BB6408BDC1267
            SHA-256:A1DAFA5B4206C93DAAD1E1BA7B6A672ED143E4AB1E215275E7FDD6C6E4CA1137
            SHA-512:FB825A7FC5244B61E74A8CB087D412CA1F7AC7DC005BE79ED114D8D73A677CEB797DBE8634769AD5F610B1B751C238A3E7222E655E635D554E6D7B965140BDF6
            Malicious:false
            Reputation:low
            URL:https://sterling-prod-acumatica.s3.amazonaws.com/9189038_142739N.pdf?AWSAccessKeyId=AKIAIYFV2RUQHU32EZPQ&Expires=1730052721&Signature=Q6nX6CSG3roHKmU5gHtiFWgx1ck%3D
            Preview:%PDF-1.5.%.....2 0 obj..<<../Type/Page../Parent 1 0 R../MediaBox[0 0 612.0 792.0]../Contents 8 0 R../Resources 9 0 R..>>..endobj..9 0 obj..<<../ProcSet [/PDF/Text/ImageB/ImageC/ImageI]../Font..<<../Font4 4 0 R../Font6 6 0 R..>>../XObject..<<../im3 3 0 R..>>..>>..endobj..8 0 obj..<<../Filter [/FlateDecode]../Length 2465..>>..stream..x..Z.n.8.}7..( .`..x.I.i}Iv.HlO.3.d.d...tK.I.......E...&.M.NT-V.O]X,.A...#.(...X}..}......_.;..a......3.>j..Ci..T..w..`.}..X.8.vw~5?q...R...S.V..X....;4.Q...w.!..I........o........ov..n.j .T...;..$LD...8B..n......-.....l).....5<4..c..B.(..u.8^(..)..be..)......U.Kx..._vw.,:..aig=.2I#..e...B.X,i..e...".f.=..9...J...Q.(6.....%X.1.H.Hc"6l.d3.W..l..h..J.T.M6.f&.8.'L.`F.Z...P;~.T..;U....L......4R...,K..i.N...*;. %.9.g..!L.)..6...9...J.q.=...O.!..Jp..P|@...1.2GlTE1...............1n.X0....,0N]..,..7.....B.......F...0......`.I'6...}<.9-...n_(.I.}b>..KXT.Of..d#...IG8...m...k.;....M.vd..IV....>c....Q...X...,.l.'U..mV.......pcf.6..F..K

            Static File Info

            No static file info

            File Icon

            Icon Hash:00b29a8e86828200

            Network Behavior

            Network Port Distribution

            TCP Packets

            TimestampSource PortDest PortSource IPDest IP
            Jul 3, 2024 14:51:16.022568941 CEST4967780192.168.2.8192.229.211.108
            Jul 3, 2024 14:51:18.522543907 CEST49673443192.168.2.823.206.229.226
            Jul 3, 2024 14:51:18.866281986 CEST49672443192.168.2.823.206.229.226
            Jul 3, 2024 14:51:19.725634098 CEST49676443192.168.2.852.182.143.211
            Jul 3, 2024 14:51:20.991288900 CEST49671443192.168.2.8204.79.197.203
            Jul 3, 2024 14:51:21.335072994 CEST4967780192.168.2.8192.229.211.108
            Jul 3, 2024 14:51:26.063903093 CEST49710443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:26.063936949 CEST4434971054.231.228.41192.168.2.8
            Jul 3, 2024 14:51:26.064045906 CEST49710443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:26.064273119 CEST49710443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:26.064286947 CEST4434971054.231.228.41192.168.2.8
            Jul 3, 2024 14:51:26.064749002 CEST49711443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:26.064794064 CEST4434971154.231.228.41192.168.2.8
            Jul 3, 2024 14:51:26.064856052 CEST49711443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:26.065048933 CEST49711443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:26.065063953 CEST4434971154.231.228.41192.168.2.8
            Jul 3, 2024 14:51:26.645838022 CEST4434971054.231.228.41192.168.2.8
            Jul 3, 2024 14:51:26.646790028 CEST49710443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:26.646820068 CEST4434971054.231.228.41192.168.2.8
            Jul 3, 2024 14:51:26.648024082 CEST4434971054.231.228.41192.168.2.8
            Jul 3, 2024 14:51:26.648097038 CEST49710443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:26.648768902 CEST4434971154.231.228.41192.168.2.8
            Jul 3, 2024 14:51:26.649300098 CEST49710443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:26.649388075 CEST4434971054.231.228.41192.168.2.8
            Jul 3, 2024 14:51:26.649532080 CEST49711443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:26.649557114 CEST4434971154.231.228.41192.168.2.8
            Jul 3, 2024 14:51:26.649761915 CEST49710443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:26.649775982 CEST4434971054.231.228.41192.168.2.8
            Jul 3, 2024 14:51:26.654179096 CEST4434971154.231.228.41192.168.2.8
            Jul 3, 2024 14:51:26.654256105 CEST49711443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:26.655158997 CEST49711443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:26.655282974 CEST4434971154.231.228.41192.168.2.8
            Jul 3, 2024 14:51:26.692776918 CEST49710443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:26.708195925 CEST49711443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:26.708213091 CEST4434971154.231.228.41192.168.2.8
            Jul 3, 2024 14:51:26.754895926 CEST49711443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:26.833782911 CEST4434971054.231.228.41192.168.2.8
            Jul 3, 2024 14:51:26.836740017 CEST4434971054.231.228.41192.168.2.8
            Jul 3, 2024 14:51:26.836859941 CEST49710443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:26.836888075 CEST4434971054.231.228.41192.168.2.8
            Jul 3, 2024 14:51:26.836930037 CEST49710443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:26.837007999 CEST4434971054.231.228.41192.168.2.8
            Jul 3, 2024 14:51:26.837017059 CEST4434971054.231.228.41192.168.2.8
            Jul 3, 2024 14:51:26.837049007 CEST4434971054.231.228.41192.168.2.8
            Jul 3, 2024 14:51:26.837073088 CEST49710443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:26.837079048 CEST4434971054.231.228.41192.168.2.8
            Jul 3, 2024 14:51:26.837115049 CEST49710443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:26.837137938 CEST49710443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:26.924185991 CEST4434971054.231.228.41192.168.2.8
            Jul 3, 2024 14:51:26.924253941 CEST49710443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:26.924284935 CEST4434971054.231.228.41192.168.2.8
            Jul 3, 2024 14:51:26.924304962 CEST4434971054.231.228.41192.168.2.8
            Jul 3, 2024 14:51:26.924348116 CEST49710443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:26.924973965 CEST49710443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:26.924989939 CEST4434971054.231.228.41192.168.2.8
            Jul 3, 2024 14:51:27.183135986 CEST49711443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:27.228508949 CEST4434971154.231.228.41192.168.2.8
            Jul 3, 2024 14:51:27.500971079 CEST4434971154.231.228.41192.168.2.8
            Jul 3, 2024 14:51:27.501074076 CEST4434971154.231.228.41192.168.2.8
            Jul 3, 2024 14:51:27.501166105 CEST49711443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:27.582766056 CEST49711443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:27.582792997 CEST4434971154.231.228.41192.168.2.8
            Jul 3, 2024 14:51:27.673590899 CEST49714443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:27.673659086 CEST4434971454.231.228.41192.168.2.8
            Jul 3, 2024 14:51:27.673772097 CEST49714443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:27.677191973 CEST49714443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:27.677210093 CEST4434971454.231.228.41192.168.2.8
            Jul 3, 2024 14:51:28.131249905 CEST49673443192.168.2.823.206.229.226
            Jul 3, 2024 14:51:28.266459942 CEST4434971454.231.228.41192.168.2.8
            Jul 3, 2024 14:51:28.309617996 CEST49714443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:28.319787025 CEST49714443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:28.319797039 CEST4434971454.231.228.41192.168.2.8
            Jul 3, 2024 14:51:28.320259094 CEST4434971454.231.228.41192.168.2.8
            Jul 3, 2024 14:51:28.320935965 CEST49714443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:28.321001053 CEST4434971454.231.228.41192.168.2.8
            Jul 3, 2024 14:51:28.321263075 CEST49714443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:28.364509106 CEST4434971454.231.228.41192.168.2.8
            Jul 3, 2024 14:51:28.466665983 CEST49672443192.168.2.823.206.229.226
            Jul 3, 2024 14:51:28.480962038 CEST4434971454.231.228.41192.168.2.8
            Jul 3, 2024 14:51:28.482496023 CEST4434971454.231.228.41192.168.2.8
            Jul 3, 2024 14:51:28.482505083 CEST4434971454.231.228.41192.168.2.8
            Jul 3, 2024 14:51:28.482552052 CEST4434971454.231.228.41192.168.2.8
            Jul 3, 2024 14:51:28.482559919 CEST49714443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:28.482584953 CEST4434971454.231.228.41192.168.2.8
            Jul 3, 2024 14:51:28.482598066 CEST49714443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:28.482620001 CEST49714443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:28.482642889 CEST49714443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:28.572093010 CEST4434971454.231.228.41192.168.2.8
            Jul 3, 2024 14:51:28.572156906 CEST49714443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:28.572169065 CEST4434971454.231.228.41192.168.2.8
            Jul 3, 2024 14:51:28.572216034 CEST4434971454.231.228.41192.168.2.8
            Jul 3, 2024 14:51:28.572264910 CEST49714443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:28.592361927 CEST49714443192.168.2.854.231.228.41
            Jul 3, 2024 14:51:28.592379093 CEST4434971454.231.228.41192.168.2.8
            Jul 3, 2024 14:51:29.033592939 CEST49715443192.168.2.8184.28.90.27
            Jul 3, 2024 14:51:29.033627987 CEST44349715184.28.90.27192.168.2.8
            Jul 3, 2024 14:51:29.033818007 CEST49715443192.168.2.8184.28.90.27
            Jul 3, 2024 14:51:29.035465002 CEST49715443192.168.2.8184.28.90.27
            Jul 3, 2024 14:51:29.035480976 CEST44349715184.28.90.27192.168.2.8
            Jul 3, 2024 14:51:29.326462984 CEST49676443192.168.2.852.182.143.211
            Jul 3, 2024 14:51:29.413325071 CEST49716443192.168.2.8216.58.212.132
            Jul 3, 2024 14:51:29.413356066 CEST44349716216.58.212.132192.168.2.8
            Jul 3, 2024 14:51:29.413420916 CEST49716443192.168.2.8216.58.212.132
            Jul 3, 2024 14:51:29.418447018 CEST49716443192.168.2.8216.58.212.132
            Jul 3, 2024 14:51:29.418462992 CEST44349716216.58.212.132192.168.2.8
            Jul 3, 2024 14:51:29.706883907 CEST44349715184.28.90.27192.168.2.8
            Jul 3, 2024 14:51:29.706969023 CEST49715443192.168.2.8184.28.90.27
            Jul 3, 2024 14:51:29.741941929 CEST49715443192.168.2.8184.28.90.27
            Jul 3, 2024 14:51:29.741969109 CEST44349715184.28.90.27192.168.2.8
            Jul 3, 2024 14:51:29.742326021 CEST44349715184.28.90.27192.168.2.8
            Jul 3, 2024 14:51:29.796574116 CEST49715443192.168.2.8184.28.90.27
            Jul 3, 2024 14:51:29.877315998 CEST49715443192.168.2.8184.28.90.27
            Jul 3, 2024 14:51:29.920507908 CEST44349715184.28.90.27192.168.2.8
            Jul 3, 2024 14:51:30.068514109 CEST44349715184.28.90.27192.168.2.8
            Jul 3, 2024 14:51:30.068615913 CEST44349715184.28.90.27192.168.2.8
            Jul 3, 2024 14:51:30.068695068 CEST49715443192.168.2.8184.28.90.27
            Jul 3, 2024 14:51:30.072968960 CEST49715443192.168.2.8184.28.90.27
            Jul 3, 2024 14:51:30.072993994 CEST44349715184.28.90.27192.168.2.8
            Jul 3, 2024 14:51:30.073050976 CEST49715443192.168.2.8184.28.90.27
            Jul 3, 2024 14:51:30.073060036 CEST44349715184.28.90.27192.168.2.8
            Jul 3, 2024 14:51:30.074882030 CEST44349716216.58.212.132192.168.2.8
            Jul 3, 2024 14:51:30.090830088 CEST49716443192.168.2.8216.58.212.132
            Jul 3, 2024 14:51:30.090842962 CEST44349716216.58.212.132192.168.2.8
            Jul 3, 2024 14:51:30.091835976 CEST44349716216.58.212.132192.168.2.8
            Jul 3, 2024 14:51:30.091967106 CEST49716443192.168.2.8216.58.212.132
            Jul 3, 2024 14:51:30.110769033 CEST49716443192.168.2.8216.58.212.132
            Jul 3, 2024 14:51:30.110851049 CEST44349716216.58.212.132192.168.2.8
            Jul 3, 2024 14:51:30.139832020 CEST4434970423.206.229.226192.168.2.8
            Jul 3, 2024 14:51:30.139935017 CEST49704443192.168.2.823.206.229.226
            Jul 3, 2024 14:51:30.159388065 CEST49716443192.168.2.8216.58.212.132
            Jul 3, 2024 14:51:30.159401894 CEST44349716216.58.212.132192.168.2.8
            Jul 3, 2024 14:51:30.204969883 CEST49716443192.168.2.8216.58.212.132
            Jul 3, 2024 14:51:30.278255939 CEST49717443192.168.2.8184.28.90.27
            Jul 3, 2024 14:51:30.278310061 CEST44349717184.28.90.27192.168.2.8
            Jul 3, 2024 14:51:30.278390884 CEST49717443192.168.2.8184.28.90.27
            Jul 3, 2024 14:51:30.282107115 CEST49717443192.168.2.8184.28.90.27
            Jul 3, 2024 14:51:30.282123089 CEST44349717184.28.90.27192.168.2.8
            Jul 3, 2024 14:51:30.933418036 CEST44349717184.28.90.27192.168.2.8
            Jul 3, 2024 14:51:30.933552980 CEST49717443192.168.2.8184.28.90.27
            Jul 3, 2024 14:51:30.935992956 CEST49717443192.168.2.8184.28.90.27
            Jul 3, 2024 14:51:30.936012983 CEST44349717184.28.90.27192.168.2.8
            Jul 3, 2024 14:51:30.936362982 CEST44349717184.28.90.27192.168.2.8
            Jul 3, 2024 14:51:30.937871933 CEST49717443192.168.2.8184.28.90.27
            Jul 3, 2024 14:51:30.984497070 CEST44349717184.28.90.27192.168.2.8
            Jul 3, 2024 14:51:31.209374905 CEST44349717184.28.90.27192.168.2.8
            Jul 3, 2024 14:51:31.209481001 CEST44349717184.28.90.27192.168.2.8
            Jul 3, 2024 14:51:31.209661961 CEST49717443192.168.2.8184.28.90.27
            Jul 3, 2024 14:51:31.256505013 CEST49717443192.168.2.8184.28.90.27
            Jul 3, 2024 14:51:31.256535053 CEST44349717184.28.90.27192.168.2.8
            Jul 3, 2024 14:51:32.112674952 CEST4967780192.168.2.8192.229.211.108
            Jul 3, 2024 14:51:38.615945101 CEST49719443192.168.2.820.12.23.50
            Jul 3, 2024 14:51:38.615988970 CEST4434971920.12.23.50192.168.2.8
            Jul 3, 2024 14:51:38.616080046 CEST49719443192.168.2.820.12.23.50
            Jul 3, 2024 14:51:38.617135048 CEST49719443192.168.2.820.12.23.50
            Jul 3, 2024 14:51:38.617153883 CEST4434971920.12.23.50192.168.2.8
            Jul 3, 2024 14:51:39.214091063 CEST4434971920.12.23.50192.168.2.8
            Jul 3, 2024 14:51:39.214179993 CEST49719443192.168.2.820.12.23.50
            Jul 3, 2024 14:51:39.223813057 CEST49719443192.168.2.820.12.23.50
            Jul 3, 2024 14:51:39.223835945 CEST4434971920.12.23.50192.168.2.8
            Jul 3, 2024 14:51:39.224217892 CEST4434971920.12.23.50192.168.2.8
            Jul 3, 2024 14:51:39.266155005 CEST49719443192.168.2.820.12.23.50
            Jul 3, 2024 14:51:39.352611065 CEST49719443192.168.2.820.12.23.50
            Jul 3, 2024 14:51:39.400505066 CEST4434971920.12.23.50192.168.2.8
            Jul 3, 2024 14:51:39.545841932 CEST4434971920.12.23.50192.168.2.8
            Jul 3, 2024 14:51:39.545875072 CEST4434971920.12.23.50192.168.2.8
            Jul 3, 2024 14:51:39.545882940 CEST4434971920.12.23.50192.168.2.8
            Jul 3, 2024 14:51:39.545919895 CEST4434971920.12.23.50192.168.2.8
            Jul 3, 2024 14:51:39.546010017 CEST49719443192.168.2.820.12.23.50
            Jul 3, 2024 14:51:39.546010017 CEST49719443192.168.2.820.12.23.50
            Jul 3, 2024 14:51:39.546030998 CEST4434971920.12.23.50192.168.2.8
            Jul 3, 2024 14:51:39.546039104 CEST4434971920.12.23.50192.168.2.8
            Jul 3, 2024 14:51:39.546082973 CEST49719443192.168.2.820.12.23.50
            Jul 3, 2024 14:51:39.546345949 CEST4434971920.12.23.50192.168.2.8
            Jul 3, 2024 14:51:39.546636105 CEST4434971920.12.23.50192.168.2.8
            Jul 3, 2024 14:51:39.546664000 CEST49719443192.168.2.820.12.23.50
            Jul 3, 2024 14:51:39.546734095 CEST49719443192.168.2.820.12.23.50
            Jul 3, 2024 14:51:39.556715012 CEST49719443192.168.2.820.12.23.50
            Jul 3, 2024 14:51:39.556739092 CEST4434971920.12.23.50192.168.2.8
            Jul 3, 2024 14:51:39.556796074 CEST49719443192.168.2.820.12.23.50
            Jul 3, 2024 14:51:39.556802034 CEST4434971920.12.23.50192.168.2.8
            Jul 3, 2024 14:51:39.996567011 CEST44349716216.58.212.132192.168.2.8
            Jul 3, 2024 14:51:39.996632099 CEST44349716216.58.212.132192.168.2.8
            Jul 3, 2024 14:51:39.996699095 CEST49716443192.168.2.8216.58.212.132
            Jul 3, 2024 14:51:40.242149115 CEST49704443192.168.2.823.206.229.226
            Jul 3, 2024 14:51:40.242238998 CEST49704443192.168.2.823.206.229.226
            Jul 3, 2024 14:51:40.242549896 CEST49721443192.168.2.823.206.229.226
            Jul 3, 2024 14:51:40.242595911 CEST4434972123.206.229.226192.168.2.8
            Jul 3, 2024 14:51:40.242676020 CEST49721443192.168.2.823.206.229.226
            Jul 3, 2024 14:51:40.243058920 CEST49721443192.168.2.823.206.229.226
            Jul 3, 2024 14:51:40.243072033 CEST4434972123.206.229.226192.168.2.8
            Jul 3, 2024 14:51:40.248270988 CEST4434970423.206.229.226192.168.2.8
            Jul 3, 2024 14:51:40.248286009 CEST4434970423.206.229.226192.168.2.8
            Jul 3, 2024 14:51:40.661560059 CEST49716443192.168.2.8216.58.212.132
            Jul 3, 2024 14:51:40.661595106 CEST44349716216.58.212.132192.168.2.8
            Jul 3, 2024 14:51:40.859910011 CEST4434972123.206.229.226192.168.2.8
            Jul 3, 2024 14:51:40.859972954 CEST49721443192.168.2.823.206.229.226
            Jul 3, 2024 14:51:40.895148039 CEST49721443192.168.2.823.206.229.226
            Jul 3, 2024 14:51:40.895169973 CEST4434972123.206.229.226192.168.2.8
            Jul 3, 2024 14:51:40.895556927 CEST4434972123.206.229.226192.168.2.8
            Jul 3, 2024 14:51:40.895616055 CEST49721443192.168.2.823.206.229.226
            Jul 3, 2024 14:51:40.897504091 CEST49721443192.168.2.823.206.229.226
            Jul 3, 2024 14:51:40.897522926 CEST4434972123.206.229.226192.168.2.8
            Jul 3, 2024 14:51:40.897721052 CEST49721443192.168.2.823.206.229.226
            Jul 3, 2024 14:51:40.940495968 CEST4434972123.206.229.226192.168.2.8
            Jul 3, 2024 14:51:41.418977976 CEST4434972123.206.229.226192.168.2.8
            Jul 3, 2024 14:51:41.419043064 CEST49721443192.168.2.823.206.229.226
            Jul 3, 2024 14:51:41.419070005 CEST4434972123.206.229.226192.168.2.8
            Jul 3, 2024 14:51:41.419090986 CEST4434972123.206.229.226192.168.2.8
            Jul 3, 2024 14:51:41.419136047 CEST49721443192.168.2.823.206.229.226
            Jul 3, 2024 14:51:41.419164896 CEST49721443192.168.2.823.206.229.226
            Jul 3, 2024 14:52:16.355022907 CEST49722443192.168.2.820.12.23.50
            Jul 3, 2024 14:52:16.355067968 CEST4434972220.12.23.50192.168.2.8
            Jul 3, 2024 14:52:16.355281115 CEST49722443192.168.2.820.12.23.50
            Jul 3, 2024 14:52:16.355601072 CEST49722443192.168.2.820.12.23.50
            Jul 3, 2024 14:52:16.355617046 CEST4434972220.12.23.50192.168.2.8
            Jul 3, 2024 14:52:16.946655035 CEST4434972220.12.23.50192.168.2.8
            Jul 3, 2024 14:52:16.946737051 CEST49722443192.168.2.820.12.23.50
            Jul 3, 2024 14:52:16.948328972 CEST49722443192.168.2.820.12.23.50
            Jul 3, 2024 14:52:16.948339939 CEST4434972220.12.23.50192.168.2.8
            Jul 3, 2024 14:52:16.948606968 CEST4434972220.12.23.50192.168.2.8
            Jul 3, 2024 14:52:16.950042963 CEST49722443192.168.2.820.12.23.50
            Jul 3, 2024 14:52:16.992496967 CEST4434972220.12.23.50192.168.2.8
            Jul 3, 2024 14:52:17.148984909 CEST4434972220.12.23.50192.168.2.8
            Jul 3, 2024 14:52:17.149013996 CEST4434972220.12.23.50192.168.2.8
            Jul 3, 2024 14:52:17.149029016 CEST4434972220.12.23.50192.168.2.8
            Jul 3, 2024 14:52:17.149297953 CEST49722443192.168.2.820.12.23.50
            Jul 3, 2024 14:52:17.149318933 CEST4434972220.12.23.50192.168.2.8
            Jul 3, 2024 14:52:17.149374962 CEST49722443192.168.2.820.12.23.50
            Jul 3, 2024 14:52:17.150706053 CEST4434972220.12.23.50192.168.2.8
            Jul 3, 2024 14:52:17.150753021 CEST4434972220.12.23.50192.168.2.8
            Jul 3, 2024 14:52:17.150810003 CEST49722443192.168.2.820.12.23.50
            Jul 3, 2024 14:52:17.150810003 CEST49722443192.168.2.820.12.23.50
            Jul 3, 2024 14:52:17.150816917 CEST4434972220.12.23.50192.168.2.8
            Jul 3, 2024 14:52:17.150829077 CEST4434972220.12.23.50192.168.2.8
            Jul 3, 2024 14:52:17.150862932 CEST49722443192.168.2.820.12.23.50
            Jul 3, 2024 14:52:17.154031992 CEST49722443192.168.2.820.12.23.50
            Jul 3, 2024 14:52:17.154046059 CEST4434972220.12.23.50192.168.2.8
            Jul 3, 2024 14:52:17.154059887 CEST49722443192.168.2.820.12.23.50
            Jul 3, 2024 14:52:17.154066086 CEST4434972220.12.23.50192.168.2.8
            Jul 3, 2024 14:52:28.609771013 CEST49724443192.168.2.8216.58.212.132
            Jul 3, 2024 14:52:28.609829903 CEST44349724216.58.212.132192.168.2.8
            Jul 3, 2024 14:52:28.609940052 CEST49724443192.168.2.8216.58.212.132
            Jul 3, 2024 14:52:28.610276937 CEST49724443192.168.2.8216.58.212.132
            Jul 3, 2024 14:52:28.610291958 CEST44349724216.58.212.132192.168.2.8
            Jul 3, 2024 14:52:29.250572920 CEST44349724216.58.212.132192.168.2.8
            Jul 3, 2024 14:52:29.254534006 CEST49724443192.168.2.8216.58.212.132
            Jul 3, 2024 14:52:29.254555941 CEST44349724216.58.212.132192.168.2.8
            Jul 3, 2024 14:52:29.254913092 CEST44349724216.58.212.132192.168.2.8
            Jul 3, 2024 14:52:29.255557060 CEST49724443192.168.2.8216.58.212.132
            Jul 3, 2024 14:52:29.255623102 CEST44349724216.58.212.132192.168.2.8
            Jul 3, 2024 14:52:29.306457996 CEST49724443192.168.2.8216.58.212.132
            Jul 3, 2024 14:52:39.417200089 CEST44349724216.58.212.132192.168.2.8
            Jul 3, 2024 14:52:39.417278051 CEST44349724216.58.212.132192.168.2.8
            Jul 3, 2024 14:52:39.417503119 CEST49724443192.168.2.8216.58.212.132
            Jul 3, 2024 14:52:40.658472061 CEST49724443192.168.2.8216.58.212.132
            Jul 3, 2024 14:52:40.658508062 CEST44349724216.58.212.132192.168.2.8
            Jul 3, 2024 14:52:49.429857016 CEST49727443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:49.429913998 CEST44349727162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:49.430140972 CEST49727443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:49.430546045 CEST49727443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:49.430562973 CEST44349727162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:49.430877924 CEST49729443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:49.430902958 CEST44349729162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:49.431148052 CEST49729443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:49.431299925 CEST49729443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:49.431313992 CEST44349729162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:49.899728060 CEST44349727162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:49.900146961 CEST49727443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:49.900182009 CEST44349727162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:49.901196003 CEST44349727162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:49.901252985 CEST49727443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:49.903042078 CEST49727443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:49.903115034 CEST44349727162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:49.903223038 CEST49727443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:49.904872894 CEST44349729162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:49.905061960 CEST49729443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:49.905076981 CEST44349729162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:49.906069040 CEST44349729162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:49.906117916 CEST49729443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:49.907732010 CEST49729443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:49.907793045 CEST44349729162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:49.907862902 CEST49729443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:49.907870054 CEST44349729162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:49.948507071 CEST44349727162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:49.953452110 CEST49727443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:49.953468084 CEST44349727162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:49.953473091 CEST49729443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:50.000332117 CEST49727443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:50.020782948 CEST44349727162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:50.020849943 CEST44349727162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:50.021050930 CEST49727443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:50.032841921 CEST49727443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:50.032866001 CEST44349727162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:50.037992001 CEST44349729162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:50.038052082 CEST44349729162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:50.038188934 CEST49729443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:50.038261890 CEST49729443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:50.038283110 CEST44349729162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:56.213916063 CEST49730443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:56.213973999 CEST44349730162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:56.214246988 CEST49730443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:56.214536905 CEST49730443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:56.214551926 CEST44349730162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:56.671458960 CEST44349730162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:56.671844006 CEST49730443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:56.671859980 CEST44349730162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:56.672897100 CEST44349730162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:56.672954082 CEST49730443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:56.673377991 CEST49730443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:56.673438072 CEST44349730162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:56.673782110 CEST49730443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:56.673788071 CEST44349730162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:56.717164040 CEST49730443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:56.811069012 CEST44349730162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:56.811141014 CEST44349730162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:56.811197996 CEST49730443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:56.811381102 CEST49730443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:56.811412096 CEST44349730162.159.61.3192.168.2.8

            UDP Packets

            TimestampSource PortDest PortSource IPDest IP
            Jul 3, 2024 14:51:24.251377106 CEST53546291.1.1.1192.168.2.8
            Jul 3, 2024 14:51:24.398106098 CEST53595681.1.1.1192.168.2.8
            Jul 3, 2024 14:51:25.370815039 CEST53604411.1.1.1192.168.2.8
            Jul 3, 2024 14:51:26.019036055 CEST6524453192.168.2.81.1.1.1
            Jul 3, 2024 14:51:26.019176960 CEST5701053192.168.2.81.1.1.1
            Jul 3, 2024 14:51:26.048938990 CEST53652441.1.1.1192.168.2.8
            Jul 3, 2024 14:51:26.076205015 CEST53570101.1.1.1192.168.2.8
            Jul 3, 2024 14:51:28.604038000 CEST5734953192.168.2.81.1.1.1
            Jul 3, 2024 14:51:28.604841948 CEST5921653192.168.2.81.1.1.1
            Jul 3, 2024 14:51:28.612282038 CEST53573491.1.1.1192.168.2.8
            Jul 3, 2024 14:51:28.612422943 CEST53592161.1.1.1192.168.2.8
            Jul 3, 2024 14:51:42.594620943 CEST53518861.1.1.1192.168.2.8
            Jul 3, 2024 14:52:01.430633068 CEST53529801.1.1.1192.168.2.8
            Jul 3, 2024 14:52:10.147861004 CEST138138192.168.2.8192.168.2.255
            Jul 3, 2024 14:52:23.964402914 CEST53643331.1.1.1192.168.2.8
            Jul 3, 2024 14:52:23.977782965 CEST53574301.1.1.1192.168.2.8
            Jul 3, 2024 14:52:49.407645941 CEST5829553192.168.2.81.1.1.1
            Jul 3, 2024 14:52:49.429086924 CEST53582951.1.1.1192.168.2.8
            Jul 3, 2024 14:52:55.911432981 CEST63239443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:56.213226080 CEST63239443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:56.363996029 CEST44363239162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:56.364056110 CEST44363239162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:56.364063978 CEST44363239162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:56.364245892 CEST44363239162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:56.364253998 CEST44363239162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:56.402141094 CEST63239443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:56.404567957 CEST63239443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:56.780633926 CEST63239443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:56.877140999 CEST44363239162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:58.137708902 CEST63239443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:58.137849092 CEST63239443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:58.234291077 CEST44363239162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:58.234309912 CEST44363239162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:58.234314919 CEST44363239162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:58.234325886 CEST44363239162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:58.234786034 CEST63239443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:58.234863043 CEST63239443192.168.2.8162.159.61.3
            Jul 3, 2024 14:52:58.344790936 CEST44363239162.159.61.3192.168.2.8
            Jul 3, 2024 14:52:58.370285034 CEST63239443192.168.2.8162.159.61.3
            Jul 3, 2024 14:53:07.917921066 CEST63239443192.168.2.8162.159.61.3

            ICMP Packets

            TimestampSource IPDest IPChecksumCodeType
            Jul 3, 2024 14:51:26.076306105 CEST192.168.2.81.1.1.1c282(Port unreachable)Destination Unreachable

            DNS Queries

            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
            Jul 3, 2024 14:51:26.019036055 CEST192.168.2.81.1.1.10x3d2bStandard query (0)sterling-prod-acumatica.s3.amazonaws.comA (IP address)IN (0x0001)false
            Jul 3, 2024 14:51:26.019176960 CEST192.168.2.81.1.1.10x64dfStandard query (0)sterling-prod-acumatica.s3.amazonaws.com65IN (0x0001)false
            Jul 3, 2024 14:51:28.604038000 CEST192.168.2.81.1.1.10x79eStandard query (0)www.google.comA (IP address)IN (0x0001)false
            Jul 3, 2024 14:51:28.604841948 CEST192.168.2.81.1.1.10xb0f2Standard query (0)www.google.com65IN (0x0001)false
            Jul 3, 2024 14:52:49.407645941 CEST192.168.2.81.1.1.10xfb0Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false

            DNS Answers

            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            Jul 3, 2024 14:51:26.048938990 CEST1.1.1.1192.168.2.80x3d2bNo error (0)sterling-prod-acumatica.s3.amazonaws.coms3-1-w.amazonaws.comCNAME (Canonical name)IN (0x0001)false
            Jul 3, 2024 14:51:26.048938990 CEST1.1.1.1192.168.2.80x3d2bNo error (0)s3-1-w.amazonaws.coms3-w.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
            Jul 3, 2024 14:51:26.048938990 CEST1.1.1.1192.168.2.80x3d2bNo error (0)s3-w.us-east-1.amazonaws.com54.231.228.41A (IP address)IN (0x0001)false
            Jul 3, 2024 14:51:26.048938990 CEST1.1.1.1192.168.2.80x3d2bNo error (0)s3-w.us-east-1.amazonaws.com52.216.51.89A (IP address)IN (0x0001)false
            Jul 3, 2024 14:51:26.048938990 CEST1.1.1.1192.168.2.80x3d2bNo error (0)s3-w.us-east-1.amazonaws.com54.231.165.241A (IP address)IN (0x0001)false
            Jul 3, 2024 14:51:26.048938990 CEST1.1.1.1192.168.2.80x3d2bNo error (0)s3-w.us-east-1.amazonaws.com52.217.138.121A (IP address)IN (0x0001)false
            Jul 3, 2024 14:51:26.048938990 CEST1.1.1.1192.168.2.80x3d2bNo error (0)s3-w.us-east-1.amazonaws.com52.217.174.137A (IP address)IN (0x0001)false
            Jul 3, 2024 14:51:26.048938990 CEST1.1.1.1192.168.2.80x3d2bNo error (0)s3-w.us-east-1.amazonaws.com16.182.35.225A (IP address)IN (0x0001)false
            Jul 3, 2024 14:51:26.048938990 CEST1.1.1.1192.168.2.80x3d2bNo error (0)s3-w.us-east-1.amazonaws.com52.217.117.161A (IP address)IN (0x0001)false
            Jul 3, 2024 14:51:26.048938990 CEST1.1.1.1192.168.2.80x3d2bNo error (0)s3-w.us-east-1.amazonaws.com52.217.199.6A (IP address)IN (0x0001)false
            Jul 3, 2024 14:51:26.076205015 CEST1.1.1.1192.168.2.80x64dfNo error (0)sterling-prod-acumatica.s3.amazonaws.coms3-1-w.amazonaws.comCNAME (Canonical name)IN (0x0001)false
            Jul 3, 2024 14:51:26.076205015 CEST1.1.1.1192.168.2.80x64dfNo error (0)s3-1-w.amazonaws.coms3-w.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
            Jul 3, 2024 14:51:28.612282038 CEST1.1.1.1192.168.2.80x79eNo error (0)www.google.com216.58.212.132A (IP address)IN (0x0001)false
            Jul 3, 2024 14:51:28.612422943 CEST1.1.1.1192.168.2.80xb0f2No error (0)www.google.com65IN (0x0001)false
            Jul 3, 2024 14:52:49.429086924 CEST1.1.1.1192.168.2.80xfb0No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
            Jul 3, 2024 14:52:49.429086924 CEST1.1.1.1192.168.2.80xfb0No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
            Jul 3, 2024 14:52:57.098505974 CEST1.1.1.1192.168.2.80x3d04No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
            Jul 3, 2024 14:52:57.098505974 CEST1.1.1.1192.168.2.80x3d04No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false

            HTTP Request Dependency Graph

            • sterling-prod-acumatica.s3.amazonaws.com
            • https:
              • www.bing.com
            • fs.microsoft.com
            • slscr.update.microsoft.com
            • chrome.cloudflare-dns.com

            HTTPS Proxied Packets

            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.84971054.231.228.414434912C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            2024-07-03 12:51:26 UTC798OUTGET /9189038_142739N.pdf?AWSAccessKeyId=AKIAIYFV2RUQHU32EZPQ&Expires=1730052721&Signature=Q6nX6CSG3roHKmU5gHtiFWgx1ck%3D HTTP/1.1
            Host: sterling-prod-acumatica.s3.amazonaws.com
            Connection: keep-alive
            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
            sec-ch-ua-mobile: ?0
            sec-ch-ua-platform: "Windows"
            Upgrade-Insecure-Requests: 1
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
            Sec-Fetch-Site: none
            Sec-Fetch-Mode: navigate
            Sec-Fetch-User: ?1
            Sec-Fetch-Dest: document
            Accept-Encoding: gzip, deflate, br
            Accept-Language: en-US,en;q=0.9
            2024-07-03 12:51:26 UTC531INHTTP/1.1 200 OK
            x-amz-id-2: l5zfqyiq6ZTqeFf86pztscFu1myTUODFl/I0JQ11eMtH1ZL51WRuUvEqD7zTyGEZtHPlgyZKCjo=
            x-amz-request-id: GE36BNJC55SGRJ30
            Date: Wed, 03 Jul 2024 12:51:27 GMT
            Last-Modified: Sun, 06 Nov 2022 23:38:09 GMT
            x-amz-expiration: expiry-date="Fri, 24 Jan 2031 00:00:00 GMT", rule-id="acumatica-netsuite-bucket-lifecycle"
            ETag: "73f1bd18da9f1963c1c93ccaf9d68128"
            x-amz-server-side-encryption: AES256
            Accept-Ranges: bytes
            Content-Type: application/pdf
            Server: AmazonS3
            Content-Length: 24972
            Connection: close
            2024-07-03 12:51:26 UTC3475INData Raw: 25 50 44 46 2d 31 2e 35 0a 25 d3 f4 cc e1 0a 32 20 30 20 6f 62 6a 0d 0a 3c 3c 0d 0a 2f 54 79 70 65 2f 50 61 67 65 0d 0a 2f 50 61 72 65 6e 74 20 31 20 30 20 52 0d 0a 2f 4d 65 64 69 61 42 6f 78 5b 30 20 30 20 36 31 32 2e 30 20 37 39 32 2e 30 5d 0d 0a 2f 43 6f 6e 74 65 6e 74 73 20 38 20 30 20 52 0d 0a 2f 52 65 73 6f 75 72 63 65 73 20 39 20 30 20 52 0d 0a 3e 3e 0d 0a 65 6e 64 6f 62 6a 0d 0a 39 20 30 20 6f 62 6a 0d 0a 3c 3c 0d 0a 2f 50 72 6f 63 53 65 74 20 5b 2f 50 44 46 2f 54 65 78 74 2f 49 6d 61 67 65 42 2f 49 6d 61 67 65 43 2f 49 6d 61 67 65 49 5d 0d 0a 2f 46 6f 6e 74 0d 0a 3c 3c 0d 0a 2f 46 6f 6e 74 34 20 34 20 30 20 52 0d 0a 2f 46 6f 6e 74 36 20 36 20 30 20 52 0d 0a 3e 3e 0d 0a 2f 58 4f 62 6a 65 63 74 0d 0a 3c 3c 0d 0a 2f 69 6d 33 20 33 20 30 20 52 0d 0a
            Data Ascii: %PDF-1.5%2 0 obj<</Type/Page/Parent 1 0 R/MediaBox[0 0 612.0 792.0]/Contents 8 0 R/Resources 9 0 R>>endobj9 0 obj<</ProcSet [/PDF/Text/ImageB/ImageC/ImageI]/Font<</Font4 4 0 R/Font6 6 0 R>>/XObject<</im3 3 0 R
            2024-07-03 12:51:26 UTC13904INData Raw: 68 74 20 37 31 36 0d 0a 2f 46 6c 61 67 73 20 33 32 0d 0a 2f 46 6f 6e 74 42 42 6f 78 20 5b 20 2d 36 32 38 20 2d 33 37 36 20 32 30 30 30 20 31 30 35 36 5d 0d 0a 2f 46 6f 6e 74 4e 61 6d 65 20 2f 48 65 6c 76 65 74 69 63 61 2d 42 6f 6c 64 0d 0a 2f 49 74 61 6c 69 63 41 6e 67 6c 65 20 30 0d 0a 2f 53 74 65 6d 56 20 30 0d 0a 2f 58 48 65 69 67 68 74 20 35 31 39 0d 0a 3e 3e 0d 0a 65 6e 64 6f 62 6a 0d 0a 33 20 30 20 6f 62 6a 0d 0a 3c 3c 0d 0a 2f 54 79 70 65 20 2f 58 4f 62 6a 65 63 74 0d 0a 2f 53 75 62 74 79 70 65 20 2f 49 6d 61 67 65 0d 0a 2f 4e 61 6d 65 20 2f 69 6d 33 0d 0a 2f 42 69 74 73 50 65 72 43 6f 6d 70 6f 6e 65 6e 74 20 38 0d 0a 2f 43 6f 6c 6f 72 53 70 61 63 65 20 2f 44 65 76 69 63 65 52 47 42 0d 0a 2f 57 69 64 74 68 20 32 30 30 30 0d 0a 2f 48 65 69 67 68 74
            Data Ascii: ht 716/Flags 32/FontBBox [ -628 -376 2000 1056]/FontName /Helvetica-Bold/ItalicAngle 0/StemV 0/XHeight 519>>endobj3 0 obj<</Type /XObject/Subtype /Image/Name /im3/BitsPerComponent 8/ColorSpace /DeviceRGB/Width 2000/Height
            2024-07-03 12:51:26 UTC7593INData Raw: f8 78 a6 6d 97 77 bd 6b 79 f2 d3 ad 48 69 8b bc 85 09 3d e6 47 c8 13 78 8e bc ac 39 fd e6 e7 1a 95 c6 a3 e4 25 1e 68 3f 8f 62 69 86 f9 f1 d7 25 b6 4e de d7 d8 8a f3 63 ce 8c e5 8c bc 2f 2b 01 bc 49 fe f0 f1 58 5b 2d 6f 79 dd da e4 07 5c 94 d5 70 79 fe 43 1a cc 4f 31 24 87 f3 f2 9a 46 95 9b 9f 6b 54 1a 8f 92 97 78 a0 fd 3c 8a a5 19 e6 c7 5f 97 d8 3a 79 5f 63 2b ce 8f 39 36 99 03 f2 a6 ec 03 f0 56 f9 f3 c7 93 6d a9 bc df a5 3b 93 9f 71 51 56 63 e5 e1 8f 6a 30 3f c8 90 1c 0e cb 3b 9a d6 6c 7e b4 69 81 3c 47 5e e2 81 f6 f3 28 96 66 98 1f 7f 5d 62 eb e4 7d 4d ae 38 3f e9 e4 70 56 cb 6b b2 0c c0 5b e5 cf 1f 0f b7 a5 f2 72 97 2e 4c 7e c6 5d 71 cd 94 27 3f aa be fc 20 73 a2 38 29 6f 67 60 ad f9 d1 a6 05 f2 1c 79 89 07 da cf a3 58 9a 61 7e fc 75 89 ad 93 f7 35 b9
            Data Ascii: xmwkyHi=Gx9%h?bi%Nc/+IX[-oy\pyCO1$FkTx<_:y_c+96Vm;qQVcj0?;l~i<G^(f]b}M8?pVk[r.L~]q'? s8)og`yXa~u5


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            1192.168.2.84971154.231.228.414434912C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            2024-07-03 12:51:27 UTC751OUTGET /favicon.ico HTTP/1.1
            Host: sterling-prod-acumatica.s3.amazonaws.com
            Connection: keep-alive
            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
            sec-ch-ua-mobile: ?0
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            sec-ch-ua-platform: "Windows"
            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
            Sec-Fetch-Site: same-origin
            Sec-Fetch-Mode: no-cors
            Sec-Fetch-Dest: image
            Referer: https://sterling-prod-acumatica.s3.amazonaws.com/9189038_142739N.pdf?AWSAccessKeyId=AKIAIYFV2RUQHU32EZPQ&Expires=1730052721&Signature=Q6nX6CSG3roHKmU5gHtiFWgx1ck%3D
            Accept-Encoding: gzip, deflate, br
            Accept-Language: en-US,en;q=0.9
            2024-07-03 12:51:27 UTC285INHTTP/1.1 403 Forbidden
            x-amz-request-id: C26KSVC8T9567ZXM
            x-amz-id-2: rMre0Ctpc80TMPwQAQtjTXBPXtNI3Tw7OUTT0X8QrpyV/RUW3P6SBskTRlUylc3qWxG6C/259ZE=
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Date: Wed, 03 Jul 2024 12:51:27 GMT
            Server: AmazonS3
            Connection: close
            2024-07-03 12:51:27 UTC254INData Raw: 66 33 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 43 32 36 4b 53 56 43 38 54 39 35 36 37 5a 58 4d 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 72 4d 72 65 30 43 74 70 63 38 30 54 4d 50 77 51 41 51 74 6a 54 58 42 50 58 74 4e 49 33 54 77 37 4f 55 54 54 30 58 38 51 72 70 79 56 2f 52 55 57 33 50 36 53 42 73 6b 54 52 6c 55 79 6c 63 33 71 57 78 47 36 43 2f 32 35 39 5a 45 3d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e 0d 0a 30 0d 0a 0d 0a
            Data Ascii: f3<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>C26KSVC8T9567ZXM</RequestId><HostId>rMre0Ctpc80TMPwQAQtjTXBPXtNI3Tw7OUTT0X8QrpyV/RUW3P6SBskTRlUylc3qWxG6C/259ZE=</HostId></Error>0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            2192.168.2.84971454.231.228.414434912C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            2024-07-03 12:51:28 UTC470OUTGET /9189038_142739N.pdf?AWSAccessKeyId=AKIAIYFV2RUQHU32EZPQ&Expires=1730052721&Signature=Q6nX6CSG3roHKmU5gHtiFWgx1ck%3D HTTP/1.1
            Host: sterling-prod-acumatica.s3.amazonaws.com
            Connection: keep-alive
            Sec-Fetch-Site: none
            Sec-Fetch-Mode: navigate
            Sec-Fetch-Dest: empty
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            Accept-Encoding: gzip, deflate, br
            Accept-Language: en-US,en;q=0.9
            2024-07-03 12:51:28 UTC531INHTTP/1.1 200 OK
            x-amz-id-2: b/MXKczngq1ttoX7Cgk8tOtmLlVRlsHdaCTMh1yFsyevbjz0xbqApRupuUGzin7T5vGakIZ4gjs=
            x-amz-request-id: 4RPMJJCAS765X038
            Date: Wed, 03 Jul 2024 12:51:29 GMT
            Last-Modified: Sun, 06 Nov 2022 23:38:09 GMT
            x-amz-expiration: expiry-date="Fri, 24 Jan 2031 00:00:00 GMT", rule-id="acumatica-netsuite-bucket-lifecycle"
            ETag: "73f1bd18da9f1963c1c93ccaf9d68128"
            x-amz-server-side-encryption: AES256
            Accept-Ranges: bytes
            Content-Type: application/pdf
            Server: AmazonS3
            Content-Length: 24972
            Connection: close
            2024-07-03 12:51:28 UTC1426INData Raw: 25 50 44 46 2d 31 2e 35 0a 25 d3 f4 cc e1 0a 32 20 30 20 6f 62 6a 0d 0a 3c 3c 0d 0a 2f 54 79 70 65 2f 50 61 67 65 0d 0a 2f 50 61 72 65 6e 74 20 31 20 30 20 52 0d 0a 2f 4d 65 64 69 61 42 6f 78 5b 30 20 30 20 36 31 32 2e 30 20 37 39 32 2e 30 5d 0d 0a 2f 43 6f 6e 74 65 6e 74 73 20 38 20 30 20 52 0d 0a 2f 52 65 73 6f 75 72 63 65 73 20 39 20 30 20 52 0d 0a 3e 3e 0d 0a 65 6e 64 6f 62 6a 0d 0a 39 20 30 20 6f 62 6a 0d 0a 3c 3c 0d 0a 2f 50 72 6f 63 53 65 74 20 5b 2f 50 44 46 2f 54 65 78 74 2f 49 6d 61 67 65 42 2f 49 6d 61 67 65 43 2f 49 6d 61 67 65 49 5d 0d 0a 2f 46 6f 6e 74 0d 0a 3c 3c 0d 0a 2f 46 6f 6e 74 34 20 34 20 30 20 52 0d 0a 2f 46 6f 6e 74 36 20 36 20 30 20 52 0d 0a 3e 3e 0d 0a 2f 58 4f 62 6a 65 63 74 0d 0a 3c 3c 0d 0a 2f 69 6d 33 20 33 20 30 20 52 0d 0a
            Data Ascii: %PDF-1.5%2 0 obj<</Type/Page/Parent 1 0 R/MediaBox[0 0 612.0 792.0]/Contents 8 0 R/Resources 9 0 R>>endobj9 0 obj<</ProcSet [/PDF/Text/ImageB/ImageC/ImageI]/Font<</Font4 4 0 R/Font6 6 0 R>>/XObject<</im3 3 0 R
            2024-07-03 12:51:28 UTC15952INData Raw: 39 84 0f fb 6f f7 20 3d fa 00 6d 05 c9 c5 07 78 93 69 01 aa cc 28 56 32 34 9d b8 cd 01 ea ba 19 dd 33 47 51 70 73 a9 e7 d1 53 02 b8 98 19 13 3c 69 2e 75 84 8d 3a bf 93 63 df b0 5d 98 21 01 3c 2f 04 a9 d7 37 55 ed 29 01 aa e2 44 4c 40 eb 29 01 5c 68 b7 f4 0e 5c 7a 4a 08 17 15 33 9b ba f4 94 0d 2e e1 fb 1f 8d 7d 62 0a f4 b0 7e 88 1d 4c b9 b3 64 57 e2 3b 8a 7f 3e 7b ac c5 d6 3c 62 bb 8a 98 12 97 47 2e d6 75 7e 9b 35 12 ce eb 6b 59 c3 59 15 bd a4 51 a4 9d a5 57 09 89 c0 8d 61 37 7a 40 46 7b 4d 3c 03 98 27 d4 d8 8a 0c e2 e9 04 9a 2e 9d c2 bb d3 97 40 a2 e7 30 98 c9 f4 3c 42 30 71 c3 07 50 74 10 e0 39 ee f2 94 26 1e 0b 0f 31 26 18 1c c6 2e 2e 6a 2f 59 af 9a 17 35 15 4d 75 6e b5 b1 5d a0 90 9e a2 1d 3c 42 c5 2c 8d e1 a0 3c d6 62 2b 24 94 d0 89 a7 9c ae 25 3c d1
            Data Ascii: 9o =mxi(V243GQpsS<i.u:c]!</7U)DL@)\h\zJ3.}b~LdW;>{<bG.u~5kYYQWa7z@F{M<'.@0<B0qPt9&1&..j/Y5Mun]<B,<b+$%<
            2024-07-03 12:51:28 UTC7594INData Raw: 7f f8 78 a6 6d 97 77 bd 6b 79 f2 d3 ad 48 69 8b bc 85 09 3d e6 47 c8 13 78 8e bc ac 39 fd e6 e7 1a 95 c6 a3 e4 25 1e 68 3f 8f 62 69 86 f9 f1 d7 25 b6 4e de d7 d8 8a f3 63 ce 8c e5 8c bc 2f 2b 01 bc 49 fe f0 f1 58 5b 2d 6f 79 dd da e4 07 5c 94 d5 70 79 fe 43 1a cc 4f 31 24 87 f3 f2 9a 46 95 9b 9f 6b 54 1a 8f 92 97 78 a0 fd 3c 8a a5 19 e6 c7 5f 97 d8 3a 79 5f 63 2b ce 8f 39 36 99 03 f2 a6 ec 03 f0 56 f9 f3 c7 93 6d a9 bc df a5 3b 93 9f 71 51 56 63 e5 e1 8f 6a 30 3f c8 90 1c 0e cb 3b 9a d6 6c 7e b4 69 81 3c 47 5e e2 81 f6 f3 28 96 66 98 1f 7f 5d 62 eb e4 7d 4d ae 38 3f e9 e4 70 56 cb 6b b2 0c c0 5b e5 cf 1f 0f b7 a5 f2 72 97 2e 4c 7e c6 5d 71 cd 94 27 3f aa be fc 20 73 a2 38 29 6f 67 60 ad f9 d1 a6 05 f2 1c 79 89 07 da cf a3 58 9a 61 7e fc 75 89 ad 93 f7 35
            Data Ascii: xmwkyHi=Gx9%h?bi%Nc/+IX[-oy\pyCO1$FkTx<_:y_c+96Vm;qQVcj0?;l~i<G^(f]b}M8?pVk[r.L~]q'? s8)og`yXa~u5


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            3192.168.2.849715184.28.90.27443
            TimestampBytes transferredDirectionData
            2024-07-03 12:51:29 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
            Connection: Keep-Alive
            Accept: */*
            Accept-Encoding: identity
            User-Agent: Microsoft BITS/7.8
            Host: fs.microsoft.com
            2024-07-03 12:51:30 UTC466INHTTP/1.1 200 OK
            Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
            Content-Type: application/octet-stream
            ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
            Last-Modified: Tue, 16 May 2017 22:58:00 GMT
            Server: ECAcc (lpl/EF06)
            X-CID: 11
            X-Ms-ApiVersion: Distribute 1.2
            X-Ms-Region: prod-neu-z1
            Cache-Control: public, max-age=98255
            Date: Wed, 03 Jul 2024 12:51:29 GMT
            Connection: close
            X-CID: 2


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            4192.168.2.849717184.28.90.27443
            TimestampBytes transferredDirectionData
            2024-07-03 12:51:30 UTC239OUTGET /fs/windows/config.json HTTP/1.1
            Connection: Keep-Alive
            Accept: */*
            Accept-Encoding: identity
            If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
            Range: bytes=0-2147483646
            User-Agent: Microsoft BITS/7.8
            Host: fs.microsoft.com
            2024-07-03 12:51:31 UTC514INHTTP/1.1 200 OK
            ApiVersion: Distribute 1.1
            Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
            Content-Type: application/octet-stream
            ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
            Last-Modified: Tue, 16 May 2017 22:58:00 GMT
            Server: ECAcc (lpl/EF06)
            X-CID: 11
            X-Ms-ApiVersion: Distribute 1.2
            X-Ms-Region: prod-weu-z1
            Cache-Control: public, max-age=98263
            Date: Wed, 03 Jul 2024 12:51:31 GMT
            Content-Length: 55
            Connection: close
            X-CID: 2
            2024-07-03 12:51:31 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
            Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            5192.168.2.84971920.12.23.50443
            TimestampBytes transferredDirectionData
            2024-07-03 12:51:39 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Na+N4heufNlmKus&MD=4HxM3wxd HTTP/1.1
            Connection: Keep-Alive
            Accept: */*
            User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
            Host: slscr.update.microsoft.com
            2024-07-03 12:51:39 UTC560INHTTP/1.1 200 OK
            Cache-Control: no-cache
            Pragma: no-cache
            Content-Type: application/octet-stream
            Expires: -1
            Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
            ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
            MS-CorrelationId: d30a26a0-df65-4641-a03a-307f5cb7b7e0
            MS-RequestId: 93627522-8cab-4cf5-8253-da2c932759bf
            MS-CV: dUhcMYKGFEeItXZu.0
            X-Microsoft-SLSClientCache: 2880
            Content-Disposition: attachment; filename=environment.cab
            X-Content-Type-Options: nosniff
            Date: Wed, 03 Jul 2024 12:51:38 GMT
            Connection: close
            Content-Length: 24490
            2024-07-03 12:51:39 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
            Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
            2024-07-03 12:51:39 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
            Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


            Session IDSource IPSource PortDestination IPDestination Port
            6192.168.2.84972123.206.229.226443
            TimestampBytes transferredDirectionData
            2024-07-03 12:51:40 UTC2171OUTPOST /threshold/xls.aspx HTTP/1.1
            Origin: https://www.bing.com
            Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
            Accept: */*
            Accept-Language: en-CH
            Content-type: text/xml
            X-Agent-DeviceId: 01000A4109008217
            X-BM-CBT: 1696494873
            X-BM-DateFormat: dd/MM/yyyy
            X-BM-DeviceDimensions: 784x984
            X-BM-DeviceDimensionsLogical: 784x984
            X-BM-DeviceScale: 100
            X-BM-DTZ: 120
            X-BM-Market: CH
            X-BM-Theme: 000000;0078d7
            X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E
            X-Device-ClientSession: 229C124F14F843F693B4EF574DFCAAAB
            X-Device-isOptin: false
            X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
            X-Device-OSSKU: 48
            X-Device-Touch: false
            X-DeviceID: 01000A4109008217
            X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40
            X-MSEdge-ExternalExpType: JointCoord
            X-PositionerType: Desktop
            X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
            X-Search-CortanaAvailableCapabilities: None
            X-Search-SafeSearch: Moderate
            X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time
            X-UserAgeClass: Unknown
            Accept-Encoding: gzip, deflate, br
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
            Host: www.bing.com
            Content-Length: 516
            Connection: Keep-Alive
            Cache-Control: no-cache
            Cookie: SRCHUID=V=2&GUID=7A0479E0E07C4D7D91A8C7552F34E6D4&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231005; SRCHHPGUSR=SRCHLANG=en&LUT=1696493908190&IPMH=7bc3b11d&IPMID=1696494873321&HV=1696494765; CortanaAppUID=0A2376201E427A029407F32A9072506A; MUID=4E6D5F19647E45969740B90CC0355D4C; _SS=SID=1F4D6C7F4B26664337657FDE4A3767CB&CPID=1696494874312&AC=1&CPH=893a1c21; _EDGE_S=SID=1F4D6C7F4B26664337657FDE4A3767CB; MUIDB=4E6D5F19647E45969740B90CC0355D4C
            2024-07-03 12:51:40 UTC1OUTData Raw: 3c
            Data Ascii: <
            2024-07-03 12:51:40 UTC515OUTData Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 34 45 36 44 35 46 31 39 36 34 37 45 34 35 39 36 39 37 34 30 42 39 30 43 43 30 33 35 35 44 34 43 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 30 36 38 37 30 43 30 39 41 31 46 37 34 43 39 43 42 33 41 42 46 30 34 30 46 43 39 46 30 41 37 38 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49
            Data Ascii: ClientInstRequest><CID>4E6D5F19647E45969740B90CC0355D4C</CID><Events><E><T>Event.ClientInst</T><IG>06870C09A1F74C9CB3ABF040FC9F0A78</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
            2024-07-03 12:51:41 UTC480INHTTP/1.1 204 No Content
            Access-Control-Allow-Origin: *
            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
            X-MSEdge-Ref: Ref A: BCF57E1D55CD4C0194D94BCB5B0206C2 Ref B: LAX311000109005 Ref C: 2024-07-03T12:51:40Z
            Date: Wed, 03 Jul 2024 12:51:41 GMT
            Connection: close
            Alt-Svc: h3=":443"; ma=93600
            X-CDN-TraceID: 0.e2d7ce17.1720011100.16944d29


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            7192.168.2.84972220.12.23.50443
            TimestampBytes transferredDirectionData
            2024-07-03 12:52:16 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Na+N4heufNlmKus&MD=4HxM3wxd HTTP/1.1
            Connection: Keep-Alive
            Accept: */*
            User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
            Host: slscr.update.microsoft.com
            2024-07-03 12:52:17 UTC560INHTTP/1.1 200 OK
            Cache-Control: no-cache
            Pragma: no-cache
            Content-Type: application/octet-stream
            Expires: -1
            Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
            ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
            MS-CorrelationId: 72b2ef9f-73d2-4225-a83f-e6cb12b7759b
            MS-RequestId: 972b504b-ac6b-4f4d-b82c-72c84648219d
            MS-CV: NVgx6dCn+0enEX4P.0
            X-Microsoft-SLSClientCache: 1440
            Content-Disposition: attachment; filename=environment.cab
            X-Content-Type-Options: nosniff
            Date: Wed, 03 Jul 2024 12:52:16 GMT
            Connection: close
            Content-Length: 30005
            2024-07-03 12:52:17 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
            Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
            2024-07-03 12:52:17 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
            Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            8192.168.2.849727162.159.61.34432292C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            TimestampBytes transferredDirectionData
            2024-07-03 12:52:49 UTC245OUTPOST /dns-query HTTP/1.1
            Host: chrome.cloudflare-dns.com
            Connection: keep-alive
            Content-Length: 128
            Accept: application/dns-message
            Accept-Language: *
            User-Agent: Chrome
            Accept-Encoding: identity
            Content-Type: application/dns-message
            2024-07-03 12:52:49 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
            Data Ascii: wwwgstaticcom)TP
            2024-07-03 12:52:50 UTC247INHTTP/1.1 200 OK
            Server: cloudflare
            Date: Wed, 03 Jul 2024 12:52:49 GMT
            Content-Type: application/dns-message
            Connection: close
            Access-Control-Allow-Origin: *
            Content-Length: 468
            CF-RAY: 89d703d45cc943a7-EWR
            alt-svc: h3=":443"; ma=86400
            2024-07-03 12:52:50 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 fb 00 04 8e fb 28 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
            Data Ascii: wwwgstaticcom()


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            9192.168.2.849729162.159.61.34432292C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            TimestampBytes transferredDirectionData
            2024-07-03 12:52:49 UTC245OUTPOST /dns-query HTTP/1.1
            Host: chrome.cloudflare-dns.com
            Connection: keep-alive
            Content-Length: 128
            Accept: application/dns-message
            Accept-Language: *
            User-Agent: Chrome
            Accept-Encoding: identity
            Content-Type: application/dns-message
            2024-07-03 12:52:49 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
            Data Ascii: wwwgstaticcom)TP
            2024-07-03 12:52:50 UTC247INHTTP/1.1 200 OK
            Server: cloudflare
            Date: Wed, 03 Jul 2024 12:52:49 GMT
            Content-Type: application/dns-message
            Connection: close
            Access-Control-Allow-Origin: *
            Content-Length: 468
            CF-RAY: 89d703d46aea435d-EWR
            alt-svc: h3=":443"; ma=86400
            2024-07-03 12:52:50 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 2c 00 04 8e fa 40 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
            Data Ascii: wwwgstaticcom,@c)


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            10192.168.2.849730162.159.61.34432292C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            TimestampBytes transferredDirectionData
            2024-07-03 12:52:56 UTC245OUTPOST /dns-query HTTP/1.1
            Host: chrome.cloudflare-dns.com
            Connection: keep-alive
            Content-Length: 128
            Accept: application/dns-message
            Accept-Language: *
            User-Agent: Chrome
            Accept-Encoding: identity
            Content-Type: application/dns-message
            2024-07-03 12:52:56 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 05 61 72 6d 6d 66 05 61 64 6f 62 65 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
            Data Ascii: armmfadobecom)TP
            2024-07-03 12:52:56 UTC247INHTTP/1.1 200 OK
            Server: cloudflare
            Date: Wed, 03 Jul 2024 12:52:56 GMT
            Content-Type: application/dns-message
            Connection: close
            Access-Control-Allow-Origin: *
            Content-Length: 468
            CF-RAY: 89d703fece8617c1-EWR
            alt-svc: h3=":443"; ma=86400
            2024-07-03 12:52:56 UTC468INData Raw: 00 00 81 80 00 01 00 03 00 00 00 01 05 61 72 6d 6d 66 05 61 64 6f 62 65 03 63 6f 6d 00 00 01 00 01 c0 0c 00 05 00 01 00 00 01 22 00 1b 03 73 73 6c 05 61 64 6f 62 65 03 63 6f 6d 07 65 64 67 65 6b 65 79 03 6e 65 74 00 c0 2d 00 05 00 01 00 00 54 56 00 18 05 65 34 35 37 38 04 64 73 63 62 0a 61 6b 61 6d 61 69 65 64 67 65 c0 43 c0 54 00 01 00 01 00 00 00 0a 00 04 17 2f a8 18 00 00 29 04 d0 00 00 00 00 01 4d 00 0c 01 49 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
            Data Ascii: armmfadobecom"ssladobecomedgekeynet-TVe4578dscbakamaiedgeCT/)MI


            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:08:51:18
            Start date:03/07/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
            Imagebase:0x7ff678760000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            General

            Target ID:2
            Start time:08:51:22
            Start date:03/07/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1956,i,3880261074420648777,6952740187572368295,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Imagebase:0x7ff678760000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            General

            Target ID:3
            Start time:08:51:24
            Start date:03/07/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https:/sterling-prod-acumatica.s3.amazonaws.com/9189038_142739N.pdf?AWSAccessKeyId=AKIAIYFV2RUQHU32EZPQ&Expires=1730052721&Signature=Q6nX6CSG3roHKmU5gHtiFWgx1ck%3D"
            Imagebase:0x7ff678760000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            General

            Target ID:10
            Start time:08:52:41
            Start date:03/07/2024
            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\downloaded.pdf"
            Imagebase:0x7ff6e8200000
            File size:5'641'176 bytes
            MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            General

            Target ID:11
            Start time:08:52:42
            Start date:03/07/2024
            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
            Imagebase:0x7ff79c940000
            File size:3'581'912 bytes
            MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            General

            Target ID:12
            Start time:08:52:43
            Start date:03/07/2024
            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1604,i,1224235668784677000,16595986004613818999,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
            Imagebase:0x7ff79c940000
            File size:3'581'912 bytes
            MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            Disassembly

            No disassembly