Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
signature.pdf

Overview

General Information

Sample name:	signature.pdf
Analysis ID:	1499994
MD5:	b1d243972c95b38f49d1d15436c2a6fc
SHA1:	8cce1900394eeab50090bc07d46d9a7a1927b7a4
SHA256:	af31d1ab43b5647b6000682c6fd6a139634c597533c9f23669aef3b88fd4f643
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Detected non-DNS traffic on DNS port

Detected suspicious crossdomain redirect

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Classification

×

Process Tree

System is w10x64

Acrobat.exe (PID: 7304 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\signature.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 7492 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 7708 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2128 --field-trial-handle=1564,i,13327413171434850786,5061659286395954801,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

chrome.exe (PID: 8152 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://ceo.ca/api/banner_redirect?channel=g&url=https://watercolorjourney.net/afew/ribs.html&banner=824 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 8208 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=1940,i,9639960332301973506,1918651692911634053,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://watercolorjourney.net/afew/ribs.html	SlashNext: Label: Credential Stealing type: Phishing & Social Engineering
Source: https://watercolorjourney.net/afew/images/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg	Avira URL Cloud: Label: phishing
Source: https://watercolorjourney.net/favicon.ico	Avira URL Cloud: Label: phishing

Source: https://watercolorjourney.net/afew/ribs.html

HTTP Parser: Number of links: 0

Source: https://watercolorjourney.net/afew/ribs.html

HTTP Parser: Base64 decoded: https://NcSE.acioustor.com/PaOXgO/

Source: https://watercolorjourney.net/afew/ribs.html

HTTP Parser: Title: Verify Your Identity does not match URL

Source: https://watercolorjourney.net/afew/ribs.html

HTTP Parser: No favicon

Source: https://watercolorjourney.net/afew/ribs.html

HTTP Parser: No <meta name="author".. found

Source: https://watercolorjourney.net/afew/ribs.html

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:54125 version: TLS 1.2

Source: global traffic

TCP traffic: 192.168.2.4:54123 -> 1.1.1.1:53

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: ceo.ca to https://watercolorjourney.net/afew/ribs.html

Source: Joe Sandbox View	IP Address: 162.241.87.113 162.241.87.113
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 52.5.13.197 52.5.13.197
Source: Joe Sandbox View	IP Address: 23.56.162.185 23.56.162.185

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157

Source: global traffic	HTTP traffic detected: GET /api/banner_redirect?channel=g&url=https://watercolorjourney.net/afew/ribs.html&banner=824 HTTP/1.1Host: ceo.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /afew/ribs.html HTTP/1.1Host: watercolorjourney.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /afew/images/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: watercolorjourney.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://watercolorjourney.net/afew/ribs.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/docusign-logo.png HTTP/1.1Host: e-courts.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://watercolorjourney.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/docusign-logo.png HTTP/1.1Host: e-courts.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: watercolorjourney.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://watercolorjourney.net/afew/ribs.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1Host: p13n.adobe.ioConnection: keep-alivesec-ch-ua: "Chromium";v="105"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01x-adobe-uuid: a4ecfc44-3976-4051-8c45-0a7e26b55a37x-adobe-uuid-type: visitorIdx-api-key: AdobeReader9sec-ch-ua-platform: "Windows"Origin: https://rna-resource.acrobat.comAccept-Language: en-US,en;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://rna-resource.acrobat.com/Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=2MtV7WTuch2MuRl&MD=812LGNnf HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=2MtV7WTuch2MuRl&MD=812LGNnf HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: ceo.ca
Source: global traffic	DNS traffic detected: DNS query: watercolorjourney.net
Source: global traffic	DNS traffic detected: DNS query: e-courts.org
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 17:05:55 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 17:05:56 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1

Source: E0F5C59F9FA661F6F4C50B87FEF3A15A0.1.dr	String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: chromecache_237.5.dr	String found in binary or memory: https://e-courts.org/wp-content/uploads/docusign-logo.png

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 54127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54125
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54129
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54127
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:54125 version: TLS 1.2

Source: classification engine

Classification label: mal48.winPDF@34/58@10/8

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-08-27 13-05-49-366.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\signature.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2128 --field-trial-handle=1564,i,13327413171434850786,5061659286395954801,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://ceo.ca/api/banner_redirect?channel=g&url=https://watercolorjourney.net/afew/ribs.html&banner=824
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=1940,i,9639960332301973506,1918651692911634053,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2128 --field-trial-handle=1564,i,13327413171434850786,5061659286395954801,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=1940,i,9639960332301973506,1918651692911634053,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: signature.pdf	Initial sample: PDF keyword /JS count = 0
Source: signature.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: signature.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: signature.pdf

Initial sample: PDF keyword obj count = 52

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://watercolorjourney.net/afew/ribs.html	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering
https://watercolorjourney.net/afew/images/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg	100%	Avira URL Cloud	phishing
https://watercolorjourney.net/favicon.ico	100%	Avira URL Cloud	phishing
https://e-courts.org/wp-content/uploads/docusign-logo.png	0%	Avira URL Cloud	safe
https://ceo.ca/api/banner_redirect?channel=g&url=https://watercolorjourney.net/afew/ribs.html&banner=824	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false		unknown
www.google.com	142.250.184.228	true	false		unknown
watercolorjourney.net	162.241.87.113	true	false		unknown
ceo.ca	34.198.199.205	true	false		unknown
e-courts.org	104.21.22.182	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://ceo.ca/api/banner_redirect?channel=g&url=https://watercolorjourney.net/afew/ribs.html&banner=824	true	Avira URL Cloud: safe	unknown
https://e-courts.org/wp-content/uploads/docusign-logo.png	false	Avira URL Cloud: safe	unknown
https://watercolorjourney.net/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://watercolorjourney.net/afew/ribs.html	true	SlashNext: Credential Stealing type: Phishing & Social Engineering	unknown
https://watercolorjourney.net/afew/images/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg	false	Avira URL Cloud: phishing	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
162.241.87.113	watercolorjourney.net	United States		46606	UNIFIEDLAYER-AS-1US	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
52.5.13.197	unknown	United States		14618	AMAZON-AESUS	false
23.56.162.185	unknown	United States		16625	AKAMAI-ASUS	false
34.198.199.205	ceo.ca	United States		14618	AMAZON-AESUS	false
104.21.22.182	e-courts.org	United States		13335	CLOUDFLARENETUS	false
142.250.184.228	www.google.com	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1499994
Start date and time:	2024-08-27 19:04:55 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 20s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	signature.pdf
Detection:	MAL
Classification:	mal48.winPDF@34/58@10/8
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.28.88.176, 172.64.41.3, 162.159.61.3, 172.253.124.94, 74.125.206.84, 216.58.206.78, 2.19.126.149, 2.19.126.143, 34.104.35.123, 142.250.185.106, 142.250.184.234, 142.250.186.74, 142.250.186.170, 216.58.206.74, 142.250.185.170, 142.250.185.202, 142.250.185.138, 142.250.185.234, 216.58.212.170, 172.217.18.10, 172.217.16.138, 142.250.181.234, 142.250.186.42, 142.250.186.138, 142.250.186.106, 2.16.202.123, 95.101.54.195, 107.22.247.231, 34.193.227.236, 54.144.73.197, 18.207.85.246, 199.232.214.172, 192.229.221.95, 142.250.186.163, 142.250.184.206
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, slscr.update.microsoft.com, clientservices.googleapis.com, acroipm2.adobe.com, a1952.dscq.akamai.net, clients2.google.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, apps.identrust.com, wu-b-net.trafficmanager.net, clients1.google.com, fs.microsoft.com, identrust.edgesuite.net, accounts.google.com, content-autofill.googleapis.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com, geo2.adobe.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: signature.pdf

Simulations

Behavior and APIs

Time	Type	Description
13:05:55	API Interceptor	3x Sleep call for process: AcroCEF.exe modified

QR Codes

Source	URL
Screenshot	https://ceo.ca/api/banner_redirect?channel=g&url=https://watercolorjourney.net/afew/ribs.html&banner=824

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
162.241.87.113	Vertexgroup#Signature.pdf	Get hash	malicious	Unknown	Browse
	https://service.clearservice.com/constructionns/track/link.jsp?id1=7962783&id2=1118626513&link=https://watercolorjourney.net/afew/ribs.html	Get hash	malicious	Unknown	Browse
	https://us-west-2.protection.sophos.com/?d=sendibm3.com&u=aHR0cHM6Ly9lOWRqNy5yLmFnLmQuc2VuZGlibTMuY29tL21rL2NsL2Yvc2gvT3ljWnZIdUZvMWVRc25iY0tMWktJREVHL2NnVmNyV21hWFhrZg==&i=NThlN2NjYzYyOTljZjkxNGY4YmM0YmNh&t=VnQ2OXdVTk5pNGo3ZVpJdGxqM3hWU01RTFNlTTR3MVJQYzE0U1QzTnJSWT0=&h=3051c7643cbf456abcee4da5b8589e9f&s=AVNPUEhUT0NFTkNSWVBUSVZ8AqEkCzalfWzVtfa3JPWpqexIqdRxhnkmNvFrX5FCFHbzmUEDyREh-sSR_GxUDZUFP4_iKFiHHCQrvBd4vpKuC2uTI8TlTsM5VBshiKK92DyKYTjtekCdl7a_yoDRBqg	Get hash	malicious	HTMLPhisher	Browse
	https://clicks.aweber.com/y/ct/?l=1Lr_k&m=h9RNUFV_ixtHDTP&b=0la683CmRD4xZfKbroa5Lg#MZGlhbmUuaGFuYXVlckByYXZlaXMuY29t	Get hash	malicious	HTMLPhisher	Browse
	https://clicks.aweber.com/y/ct/?l=1Lr_k&m=h9RNUFV_ixtHDTP&b=0la683CmRD4xZfKbroa5Lg#McGF0dGkucGFzc21vcmVAZmlyc3RvbnRhcmlvLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse
	https://clicks.aweber.com/y/ct/?l=1Lr_k&m=h9RNUFV_ixtHDTP&b=0la683CmRD4xZfKbroa5Lg#MYW5keS5hcm1icnVzdGVyQHRlbC5jb20=	Get hash	malicious	Unknown	Browse
	https://vxc10p47.r.us-east-1.awstrack.me/L0/https:%2F%2Fclicks.aweber.com%2Fy%2Fct%2F%3Fl=RWkA%26m=hk.kcnnXakA_pdP%26b=bnPfD1iFxh1uWUht.GbbPA%23MYXBwbGVzQHNocmV3c2J1cnlmb29kaHViLm9yZy51aw==/1/0100019131644990-5882e481-1b24-4072-8460-1d67ffa05131-000000/JkpGOsAP4yHL6UkbTOLbUcEoYXc=386	Get hash	malicious	Unknown	Browse
	https://clicks.aweber.com/y/ct/?l=RWkA&m=hk.kcnnXakA_pdP&b=bnPfD1iFxh1uWUht.GbbPA#MbWFyaWUuZGF3c29uQG1hZ2FpcnBvcnRzLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse
	https://gantrack6.com/t/l/8262272/0_MzkxMjgzNDY5MDQ3Mg==/	Get hash	malicious	HTMLPhisher	Browse
	https://events.bizzabo.com/auth/emailAssociatedLogin/verifyTokenAndRedirect?token=S9NcmjZghhHTu-K8Bn2uA9CkNhbMdZVLD_YG9HzIwMWMvvRTd-dklFn2bExx7385&eventGroupId=26969&redirectUrl=https%3A%2F%2FGWKIQFIS_Manairport.akr.sa.com/cgi/O66VDSCB/YWRhbS5iYXJrZXJAbWFuYWlycG9ydC5jby51aw==&cid=1577991&eid=4070	Get hash	malicious	Unknown	Browse
239.255.255.250	phish_alert_iocp_v1.4.48 (38).eml	Get hash	malicious	HTMLPhisher	Browse
	Inv-Info98.htm	Get hash	malicious	HTMLPhisher	Browse
	https://kjppartners.cmfr.cloud/	Get hash	malicious	HTMLPhisher	Browse
	AG Uncorked IRMI Wine Mixer Invite.pdf	Get hash	malicious	HTMLPhisher	Browse
	ATT09876.htm	Get hash	malicious	HTMLPhisher	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	ocedures.msg	Get hash	malicious	Unknown	Browse
	Smeg SignRequest.pdf	Get hash	malicious	HTMLPhisher	Browse
	Murexltd Mail Security Update Required For gjohnson@murexltd.com.msg	Get hash	malicious	HTMLPhisher	Browse
	https://employment-hr.com/66ccd2230405d/5b8cbe0b82e29621df5c72296fc0599da0566b48/	Get hash	malicious	Unknown	Browse
52.5.13.197	Vertexgroup#Signature.pdf	Get hash	malicious	Unknown	Browse
	Secured Doc-[Rmz-67847].pdf	Get hash	malicious	Unknown	Browse
	https://www.iel4u.com/FFFF.HTML	Get hash	malicious	WinSearchAbuse	Browse
	2024AdoptionConference-WhovaDirections-Desktop.pdf	Get hash	malicious	Unknown	Browse
	Benefits booklet Sign_Review ihez___fdp.pdf	Get hash	malicious	Unknown	Browse
	z2PO20240815.pdf.lnk	Get hash	malicious	XWorm	Browse
	Holland LP_MFA_NEW_PROCESSRULES.pdf	Get hash	malicious	HTMLPhisher	Browse
	https://acrobat.adobe.com/id/urn:aaid:sc:va6c2:4050cd23-db02-4b91-ab92-8d433723d20e	Get hash	malicious	HTMLPhisher	Browse
	Invoice - 37610985575605201686967398831481325055400508605286 - Busey.pdf	Get hash	malicious	Unknown	Browse
	Suspicious email.eml	Get hash	malicious	Unknown	Browse
23.56.162.185	AG Uncorked IRMI Wine Mixer Invite.pdf	Get hash	malicious	HTMLPhisher	Browse
	Gov Annual Salary + Employer - Provided Benefits2.pdf	Get hash	malicious	Phisher	Browse
	Remittance 728 Norriselectric0032xslx.pdf	Get hash	malicious	HTMLPhisher	Browse
	Secured Doc-[Rmz-67847].pdf	Get hash	malicious	Unknown	Browse
	GONZALES, ALFREDO 0012104586, 0010640472 b .pdf	Get hash	malicious	Unknown	Browse
	Corp.AcctPayable Payment Update.pdf	Get hash	malicious	Unknown	Browse
	2024AdoptionConference-WhovaDirections-Desktop.pdf	Get hash	malicious	Unknown	Browse
	https://dl.dropboxusercontent.com/scl/fi/i2zpknhy9u07fnzd16odr/Rechnungsnummer-DE230012940.zip?rlkey=so2rxiz6wbdl8wq5j881wuadq&st=f0ckmecz&dl=0	Get hash	malicious	Unknown	Browse
	Remittance Advice.pdf	Get hash	malicious	Unknown	Browse
	Secured Doc-[TcO-12691].pdf	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ceo.ca	OneDriveInvoice73391.pdf	Get hash	malicious	Unknown	Browse	34.198.199.205
bg.microsoft.map.fastly.net	17247721854992a239a10dc9d698a853fc08f17659bf477258150484d560d105950a258f8e379.dat-decoded.exe	Get hash	malicious	AsyncRAT, DcRat	Browse	199.232.214.172
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFl8RKvJCjgfWXgpyGiQbouwIVFCzJZdO6C7IEJWnFiPmUdkD_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOJptL-2BsSl02HxRvbllikFuSJtHHDkVwyIj5AuFgiubBu9sTxc8j0-2BQG5wldcZa7WyDp4BZYdRmFKi1MU2RpCFoGVLX1rLVx-2BFFfe8ZtbBDm0OusvqG9hc8jycErQH9w4yo0iZBNb6ruS35AQpqe-2Bn9sSG0dYdsEjJuPPD68-2FQoiA15kbRIRZcVBuBtywmpClclGh64Ps2rLg6E3U3-2Ft-2B24zaJbCf8tvrjozgadicpaRwQ3KIy53pMZsOUCbTeEqGc-3D#bGFtYmVydC5nZW9yZ2lhQGFpZGIub3Jn	Get hash	malicious	Unknown	Browse	199.232.214.172
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFl8RKvJCjgfWXgpyGiQbouwIVFCzJZdO6C7IEJWnFiPmUdkD_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOJptL-2BsSl02HxRvbllikFuSJtHHDkVwyIj5AuFgiubBu9sTxc8j0-2BQG5wldcZa7WyDp4BZYdRmFKi1MU2RpCFoGVLX1rLVx-2BFFfe8ZtbBDm0OusvqG9hc8jycErQH9w4yo0iZBNb6ruS35AQpqe-2Bn9sSG0dYdsEjJuPPD68-2FQoiA15kbRIRZcVBuBtywmpClclGh64Ps2rLg6E3U3-2Ft-2B24zaJbCf8tvrjozgadicpaRwQ3KIy53pMZsOUCbTeEqGc-3D#bGFtYmVydC5nZW9yZ2lhQGFpZGIub3Jn	Get hash	malicious	Unknown	Browse	199.232.210.172
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFgXXvv2-2BWxavJhSFh1X9YeE09JxYfGZOrfNXpE1b1zMSec6V_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZNvtRLmuq9nwTUBLvlyUQLSTjA0dDcTtmNJHz5AQBzdlGtncKRz08-2BYDBtkpKhh0KX17i2fmd5it7ecx-2FWvhsbD-2BwYBTTPKQ3j-2FAyMvTur79Dsx-2FPO7GwMrKARE8VWDjAjvStKY75qeeBLXHuDipEV3KKO3k4ABqkQG2RlytfHIDieNQv9UnoJapwQuVaik0jLuTXarvnnfl3sa3LYFT4h4hVVagLZJwfqoXYBXcReN-2F1X4eM9FZF-2BvVOXIZ-2BqDy2Q-3D	Get hash	malicious	HTMLPhisher	Browse	199.232.210.172
	Gov Annual Salary + Employer - Provided Benefits.pdf	Get hash	malicious	Phisher	Browse	199.232.210.172
	http://www.empoweryourretirement.com	Get hash	malicious	Unknown	Browse	199.232.214.172
	http://o62arw.dsjpropertymanagementllc.com	Get hash	malicious	EvilProxy, HTMLPhisher	Browse	199.232.210.172
	http://hcmexelatech.com	Get hash	malicious	Unknown	Browse	199.232.210.172
	https://link.edgepilot.com/s/0a0a1de8/sejArQnwPkquQqXb9x-mpw?u=https://frontierincubators.org/	Get hash	malicious	Unknown	Browse	199.232.210.172
	https://bizbank.shinhan.com/sw/wizvera/veraport/install20/install_eng.html	Get hash	malicious	Unknown	Browse	199.232.210.172
watercolorjourney.net	https://service.clearservice.com/constructionns/track/link.jsp?id1=7962783&id2=1118626513&link=https://watercolorjourney.net/afew/ribs.html	Get hash	malicious	Unknown	Browse	162.241.87.113

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASUS	phish_alert_iocp_v1.4.48 (38).eml	Get hash	malicious	HTMLPhisher	Browse	184.28.90.27
	AG Uncorked IRMI Wine Mixer Invite.pdf	Get hash	malicious	HTMLPhisher	Browse	23.56.162.185
	Murexltd Mail Security Update Required For gjohnson@murexltd.com.msg	Get hash	malicious	HTMLPhisher	Browse	2.19.126.151
	extracted-pkg.ziphttps://fluencydirect-distro.s3.amazonaws.com/releases.macOS/FluencyDirect-11.0.10.40.pkg	Get hash	malicious	Unknown	Browse	23.210.0.217
	Vertexgroup#Signature.pdf	Get hash	malicious	Unknown	Browse	2.19.126.135
	original (3).eml	Get hash	malicious	Unknown	Browse	2.19.126.151
	Gov Annual Salary + Employer - Provided Benefits2.pdf	Get hash	malicious	Phisher	Browse	23.56.162.185
	adobe_document.pdf	Get hash	malicious	HTMLPhisher	Browse	96.17.64.189
	https://support.microsoft.com/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44	Get hash	malicious	HTMLPhisher	Browse	88.221.168.116
	https://aka.ms/LearnAboutSenderIdentification	Get hash	malicious	HTMLPhisher	Browse	104.119.110.121
AMAZON-AESUS	AG Uncorked IRMI Wine Mixer Invite.pdf	Get hash	malicious	HTMLPhisher	Browse	44.196.207.201
	ATT09876.htm	Get hash	malicious	HTMLPhisher	Browse	3.94.218.138
	Smeg SignRequest.pdf	Get hash	malicious	HTMLPhisher	Browse	52.202.204.11
	IMG_00991ORDER_FILES.exe	Get hash	malicious	FormBook, GuLoader	Browse	3.82.56.39
	Murexltd Mail Security Update Required For gjohnson@murexltd.com.msg	Get hash	malicious	HTMLPhisher	Browse	54.227.187.23
	extracted-pkg.ziphttps://fluencydirect-distro.s3.amazonaws.com/releases.macOS/FluencyDirect-11.0.10.40.pkg	Get hash	malicious	Unknown	Browse	3.5.28.200
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFl8RKvJCjgfWXgpyGiQbouwIVFCzJZdO6C7IEJWnFiPmUdkD_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOJptL-2BsSl02HxRvbllikFuSJtHHDkVwyIj5AuFgiubBu9sTxc8j0-2BQG5wldcZa7WyDp4BZYdRmFKi1MU2RpCFoGVLX1rLVx-2BFFfe8ZtbBDm0OusvqG9hc8jycErQH9w4yo0iZBNb6ruS35AQpqe-2Bn9sSG0dYdsEjJuPPD68-2FQoiA15kbRIRZcVBuBtywmpClclGh64Ps2rLg6E3U3-2Ft-2B24zaJbCf8tvrjozgadicpaRwQ3KIy53pMZsOUCbTeEqGc-3D#bGFtYmVydC5nZW9yZ2lhQGFpZGIub3Jn	Get hash	malicious	Unknown	Browse	18.211.185.188
	http://journalscene.secondstreetapp.com/api/organization_user_email_verifications?token=npv0kjeneci&opid=1033948&lrt=rmsqe55tykx&bf=bc07ae1cf7bbffb3bcd5bc7a10f031b8&ip=207.144.57.39&redirect=https://unsus3.ru/oth/chameleon/#tbianetskaya@pierceatwood.com	Get hash	malicious	Unknown	Browse	54.197.229.45
	Vertexgroup#Signature.pdf	Get hash	malicious	Unknown	Browse	54.147.21.139
	https://files.fm/u/vtrxvgdh6w	Get hash	malicious	GuLoader	Browse	54.204.123.228
AMAZON-AESUS	AG Uncorked IRMI Wine Mixer Invite.pdf	Get hash	malicious	HTMLPhisher	Browse	44.196.207.201
	ATT09876.htm	Get hash	malicious	HTMLPhisher	Browse	3.94.218.138
	Smeg SignRequest.pdf	Get hash	malicious	HTMLPhisher	Browse	52.202.204.11
	IMG_00991ORDER_FILES.exe	Get hash	malicious	FormBook, GuLoader	Browse	3.82.56.39
	Murexltd Mail Security Update Required For gjohnson@murexltd.com.msg	Get hash	malicious	HTMLPhisher	Browse	54.227.187.23
	extracted-pkg.ziphttps://fluencydirect-distro.s3.amazonaws.com/releases.macOS/FluencyDirect-11.0.10.40.pkg	Get hash	malicious	Unknown	Browse	3.5.28.200
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFl8RKvJCjgfWXgpyGiQbouwIVFCzJZdO6C7IEJWnFiPmUdkD_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOJptL-2BsSl02HxRvbllikFuSJtHHDkVwyIj5AuFgiubBu9sTxc8j0-2BQG5wldcZa7WyDp4BZYdRmFKi1MU2RpCFoGVLX1rLVx-2BFFfe8ZtbBDm0OusvqG9hc8jycErQH9w4yo0iZBNb6ruS35AQpqe-2Bn9sSG0dYdsEjJuPPD68-2FQoiA15kbRIRZcVBuBtywmpClclGh64Ps2rLg6E3U3-2Ft-2B24zaJbCf8tvrjozgadicpaRwQ3KIy53pMZsOUCbTeEqGc-3D#bGFtYmVydC5nZW9yZ2lhQGFpZGIub3Jn	Get hash	malicious	Unknown	Browse	18.211.185.188
	http://journalscene.secondstreetapp.com/api/organization_user_email_verifications?token=npv0kjeneci&opid=1033948&lrt=rmsqe55tykx&bf=bc07ae1cf7bbffb3bcd5bc7a10f031b8&ip=207.144.57.39&redirect=https://unsus3.ru/oth/chameleon/#tbianetskaya@pierceatwood.com	Get hash	malicious	Unknown	Browse	54.197.229.45
	Vertexgroup#Signature.pdf	Get hash	malicious	Unknown	Browse	54.147.21.139
	https://files.fm/u/vtrxvgdh6w	Get hash	malicious	GuLoader	Browse	54.204.123.228
UNIFIEDLAYER-AS-1US	phish_alert_iocp_v1.4.48 (38).eml	Get hash	malicious	HTMLPhisher	Browse	192.185.171.234
	ATT09876.htm	Get hash	malicious	HTMLPhisher	Browse	69.49.245.172
	Vertexgroup#Signature.pdf	Get hash	malicious	Unknown	Browse	162.241.87.113
	Quotation-27-08-24.exe	Get hash	malicious	FormBook	Browse	162.240.81.18
	Electronic_Receipt_ATT0001.htm	Get hash	malicious	Unknown	Browse	69.49.245.172
	https://tjh.kyx.mybluehost.me/wise/number-account-184049/pages/login.php	Get hash	malicious	Unknown	Browse	162.241.30.80
	Electronic_Receipt_ATT0001.htm	Get hash	malicious	Unknown	Browse	69.49.245.172
	https://service.clearservice.com/constructionns/track/link.jsp?id1=7962783&id2=1118626513&link=https://watercolorjourney.net/afew/ribs.html	Get hash	malicious	Unknown	Browse	162.241.87.113
	https://subwaypay.brgsistemas.com.br/ogk2/Magenta/	Get hash	malicious	Phisher	Browse	192.185.210.56
	QUOTATION_AUGQTRA071244#U00b7PDF.scr.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	198.57.247.184

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	Inv-Info98.htm	Get hash	malicious	HTMLPhisher	Browse	40.68.123.157 184.28.90.27
	https://kjppartners.cmfr.cloud/	Get hash	malicious	HTMLPhisher	Browse	40.68.123.157 184.28.90.27
	ATT09876.htm	Get hash	malicious	HTMLPhisher	Browse	40.68.123.157 184.28.90.27
	file.exe	Get hash	malicious	Unknown	Browse	40.68.123.157 184.28.90.27
	https://employment-hr.com/66ccd2230405d/5b8cbe0b82e29621df5c72296fc0599da0566b48/	Get hash	malicious	Unknown	Browse	40.68.123.157 184.28.90.27
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFl8RKvJCjgfWXgpyGiQbouwIVFCzJZdO6C7IEJWnFiPmUdkD_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOJptL-2BsSl02HxRvbllikFuSJtHHDkVwyIj5AuFgiubBu9sTxc8j0-2BQG5wldcZa7WyDp4BZYdRmFKi1MU2RpCFoGVLX1rLVx-2BFFfe8ZtbBDm0OusvqG9hc8jycErQH9w4yo0iZBNb6ruS35AQpqe-2Bn9sSG0dYdsEjJuPPD68-2FQoiA15kbRIRZcVBuBtywmpClclGh64Ps2rLg6E3U3-2Ft-2B24zaJbCf8tvrjozgadicpaRwQ3KIy53pMZsOUCbTeEqGc-3D#bGFtYmVydC5nZW9yZ2lhQGFpZGIub3Jn	Get hash	malicious	Unknown	Browse	40.68.123.157 184.28.90.27
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFl8RKvJCjgfWXgpyGiQbouwIVFCzJZdO6C7IEJWnFiPmUdkD_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOJptL-2BsSl02HxRvbllikFuSJtHHDkVwyIj5AuFgiubBu9sTxc8j0-2BQG5wldcZa7WyDp4BZYdRmFKi1MU2RpCFoGVLX1rLVx-2BFFfe8ZtbBDm0OusvqG9hc8jycErQH9w4yo0iZBNb6ruS35AQpqe-2Bn9sSG0dYdsEjJuPPD68-2FQoiA15kbRIRZcVBuBtywmpClclGh64Ps2rLg6E3U3-2Ft-2B24zaJbCf8tvrjozgadicpaRwQ3KIy53pMZsOUCbTeEqGc-3D#bGFtYmVydC5nZW9yZ2lhQGFpZGIub3Jn	Get hash	malicious	Unknown	Browse	40.68.123.157 184.28.90.27
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFl8RKvJCjgfWXgpyGiQbouwIVFCzJZdO6C7IEJWnFiPmUdkD_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOJptL-2BsSl02HxRvbllikFuSJtHHDkVwyIj5AuFgiubBu9sTxc8j0-2BQG5wldcZa7WyDp4BZYdRmFKi1MU2RpCFoGVLX1rLVx-2BFFfe8ZtbBDm0OusvqG9hc8jycErQH9w4yo0iZBNb6ruS35AQpqe-2Bn9sSG0dYdsEjJuPPD68-2FQoiA15kbRIRZcVBuBtywmpClclGh64Ps2rLg6E3U3-2Ft-2B24zaJbCf8tvrjozgadicpaRwQ3KIy53pMZsOUCbTeEqGc-3D#bGFtYmVydC5nZW9yZ2lhQGFpZGIub3Jn	Get hash	malicious	Unknown	Browse	40.68.123.157 184.28.90.27
	http://journalscene.secondstreetapp.com/api/organization_user_email_verifications?token=npv0kjeneci&opid=1033948&lrt=rmsqe55tykx&bf=bc07ae1cf7bbffb3bcd5bc7a10f031b8&ip=207.144.57.39&redirect=https://unsus3.ru/oth/chameleon/#tbianetskaya@pierceatwood.com	Get hash	malicious	Unknown	Browse	40.68.123.157 184.28.90.27
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFgXXvv2-2BWxavJhSFh1X9YeE09JxYfGZOrfNXpE1b1zMSec6V_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZNvtRLmuq9nwTUBLvlyUQLSTjA0dDcTtmNJHz5AQBzdlGtncKRz08-2BYDBtkpKhh0KX17i2fmd5it7ecx-2FWvhsbD-2BwYBTTPKQ3j-2FAyMvTur79Dsx-2FPO7GwMrKARE8VWDjAjvStKY75qeeBLXHuDipEV3KKO3k4ABqkQG2RlytfHIDieNQv9UnoJapwQuVaik0jLuTXarvnnfl3sa3LYFT4h4hVVagLZJwfqoXYBXcReN-2F1X4eM9FZF-2BvVOXIZ-2BqDy2Q-3D	Get hash	malicious	HTMLPhisher	Browse	40.68.123.157 184.28.90.27

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.174570836157346
Encrypted:	false
SSDEEP:	6:N765YUq2Pwkn2nKuAl9OmbnIFUt88765YXdVFZZmw+8765YXdVFzkwOwkn2nKuAR:N7oYUvYfHAahFUt887oYNh/+87oYN750
MD5:	818EA2F3C80EF0DE556CC205D9B723DF
SHA1:	059EC9455DF737B47B7C1CD47AD365B3EE4B96D6
SHA-256:	7B313B39AAE2950B778E7432B7964C9C758FEBC2F7CDD61C0431AD591D3B77C5
SHA-512:	357708DC251A42EC08B87F202863D435F6D52A3F2339BDB08B0705D75FCCA5A6E91BFDB747E944F3A0512AB66EC850B72581D4B72B89E9609653B6B82DA6EAC4
Malicious:	false
Reputation:	low
Preview:	2024/08/27-13:05:47.019 1e00 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/08/27-13:05:47.022 1e00 Recovering log #3.2024/08/27-13:05:47.022 1e00 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.174570836157346
Encrypted:	false
SSDEEP:	6:N765YUq2Pwkn2nKuAl9OmbnIFUt88765YXdVFZZmw+8765YXdVFzkwOwkn2nKuAR:N7oYUvYfHAahFUt887oYNh/+87oYN750
MD5:	818EA2F3C80EF0DE556CC205D9B723DF
SHA1:	059EC9455DF737B47B7C1CD47AD365B3EE4B96D6
SHA-256:	7B313B39AAE2950B778E7432B7964C9C758FEBC2F7CDD61C0431AD591D3B77C5
SHA-512:	357708DC251A42EC08B87F202863D435F6D52A3F2339BDB08B0705D75FCCA5A6E91BFDB747E944F3A0512AB66EC850B72581D4B72B89E9609653B6B82DA6EAC4
Malicious:	false
Reputation:	low
Preview:	2024/08/27-13:05:47.019 1e00 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/08/27-13:05:47.022 1e00 Recovering log #3.2024/08/27-13:05:47.022 1e00 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.222162313609871
Encrypted:	false
SSDEEP:	6:N765oFN4q2Pwkn2nKuAl9Ombzo2jMGIFUt88765t3JZmw+8765mPXDkwOwkn2nK3:N7oi4vYfHAa8uFUt887ot3J/+87omPXw
MD5:	0A0E3C3E9D809E183A1779C0178573A2
SHA1:	6D5809F505CF3037EC34C2A760D83EA74B9AC910
SHA-256:	1B5E957AB9E557F3E034C04CF3E7F87DEE471BE76A5CC702A6782472BDFC25ED
SHA-512:	47266D564B133971762894D6C00282FD5EE8731982AF4A721296B65BE68A847576BCFEB9EE1F606D39C75DB2BD93CA919B4646FEEEDD32AC7A1A6F58B377C402
Malicious:	false
Reputation:	low
Preview:	2024/08/27-13:05:47.116 1e64 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/08/27-13:05:47.117 1e64 Recovering log #3.2024/08/27-13:05:47.118 1e64 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.222162313609871
Encrypted:	false
SSDEEP:	6:N765oFN4q2Pwkn2nKuAl9Ombzo2jMGIFUt88765t3JZmw+8765mPXDkwOwkn2nK3:N7oi4vYfHAa8uFUt887ot3J/+87omPXw
MD5:	0A0E3C3E9D809E183A1779C0178573A2
SHA1:	6D5809F505CF3037EC34C2A760D83EA74B9AC910
SHA-256:	1B5E957AB9E557F3E034C04CF3E7F87DEE471BE76A5CC702A6782472BDFC25ED
SHA-512:	47266D564B133971762894D6C00282FD5EE8731982AF4A721296B65BE68A847576BCFEB9EE1F606D39C75DB2BD93CA919B4646FEEEDD32AC7A1A6F58B377C402
Malicious:	false
Reputation:	low
Preview:	2024/08/27-13:05:47.116 1e64 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/08/27-13:05:47.117 1e64 Recovering log #3.2024/08/27-13:05:47.118 1e64 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.967403857886107
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
MD5:	B7761633048D74E3C02F61AD04E00147
SHA1:	72A2D446DF757BAEA2C7A58C050925976E4C9372
SHA-256:	1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
SHA-512:	397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF68be25.TMP (copy)

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.967403857886107
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
MD5:	B7761633048D74E3C02F61AD04E00147
SHA1:	72A2D446DF757BAEA2C7A58C050925976E4C9372
SHA-256:	1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
SHA-512:	397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\f6bbfcb5-7cef-4d86-8976-3be837bd8155.tmp

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.967403857886107
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
MD5:	B7761633048D74E3C02F61AD04E00147
SHA1:	72A2D446DF757BAEA2C7A58C050925976E4C9372
SHA-256:	1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
SHA-512:	397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\f8dfdee7-f613-407e-8a5f-72db3503c6ca.tmp

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	475
Entropy (8bit):	4.948816654889664
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqrJsBdOg2HAgcaq3QYiubInP7E4TX:Y2sRdsDdMH83QYhbG7n7
MD5:	EDC30FC237434937315B85F4F1549567
SHA1:	9282B6EDA92C1AFF831C164FD1D74F741268FA20
SHA-256:	0B87DB30C4A9E1F7351684D1CA6F1BB5B1ED5830BD8A471C4A4BCA8CB34D1725
SHA-512:	6A85E1D5AAB457BD995D86BE73A6C105996899B369A79A0D3543EB066E18D248A30FD790B9BA943ECD1B780BB5F7437A7EBE3042B5F85A872D8DF8BE8CBC1AC8
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13369338358824559","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":195439},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4730
Entropy (8bit):	5.252126923394674
Encrypted:	false
SSDEEP:	96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7l3xT6zkdxTZ:etJCV4FiN/jTN/2r8Mta02fEhgO73gox
MD5:	D0FE8ACD644337CAEDA4B38C55B69333
SHA1:	DF6B49845317F7B8E53372B4521870FFBFBBCE72
SHA-256:	4F46ED46FAA80AB4934D50FB182BF85715684D9B2BAD41C64CAB290D2D905411
SHA-512:	63EA5877BE38D202EF2991737F75C621994BC1D8F5D52E35964CBAD19EFD09CB62EFDBE3FA1225CE866D14A7A8AEDCD980F2E4A1DB6BDC6C8C368C1C01C794FF
Malicious:	false
Preview:	*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..\|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.245020352385529
Encrypted:	false
SSDEEP:	6:N765adBAH34q2Pwkn2nKuAl9OmbzNMxIFUt88765adNLJZmw+8765adALDkwOwkS:N7o+AH34vYfHAa8jFUt887o6LJ/+87oz
MD5:	26CB36F7F3A1DD3F8A42163B27BE5342
SHA1:	6F429FA2FE1771A554CE23F8EF764C4B8F638A71
SHA-256:	B0D052CE881BCF1AD3FD51B52D6DE84DA7FA528709309C82407FDF16C8FF62C5
SHA-512:	42A3D189DC1EBC97E8C3ED908B9DF523FFCE051A074C184D778C6A2D5780D165DC2683421115F81BD5A3387E053B84242C12C3969DD949BB23F182150846468E
Malicious:	false
Preview:	2024/08/27-13:05:47.285 1e64 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/08/27-13:05:47.288 1e64 Recovering log #3.2024/08/27-13:05:47.289 1e64 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.245020352385529
Encrypted:	false
SSDEEP:	6:N765adBAH34q2Pwkn2nKuAl9OmbzNMxIFUt88765adNLJZmw+8765adALDkwOwkS:N7o+AH34vYfHAa8jFUt887o6LJ/+87oz
MD5:	26CB36F7F3A1DD3F8A42163B27BE5342
SHA1:	6F429FA2FE1771A554CE23F8EF764C4B8F638A71
SHA-256:	B0D052CE881BCF1AD3FD51B52D6DE84DA7FA528709309C82407FDF16C8FF62C5
SHA-512:	42A3D189DC1EBC97E8C3ED908B9DF523FFCE051A074C184D778C6A2D5780D165DC2683421115F81BD5A3387E053B84242C12C3969DD949BB23F182150846468E
Malicious:	false
Preview:	2024/08/27-13:05:47.285 1e64 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/08/27-13:05:47.288 1e64 Recovering log #3.2024/08/27-13:05:47.289 1e64 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240827170553Z-218.bmp

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	2.271305797354838
Encrypted:	false
SSDEEP:	96:UtHINMMs7MMMZ4fUnEVh/riKo/MMhMhKjgccSDnMSBAQxadRYUuQzvMM8MJoMM9+:UL/ron5BWRYTn8
MD5:	2FF4C1F10ADB317207EA06C0E0D085E2
SHA1:	96D17BE4FC4FC2F9E5A225FBEFE20597613F80FC
SHA-256:	1BE4D102984F0EEB2542D698D1DCB2E408DA105DF2B74FBC15F237AA66C77BF2
SHA-512:	072BF77A2E647D9575F210960F0CC13A9C07F89391F9B53BC82F747D36B204D1392720A7B4F0289B34D3A55CBBCCE4C5345CC70194626791B3E3369ADEEEDE46
Malicious:	false
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.445293337105309
Encrypted:	false
SSDEEP:	384:yezci5tGiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rJs3OazzU89UTTgUL
MD5:	FBF1955BA77A2A22C298BE82C74AF5A6
SHA1:	4F6A40FB3672FF6D276452AC8DE5C87C5F79C330
SHA-256:	2471C0CFCC5C3E1EBDA967D3BEE27E72C110B3B2834E9D076B2F0DED693B15E8
SHA-512:	56887595131BE6B45D71230E13C5BFAE7B88ACD81B7BB6500AA48F4BD72B0CFE531C0C9CD0F9213FC080A9B8139992AE3E36FF96D09E9BF1C2D0A649C388FAF7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.7755672109459213
Encrypted:	false
SSDEEP:	48:7Mxp/E2ioyVrioy9oWoy1Cwoy1bKOioy1noy1AYoy1Wioy1hioybioyboy1noy1h:7OpjurFmXKQC5b9IVXEBodRBkv
MD5:	E0DC50DC773182D1E2CAA30D22CD3F9C
SHA1:	45C3EB36347E8E00DEE443DCCF58A06E9719A54B
SHA-256:	B0AC886C1DB787475488F2A06FBC82F1E2B8A7462D894A0DC8D7C916BD641612
SHA-512:	E357BC73F432B30839B08B438F8966BB4F9F43645AF10A68DB3250FAD11A21E9DE0C0F079A56010E5E27FBA49D49962F3B0EBFE41C3D85F85945EFFD3445F783
Malicious:	false
Preview:	.... .c.....#.^................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:	1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	893
Entropy (8bit):	7.366016576663508
Encrypted:	false
SSDEEP:	24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
MD5:	D4AE187B4574036C2D76B6DF8A8C1A30
SHA1:	B06F409FA14BAB33CBAF4A37811B8740B624D9E5
SHA-256:	A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
SHA-512:	1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C
Malicious:	false
Preview:	0..y...H.........j0..f...1.0....H.........N0..J0..2.......D....'..09...@k0....H........0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30...000930211219Z..210930140115Z0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30.."0....H.............0..........P..W..be......,k0.[...}.@......3vI.?!I..N..>H.e...!.e..2....w..{........s.z..2..~..0....8.y.1.P..e.Qc...a.Ka..Rk...K.(.H......>.... .[.....p....%.tr.{j.4.0...h.{T....Z...=d.....Ap..r.&.8U9C....\@........%.......:..n.>..\..<.i.....)W..=....]......B0@0...U.......0....0...U...........0...U.........{,q...K.u...`...0....H...............,...\...(f7:...?K.... ]..YD.>.>..K.t.....t..~.....K. D....}..j.....N..:.pI...........:^H...X._..Z.....Y..n......f3.Y[...sG.+..7H..VK....r2...D.SrmC.&H.Rg.X..gvqx...V..9$1....Z0G..P.......dc`........}...=2.e..\|.Wv..(9..e...w.j..w.......)...55.1.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.2334012590155985
Encrypted:	false
SSDEEP:	6:kKVKa9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:N0DImsLNkPlE99SNxAhUe/3
MD5:	F986D150E0E841A93C1A10C4589DF576
SHA1:	1B014F275A8E253C535180F0FA5E977D7C913F84
SHA-256:	7B69219D28B7B1FC03EE9292EA7388C891E007F0B6AF8F8FAC1CF5A955C4BB30
SHA-512:	A63F62E4603626254DE4CEE7644FD7AB6AFF5E8B0C6F20F5B1B1F915E3E52EF445CED48AE8A4B8505C3B1767099BBFADE6BD4BEBC574978EB5EF84BDB2C38E30
Malicious:	false
Preview:	p...... .........Xi.....(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	252
Entropy (8bit):	3.0155357938800775
Encrypted:	false
SSDEEP:	3:kkFklN1tfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7lnklc:kKcxliBAIdQZV7I7kc3
MD5:	1E6BD7678223F46DB0F0209737C4E1BF
SHA1:	9DF5961E20086AEBD295B0E066E9661099D4CB35
SHA-256:	C93257F3324E730E875F57FE8172362F61DABFA300679490E748226E3A0D28E0
SHA-512:	B4AA34EB9F987CB3A258F892A646C56BF096999F56A7865CCF0050FA5F474970EC111F156669BD4563A2747790827F9E75EDB990AB1EDE110F475576FFA0DD1D
Malicious:	false
Preview:	p...... ....`...i..a....(....................................................... ........!.M........(...........}...h.t.t.p.:././.a.p.p.s...i.d.e.n.t.r.u.s.t...c.o.m./.r.o.o.t.s./.d.s.t.r.o.o.t.c.a.x.3...p.7.c...".3.7.d.-.6.0.7.9.b.8.c.0.9.2.9.c.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	243196
Entropy (8bit):	3.3450692389394283
Encrypted:	false
SSDEEP:	1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
MD5:	F5567C4FF4AB049B696D3BE0DD72A793
SHA1:	EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
SHA-256:	D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
SHA-512:	E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.363704585445124
Encrypted:	false
SSDEEP:	6:YEQXJ2HXqgbgpxGnVoZcg1vRcR0YKtoEeoAvJM3g98kUwPeUkwRe9:YvXKXqgbQIWZc0v9osGMbLUkee9
MD5:	C06D4FDB6B7A8BEE1100E45989555365
SHA1:	9F5A5C8BE6C276ADBBEA378A8995F5B6B3BEF34C
SHA-256:	78CEBE246E7AE69ED713B5EAE53B9E6A5ECB3842250F7B5A00445BCA740A6927
SHA-512:	C7912FE624D288B6546B036D7BFBFDDD7AA76499D991EB99880974B63B7EEDDEE1A03E5C71AB6B4A82C515E75331CABED4317BB525ECA4CE7C59F96334C89313
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"1ca95b54-7a8b-4c69-818d-fc3a8f5da192","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1724956212980,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.313980209342037
Encrypted:	false
SSDEEP:	6:YEQXJ2HXqgbgpxGnVoZcg1vRcR0YKtoEeoAvJfBoTfXpnrPeUkwRe9:YvXKXqgbQIWZc0v9osGWTfXcUkee9
MD5:	95FF98161C81750E594010B3BD145C40
SHA1:	BD9ED107CA29583CC047A2D4F31ACC8B475DAE1F
SHA-256:	98DF525AA6A51831E908A403656A20E63F5E959AFB42C90D1358A3F41AD91316
SHA-512:	522078A19CF00D51BC2484CF69A244B301B316B62D131940767A7A5EEB247ABE7113AAD9BD9F1A1DCE3A80FE7EB467746BCF8370AA4EB1BBD25978C6D3C8C5A9
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"1ca95b54-7a8b-4c69-818d-fc3a8f5da192","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1724956212980,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.291523407560659
Encrypted:	false
SSDEEP:	6:YEQXJ2HXqgbgpxGnVoZcg1vRcR0YKtoEeoAvJfBD2G6UpnrPeUkwRe9:YvXKXqgbQIWZc0v9osGR22cUkee9
MD5:	7A736DF5765B131B29C81918DA5FA24C
SHA1:	C2C9D42D7885FD2CB78FB55864A3955F3E1320C5
SHA-256:	A747DF2193F6774075FBF05A238CE6985BC12FE33DB4BF9074CF34CC4F29AF79
SHA-512:	6B9871551F53A2F44AF5F5ED1B752AEE16F170DE7CCD863EC8A6F79A80C0B72FF477A96098B7ABCA7DA1EF08DA5F2CF48EDFCA0163C5546717E5B74693629A8C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"1ca95b54-7a8b-4c69-818d-fc3a8f5da192","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1724956212980,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.350727063539509
Encrypted:	false
SSDEEP:	6:YEQXJ2HXqgbgpxGnVoZcg1vRcR0YKtoEeoAvJfPmwrPeUkwRe9:YvXKXqgbQIWZc0v9osGH56Ukee9
MD5:	00632F775B6261F9BFD8C904A661BBF5
SHA1:	A5B2321F6D991BFF7FF80375CFA2CE4389662941
SHA-256:	DEEA2EB61146AB5C5CCD54DABAF0080AD5597F99DEBA0F738E872E526ED0DB9A
SHA-512:	385A96152BEA6BA614B25D0873D4A80BC4820927C201C576DD6182429E846BE4C96792450EDA3001D5C628A1C9B52515EE7B0C67B3F97B17AB608671C417DAC9
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"1ca95b54-7a8b-4c69-818d-fc3a8f5da192","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1724956212980,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1063
Entropy (8bit):	5.665657083708399
Encrypted:	false
SSDEEP:	24:Yv6XiIWzvupLgEFqciGennl0RCmK8czOCY4w2m:YvVGhgLtaAh8cvYvR
MD5:	B08C29509C00D3A724D744EE4F000422
SHA1:	9922AE811C0ED2463A93DD6FBF88F0F9DD628E11
SHA-256:	A71EC16034C4EDC2E3668F0AEBB4D39EC558E4CF92F0AB9EF683E1F79A3108AB
SHA-512:	BB598386813FE3DE159637475D8694B8970F23F351CB28400A1A4B92FCE8484B0DBE42C140AABB520BC30E32971ADA630CA0DA5FA9450613F40FCB7D75EE248D
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"1ca95b54-7a8b-4c69-818d-fc3a8f5da192","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1724956212980,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_2","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"afb9c2a3-eaf4-41f9-9d73-768e72f72282","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgZmlsZXMgdG8gYW5kIGZyb20gUERGXG53aXRob3V0IGxpbWl0cy4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingSc

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1050
Entropy (8bit):	5.653802869559527
Encrypted:	false
SSDEEP:	24:Yv6XiIWzv4VLgEF0c7sbnl0RCmK8czOCYHflEpwiVm:YvVwFg6sGAh8cvYHWpwX
MD5:	FD7C51B4533A034FE39C71FDB35A0270
SHA1:	EA53B63EE7C61587E4B282CF234B90DD3937170C
SHA-256:	F48A02C4D74EF5DC952084A3BC5215213FB05155AA410F6B03738248E566A2F8
SHA-512:	99D07786CF0E36647938F5E64E496868D6527CA1C367A7D3EEF263C8CFA1C272427BD272B192C17B49325D4A97F1832BF4158AD331085BDA9B5635BED889BA55
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"1ca95b54-7a8b-4c69-818d-fc3a8f5da192","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1724956212980,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.302011782402349
Encrypted:	false
SSDEEP:	6:YEQXJ2HXqgbgpxGnVoZcg1vRcR0YKtoEeoAvJfQ1rPeUkwRe9:YvXKXqgbQIWZc0v9osGY16Ukee9
MD5:	889DD0E29378DD767A6D6E129D14A0C0
SHA1:	0BF6AB52EDB1D0B5EFFA0727A9981047C3B9AC58
SHA-256:	A5BFC35F127A623DA2B904A65A95E6A202BEB48726D237372D46012ECDDF3C34
SHA-512:	B29EFF8264D56DFFFB9F6CE751493B9BAD1DE59415AD758D0D678197BA170493F0F839DF600E661CD83E4BC7255FDDFF7CD43AEB779041DA0F05AEC8E3DD200B
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"1ca95b54-7a8b-4c69-818d-fc3a8f5da192","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1724956212980,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1038
Entropy (8bit):	5.6465641042186965
Encrypted:	false
SSDEEP:	24:Yv6XiIWzv92LgEF7cciAXs0nl0RCmK8czOCAPtciBm:YvVVogc8hAh8cvA8
MD5:	938BB004F9017CDDD7485B91DDF9AD9B
SHA1:	A5CA0E556D9D685247EFC0F33C66B75B54B9BE2D
SHA-256:	E070CDF207A609B2FF09BE33FA2D87CCAE063499768BB1E5FE7BF91C9E0F48AF
SHA-512:	CFB00CA75546BAB6CC17295DA364B2159DBC8ABA28EEB79D390E5A02F5F38B298FB4E114FB64E2EBDB46EE4728763740C36BA736790585AB15BD2FCC2AF1FCF1
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"1ca95b54-7a8b-4c69-818d-fc3a8f5da192","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1724956212980,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	5.699738109973975
Encrypted:	false
SSDEEP:	24:Yv6XiIWzvVKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5m:YvV9EgqprtrS5OZjSlwTmAfSKQ
MD5:	0D68DE6250276FB0B80D171996217DF2
SHA1:	288F3B166E154C6F0AA206D612759CBBAC7E6042
SHA-256:	420B4CD17BFF57FF85CF5FFA02DDD3D031060464FD8EA8354CAF5123AA87EFB0
SHA-512:	FDB35A66EB25F385D8A14E9A5D819DE917AF999BD28EE21BE5800EBD6274287FBBD07EE4CC3F50A5987F4557C6B57E3FF3E2BAD52C57FACEB5F912D1E273C134
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"1ca95b54-7a8b-4c69-818d-fc3a8f5da192","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1724956212980,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.3042653721488735
Encrypted:	false
SSDEEP:	6:YEQXJ2HXqgbgpxGnVoZcg1vRcR0YKtoEeoAvJfYdPeUkwRe9:YvXKXqgbQIWZc0v9osGg8Ukee9
MD5:	1CAEC7DD064F124492314339CF637586
SHA1:	9D738DE757718749D2AC378D046118B36740016B
SHA-256:	58F032D048FB1BD1AEC8F9877C36C88378A4069BEFDCD170330E408CBE3D032A
SHA-512:	D17C992FDA2899AD27DB4C64E125D93CAC09CC2599795710967E44A1EF354A0FE86E31FDB2CB38AC01BF206D4305A215FAEAC98277077236E9540CA427F49319
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"1ca95b54-7a8b-4c69-818d-fc3a8f5da192","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1724956212980,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.778656764974424
Encrypted:	false
SSDEEP:	24:Yv6XiIWzvIrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNu:YvVAHgDv3W2aYQfgB5OUupHrQ9FJQ
MD5:	BAE8514541ACEA975A2CAC7F37CAA323
SHA1:	F8FD4AE7FD456336D6D585E51C503A244F3D9491
SHA-256:	789E4C53454364EADCF5742AA478E1ED906F66D6D5D25619728B126AEE1B17C6
SHA-512:	FD724186DF56DFC70382DC250419D9870310AADF25FE46A24F69BF1B54CB7069789AEC15504C73F16998B0D536E4EC74760A642C8EBAB7872A10287670CEDF00
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"1ca95b54-7a8b-4c69-818d-fc3a8f5da192","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1724956212980,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.287783154550237
Encrypted:	false
SSDEEP:	6:YEQXJ2HXqgbgpxGnVoZcg1vRcR0YKtoEeoAvJfbPtdPeUkwRe9:YvXKXqgbQIWZc0v9osGDV8Ukee9
MD5:	C62545E72136229314680AF99BE292F5
SHA1:	56E7F5E602861896F4D327F42014A80A07B71C11
SHA-256:	8D598E0D3C415687435404C850D93A874DF8DF434C0DF34B3EE9C833105881C9
SHA-512:	17429ABA504DDD3B68519D9032FA496F620FC019D85991FB3FB2C71AD42C8F032E81FC8881649AFDC2712FD2F405F0D8F72F2944105CBD71F0BFB307530DD3D7
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"1ca95b54-7a8b-4c69-818d-fc3a8f5da192","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1724956212980,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.293068923060038
Encrypted:	false
SSDEEP:	6:YEQXJ2HXqgbgpxGnVoZcg1vRcR0YKtoEeoAvJf21rPeUkwRe9:YvXKXqgbQIWZc0v9osG+16Ukee9
MD5:	1C35ED3365E59EE3EF96562B58C3A69D
SHA1:	BA832072712355F125B7AE61459F2724C3075F03
SHA-256:	DD77709C89C3505C3BACCF5AF8B5311F1B9C504DFD2E71C5FD15BA312BB31E98
SHA-512:	D08FEB59AE59E77DD4C0A5F535C531EB97BB19BD27E42F1F199BD1B809173760F9E1F246094877D4AFD7C0F416516B11FFD2EBC8995F549CB34173FF530EB4EE
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"1ca95b54-7a8b-4c69-818d-fc3a8f5da192","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1724956212980,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1058
Entropy (8bit):	5.655941594769922
Encrypted:	false
SSDEEP:	24:Yv6XiIWzvyamXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8Bm:YvVUBguOAh8cv+NKJ
MD5:	8AF71BA0F4253454C650094922EF98C3
SHA1:	4D795F8B2FF3F6E0BDE8FBE23CC01E945449B67A
SHA-256:	AED42335EDB4D269A21112788638E926D38B6BC19929DD263B4BADE733DE77DA
SHA-512:	9C05B040AF58E91738101B713A3596A10BE2B28D1163B15C85270F6BD1D09B463197D6135A89506FE2DD791DA19B2BE8B82F861F15BC2ED6535DA8E9925982AC
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"1ca95b54-7a8b-4c69-818d-fc3a8f5da192","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1724956212980,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_3","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"ece07729-7db6-4f20-9f8d-7976ad373049","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlNlbmQgZG9jdW1lbnRzICYgZm9ybXNcbmZvciBmYXN0IGUtc2lnbmluZyBvbmxpbmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.267537630179395
Encrypted:	false
SSDEEP:	6:YEQXJ2HXqgbgpxGnVoZcg1vRcR0YKtoEeoAvJfshHHrPeUkwRe9:YvXKXqgbQIWZc0v9osGUUUkee9
MD5:	E2D9896ADB419F7146ACAE87689789AA
SHA1:	7245BF735C3E51D25594B0FEFF17352677A74D51
SHA-256:	E0D7D023D7F736E4683FCB2613C2C86DCED5E80B347CCEFC557868793B3E15EA
SHA-512:	E2FE7C7ED7A7D8A8F3011CC8F5F83AB608BC53F999C81FD67374BE025DF1F463AFEC377B4FF116A8E0224486A0E69DD161C8A79554803BD00945D0E8FA88579F
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"1ca95b54-7a8b-4c69-818d-fc3a8f5da192","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1724956212980,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.369823133478844
Encrypted:	false
SSDEEP:	12:YvXKXqgbQIWZc0v9osGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWK:Yv6XiIWzvF168CgEXX5kcIfANhX
MD5:	70B0C223873E7A3F25CCF4BC6983B7B5
SHA1:	95E329106F026AF7A4A3D8A27ED5B1A7BA0BDA55
SHA-256:	F962992ED9419380F519BEF314B5F435E996B6FDEDF79D3E433D28985C8372D6
SHA-512:	2D0E23A136078ACDDA5AE8739815A3FA8DC84CEC127DE31422C52AFB6AD39BC0C06F87C83958B6E68B2364D0A445713EA9FA32E7C1273D8B80A68EBDAE89CD2B
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"1ca95b54-7a8b-4c69-818d-fc3a8f5da192","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1724956212980,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1724778358014}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2818
Entropy (8bit):	5.129404511232705
Encrypted:	false
SSDEEP:	24:Ykuenu79aJbPBayLWJBzD0CiDq7Q8SBpoW4PfdB42j16mj0SigAy2J2LSsfp569M:YkxXbKBzAdq7iBp/G31649zwafpc99i
MD5:	00AB5E57D14542ED78A4A6EFD024EC98
SHA1:	F3A9643810A09BB324BA4475663DC262880A5785
SHA-256:	A5D8EC806272270B24DEE83166F8C2A8D2EAB6D0B89B703A68AA540D146EFA0C
SHA-512:	B0C30CB9F97AD89EC92ED1049E6BDCF785A9B2505406DCB6F416EA15B2ACB2A1020B996EAC7CD248EE5CB9C8E3475279B6F93A9E8943E81B926763EE9368A11C
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"b99160827f6b21ec11d76c871b529256","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1724778357000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"7317d8287048e319ab3770faa1277dd2","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1724778357000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"c4f3bd4343dc46c4f1beb2a18e9465c8","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1058,"ts":1724778357000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"f6b7d6d83990f85342a017eb2b4e6946","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1724778357000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"10d434c23d8d5cce71158ef3bc8d0a27","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1063,"ts":1724778357000},{"id":"Edit_InApp_Aug2020","info":{"dg":"eb59e77c4a3703e1ea070c3f2baf2a6c","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.1881802116310156
Encrypted:	false
SSDEEP:	48:TGufl2GL7msEHUUUUUUUUoSvR9H9vxFGiDIAEkGVvpa:lNVmswUUUUUUUUo+FGSItG
MD5:	920308E3A8660B9AAD0915CE921983E1
SHA1:	D424F5387BAD4FD918797BB754AA5CA51DAA60F1
SHA-256:	A967764F0FE0234F3494FAEF96B832F5407FBD6879B217DF65C674744C30996D
SHA-512:	A90D8D8DFA568817A517CB0F4028F9D9FA7B4FBF87EED4B644D95759DAFD44828600B01CE1365D9AD05AC1B850C34366FB8277CB987011C81CE3189EA6F918D4
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.6086543655193064
Encrypted:	false
SSDEEP:	48:7McKUUUUUUUUUUqvR9H9vxFGiDIAEkGVvn9qFl2GL7msi:7QUUUUUUUUUUWFGSIt3KVmsi
MD5:	6C8D7B3FE75CDEC4D38BBAE87D1E4231
SHA1:	63A0855755EEF386B41EFB69EEB237AB8BF30B04
SHA-256:	1D66C7938DB818FE022B487646A5BC43C0CC54341333126A6525318A11E3416A
SHA-512:	4831F8D55321CC8C3EFB1B77BB00000BB5AE4DC5979F44E915C6CD9B933D50269B695E62FBE5C80155394695F68214C0A7ED3C0B4B15247C75FBE69280B05682
Malicious:	false
Preview:	.... .c.......z......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI882c2.LOG

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.536003181970279
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8AATlNQZ9:Qw946cPbiOxDlbYnuRKIfs9
MD5:	D010E6611EEB2C5254E8CBD9E2B8DFE4
SHA1:	932C5830F2BF1D23B299E3C06A488F530DEEADD2
SHA-256:	895EB14FF1BB14AB7684DA532223588701973D46845DE0E7A25D5F4A440E51FA
SHA-512:	71CCDED04E215D785AD7A495257BD28F1F5118171B4A5EFD3CC522A7BA5234F3971549C497EF34CB4CE489798A2DE4DC6061069D7ECE0521ECF3FAF85E6402B1
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.7./.0.8./.2.0.2.4. . .1.3.:.0.5.:.5.4. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-08-27 13-05-49-366.log

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.345946398610936
Encrypted:	false
SSDEEP:	384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
MD5:	8947C10F5AB6CFFFAE64BCA79B5A0BE3
SHA1:	70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
SHA-256:	4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
SHA-512:	B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
Malicious:	false
Preview:	SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	15114
Entropy (8bit):	5.362801093889249
Encrypted:	false
SSDEEP:	384:rWqHJTWOqqOR0TDy0B0LFLApJutmmpJs+FEwWue+3dZkrdZmu59rYnYpMHt3CPXr:DWm
MD5:	CABEC27D81DBBA6E1006BE8076BAB820
SHA1:	8CDB370D69CF3C08BB1BD7C4793AC1D8930AF59A
SHA-256:	129CAA35DF3C36C20AB266702EB5FB480D98F9E0CC21561CA015E281D61B2BB1
SHA-512:	6574F145DC2B8E7D22EEFE26D3FFA28129C616798AEC50F13AACB2448319CA58B0ABED74F4C4F10B62E0A6B0F752592753FA07DA523430EC3F87BEAE2CFA0EDC
Malicious:	false
Preview:	SessionID=21096391-9636-4d62-9212-7d1b8057b145.1724778349408 Timestamp=2024-08-27T13:05:49:408-0400 ThreadID=7484 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=21096391-9636-4d62-9212-7d1b8057b145.1724778349408 Timestamp=2024-08-27T13:05:49:416-0400 ThreadID=7484 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=21096391-9636-4d62-9212-7d1b8057b145.1724778349408 Timestamp=2024-08-27T13:05:49:416-0400 ThreadID=7484 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=21096391-9636-4d62-9212-7d1b8057b145.1724778349408 Timestamp=2024-08-27T13:05:49:416-0400 ThreadID=7484 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=21096391-9636-4d62-9212-7d1b8057b145.1724778349408 Timestamp=2024-08-27T13:05:49:419-0400 ThreadID=7484 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.389834342082414
Encrypted:	false
SSDEEP:	768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rb:f
MD5:	0F494B8918B2D3E83663B9AEE43F9713
SHA1:	2D7DB3979914585EA100287986777B92ECBE995B
SHA-256:	2CDC0382449742B8221295B25CCECE52A37D0AC62FA9BBFDCD0ABE07DE98CE8B
SHA-512:	EDB9C9F552F7E640F1C77FE032FCB583B2D433E3BC529DE29B2A50784D826FA93807E12549D4E09AC50CC622FF555C856B73DB27D9DB148CA7FE10E98F0B43A5
Malicious:	false
Preview:	03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : *************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***********************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\2a10a232-e333-4be1-92d6-f3640e042565.tmp

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\34cb2b35-b1ba-4351-82d0-c988ecb3f3b5.tmp

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 42290
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:6Fdpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WL07oXGZIZwYIGNPJF:C3mlind9i4ufFXpAXkrfUs03WLxXGZIF
MD5:	DE3EB0CF81E91B312CDC6D26BF58DEC7
SHA1:	016BB9C5ECAF81AC72A159D83190B90CAFF34F61
SHA-256:	8ECB7BD5B7CC0899F818C63A047F611B719AB4A4E3092458A41949D52F5AF848
SHA-512:	966E6BC34DE913C142E5A8E4B8AB5527C27742A055E1B3E4E8E782DC53160340990788EC8CB86FF7943D70D406F002EFEE2943C64AC6F22A5647302732C701F3
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\776c8bf9-751c-46c9-9dcb-428d43867e79.tmp

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/r5eYIGNPpOWL07oBGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:T5eZGOWLxBGZN3mlind9i4ufFXpAXkru
MD5:	4CBEAB1994786A0B8AE7BAF48FAD3A6A
SHA1:	2F22D79E3DF7B249DA18F028F5A14EB65BB9C139
SHA-256:	7E6BD13795A55EFAED961CFF688D9D59401599963C4AF42FD6ABAD434E7D6088
SHA-512:	DF0BFE07CDAFBD1DE973E9C16F854AFEEA391733E87B00A358EA53FC812746E077E74B04B144DAED0B4795ECE1638D43CDE7A283024212B548AE96ED3F1BA542
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\efc2dc3c-6403-4569-9119-7cd7d371d12b.tmp

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

Chrome Cache Entry: 233

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	315
Entropy (8bit):	5.0572271090563765
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoFEHcLgabzjsKtgsg93wzRbKqD:J0+oxBeRmR9etdzRxGezZfCzjsKtgizR
MD5:	A34AC19F4AFAE63ADC5D2F7BC970C07F
SHA1:	A82190FC530C265AA40A045C21770D967F4767B8
SHA-256:	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
SHA-512:	42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
Malicious:	false
URL:	https://watercolorjourney.net/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

Chrome Cache Entry: 234

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2501 x 504, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	36611
Entropy (8bit):	7.76687258657095
Encrypted:	false
SSDEEP:	768:X+laJldOW7PiVlbD8cbPWLIh5A4K2J2to1lpCnmfuC1QPi:SalBWVlbDtbPWLIh5A+D5Mmf/1Ui
MD5:	E4818B069E1CFBB1E6B4A62459ED7A0C
SHA1:	3F289E2F56EE8D3BA454AD93A6BAAD82053597A5
SHA-256:	97C254F3C63C2FEE63C671A9B4BE75BE775BDB46AE18E22470AD508B2482E823
SHA-512:	17FFCA43F3BE7214C2B1A23C608AB18E8DD4E6B96A26C7E5F1C3F5D30E0090EC1D2748AE295AD1B0CD6A4FB4C8E0833C1ED1D0BE8F8E6DB2B2DB3ACE261741DA
Malicious:	false
URL:	https://e-courts.org/wp-content/uploads/docusign-logo.png
Preview:	.PNG........IHDR.....................pHYs...........~... .IDATx...o\Y.'...z..Z.R.N......U...!..}..q.I..^F.....P.[c.......N'e.v.$1(..XL.@o....]#N.!....x....BfUV.....{...sJ.4AO....1........8....................V..zhQ..F... .`..q...,">)..........XJq}3.O".8".....,.s.X......<1.........-...'.B........(..#b.D9............b<.E.O.1 .P..........<......#.yv.h..8.EI.4NN>..........`W...`<>....c@...EINA............`<>..W.1.#..........zL)..\...X^.:...yr.........6D)...c...4..q..............:L)....`S...M...<9.........kP....8...(.....=..g.1...O.PgM.>=.........R\.(..6)...`..wT..m..i.f...............Jq...q..jKe...M.6.1........~....#^F.O1..c<.e...=J)..8..oc.8............gY.;..x?;..yJ).R.yD.....q.......J).`=."....c<~.....)..J)g..........T.....S....!.eD....,;...SJ.E.4......iF;.......PJy../.....>E.Y...i.w....VS....8h...(......3J)/".8v_.[R.........F.(.-......!".#b..sE9..aR....8h....d.....)....d..A........E......>...E.....p(...R.....85..{ZT.[R.....z......].....M...s....W...z. "~..x..

Chrome Cache Entry: 235

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2501 x 504, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	36611
Entropy (8bit):	7.76687258657095
Encrypted:	false
SSDEEP:	768:X+laJldOW7PiVlbD8cbPWLIh5A4K2J2to1lpCnmfuC1QPi:SalBWVlbDtbPWLIh5A+D5Mmf/1Ui
MD5:	E4818B069E1CFBB1E6B4A62459ED7A0C
SHA1:	3F289E2F56EE8D3BA454AD93A6BAAD82053597A5
SHA-256:	97C254F3C63C2FEE63C671A9B4BE75BE775BDB46AE18E22470AD508B2482E823
SHA-512:	17FFCA43F3BE7214C2B1A23C608AB18E8DD4E6B96A26C7E5F1C3F5D30E0090EC1D2748AE295AD1B0CD6A4FB4C8E0833C1ED1D0BE8F8E6DB2B2DB3ACE261741DA
Malicious:	false
Preview:	.PNG........IHDR.....................pHYs...........~... .IDATx...o\Y.'...z..Z.R.N......U...!..}..q.I..^F.....P.[c.......N'e.v.$1(..XL.@o....]#N.!....x....BfUV.....{...sJ.4AO....1........8....................V..zhQ..F... .`..q...,">)..........XJq}3.O".8".....,.s.X......<1.........-...'.B........(..#b.D9............b<.E.O.1 .P..........<......#.yv.h..8.EI.4NN>..........`W...`<>....c@...EINA............`<>..W.1.#..........zL)..\...X^.:...yr.........6D)...c...4..q..............:L)....`S...M...<9.........kP....8...(.....=..g.1...O.PgM.>=.........R\.(..6)...`..wT..m..i.f...............Jq...q..jKe...M.6.1........~....#^F.O1..c<.e...=J)..8..oc.8............gY.;..x?;..yJ).R.yD.....q.......J).`=."....c<~.....)..J)g..........T.....S....!.eD....,;...SJ.E.4......iF;.......PJy../.....>E.Y...i.w....VS....8h...(......3J)/".8v_.[R.........F.(.-......!".#b..sE9..aR....8h....d.....)....d..A........E......>...E.....p(...R.....85..{ZT.[R.....z......].....M...s....W...z. "~..x..

Chrome Cache Entry: 236

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	315
Entropy (8bit):	5.0572271090563765
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoFEHcLgabzjsKtgsg93wzRbKqD:J0+oxBeRmR9etdzRxGezZfCzjsKtgizR
MD5:	A34AC19F4AFAE63ADC5D2F7BC970C07F
SHA1:	A82190FC530C265AA40A045C21770D967F4767B8
SHA-256:	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
SHA-512:	42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
Malicious:	false
URL:	https://watercolorjourney.net/afew/images/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

Chrome Cache Entry: 237

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (2767)
Category:	downloaded
Size (bytes):	3288
Entropy (8bit):	5.234908574398679
Encrypted:	false
SSDEEP:	48:TmasTa5I42SVZ4sIZG838hbSVin4yaFG1OoiBx+2PGAV8TA/LdwASsrMeJ+bDIrO:TmGII8ftCSSriBJccwWQxD
MD5:	9A0CF130A6EEEE94E6CBBDA1B716D0A6
SHA1:	BFD52DF663BCE652CC5900B69E3F23512ED60778
SHA-256:	73C218CCF65E404EE4F7A4BA72D34E5BF2F70C98E50BA2594C7258D29255286E
SHA-512:	3C6BB6CD126C3CC1BE5462D84D7DB533EF24C1C03D8CD70561F049E1ACD36BF1CAF9C4BECE41DF11463F8A7E7571D534458C0F6D9D19D2D5EC0314DD7761890C
Malicious:	false
URL:	https://watercolorjourney.net/afew/ribs.html
Preview:	<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Verify Your Identity</title> <style> body { font-family: "Segoe UI", "Segoe UI Web (West European)", -apple-system, BlinkMacSystemFont, Roboto, "Helvetica Neue", sans-serif; background-color: #f4f4f4; margin: 0; display: flex; justify-content: center; align-items: center; height: 100vh; color: #333; background-image: url('images/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg'); background-size: cover; background-position: center; } .header { width: 100%; background-color: #0078d4; color: white; text-align: left; padding: 10px 20px; box-sizing: border-box; font-size: 18px; position: absolute; top: 0; } .header span { margin-left: 20px; } .container { background-color: white; border: 1px solid #ccc; border-radius: 3px; padding: 33px; width: 80%; max-width: 300px; box-shadow: 0 0 10px rgba(0, 0, 0, 0.1); text-align: center; margin-top: 0px; } .container img {

Chrome Cache Entry: 238

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:	3:H17Y:q
MD5:	156DF0210BF420106CB8AFEBCB3A27D2
SHA1:	970B5EA1194F50A291A239C58D73159FDEC1BA64
SHA-256:	EBDD332E8562CE34374C310F84F4527D93D3F9D2AC27410F824C6647A4DF1DDB
SHA-512:	9AE3CC4E8F274B2A5C2BAA6CE1163181C50071378BE3A782FBA8FF8D7F374E9408BCD137E5B217684DDC470244FEA8C6005AF5B96D25BA3AD086550679DF6578
Malicious:	false
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAmmPyI_pAZQghIFDZjmzqo=?alt=proto
Preview:	CgkKBw2Y5s6qGgA=

Static File Info

General

File type:	PDF document, version 1.4, 1 pages
Entropy (8bit):	6.878910363228904
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	signature.pdf
File size:	77'720 bytes
MD5:	b1d243972c95b38f49d1d15436c2a6fc
SHA1:	8cce1900394eeab50090bc07d46d9a7a1927b7a4
SHA256:	af31d1ab43b5647b6000682c6fd6a139634c597533c9f23669aef3b88fd4f643
SHA512:	3bd2c8ffb59c6e9a2719dfa1c57caeed5be283f56f270a63259769b2336f5093dcc0f7c127516b8dbb372e9b0f3424198dc29a5f0f25716db450eb9f9d2afa36
SSDEEP:	768:5FSj1ygx1sFRDQZLkP8QE7Rbeduz8L853XXL59dyCPA5HM3poUj/R1bHuk2U8W31:nYs8LkP8784oH++S92OksH7pJIhKd9j
TLSH:	49733981B6D6F989D873C1378D267CCD490BBB7309CF2AB546728E19ECC102AE51B365
File Content Preview:	%PDF-1.4.%.....1 0 obj.<</Creator (Chromium)./Producer (Skia/PDF m126)./CreationDate (D:20240827072516+00'00')./ModDate (D:20240827072516+00'00')>>.endobj.3 0 obj.<</ca 1./BM /Normal>>.endobj.4 0 obj.<</Type /XObject./Subtype /Image./Width 2086./Height 23

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.4
Total Entropy:	6.878910
Total Bytes:	77720
Stream Entropy:	6.780707
Stream Bytes:	69648
Entropy outside Streams:	5.095667
Bytes outside Streams:	8072
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	52
endobj	52
stream	9
endstream	9
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
4	a280a2a2a2a280a2	503783b4ba2d30288105564d66317dbc
9	0000000000000000	16140a074be700d27f788bf1cc05211c
10	0823232b24341400	82ff70ad7ff0b20ad3c25d6e566974bc
13	0000000000000000	4d9b55987c0dba5ca3b00dc10fb9aa37

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 27, 2024 19:05:49.714150906 CEST	49675	443	192.168.2.4	173.222.162.32
Aug 27, 2024 19:05:52.874068975 CEST	49736	443	192.168.2.4	34.198.199.205
Aug 27, 2024 19:05:52.874075890 CEST	443	49736	34.198.199.205	192.168.2.4
Aug 27, 2024 19:05:52.874124050 CEST	49736	443	192.168.2.4	34.198.199.205
Aug 27, 2024 19:05:52.875288963 CEST	49736	443	192.168.2.4	34.198.199.205
Aug 27, 2024 19:05:52.875300884 CEST	443	49736	34.198.199.205	192.168.2.4
Aug 27, 2024 19:05:53.691319942 CEST	443	49736	34.198.199.205	192.168.2.4
Aug 27, 2024 19:05:53.706187010 CEST	49736	443	192.168.2.4	34.198.199.205
Aug 27, 2024 19:05:53.706193924 CEST	443	49736	34.198.199.205	192.168.2.4
Aug 27, 2024 19:05:53.708067894 CEST	443	49736	34.198.199.205	192.168.2.4
Aug 27, 2024 19:05:53.708125114 CEST	49736	443	192.168.2.4	34.198.199.205
Aug 27, 2024 19:05:53.709445000 CEST	49736	443	192.168.2.4	34.198.199.205
Aug 27, 2024 19:05:53.709508896 CEST	443	49736	34.198.199.205	192.168.2.4
Aug 27, 2024 19:05:53.709638119 CEST	49736	443	192.168.2.4	34.198.199.205
Aug 27, 2024 19:05:53.709644079 CEST	443	49736	34.198.199.205	192.168.2.4
Aug 27, 2024 19:05:53.821484089 CEST	443	49736	34.198.199.205	192.168.2.4
Aug 27, 2024 19:05:53.821595907 CEST	49736	443	192.168.2.4	34.198.199.205
Aug 27, 2024 19:05:53.825408936 CEST	49736	443	192.168.2.4	34.198.199.205
Aug 27, 2024 19:05:53.825431108 CEST	443	49736	34.198.199.205	192.168.2.4
Aug 27, 2024 19:05:53.999797106 CEST	49742	443	192.168.2.4	162.241.87.113
Aug 27, 2024 19:05:53.999845028 CEST	443	49742	162.241.87.113	192.168.2.4
Aug 27, 2024 19:05:53.999907017 CEST	49742	443	192.168.2.4	162.241.87.113
Aug 27, 2024 19:05:54.000246048 CEST	49742	443	192.168.2.4	162.241.87.113
Aug 27, 2024 19:05:54.000261068 CEST	443	49742	162.241.87.113	192.168.2.4
Aug 27, 2024 19:05:54.519788027 CEST	443	49742	162.241.87.113	192.168.2.4
Aug 27, 2024 19:05:54.520030022 CEST	49742	443	192.168.2.4	162.241.87.113
Aug 27, 2024 19:05:54.520046949 CEST	443	49742	162.241.87.113	192.168.2.4
Aug 27, 2024 19:05:54.521017075 CEST	443	49742	162.241.87.113	192.168.2.4
Aug 27, 2024 19:05:54.521092892 CEST	49742	443	192.168.2.4	162.241.87.113
Aug 27, 2024 19:05:54.522099018 CEST	49742	443	192.168.2.4	162.241.87.113
Aug 27, 2024 19:05:54.522160053 CEST	443	49742	162.241.87.113	192.168.2.4
Aug 27, 2024 19:05:54.522304058 CEST	49742	443	192.168.2.4	162.241.87.113
Aug 27, 2024 19:05:54.564503908 CEST	443	49742	162.241.87.113	192.168.2.4
Aug 27, 2024 19:05:54.588659048 CEST	49742	443	192.168.2.4	162.241.87.113
Aug 27, 2024 19:05:54.588681936 CEST	443	49742	162.241.87.113	192.168.2.4
Aug 27, 2024 19:05:54.662233114 CEST	443	49742	162.241.87.113	192.168.2.4
Aug 27, 2024 19:05:54.662287951 CEST	443	49742	162.241.87.113	192.168.2.4
Aug 27, 2024 19:05:54.662293911 CEST	49742	443	192.168.2.4	162.241.87.113
Aug 27, 2024 19:05:54.662935972 CEST	49742	443	192.168.2.4	162.241.87.113
Aug 27, 2024 19:05:54.695705891 CEST	49742	443	192.168.2.4	162.241.87.113
Aug 27, 2024 19:05:54.695730925 CEST	443	49742	162.241.87.113	192.168.2.4
Aug 27, 2024 19:05:54.719659090 CEST	49743	443	192.168.2.4	162.241.87.113
Aug 27, 2024 19:05:54.719703913 CEST	443	49743	162.241.87.113	192.168.2.4
Aug 27, 2024 19:05:54.719769001 CEST	49743	443	192.168.2.4	162.241.87.113
Aug 27, 2024 19:05:54.719985962 CEST	49743	443	192.168.2.4	162.241.87.113
Aug 27, 2024 19:05:54.720000982 CEST	443	49743	162.241.87.113	192.168.2.4
Aug 27, 2024 19:05:54.773948908 CEST	49744	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:54.773983002 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:54.774045944 CEST	49744	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:54.774228096 CEST	49744	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:54.774240971 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:54.873497009 CEST	49747	443	192.168.2.4	184.28.90.27
Aug 27, 2024 19:05:54.873579025 CEST	443	49747	184.28.90.27	192.168.2.4
Aug 27, 2024 19:05:54.873677015 CEST	49747	443	192.168.2.4	184.28.90.27
Aug 27, 2024 19:05:54.875977039 CEST	49747	443	192.168.2.4	184.28.90.27
Aug 27, 2024 19:05:54.875988960 CEST	443	49747	184.28.90.27	192.168.2.4
Aug 27, 2024 19:05:55.348500967 CEST	443	49743	162.241.87.113	192.168.2.4
Aug 27, 2024 19:05:55.349375963 CEST	49743	443	192.168.2.4	162.241.87.113
Aug 27, 2024 19:05:55.349401951 CEST	443	49743	162.241.87.113	192.168.2.4
Aug 27, 2024 19:05:55.350064039 CEST	443	49743	162.241.87.113	192.168.2.4
Aug 27, 2024 19:05:55.352509022 CEST	49743	443	192.168.2.4	162.241.87.113
Aug 27, 2024 19:05:55.352575064 CEST	443	49743	162.241.87.113	192.168.2.4
Aug 27, 2024 19:05:55.352663994 CEST	49743	443	192.168.2.4	162.241.87.113
Aug 27, 2024 19:05:55.375572920 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.375844955 CEST	49744	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:55.375859022 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.376897097 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.376964092 CEST	49744	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:55.377890110 CEST	49744	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:55.377945900 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.378185987 CEST	49744	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:55.378190994 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.396503925 CEST	443	49743	162.241.87.113	192.168.2.4
Aug 27, 2024 19:05:55.498622894 CEST	443	49743	162.241.87.113	192.168.2.4
Aug 27, 2024 19:05:55.498682022 CEST	443	49743	162.241.87.113	192.168.2.4
Aug 27, 2024 19:05:55.498723030 CEST	49743	443	192.168.2.4	162.241.87.113
Aug 27, 2024 19:05:55.499550104 CEST	49743	443	192.168.2.4	162.241.87.113
Aug 27, 2024 19:05:55.499563932 CEST	443	49743	162.241.87.113	192.168.2.4
Aug 27, 2024 19:05:55.526767015 CEST	49744	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:55.529644966 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.529685020 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.529717922 CEST	49744	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:55.529725075 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.531043053 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.531081915 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.531122923 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.531223059 CEST	49744	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:55.531229973 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.534493923 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.534523964 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.534533978 CEST	49744	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:55.534539938 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.534591913 CEST	49744	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:55.540929079 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.625000000 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.625045061 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.625068903 CEST	49744	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:55.625080109 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.625122070 CEST	49744	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:55.625211000 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.625745058 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.625790119 CEST	49744	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:55.625794888 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.626930952 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.626977921 CEST	49744	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:55.626982927 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.627477884 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.627521992 CEST	49744	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:55.627525091 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.629744053 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.629796982 CEST	49744	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:55.629801989 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.629868984 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.629909039 CEST	49744	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:55.629913092 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.630531073 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.630574942 CEST	49744	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:55.630578995 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.631977081 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.632025957 CEST	49744	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:55.632029057 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.632036924 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.632071972 CEST	49744	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:55.632251024 CEST	49744	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:55.632260084 CEST	443	49744	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.646961927 CEST	443	49747	184.28.90.27	192.168.2.4
Aug 27, 2024 19:05:55.647022963 CEST	49747	443	192.168.2.4	184.28.90.27
Aug 27, 2024 19:05:55.663959026 CEST	49751	443	192.168.2.4	162.241.87.113
Aug 27, 2024 19:05:55.664005995 CEST	443	49751	162.241.87.113	192.168.2.4
Aug 27, 2024 19:05:55.664067030 CEST	49751	443	192.168.2.4	162.241.87.113
Aug 27, 2024 19:05:55.664403915 CEST	49751	443	192.168.2.4	162.241.87.113
Aug 27, 2024 19:05:55.664416075 CEST	443	49751	162.241.87.113	192.168.2.4
Aug 27, 2024 19:05:55.668576956 CEST	49747	443	192.168.2.4	184.28.90.27
Aug 27, 2024 19:05:55.668596029 CEST	443	49747	184.28.90.27	192.168.2.4
Aug 27, 2024 19:05:55.668875933 CEST	443	49747	184.28.90.27	192.168.2.4
Aug 27, 2024 19:05:55.715553999 CEST	49752	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:55.715573072 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.715624094 CEST	49752	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:55.715842009 CEST	49752	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:55.715853930 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:55.717427015 CEST	49747	443	192.168.2.4	184.28.90.27
Aug 27, 2024 19:05:55.764501095 CEST	443	49747	184.28.90.27	192.168.2.4
Aug 27, 2024 19:05:55.929496050 CEST	443	49747	184.28.90.27	192.168.2.4
Aug 27, 2024 19:05:55.929558039 CEST	443	49747	184.28.90.27	192.168.2.4
Aug 27, 2024 19:05:55.929603100 CEST	49747	443	192.168.2.4	184.28.90.27
Aug 27, 2024 19:05:55.930367947 CEST	49747	443	192.168.2.4	184.28.90.27
Aug 27, 2024 19:05:55.930377960 CEST	443	49747	184.28.90.27	192.168.2.4
Aug 27, 2024 19:05:55.930387020 CEST	49747	443	192.168.2.4	184.28.90.27
Aug 27, 2024 19:05:55.930392027 CEST	443	49747	184.28.90.27	192.168.2.4
Aug 27, 2024 19:05:55.966635942 CEST	49753	443	192.168.2.4	142.250.184.228
Aug 27, 2024 19:05:55.966672897 CEST	443	49753	142.250.184.228	192.168.2.4
Aug 27, 2024 19:05:55.966736078 CEST	49753	443	192.168.2.4	142.250.184.228
Aug 27, 2024 19:05:55.967187881 CEST	49753	443	192.168.2.4	142.250.184.228
Aug 27, 2024 19:05:55.967202902 CEST	443	49753	142.250.184.228	192.168.2.4
Aug 27, 2024 19:05:56.002099991 CEST	49754	443	192.168.2.4	184.28.90.27
Aug 27, 2024 19:05:56.002116919 CEST	443	49754	184.28.90.27	192.168.2.4
Aug 27, 2024 19:05:56.002173901 CEST	49754	443	192.168.2.4	184.28.90.27
Aug 27, 2024 19:05:56.002723932 CEST	49754	443	192.168.2.4	184.28.90.27
Aug 27, 2024 19:05:56.002737045 CEST	443	49754	184.28.90.27	192.168.2.4
Aug 27, 2024 19:05:56.261256933 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:56.264856100 CEST	49752	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:56.264878035 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:56.265937090 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:56.266063929 CEST	49752	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:56.266419888 CEST	49752	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:56.266419888 CEST	49752	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:56.266494989 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:56.288741112 CEST	443	49751	162.241.87.113	192.168.2.4
Aug 27, 2024 19:05:56.289007902 CEST	49751	443	192.168.2.4	162.241.87.113
Aug 27, 2024 19:05:56.289033890 CEST	443	49751	162.241.87.113	192.168.2.4
Aug 27, 2024 19:05:56.289374113 CEST	443	49751	162.241.87.113	192.168.2.4
Aug 27, 2024 19:05:56.290142059 CEST	49751	443	192.168.2.4	162.241.87.113
Aug 27, 2024 19:05:56.290142059 CEST	49751	443	192.168.2.4	162.241.87.113
Aug 27, 2024 19:05:56.290199041 CEST	443	49751	162.241.87.113	192.168.2.4
Aug 27, 2024 19:05:56.325154066 CEST	49752	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:56.325160980 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:56.400872946 CEST	49751	443	192.168.2.4	162.241.87.113
Aug 27, 2024 19:05:56.413908958 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:56.413952112 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:56.413986921 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:56.414014101 CEST	49752	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:56.414025068 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:56.414053917 CEST	49752	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:56.416140079 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:56.416174889 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:56.416205883 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:56.416239023 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:56.416239977 CEST	49752	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:56.416249990 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:56.416309118 CEST	49752	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:56.416309118 CEST	49752	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:56.416317940 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:56.425508022 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:56.425770044 CEST	49752	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:56.425779104 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:56.450210094 CEST	443	49751	162.241.87.113	192.168.2.4
Aug 27, 2024 19:05:56.450261116 CEST	443	49751	162.241.87.113	192.168.2.4
Aug 27, 2024 19:05:56.453130007 CEST	49751	443	192.168.2.4	162.241.87.113
Aug 27, 2024 19:05:56.503216028 CEST	49751	443	192.168.2.4	162.241.87.113
Aug 27, 2024 19:05:56.503242970 CEST	443	49751	162.241.87.113	192.168.2.4
Aug 27, 2024 19:05:56.508272886 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:56.508307934 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:56.508333921 CEST	49752	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:56.508342028 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:56.508560896 CEST	49752	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:56.510324955 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:56.510396004 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:56.510427952 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:56.510454893 CEST	49752	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:56.510462046 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:56.510489941 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:56.510616064 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:56.510643005 CEST	49752	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:56.510653973 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:56.511470079 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:56.511492014 CEST	49752	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:56.511497974 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:56.512845993 CEST	49752	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:56.512852907 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:56.513744116 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:56.513773918 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:56.513803005 CEST	49752	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:56.513811111 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:56.513851881 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:56.513883114 CEST	49752	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:56.515516043 CEST	49752	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:56.516297102 CEST	49752	443	192.168.2.4	104.21.22.182
Aug 27, 2024 19:05:56.516305923 CEST	443	49752	104.21.22.182	192.168.2.4
Aug 27, 2024 19:05:56.671399117 CEST	443	49753	142.250.184.228	192.168.2.4
Aug 27, 2024 19:05:56.709667921 CEST	443	49754	184.28.90.27	192.168.2.4
Aug 27, 2024 19:05:56.712133884 CEST	49754	443	192.168.2.4	184.28.90.27
Aug 27, 2024 19:05:56.712166071 CEST	49753	443	192.168.2.4	142.250.184.228
Aug 27, 2024 19:05:56.712179899 CEST	443	49753	142.250.184.228	192.168.2.4
Aug 27, 2024 19:05:56.713093996 CEST	443	49753	142.250.184.228	192.168.2.4
Aug 27, 2024 19:05:56.716933966 CEST	49753	443	192.168.2.4	142.250.184.228
Aug 27, 2024 19:05:56.776629925 CEST	49753	443	192.168.2.4	142.250.184.228
Aug 27, 2024 19:05:56.776710987 CEST	443	49753	142.250.184.228	192.168.2.4
Aug 27, 2024 19:05:56.788857937 CEST	49754	443	192.168.2.4	184.28.90.27
Aug 27, 2024 19:05:56.788870096 CEST	443	49754	184.28.90.27	192.168.2.4
Aug 27, 2024 19:05:56.789154053 CEST	443	49754	184.28.90.27	192.168.2.4
Aug 27, 2024 19:05:56.794310093 CEST	49754	443	192.168.2.4	184.28.90.27
Aug 27, 2024 19:05:56.822227955 CEST	49753	443	192.168.2.4	142.250.184.228
Aug 27, 2024 19:05:56.822247028 CEST	443	49753	142.250.184.228	192.168.2.4
Aug 27, 2024 19:05:56.836504936 CEST	443	49754	184.28.90.27	192.168.2.4
Aug 27, 2024 19:05:56.932874918 CEST	49753	443	192.168.2.4	142.250.184.228
Aug 27, 2024 19:05:56.996444941 CEST	443	49754	184.28.90.27	192.168.2.4
Aug 27, 2024 19:05:56.996525049 CEST	443	49754	184.28.90.27	192.168.2.4
Aug 27, 2024 19:05:56.996849060 CEST	49754	443	192.168.2.4	184.28.90.27
Aug 27, 2024 19:05:57.064351082 CEST	49754	443	192.168.2.4	184.28.90.27
Aug 27, 2024 19:05:57.064357042 CEST	443	49754	184.28.90.27	192.168.2.4
Aug 27, 2024 19:05:57.064368010 CEST	49754	443	192.168.2.4	184.28.90.27
Aug 27, 2024 19:05:57.064372063 CEST	443	49754	184.28.90.27	192.168.2.4
Aug 27, 2024 19:05:57.313857079 CEST	49757	443	192.168.2.4	52.5.13.197
Aug 27, 2024 19:05:57.313879967 CEST	443	49757	52.5.13.197	192.168.2.4
Aug 27, 2024 19:05:57.313939095 CEST	49757	443	192.168.2.4	52.5.13.197
Aug 27, 2024 19:05:57.314095974 CEST	49757	443	192.168.2.4	52.5.13.197
Aug 27, 2024 19:05:57.314109087 CEST	443	49757	52.5.13.197	192.168.2.4
Aug 27, 2024 19:05:57.905860901 CEST	443	49757	52.5.13.197	192.168.2.4
Aug 27, 2024 19:05:57.906132936 CEST	49757	443	192.168.2.4	52.5.13.197
Aug 27, 2024 19:05:57.906145096 CEST	443	49757	52.5.13.197	192.168.2.4
Aug 27, 2024 19:05:57.907012939 CEST	443	49757	52.5.13.197	192.168.2.4
Aug 27, 2024 19:05:57.907069921 CEST	49757	443	192.168.2.4	52.5.13.197
Aug 27, 2024 19:05:57.907075882 CEST	443	49757	52.5.13.197	192.168.2.4
Aug 27, 2024 19:05:57.907130957 CEST	49757	443	192.168.2.4	52.5.13.197
Aug 27, 2024 19:05:57.907454014 CEST	49757	443	192.168.2.4	52.5.13.197
Aug 27, 2024 19:05:57.907504082 CEST	443	49757	52.5.13.197	192.168.2.4
Aug 27, 2024 19:05:57.907686949 CEST	49757	443	192.168.2.4	52.5.13.197
Aug 27, 2024 19:05:57.907696962 CEST	443	49757	52.5.13.197	192.168.2.4
Aug 27, 2024 19:05:58.035531044 CEST	49757	443	192.168.2.4	52.5.13.197
Aug 27, 2024 19:05:58.080113888 CEST	443	49757	52.5.13.197	192.168.2.4
Aug 27, 2024 19:05:58.080135107 CEST	443	49757	52.5.13.197	192.168.2.4
Aug 27, 2024 19:05:58.080147028 CEST	443	49757	52.5.13.197	192.168.2.4
Aug 27, 2024 19:05:58.080190897 CEST	443	49757	52.5.13.197	192.168.2.4
Aug 27, 2024 19:05:58.080225945 CEST	49757	443	192.168.2.4	52.5.13.197
Aug 27, 2024 19:05:58.080331087 CEST	49757	443	192.168.2.4	52.5.13.197
Aug 27, 2024 19:05:58.081901073 CEST	49757	443	192.168.2.4	52.5.13.197
Aug 27, 2024 19:05:58.081909895 CEST	443	49757	52.5.13.197	192.168.2.4
Aug 27, 2024 19:05:59.456156015 CEST	49758	443	192.168.2.4	23.56.162.185
Aug 27, 2024 19:05:59.456196070 CEST	443	49758	23.56.162.185	192.168.2.4
Aug 27, 2024 19:05:59.456294060 CEST	49758	443	192.168.2.4	23.56.162.185
Aug 27, 2024 19:05:59.456485987 CEST	49758	443	192.168.2.4	23.56.162.185
Aug 27, 2024 19:05:59.456496954 CEST	443	49758	23.56.162.185	192.168.2.4
Aug 27, 2024 19:06:00.054297924 CEST	443	49758	23.56.162.185	192.168.2.4
Aug 27, 2024 19:06:00.054589987 CEST	49758	443	192.168.2.4	23.56.162.185
Aug 27, 2024 19:06:00.054615974 CEST	443	49758	23.56.162.185	192.168.2.4
Aug 27, 2024 19:06:00.055521965 CEST	443	49758	23.56.162.185	192.168.2.4
Aug 27, 2024 19:06:00.055699110 CEST	49758	443	192.168.2.4	23.56.162.185
Aug 27, 2024 19:06:00.105015039 CEST	49758	443	192.168.2.4	23.56.162.185
Aug 27, 2024 19:06:00.105097055 CEST	443	49758	23.56.162.185	192.168.2.4
Aug 27, 2024 19:06:00.105304956 CEST	49758	443	192.168.2.4	23.56.162.185
Aug 27, 2024 19:06:00.152515888 CEST	443	49758	23.56.162.185	192.168.2.4
Aug 27, 2024 19:06:00.153341055 CEST	49758	443	192.168.2.4	23.56.162.185
Aug 27, 2024 19:06:00.153361082 CEST	443	49758	23.56.162.185	192.168.2.4
Aug 27, 2024 19:06:00.200202942 CEST	49758	443	192.168.2.4	23.56.162.185
Aug 27, 2024 19:06:00.295200109 CEST	443	49758	23.56.162.185	192.168.2.4
Aug 27, 2024 19:06:00.295238972 CEST	443	49758	23.56.162.185	192.168.2.4
Aug 27, 2024 19:06:00.295315027 CEST	49758	443	192.168.2.4	23.56.162.185
Aug 27, 2024 19:06:00.296838999 CEST	49758	443	192.168.2.4	23.56.162.185
Aug 27, 2024 19:06:00.296860933 CEST	443	49758	23.56.162.185	192.168.2.4
Aug 27, 2024 19:06:01.956517935 CEST	49759	443	192.168.2.4	40.68.123.157
Aug 27, 2024 19:06:01.956547976 CEST	443	49759	40.68.123.157	192.168.2.4
Aug 27, 2024 19:06:01.956756115 CEST	49759	443	192.168.2.4	40.68.123.157
Aug 27, 2024 19:06:01.957941055 CEST	49759	443	192.168.2.4	40.68.123.157
Aug 27, 2024 19:06:01.957954884 CEST	443	49759	40.68.123.157	192.168.2.4
Aug 27, 2024 19:06:02.757616043 CEST	443	49759	40.68.123.157	192.168.2.4
Aug 27, 2024 19:06:02.760932922 CEST	49759	443	192.168.2.4	40.68.123.157
Aug 27, 2024 19:06:02.762043953 CEST	49759	443	192.168.2.4	40.68.123.157
Aug 27, 2024 19:06:02.762051105 CEST	443	49759	40.68.123.157	192.168.2.4
Aug 27, 2024 19:06:02.762254953 CEST	443	49759	40.68.123.157	192.168.2.4
Aug 27, 2024 19:06:02.810549021 CEST	49759	443	192.168.2.4	40.68.123.157
Aug 27, 2024 19:06:03.348476887 CEST	49759	443	192.168.2.4	40.68.123.157
Aug 27, 2024 19:06:03.396501064 CEST	443	49759	40.68.123.157	192.168.2.4
Aug 27, 2024 19:06:03.615545988 CEST	443	49759	40.68.123.157	192.168.2.4
Aug 27, 2024 19:06:03.615566015 CEST	443	49759	40.68.123.157	192.168.2.4
Aug 27, 2024 19:06:03.615571976 CEST	443	49759	40.68.123.157	192.168.2.4
Aug 27, 2024 19:06:03.615601063 CEST	443	49759	40.68.123.157	192.168.2.4
Aug 27, 2024 19:06:03.615611076 CEST	443	49759	40.68.123.157	192.168.2.4
Aug 27, 2024 19:06:03.615622997 CEST	443	49759	40.68.123.157	192.168.2.4
Aug 27, 2024 19:06:03.615628958 CEST	49759	443	192.168.2.4	40.68.123.157
Aug 27, 2024 19:06:03.615637064 CEST	443	49759	40.68.123.157	192.168.2.4
Aug 27, 2024 19:06:03.615659952 CEST	49759	443	192.168.2.4	40.68.123.157
Aug 27, 2024 19:06:03.615690947 CEST	49759	443	192.168.2.4	40.68.123.157
Aug 27, 2024 19:06:03.618359089 CEST	443	49759	40.68.123.157	192.168.2.4
Aug 27, 2024 19:06:03.618427038 CEST	49759	443	192.168.2.4	40.68.123.157
Aug 27, 2024 19:06:03.618432045 CEST	443	49759	40.68.123.157	192.168.2.4
Aug 27, 2024 19:06:03.619298935 CEST	443	49759	40.68.123.157	192.168.2.4
Aug 27, 2024 19:06:03.619345903 CEST	49759	443	192.168.2.4	40.68.123.157
Aug 27, 2024 19:06:04.097727060 CEST	49759	443	192.168.2.4	40.68.123.157
Aug 27, 2024 19:06:04.097744942 CEST	443	49759	40.68.123.157	192.168.2.4
Aug 27, 2024 19:06:04.097769976 CEST	49759	443	192.168.2.4	40.68.123.157
Aug 27, 2024 19:06:04.097775936 CEST	443	49759	40.68.123.157	192.168.2.4
Aug 27, 2024 19:06:06.560920954 CEST	443	49753	142.250.184.228	192.168.2.4
Aug 27, 2024 19:06:06.560983896 CEST	443	49753	142.250.184.228	192.168.2.4
Aug 27, 2024 19:06:06.561177969 CEST	49753	443	192.168.2.4	142.250.184.228
Aug 27, 2024 19:06:08.104310989 CEST	49753	443	192.168.2.4	142.250.184.228
Aug 27, 2024 19:06:08.104343891 CEST	443	49753	142.250.184.228	192.168.2.4
Aug 27, 2024 19:06:33.877516985 CEST	54123	53	192.168.2.4	1.1.1.1
Aug 27, 2024 19:06:33.882399082 CEST	53	54123	1.1.1.1	192.168.2.4
Aug 27, 2024 19:06:33.882510900 CEST	54123	53	192.168.2.4	1.1.1.1
Aug 27, 2024 19:06:33.882663965 CEST	54123	53	192.168.2.4	1.1.1.1
Aug 27, 2024 19:06:33.887851000 CEST	53	54123	1.1.1.1	192.168.2.4
Aug 27, 2024 19:06:34.340146065 CEST	53	54123	1.1.1.1	192.168.2.4
Aug 27, 2024 19:06:34.341330051 CEST	54123	53	192.168.2.4	1.1.1.1
Aug 27, 2024 19:06:34.350066900 CEST	53	54123	1.1.1.1	192.168.2.4
Aug 27, 2024 19:06:34.350161076 CEST	54123	53	192.168.2.4	1.1.1.1
Aug 27, 2024 19:06:40.429611921 CEST	54125	443	192.168.2.4	40.68.123.157
Aug 27, 2024 19:06:40.429645061 CEST	443	54125	40.68.123.157	192.168.2.4
Aug 27, 2024 19:06:40.429718971 CEST	54125	443	192.168.2.4	40.68.123.157
Aug 27, 2024 19:06:40.430047989 CEST	54125	443	192.168.2.4	40.68.123.157
Aug 27, 2024 19:06:40.430061102 CEST	443	54125	40.68.123.157	192.168.2.4
Aug 27, 2024 19:06:41.210526943 CEST	443	54125	40.68.123.157	192.168.2.4
Aug 27, 2024 19:06:41.210649014 CEST	54125	443	192.168.2.4	40.68.123.157
Aug 27, 2024 19:06:41.220535040 CEST	54125	443	192.168.2.4	40.68.123.157
Aug 27, 2024 19:06:41.220545053 CEST	443	54125	40.68.123.157	192.168.2.4
Aug 27, 2024 19:06:41.220726967 CEST	443	54125	40.68.123.157	192.168.2.4
Aug 27, 2024 19:06:41.233584881 CEST	54125	443	192.168.2.4	40.68.123.157
Aug 27, 2024 19:06:41.280488968 CEST	443	54125	40.68.123.157	192.168.2.4
Aug 27, 2024 19:06:41.559367895 CEST	443	54125	40.68.123.157	192.168.2.4
Aug 27, 2024 19:06:41.559387922 CEST	443	54125	40.68.123.157	192.168.2.4
Aug 27, 2024 19:06:41.559401035 CEST	443	54125	40.68.123.157	192.168.2.4
Aug 27, 2024 19:06:41.559494972 CEST	54125	443	192.168.2.4	40.68.123.157
Aug 27, 2024 19:06:41.559509039 CEST	443	54125	40.68.123.157	192.168.2.4
Aug 27, 2024 19:06:41.559562922 CEST	54125	443	192.168.2.4	40.68.123.157
Aug 27, 2024 19:06:41.561543941 CEST	443	54125	40.68.123.157	192.168.2.4
Aug 27, 2024 19:06:41.561583042 CEST	443	54125	40.68.123.157	192.168.2.4
Aug 27, 2024 19:06:41.561614990 CEST	54125	443	192.168.2.4	40.68.123.157
Aug 27, 2024 19:06:41.561621904 CEST	443	54125	40.68.123.157	192.168.2.4
Aug 27, 2024 19:06:41.561630964 CEST	443	54125	40.68.123.157	192.168.2.4
Aug 27, 2024 19:06:41.561650038 CEST	54125	443	192.168.2.4	40.68.123.157
Aug 27, 2024 19:06:41.561681986 CEST	54125	443	192.168.2.4	40.68.123.157
Aug 27, 2024 19:06:41.568443060 CEST	54125	443	192.168.2.4	40.68.123.157
Aug 27, 2024 19:06:41.568451881 CEST	443	54125	40.68.123.157	192.168.2.4
Aug 27, 2024 19:06:56.013482094 CEST	54127	443	192.168.2.4	142.250.184.228
Aug 27, 2024 19:06:56.013523102 CEST	443	54127	142.250.184.228	192.168.2.4
Aug 27, 2024 19:06:56.013667107 CEST	54127	443	192.168.2.4	142.250.184.228
Aug 27, 2024 19:06:56.014281034 CEST	54127	443	192.168.2.4	142.250.184.228
Aug 27, 2024 19:06:56.014298916 CEST	443	54127	142.250.184.228	192.168.2.4
Aug 27, 2024 19:06:56.680289030 CEST	443	54127	142.250.184.228	192.168.2.4
Aug 27, 2024 19:06:56.681044102 CEST	54127	443	192.168.2.4	142.250.184.228
Aug 27, 2024 19:06:56.681066990 CEST	443	54127	142.250.184.228	192.168.2.4
Aug 27, 2024 19:06:56.681345940 CEST	443	54127	142.250.184.228	192.168.2.4
Aug 27, 2024 19:06:56.682399988 CEST	54127	443	192.168.2.4	142.250.184.228
Aug 27, 2024 19:06:56.682456017 CEST	443	54127	142.250.184.228	192.168.2.4
Aug 27, 2024 19:06:56.728744984 CEST	54127	443	192.168.2.4	142.250.184.228
Aug 27, 2024 19:06:56.901132107 CEST	49723	80	192.168.2.4	199.232.210.172
Aug 27, 2024 19:06:56.901179075 CEST	49724	80	192.168.2.4	199.232.210.172
Aug 27, 2024 19:06:56.907784939 CEST	80	49723	199.232.210.172	192.168.2.4
Aug 27, 2024 19:06:56.907898903 CEST	49723	80	192.168.2.4	199.232.210.172
Aug 27, 2024 19:06:56.909693956 CEST	80	49724	199.232.210.172	192.168.2.4
Aug 27, 2024 19:06:56.909785986 CEST	49724	80	192.168.2.4	199.232.210.172
Aug 27, 2024 19:07:06.595263004 CEST	443	54127	142.250.184.228	192.168.2.4
Aug 27, 2024 19:07:06.595336914 CEST	443	54127	142.250.184.228	192.168.2.4
Aug 27, 2024 19:07:06.595443010 CEST	54127	443	192.168.2.4	142.250.184.228
Aug 27, 2024 19:07:08.094845057 CEST	54127	443	192.168.2.4	142.250.184.228
Aug 27, 2024 19:07:08.094877005 CEST	443	54127	142.250.184.228	192.168.2.4
Aug 27, 2024 19:07:56.075993061 CEST	54129	443	192.168.2.4	142.250.184.228
Aug 27, 2024 19:07:56.076040983 CEST	443	54129	142.250.184.228	192.168.2.4
Aug 27, 2024 19:07:56.076174021 CEST	54129	443	192.168.2.4	142.250.184.228
Aug 27, 2024 19:07:56.076874018 CEST	54129	443	192.168.2.4	142.250.184.228
Aug 27, 2024 19:07:56.076886892 CEST	443	54129	142.250.184.228	192.168.2.4
Aug 27, 2024 19:07:56.731049061 CEST	443	54129	142.250.184.228	192.168.2.4
Aug 27, 2024 19:07:56.731753111 CEST	54129	443	192.168.2.4	142.250.184.228
Aug 27, 2024 19:07:56.731779099 CEST	443	54129	142.250.184.228	192.168.2.4
Aug 27, 2024 19:07:56.732063055 CEST	443	54129	142.250.184.228	192.168.2.4
Aug 27, 2024 19:07:56.732906103 CEST	54129	443	192.168.2.4	142.250.184.228
Aug 27, 2024 19:07:56.732964993 CEST	443	54129	142.250.184.228	192.168.2.4
Aug 27, 2024 19:07:56.775650024 CEST	54129	443	192.168.2.4	142.250.184.228
Aug 27, 2024 19:08:06.633892059 CEST	443	54129	142.250.184.228	192.168.2.4
Aug 27, 2024 19:08:06.633951902 CEST	443	54129	142.250.184.228	192.168.2.4
Aug 27, 2024 19:08:06.634054899 CEST	54129	443	192.168.2.4	142.250.184.228
Aug 27, 2024 19:08:08.092132092 CEST	54129	443	192.168.2.4	142.250.184.228
Aug 27, 2024 19:08:08.092161894 CEST	443	54129	142.250.184.228	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 27, 2024 19:05:52.825721025 CEST	53079	53	192.168.2.4	1.1.1.1
Aug 27, 2024 19:05:52.825874090 CEST	53983	53	192.168.2.4	1.1.1.1
Aug 27, 2024 19:05:52.839270115 CEST	53	53079	1.1.1.1	192.168.2.4
Aug 27, 2024 19:05:52.839705944 CEST	53	58492	1.1.1.1	192.168.2.4
Aug 27, 2024 19:05:52.840286016 CEST	53	54761	1.1.1.1	192.168.2.4
Aug 27, 2024 19:05:52.840771914 CEST	53	53983	1.1.1.1	192.168.2.4
Aug 27, 2024 19:05:53.827635050 CEST	50488	53	192.168.2.4	1.1.1.1
Aug 27, 2024 19:05:53.827768087 CEST	64752	53	192.168.2.4	1.1.1.1
Aug 27, 2024 19:05:53.997868061 CEST	53	50488	1.1.1.1	192.168.2.4
Aug 27, 2024 19:05:53.997883081 CEST	53	64752	1.1.1.1	192.168.2.4
Aug 27, 2024 19:05:54.014328003 CEST	53	50338	1.1.1.1	192.168.2.4
Aug 27, 2024 19:05:54.708591938 CEST	61074	53	192.168.2.4	1.1.1.1
Aug 27, 2024 19:05:54.710191011 CEST	59485	53	192.168.2.4	1.1.1.1
Aug 27, 2024 19:05:54.771666050 CEST	53	59485	1.1.1.1	192.168.2.4
Aug 27, 2024 19:05:54.773590088 CEST	53	61074	1.1.1.1	192.168.2.4
Aug 27, 2024 19:05:54.802225113 CEST	53	53819	1.1.1.1	192.168.2.4
Aug 27, 2024 19:05:55.675122023 CEST	62340	53	192.168.2.4	1.1.1.1
Aug 27, 2024 19:05:55.675280094 CEST	51973	53	192.168.2.4	1.1.1.1
Aug 27, 2024 19:05:55.714591026 CEST	53	62340	1.1.1.1	192.168.2.4
Aug 27, 2024 19:05:55.714607954 CEST	53	51973	1.1.1.1	192.168.2.4
Aug 27, 2024 19:05:55.948303938 CEST	53051	53	192.168.2.4	1.1.1.1
Aug 27, 2024 19:05:55.948618889 CEST	58787	53	192.168.2.4	1.1.1.1
Aug 27, 2024 19:05:55.960961103 CEST	53	53051	1.1.1.1	192.168.2.4
Aug 27, 2024 19:05:55.962343931 CEST	53	58787	1.1.1.1	192.168.2.4
Aug 27, 2024 19:06:08.487585068 CEST	138	138	192.168.2.4	192.168.2.255
Aug 27, 2024 19:06:11.103264093 CEST	53	53876	1.1.1.1	192.168.2.4
Aug 27, 2024 19:06:29.833604097 CEST	53	56672	1.1.1.1	192.168.2.4
Aug 27, 2024 19:06:33.876707077 CEST	53	60622	1.1.1.1	192.168.2.4
Aug 27, 2024 19:06:51.526057959 CEST	53	54222	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Aug 27, 2024 19:05:52.825721025 CEST	192.168.2.4	1.1.1.1	0x497e	Standard query (0)	ceo.ca	A (IP address)	IN (0x0001)	false
Aug 27, 2024 19:05:52.825874090 CEST	192.168.2.4	1.1.1.1	0x21c8	Standard query (0)	ceo.ca	65	IN (0x0001)	false
Aug 27, 2024 19:05:53.827635050 CEST	192.168.2.4	1.1.1.1	0xa272	Standard query (0)	watercolorjourney.net	A (IP address)	IN (0x0001)	false
Aug 27, 2024 19:05:53.827768087 CEST	192.168.2.4	1.1.1.1	0xd8dc	Standard query (0)	watercolorjourney.net	65	IN (0x0001)	false
Aug 27, 2024 19:05:54.708591938 CEST	192.168.2.4	1.1.1.1	0x67e7	Standard query (0)	e-courts.org	A (IP address)	IN (0x0001)	false
Aug 27, 2024 19:05:54.710191011 CEST	192.168.2.4	1.1.1.1	0xe5fe	Standard query (0)	e-courts.org	65	IN (0x0001)	false
Aug 27, 2024 19:05:55.675122023 CEST	192.168.2.4	1.1.1.1	0xc22f	Standard query (0)	e-courts.org	A (IP address)	IN (0x0001)	false
Aug 27, 2024 19:05:55.675280094 CEST	192.168.2.4	1.1.1.1	0xf95	Standard query (0)	e-courts.org	65	IN (0x0001)	false
Aug 27, 2024 19:05:55.948303938 CEST	192.168.2.4	1.1.1.1	0x2099	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Aug 27, 2024 19:05:55.948618889 CEST	192.168.2.4	1.1.1.1	0xe324	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Aug 27, 2024 19:05:52.839270115 CEST	1.1.1.1	192.168.2.4	0x497e	No error (0)	ceo.ca		34.198.199.205	A (IP address)	IN (0x0001)	false
Aug 27, 2024 19:05:53.997868061 CEST	1.1.1.1	192.168.2.4	0xa272	No error (0)	watercolorjourney.net		162.241.87.113	A (IP address)	IN (0x0001)	false
Aug 27, 2024 19:05:54.771666050 CEST	1.1.1.1	192.168.2.4	0xe5fe	No error (0)	e-courts.org			65	IN (0x0001)	false
Aug 27, 2024 19:05:54.773590088 CEST	1.1.1.1	192.168.2.4	0x67e7	No error (0)	e-courts.org		104.21.22.182	A (IP address)	IN (0x0001)	false
Aug 27, 2024 19:05:54.773590088 CEST	1.1.1.1	192.168.2.4	0x67e7	No error (0)	e-courts.org		172.67.206.96	A (IP address)	IN (0x0001)	false
Aug 27, 2024 19:05:55.714591026 CEST	1.1.1.1	192.168.2.4	0xc22f	No error (0)	e-courts.org		104.21.22.182	A (IP address)	IN (0x0001)	false
Aug 27, 2024 19:05:55.714591026 CEST	1.1.1.1	192.168.2.4	0xc22f	No error (0)	e-courts.org		172.67.206.96	A (IP address)	IN (0x0001)	false
Aug 27, 2024 19:05:55.714607954 CEST	1.1.1.1	192.168.2.4	0xf95	No error (0)	e-courts.org			65	IN (0x0001)	false
Aug 27, 2024 19:05:55.960961103 CEST	1.1.1.1	192.168.2.4	0x2099	No error (0)	www.google.com		142.250.184.228	A (IP address)	IN (0x0001)	false
Aug 27, 2024 19:05:55.962343931 CEST	1.1.1.1	192.168.2.4	0xe324	No error (0)	www.google.com			65	IN (0x0001)	false
Aug 27, 2024 19:05:56.041956902 CEST	1.1.1.1	192.168.2.4	0x9d64	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Aug 27, 2024 19:05:56.041956902 CEST	1.1.1.1	192.168.2.4	0x9d64	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

ceo.ca

watercolorjourney.net

https:

e-courts.org

p13n.adobe.io

fs.microsoft.com

armmf.adobe.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	34.198.199.205	443	8208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-27 17:05:53 UTC	738	OUT	GET /api/banner_redirect?channel=g&url=https://watercolorjourney.net/afew/ribs.html&banner=824 HTTP/1.1 Host: ceo.ca Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-27 17:05:53 UTC	410	IN	HTTP/1.1 302 Found Date: Tue, 27 Aug 2024 17:05:53 GMT Content-Type: text/html; charset=utf-8 Content-Length: 132 Connection: close X-Powered-By: Express Surrogate-Control: no-store Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate Pragma: no-cache Expires: 0 Location: https://watercolorjourney.net/afew/ribs.html Vary: Accept, Accept-Encoding X-Upstream: 172.31.20.138:8071
2024-08-27 17:05:53 UTC	132	IN	Data Raw: 3c 70 3e 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 61 74 65 72 63 6f 6c 6f 72 6a 6f 75 72 6e 65 79 2e 6e 65 74 2f 61 66 65 77 2f 72 69 62 73 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 61 74 65 72 63 6f 6c 6f 72 6a 6f 75 72 6e 65 79 2e 6e 65 74 2f 61 66 65 77 2f 72 69 62 73 2e 68 74 6d 6c 3c 2f 61 3e 3c 2f 70 3e Data Ascii: <p>Found. Redirecting to <a href="https://watercolorjourney.net/afew/ribs.html">https://watercolorjourney.net/afew/ribs.html</a></p>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49742	162.241.87.113	443	8208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-27 17:05:54 UTC	678	OUT	GET /afew/ribs.html HTTP/1.1 Host: watercolorjourney.net Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-27 17:05:54 UTC	206	IN	HTTP/1.1 200 OK Date: Tue, 27 Aug 2024 17:05:54 GMT Server: Apache Last-Modified: Tue, 27 Aug 2024 11:20:03 GMT Accept-Ranges: bytes Content-Length: 3288 Connection: close Content-Type: text/html
2024-08-27 17:05:54 UTC	3288	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 20 3c 74 69 74 6c 65 3e 56 65 72 69 66 79 20 59 6f 75 72 20 49 64 65 6e 74 69 74 79 3c 2f 74 69 74 6c 65 3e 20 3c 73 74 79 6c 65 3e 20 62 6f 64 79 20 7b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 53 65 67 6f 65 20 55 49 22 2c 20 22 53 65 67 6f 65 20 55 49 20 57 65 62 20 28 57 65 73 74 20 45 75 72 6f 70 65 61 6e 29 22 2c 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Verify Your Identity</title> <style> body { font-family: "Segoe UI", "Segoe UI Web (West European)", -apple-system,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49743	162.241.87.113	443	8208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-27 17:05:55 UTC	651	OUT	GET /afew/images/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1 Host: watercolorjourney.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://watercolorjourney.net/afew/ribs.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-27 17:05:55 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 27 Aug 2024 17:05:55 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-08-27 17:05:55 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49744	104.21.22.182	443	8208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-27 17:05:55 UTC	613	OUT	GET /wp-content/uploads/docusign-logo.png HTTP/1.1 Host: e-courts.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://watercolorjourney.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-27 17:05:55 UTC	706	IN	HTTP/1.1 200 OK Date: Tue, 27 Aug 2024 17:05:55 GMT Content-Type: image/png Content-Length: 36611 Connection: close last-modified: Wed, 14 Aug 2024 17:37:06 GMT etag: "8f03-61fa82ccd4e57" x-cache-nxaccel: MISS Cache-Control: max-age=300 CF-Cache-Status: HIT Age: 3631 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QLrfGT8WY8mXIqCrb3i2MV%2FgYEKX9bqyR%2F3gObKMKOSfYjVbSLmV%2BfFZVvn2vM%2FbllUx8ijwGBlk0D0CqbH0B6IxACEXwNgV8uVsISZICr4b0t0D8UDMYOI6kzmz1sU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b9da631afca1a07-EWR alt-svc: h3=":443"; ma=86400
2024-08-27 17:05:55 UTC	663	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 09 c5 00 00 01 f8 08 06 00 00 00 81 e6 17 b2 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 20 00 49 44 41 54 78 9c ec dd bd 6f 5c 59 9a 27 e8 f7 14 7a 80 9d 5a cc 52 d5 4e a3 d1 86 d8 ce 8e b1 06 55 d6 98 8a f2 a7 21 16 a2 7d 85 8c 71 d6 49 96 b7 5e 46 fe 05 c9 f4 07 50 c8 5b 63 89 a4 80 b5 c6 c9 90 d9 4e 27 65 2e 76 81 24 31 28 14 06 58 4c 8b 40 6f 0f d0 03 f4 5d 23 4e 88 21 8a 9f c1 88 78 ef c7 f3 00 42 66 55 56 92 bf 92 c8 c3 7b ce fd 9d 73 4a d3 34 41 4f 8d c7 fb 11 31 8a 88 17 f5 17 ec d2 a7 88 38 bb e1 bf 9f 7f fe bb 93 93 f9 0d ff 1c 00 00 00 00 00 00 00 00 d6 56 94 e2 7a 68 51 86 9b 46 c4 eb dc 20 f0 60 17 11 71 be f2 eb 2c 22 3e 29 cd 01 00 00 00 00 00 00 00 f0 58 4a 71 Data Ascii: PNGIHDRpHYs~ IDATxo\Y'zZRNU!}qI^FP[cN'e.v$1(XL@o]#N!xBfUV{sJ4AO18VzhQF `q,">)XJq
2024-08-27 17:05:55 UTC	1369	IN	Data Raw: 38 00 00 00 00 00 00 e0 91 94 e2 00 1e 67 59 8e 3b 8d f1 78 3f 3b 0c 00 79 4a 29 93 52 ca 79 44 bc 8d 88 e7 c9 71 00 00 00 00 00 00 80 4a 29 0e 60 3d af 22 e2 97 18 8f 8f 63 3c 7e 96 1d 06 80 dd 29 a5 8c 4a 29 67 a1 0c 07 00 00 00 00 00 00 ad 54 9a a6 c9 ce c0 53 8d c7 fe 10 21 d7 65 44 1c c5 c9 c9 2c 3b 08 00 db 53 4a 19 45 c4 34 16 a7 86 ee d2 87 a6 69 46 3b fe 9c 00 00 00 00 ad 50 4a 79 16 11 2f ea 7f dc af bf 96 3e 45 c4 59 fd fb f3 a6 69 ce 77 16 0c 00 80 56 53 8a eb 03 a5 38 68 8b 0f b1 28 c7 9d dd fb bf 04 a0 33 4a 29 2f 22 e2 38 76 5f 86 5b 52 8a 03 00 00 00 06 a1 16 e0 46 b1 28 c1 2d ff ba f7 c8 0f f3 21 22 ce 23 62 1e 11 73 45 39 00 80 61 52 8a eb 03 a5 38 68 9b ef e2 e4 64 9a 1d 02 80 a7 29 a5 ec c7 e2 64 b8 d7 a9 41 94 e2 00 00 00 80 1e ab 45 Data Ascii: 8gY;x?;yJ)RyDqJ)`="c<~)J)gTS!eD,;SJE4iF;PJy/>EYiwVS8h(3J)/"8v_[RF(-!"#bsE9aR8hd)dAE
2024-08-27 17:05:55 UTC	1369	IN	Data Raw: 00 f4 ce 7e 76 80 96 73 52 1c 00 40 cb 28 c5 01 f4 cb cb 18 8f a7 d9 21 00 00 00 00 00 e8 95 fd ec 00 2d e7 16 17 00 80 96 51 8a 03 e8 9f 6f 63 3c b6 2b 0d 00 00 00 00 80 4d 51 fa ba db 7e 76 00 00 00 be a4 14 07 d0 4f a7 31 1e 5b a4 00 00 00 00 00 60 13 6c c4 be db f3 ec 00 00 00 7c 49 29 0e a0 9f 9e 47 c4 2c 3b 04 00 00 00 00 00 00 00 c0 ae 29 c5 01 f4 d7 ab 18 8f 0f b3 43 00 00 00 00 00 00 00 00 ec 92 52 1c 40 bf cd 5c a3 0a 00 00 00 00 00 00 00 0c 89 52 1c 40 bf ed 85 6b 54 01 00 00 00 00 00 00 80 01 51 8a 03 e8 3f d7 a8 02 00 00 00 00 00 00 00 83 a1 14 07 30 0c ae 51 05 00 00 00 00 60 5d 67 d9 01 5a ee 22 3b 00 00 00 5f 52 8a 03 18 86 bd 88 38 ce 0e 01 00 00 00 00 40 27 7d ca 0e d0 72 e7 d9 01 00 00 f8 92 52 1c c0 70 bc 8e f1 78 94 1d 02 00 00 00 00 Data Ascii: ~vsR@(!-Qoc<+MQ~vO1[`l\|I)G,;)CR@\R@kTQ?0Q`]gZ";_R8@'}rRpx
2024-08-27 17:05:55 UTC	1369	IN	Data Raw: ee a3 14 07 c0 43 1d 66 07 00 00 00 00 00 00 00 00 b8 8f 52 1c 00 0f f5 2a 3b 00 00 00 00 00 00 00 00 c0 7d 94 e2 00 78 b8 f1 d8 69 71 00 00 00 00 00 00 00 40 ab 29 c5 01 f0 18 a3 ec 00 00 00 00 00 00 00 00 00 77 51 8a 03 e0 31 46 d9 01 00 00 00 00 00 00 00 00 ee a2 14 07 c0 63 1c c4 78 bc 9f 1d 02 00 00 00 00 00 00 00 e0 36 4a 71 00 3c d6 28 3b 00 00 00 00 00 00 00 00 c0 6d 94 e2 00 78 ac 51 76 00 00 00 00 00 00 00 00 80 db 28 c5 01 f0 58 a3 ec 00 00 00 00 00 00 00 00 00 b7 51 8a 03 e0 b1 9e c7 78 fc 2c 3b 04 00 00 00 00 00 00 00 c0 4d 94 e2 00 58 c7 28 3b 00 00 00 00 00 00 00 00 c0 4d 94 e2 00 58 c7 28 3b 00 00 00 00 00 00 00 00 c0 4d 94 e2 00 58 c7 8b ec 00 00 00 00 00 00 00 00 00 37 51 8a 03 60 1d 2f b3 03 00 00 00 00 00 00 00 00 dc 44 29 0e 80 f5 8c Data Ascii: CfR*;}xiq@)wQ1Fcx6Jq<(;mxQv(XQx,;MX(;MX(;MX7Q`/D)
2024-08-27 17:05:55 UTC	1369	IN	Data Raw: 9b 62 0c 01 a0 f3 56 e6 01 a3 e8 47 01 ee 31 3e c6 97 1b 67 e6 b9 71 80 a1 e9 e9 1a f1 72 7d 78 1e e6 49 c0 03 f4 74 4d e9 f3 58 d8 34 cd 69 72 16 76 4c 29 ae 07 94 e2 58 a5 18 47 12 a5 38 3a 67 e5 c1 7e 12 fd 58 e0 b8 cf 65 d4 82 5c 2c 4a 72 9d 5d 00 51 8a a3 8f ea c2 eb 61 5c 2d 36 74 61 c7 dd b6 f5 b2 d8 0b db 50 5f a0 af 8e 21 7d 58 b0 7c 2a 2f 7f 00 68 bd 95 02 c6 f2 e7 b8 79 c0 97 9c f2 01 6c 55 5d 23 3e ac bf 86 b0 46 fc 3e ae d6 5a ce 73 a3 00 6d 51 4a 59 3e 8b 1e c6 30 9e 47 df 47 0f de 95 f1 30 4a 71 3d a0 14 c7 75 8a 71 24 78 13 27 27 b3 ec 10 70 9f ba c8 31 89 e1 3c d8 df e5 7d 2c 1e f8 67 d9 41 1e 4b 29 8e be 18 e0 c2 eb 53 2d 17 2b e6 16 6e e1 8b e7 9a 51 18 43 1e e2 43 5c 8d 21 ae 68 6b 91 52 ca 24 16 5f cb 83 e1 d9 ae 1b ea 38 7b 9c 9d 63 Data Ascii: bVG1>gqr}xItMX4irvL)XG8:g~Xe\,Jr]Qa\-6taP_!}X\|*/hylU]#>F>ZsmQJY>0GG0Jq=uq$x''p1<},gAK)S-+nQCC\!hkR$_8{c
2024-08-27 17:05:55 UTC	1369	IN	Data Raw: 03 a4 18 07 74 49 7d 98 3c 8f c5 ee 5d da e3 79 2c 4e 5c 9a 5b 2c a6 ef 2c c0 f7 d6 6a 39 4e c9 97 ad f2 f2 a6 97 94 e3 00 06 e2 da a9 f5 4e 24 ea b7 e5 cf f7 5f 4a 29 33 d7 62 e5 ab 45 9b f3 30 17 1f b4 6b 1b a6 cd a7 da 67 2f da 73 9d a0 79 19 bd b5 72 7d f8 cf 61 2c 6c 93 bd 88 f8 be be 2b 33 06 b5 90 52 1c 0c 94 62 1c d0 76 2b 3b b0 bf 0f 8b 5e 6d f6 32 16 a7 c6 d9 09 43 2f d5 05 f8 b3 b0 00 df 67 ab 25 df 51 76 18 fa 65 65 c1 d2 cb 9b fe 5a 3d 45 77 92 9c 05 80 0d ab 9b 63 ce c2 a9 f5 43 f4 3a 16 d7 62 cd 6d a2 d9 bd 6b d7 14 9b 8b 0f d8 4a 31 d2 86 e9 f6 5b 5e 27 38 53 0c 81 cd 72 7d 78 27 bc 8c c5 c6 49 cf 8d 2d a3 14 07 03 a6 18 07 b4 d1 ca ce 3f 3b b0 bb 63 b9 13 e6 cc 11 f5 f4 85 ab 91 06 e9 65 2c 16 6f 4f 9d 80 c9 26 ac 9c 76 6b c1 72 18 96 a7 Data Ascii: tI}<]y,N\[,,j9NN$_J)3bE0kg/syr}a,l+3Rbv+;^m2C/g%QveeZ=EwcC:bmkJ1[^'8Sr}x'I-?;ce,oO&vkr
2024-08-27 17:05:55 UTC	1369	IN	Data Raw: 18 9a 4d ed 6c a6 05 8c 23 ec d8 5e 44 fc 6c 31 14 60 f3 14 e2 68 99 e5 55 81 a7 7d 99 37 d4 97 fd df 64 e7 a0 9d ea 18 fc 73 38 19 89 87 39 88 45 79 d8 86 21 7a a1 8e 81 f3 f0 9e 8c db bd 35 e6 6d 97 52 1c f0 60 8a 71 dc e1 3c 3b 00 ed e2 38 7c d6 f0 ba 94 62 27 20 1b 61 0c 22 99 9d cd 3d 60 1c 21 d1 5b a7 4e 02 6c 8e 42 1c 2d f6 2a fa 73 6a 5c 1f fe 3f b0 05 c6 60 d6 b4 17 8b 75 95 d1 63 fe 25 a5 12 da 64 e5 ba d4 b7 a1 14 cc fd e6 75 73 2e 5b a0 14 07 3c 8a 62 1c 70 1f c7 e1 f3 04 2f c3 c3 3f 4f 64 07 32 2d 61 67 73 87 d5 17 93 f3 30 8e 90 e7 5b a7 e8 02 3c 9d 32 06 1d d0 bb 53 e3 60 c9 18 cc 13 ed 45 c4 4f 8f 3c 49 db 38 4a 2b b8 2e 95 35 ec 45 84 e7 c1 2d 51 8a 03 1e 4d 31 0e b8 cd ca c3 be 97 c8 ac eb 20 22 ce 14 49 58 47 3d 59 c7 82 2b 6d b1 d6 ce Data Ascii: Ml#^Dl1`hU}7ds89Ey!z5mR`q<;8\|b' a"=`![NlB-*sj\?`uc%dus.[<bp/?Od2-ags0[<2S`EO<I8J+.5E-QM1 "IXG=Y+m
2024-08-27 17:05:55 UTC	1369	IN	Data Raw: ef 9b a6 99 65 87 60 d0 66 61 b3 11 00 64 7b 5e af 32 e7 11 94 e2 80 9d 52 8c eb a5 f3 ec 00 6c c7 ca 0e 40 80 5d 9b 85 22 0b c3 f6 ba 9e d4 ca 9a ea 02 d1 eb ec 1c 90 60 56 4a d9 cf 0e 01 b0 2d f5 67 bc 62 06 43 72 11 11 93 ec 10 0c 57 1d 77 dd 22 02 00 ed 30 cd 0e d0 35 4a 71 c0 ce 29 c6 f5 cc c9 c9 79 76 04 b6 e6 38 2c 34 03 3b 56 4a 99 86 c5 56 88 88 f8 be 94 32 ca 0e d1 45 f5 a4 db b7 d9 39 20 c9 5e d8 d8 02 f4 db 34 3b 00 ec d8 a4 69 9a 4f d9 21 18 a6 3a b7 72 3a 27 00 b4 c7 73 6b c6 8f a3 14 07 a4 38 f9 e3 1f ff fc 3f 9e 9f ff b7 ec 1c 3c d9 45 76 00 b6 a3 5e bb e4 74 15 60 a7 ea d8 f3 6d 76 0e 68 91 d3 7a 72 2b 0f e4 a4 5b 88 88 88 83 52 8a 97 97 40 ef 38 25 8e 01 fa ae 69 9a 79 76 08 06 6d 16 8b 4d 17 00 40 7b 4c b3 03 74 89 52 1c 90 e6 7f 3d 3b Data Ascii: e`fad{^2Rl@]"`VJ-gbCrWw"05Jq)yv8,4;VJV2E9 ^4;iO!:r:'sk8?<Ev^t`mvhzr+[R@8%iyvmM@{LtR=;
2024-08-27 17:05:55 UTC	1369	IN	Data Raw: 07 c0 ba ce b3 03 b0 11 47 a1 24 b5 4d 97 71 b5 fb 79 63 25 b8 c7 a8 2f a0 e7 cb ff 5c 27 1f cb 05 66 8b 5d ec 9c 22 cb d6 b4 61 bc 59 ee 26 9c 45 7c 2e b9 0c fd c4 87 6d 3a 2e a5 a4 fc 59 b7 c4 2c 3b 40 cf 7c 1e 43 32 16 d1 ae 5f ab 16 f1 f9 fa a6 51 78 66 d9 b4 e3 52 ca e9 80 c7 0e a0 43 5c 9d 1a 3f 44 c4 74 48 63 76 fd ff 3a 8b 88 d9 4a 41 ee 28 fa fd 75 70 b4 a9 4d 4c b0 8e 3a d6 1e 25 c7 e8 bb 8b b8 9a 6f cd 77 fd c9 af 9d d0 19 11 9f e7 5b cb 39 97 f9 16 0c c3 fb b8 1a 8b 76 fa 7c b9 fa 9e 6a a0 9b 20 b6 ed 30 ae 15 11 b9 f2 ab ec 00 00 74 d4 c9 c9 3c 3b 02 4f 53 17 3c be 4d 8e d1 57 ef 22 e2 f7 4d d3 3c 6b 9a 66 d2 34 4d 6b 5e 3c 36 4d 33 6f 9a e6 a8 69 9a fd 88 f8 6d 2c 16 d9 2f 72 53 31 30 b3 ec 00 3d d3 e6 f1 e6 bc 69 9a e3 a6 69 0e 23 e2 37 11 Data Ascii: G$Mqyc%/\'f]"aY&E\|.m:.Y,;@\|C2_QxfRC\?DtHcv:JA(upML:%ow[9v\|j 0t<;OS<MW"M<kf4Mk^<6M3oim,/rS10=ii#7
2024-08-27 17:05:55 UTC	1369	IN	Data Raw: d0 11 97 11 f1 a6 6f 47 dd 3f 85 32 ee a3 ed 45 c4 51 76 88 6d 28 a5 4c 22 e2 79 76 8e 0e 58 5e 99 31 cd 0e 92 6d 65 c1 b4 ad a7 c4 b4 89 d3 e2 80 b6 3a c8 0e b0 03 17 7e 6e 6f 4f 0b af 55 7d 5f cb 7a 90 ca e6 c5 b5 2c 37 4c db ac 15 5f 8c af bf 8d c5 c9 79 c0 ee 7c 88 88 41 dd 2e b2 54 c7 e0 37 d9 39 5a 6e 94 1d a0 8d 94 e2 00 78 2c bb 57 3b aa de 25 ff 3a 39 46 97 7c 8c 88 91 c5 8e af ad 14 55 5c 6f c8 9d 5c 77 f8 60 1f 63 b1 b8 3a cb 0e d2 36 2b 65 dc df 47 fe 4b ac 2e 38 aa 3f ef fb 66 9a 1d a0 03 96 a7 4c ce b3 83 b4 49 1d 57 47 e1 45 cd 7d a6 d9 01 00 56 95 52 86 72 4a dc 34 3b c0 10 ac 94 37 32 d7 31 2e c3 46 55 da 63 9a 1d a0 63 be b3 61 fa 66 f5 a4 d3 51 d8 cc 08 bb f2 43 1d 8f 7a 7f 3a dc 6d ea 3a 8f 62 dc ed f6 06 34 97 7a 30 a5 38 00 1e e3 32 Data Ascii: oG?2EQvm(L"yvX^1me:~noOU}_z,7L_y\|A.T79Znx,W;%:9F\|U\o\w`c:6+eGK.8?fLIWGE}VRrJ4;721.FUccafQCz:m:b4z082

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49747	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-08-27 17:05:55 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-27 17:05:55 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF17) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=81271 Date: Tue, 27 Aug 2024 17:05:55 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49752	104.21.22.182	443	8208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-27 17:05:56 UTC	372	OUT	GET /wp-content/uploads/docusign-logo.png HTTP/1.1 Host: e-courts.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-27 17:05:56 UTC	706	IN	HTTP/1.1 200 OK Date: Tue, 27 Aug 2024 17:05:56 GMT Content-Type: image/png Content-Length: 36611 Connection: close last-modified: Wed, 14 Aug 2024 17:37:06 GMT etag: "8f03-61fa82ccd4e57" x-cache-nxaccel: MISS Cache-Control: max-age=300 CF-Cache-Status: HIT Age: 3632 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=klrdKV60F%2FrS9rv0I8prQRVqj9WYBEBa0A%2BbugRFHpBwpNLWi9Be5xv%2Fl6Ze3hArvF4eXQuL0vMlyNXM73O5VgXz2AOy21TQztfJ8VbjzH0wu6Qu93tzaSg4ATG%2Bx8o%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b9da6373d654223-EWR alt-svc: h3=":443"; ma=86400
2024-08-27 17:05:56 UTC	663	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 09 c5 00 00 01 f8 08 06 00 00 00 81 e6 17 b2 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 20 00 49 44 41 54 78 9c ec dd bd 6f 5c 59 9a 27 e8 f7 14 7a 80 9d 5a cc 52 d5 4e a3 d1 86 d8 ce 8e b1 06 55 d6 98 8a f2 a7 21 16 a2 7d 85 8c 71 d6 49 96 b7 5e 46 fe 05 c9 f4 07 50 c8 5b 63 89 a4 80 b5 c6 c9 90 d9 4e 27 65 2e 76 81 24 31 28 14 06 58 4c 8b 40 6f 0f d0 03 f4 5d 23 4e 88 21 8a 9f c1 88 78 ef c7 f3 00 42 66 55 56 92 bf 92 c8 c3 7b ce fd 9d 73 4a d3 34 41 4f 8d c7 fb 11 31 8a 88 17 f5 17 ec d2 a7 88 38 bb e1 bf 9f 7f fe bb 93 93 f9 0d ff 1c 00 00 00 00 00 00 00 00 d6 56 94 e2 7a 68 51 86 9b 46 c4 eb dc 20 f0 60 17 11 71 be f2 eb 2c 22 3e 29 cd 01 00 00 00 00 00 00 00 f0 58 4a 71 Data Ascii: PNGIHDRpHYs~ IDATxo\Y'zZRNU!}qI^FP[cN'e.v$1(XL@o]#N!xBfUV{sJ4AO18VzhQF `q,">)XJq
2024-08-27 17:05:56 UTC	1369	IN	Data Raw: 38 00 00 00 00 00 00 e0 91 94 e2 00 1e 67 59 8e 3b 8d f1 78 3f 3b 0c 00 79 4a 29 93 52 ca 79 44 bc 8d 88 e7 c9 71 00 00 00 00 00 00 80 4a 29 0e 60 3d af 22 e2 97 18 8f 8f 63 3c 7e 96 1d 06 80 dd 29 a5 8c 4a 29 67 a1 0c 07 00 00 00 00 00 00 ad 54 9a a6 c9 ce c0 53 8d c7 fe 10 21 d7 65 44 1c c5 c9 c9 2c 3b 08 00 db 53 4a 19 45 c4 34 16 a7 86 ee d2 87 a6 69 46 3b fe 9c 00 00 00 00 ad 50 4a 79 16 11 2f ea 7f dc af bf 96 3e 45 c4 59 fd fb f3 a6 69 ce 77 16 0c 00 80 56 53 8a eb 03 a5 38 68 8b 0f b1 28 c7 9d dd fb bf 04 a0 33 4a 29 2f 22 e2 38 76 5f 86 5b 52 8a 03 00 00 00 06 a1 16 e0 46 b1 28 c1 2d ff ba f7 c8 0f f3 21 22 ce 23 62 1e 11 73 45 39 00 80 61 52 8a eb 03 a5 38 68 9b ef e2 e4 64 9a 1d 02 80 a7 29 a5 ec c7 e2 64 b8 d7 a9 41 94 e2 00 00 00 80 1e ab 45 Data Ascii: 8gY;x?;yJ)RyDqJ)`="c<~)J)gTS!eD,;SJE4iF;PJy/>EYiwVS8h(3J)/"8v_[RF(-!"#bsE9aR8hd)dAE
2024-08-27 17:05:56 UTC	1369	IN	Data Raw: 00 f4 ce 7e 76 80 96 73 52 1c 00 40 cb 28 c5 01 f4 cb cb 18 8f a7 d9 21 00 00 00 00 00 e8 95 fd ec 00 2d e7 16 17 00 80 96 51 8a 03 e8 9f 6f 63 3c b6 2b 0d 00 00 00 00 80 4d 51 fa ba db 7e 76 00 00 00 be a4 14 07 d0 4f a7 31 1e 5b a4 00 00 00 00 00 60 13 6c c4 be db f3 ec 00 00 00 7c 49 29 0e a0 9f 9e 47 c4 2c 3b 04 00 00 00 00 00 00 00 c0 ae 29 c5 01 f4 d7 ab 18 8f 0f b3 43 00 00 00 00 00 00 00 00 ec 92 52 1c 40 bf cd 5c a3 0a 00 00 00 00 00 00 00 0c 89 52 1c 40 bf ed 85 6b 54 01 00 00 00 00 00 00 80 01 51 8a 03 e8 3f d7 a8 02 00 00 00 00 00 00 00 83 a1 14 07 30 0c ae 51 05 00 00 00 00 60 5d 67 d9 01 5a ee 22 3b 00 00 00 5f 52 8a 03 18 86 bd 88 38 ce 0e 01 00 00 00 00 40 27 7d ca 0e d0 72 e7 d9 01 00 00 f8 92 52 1c c0 70 bc 8e f1 78 94 1d 02 00 00 00 00 Data Ascii: ~vsR@(!-Qoc<+MQ~vO1[`l\|I)G,;)CR@\R@kTQ?0Q`]gZ";_R8@'}rRpx
2024-08-27 17:05:56 UTC	1369	IN	Data Raw: ee a3 14 07 c0 43 1d 66 07 00 00 00 00 00 00 00 00 b8 8f 52 1c 00 0f f5 2a 3b 00 00 00 00 00 00 00 00 c0 7d 94 e2 00 78 b8 f1 d8 69 71 00 00 00 00 00 00 00 40 ab 29 c5 01 f0 18 a3 ec 00 00 00 00 00 00 00 00 00 77 51 8a 03 e0 31 46 d9 01 00 00 00 00 00 00 00 00 ee a2 14 07 c0 63 1c c4 78 bc 9f 1d 02 00 00 00 00 00 00 00 e0 36 4a 71 00 3c d6 28 3b 00 00 00 00 00 00 00 00 c0 6d 94 e2 00 78 ac 51 76 00 00 00 00 00 00 00 00 80 db 28 c5 01 f0 58 a3 ec 00 00 00 00 00 00 00 00 00 b7 51 8a 03 e0 b1 9e c7 78 fc 2c 3b 04 00 00 00 00 00 00 00 c0 4d 94 e2 00 58 c7 28 3b 00 00 00 00 00 00 00 00 c0 4d 94 e2 00 58 c7 28 3b 00 00 00 00 00 00 00 00 c0 4d 94 e2 00 58 c7 8b ec 00 00 00 00 00 00 00 00 00 37 51 8a 03 60 1d 2f b3 03 00 00 00 00 00 00 00 00 dc 44 29 0e 80 f5 8c Data Ascii: CfR*;}xiq@)wQ1Fcx6Jq<(;mxQv(XQx,;MX(;MX(;MX7Q`/D)
2024-08-27 17:05:56 UTC	1369	IN	Data Raw: 9b 62 0c 01 a0 f3 56 e6 01 a3 e8 47 01 ee 31 3e c6 97 1b 67 e6 b9 71 80 a1 e9 e9 1a f1 72 7d 78 1e e6 49 c0 03 f4 74 4d e9 f3 58 d8 34 cd 69 72 16 76 4c 29 ae 07 94 e2 58 a5 18 47 12 a5 38 3a 67 e5 c1 7e 12 fd 58 e0 b8 cf 65 d4 82 5c 2c 4a 72 9d 5d 00 51 8a a3 8f ea c2 eb 61 5c 2d 36 74 61 c7 dd b6 f5 b2 d8 0b db 50 5f a0 af 8e 21 7d 58 b0 7c 2a 2f 7f 00 68 bd 95 02 c6 f2 e7 b8 79 c0 97 9c f2 01 6c 55 5d 23 3e ac bf 86 b0 46 fc 3e ae d6 5a ce 73 a3 00 6d 51 4a 59 3e 8b 1e c6 30 9e 47 df 47 0f de 95 f1 30 4a 71 3d a0 14 c7 75 8a 71 24 78 13 27 27 b3 ec 10 70 9f ba c8 31 89 e1 3c d8 df e5 7d 2c 1e f8 67 d9 41 1e 4b 29 8e be 18 e0 c2 eb 53 2d 17 2b e6 16 6e e1 8b e7 9a 51 18 43 1e e2 43 5c 8d 21 ae 68 6b 91 52 ca 24 16 5f cb 83 e1 d9 ae 1b ea 38 7b 9c 9d 63 Data Ascii: bVG1>gqr}xItMX4irvL)XG8:g~Xe\,Jr]Qa\-6taP_!}X\|*/hylU]#>F>ZsmQJY>0GG0Jq=uq$x''p1<},gAK)S-+nQCC\!hkR$_8{c
2024-08-27 17:05:56 UTC	1369	IN	Data Raw: 03 a4 18 07 74 49 7d 98 3c 8f c5 ee 5d da e3 79 2c 4e 5c 9a 5b 2c a6 ef 2c c0 f7 d6 6a 39 4e c9 97 ad f2 f2 a6 97 94 e3 00 06 e2 da a9 f5 4e 24 ea b7 e5 cf f7 5f 4a 29 33 d7 62 e5 ab 45 9b f3 30 17 1f b4 6b 1b a6 cd a7 da 67 2f da 73 9d a0 79 19 bd b5 72 7d f8 cf 61 2c 6c 93 bd 88 f8 be be 2b 33 06 b5 90 52 1c 0c 94 62 1c d0 76 2b 3b b0 bf 0f 8b 5e 6d f6 32 16 a7 c6 d9 09 43 2f d5 05 f8 b3 b0 00 df 67 ab 25 df 51 76 18 fa 65 65 c1 d2 cb 9b fe 5a 3d 45 77 92 9c 05 80 0d ab 9b 63 ce c2 a9 f5 43 f4 3a 16 d7 62 cd 6d a2 d9 bd 6b d7 14 9b 8b 0f d8 4a 31 d2 86 e9 f6 5b 5e 27 38 53 0c 81 cd 72 7d 78 27 bc 8c c5 c6 49 cf 8d 2d a3 14 07 03 a6 18 07 b4 d1 ca ce 3f 3b b0 bb 63 b9 13 e6 cc 11 f5 f4 85 ab 91 06 e9 65 2c 16 6f 4f 9d 80 c9 26 ac 9c 76 6b c1 72 18 96 a7 Data Ascii: tI}<]y,N\[,,j9NN$_J)3bE0kg/syr}a,l+3Rbv+;^m2C/g%QveeZ=EwcC:bmkJ1[^'8Sr}x'I-?;ce,oO&vkr
2024-08-27 17:05:56 UTC	1369	IN	Data Raw: 18 9a 4d ed 6c a6 05 8c 23 ec d8 5e 44 fc 6c 31 14 60 f3 14 e2 68 99 e5 55 81 a7 7d 99 37 d4 97 fd df 64 e7 a0 9d ea 18 fc 73 38 19 89 87 39 88 45 79 d8 86 21 7a a1 8e 81 f3 f0 9e 8c db bd 35 e6 6d 97 52 1c f0 60 8a 71 dc e1 3c 3b 00 ed e2 38 7c d6 f0 ba 94 62 27 20 1b 61 0c 22 99 9d cd 3d 60 1c 21 d1 5b a7 4e 02 6c 8e 42 1c 2d f6 2a fa 73 6a 5c 1f fe 3f b0 05 c6 60 d6 b4 17 8b 75 95 d1 63 fe 25 a5 12 da 64 e5 ba d4 b7 a1 14 cc fd e6 75 73 2e 5b a0 14 07 3c 8a 62 1c 70 1f c7 e1 f3 04 2f c3 c3 3f 4f 64 07 32 2d 61 67 73 87 d5 17 93 f3 30 8e 90 e7 5b a7 e8 02 3c 9d 32 06 1d d0 bb 53 e3 60 c9 18 cc 13 ed 45 c4 4f 8f 3c 49 db 38 4a 2b b8 2e 95 35 ec 45 84 e7 c1 2d 51 8a 03 1e 4d 31 0e b8 cd ca c3 be 97 c8 ac eb 20 22 ce 14 49 58 47 3d 59 c7 82 2b 6d b1 d6 ce Data Ascii: Ml#^Dl1`hU}7ds89Ey!z5mR`q<;8\|b' a"=`![NlB-*sj\?`uc%dus.[<bp/?Od2-ags0[<2S`EO<I8J+.5E-QM1 "IXG=Y+m
2024-08-27 17:05:56 UTC	1369	IN	Data Raw: ef 9b a6 99 65 87 60 d0 66 61 b3 11 00 64 7b 5e af 32 e7 11 94 e2 80 9d 52 8c eb a5 f3 ec 00 6c c7 ca 0e 40 80 5d 9b 85 22 0b c3 f6 ba 9e d4 ca 9a ea 02 d1 eb ec 1c 90 60 56 4a d9 cf 0e 01 b0 2d f5 67 bc 62 06 43 72 11 11 93 ec 10 0c 57 1d 77 dd 22 02 00 ed 30 cd 0e d0 35 4a 71 c0 ce 29 c6 f5 cc c9 c9 79 76 04 b6 e6 38 2c 34 03 3b 56 4a 99 86 c5 56 88 88 f8 be 94 32 ca 0e d1 45 f5 a4 db b7 d9 39 20 c9 5e d8 d8 02 f4 db 34 3b 00 ec d8 a4 69 9a 4f d9 21 18 a6 3a b7 72 3a 27 00 b4 c7 73 6b c6 8f a3 14 07 a4 38 f9 e3 1f ff fc 3f 9e 9f ff b7 ec 1c 3c d9 45 76 00 b6 a3 5e bb e4 74 15 60 a7 ea d8 f3 6d 76 0e 68 91 d3 7a 72 2b 0f e4 a4 5b 88 88 88 83 52 8a 97 97 40 ef 38 25 8e 01 fa ae 69 9a 79 76 08 06 6d 16 8b 4d 17 00 40 7b 4c b3 03 74 89 52 1c 90 e6 7f 3d 3b Data Ascii: e`fad{^2Rl@]"`VJ-gbCrWw"05Jq)yv8,4;VJV2E9 ^4;iO!:r:'sk8?<Ev^t`mvhzr+[R@8%iyvmM@{LtR=;
2024-08-27 17:05:56 UTC	1369	IN	Data Raw: 07 c0 ba ce b3 03 b0 11 47 a1 24 b5 4d 97 71 b5 fb 79 63 25 b8 c7 a8 2f a0 e7 cb ff 5c 27 1f cb 05 66 8b 5d ec 9c 22 cb d6 b4 61 bc 59 ee 26 9c 45 7c 2e b9 0c fd c4 87 6d 3a 2e a5 a4 fc 59 b7 c4 2c 3b 40 cf 7c 1e 43 32 16 d1 ae 5f ab 16 f1 f9 fa a6 51 78 66 d9 b4 e3 52 ca e9 80 c7 0e a0 43 5c 9d 1a 3f 44 c4 74 48 63 76 fd ff 3a 8b 88 d9 4a 41 ee 28 fa fd 75 70 b4 a9 4d 4c b0 8e 3a d6 1e 25 c7 e8 bb 8b b8 9a 6f cd 77 fd c9 af 9d d0 19 11 9f e7 5b cb 39 97 f9 16 0c c3 fb b8 1a 8b 76 fa 7c b9 fa 9e 6a a0 9b 20 b6 ed 30 ae 15 11 b9 f2 ab ec 00 00 74 d4 c9 c9 3c 3b 02 4f 53 17 3c be 4d 8e d1 57 ef 22 e2 f7 4d d3 3c 6b 9a 66 d2 34 4d 6b 5e 3c 36 4d 33 6f 9a e6 a8 69 9a fd 88 f8 6d 2c 16 d9 2f 72 53 31 30 b3 ec 00 3d d3 e6 f1 e6 bc 69 9a e3 a6 69 0e 23 e2 37 11 Data Ascii: G$Mqyc%/\'f]"aY&E\|.m:.Y,;@\|C2_QxfRC\?DtHcv:JA(upML:%ow[9v\|j 0t<;OS<MW"M<kf4Mk^<6M3oim,/rS10=ii#7
2024-08-27 17:05:56 UTC	1369	IN	Data Raw: d0 11 97 11 f1 a6 6f 47 dd 3f 85 32 ee a3 ed 45 c4 51 76 88 6d 28 a5 4c 22 e2 79 76 8e 0e 58 5e 99 31 cd 0e 92 6d 65 c1 b4 ad a7 c4 b4 89 d3 e2 80 b6 3a c8 0e b0 03 17 7e 6e 6f 4f 0b af 55 7d 5f cb 7a 90 ca e6 c5 b5 2c 37 4c db ac 15 5f 8c af bf 8d c5 c9 79 c0 ee 7c 88 88 41 dd 2e b2 54 c7 e0 37 d9 39 5a 6e 94 1d a0 8d 94 e2 00 78 2c bb 57 3b aa de 25 ff 3a 39 46 97 7c 8c 88 91 c5 8e af ad 14 55 5c 6f c8 9d 5c 77 f8 60 1f 63 b1 b8 3a cb 0e d2 36 2b 65 dc df 47 fe 4b ac 2e 38 aa 3f ef fb 66 9a 1d a0 03 96 a7 4c ce b3 83 b4 49 1d 57 47 e1 45 cd 7d a6 d9 01 00 56 95 52 86 72 4a dc 34 3b c0 10 ac 94 37 32 d7 31 2e c3 46 55 da 63 9a 1d a0 63 be b3 61 fa 66 f5 a4 d3 51 d8 cc 08 bb f2 43 1d 8f 7a 7f 3a dc 6d ea 3a 8f 62 dc ed f6 06 34 97 7a 30 a5 38 00 1e e3 32 Data Ascii: oG?2EQvm(L"yvX^1me:~noOU}_z,7L_y\|A.T79Znx,W;%:9F\|U\o\w`c:6+eGK.8?fLIWGE}VRrJ4;721.FUccafQCz:m:b4z082

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49751	162.241.87.113	443	8208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-27 17:05:56 UTC	612	OUT	GET /favicon.ico HTTP/1.1 Host: watercolorjourney.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://watercolorjourney.net/afew/ribs.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-27 17:05:56 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 27 Aug 2024 17:05:56 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-08-27 17:05:56 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49754	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-08-27 17:05:56 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-27 17:05:56 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=85184 Date: Tue, 27 Aug 2024 17:05:56 GMT Content-Length: 55 Connection: close X-CID: 2
2024-08-27 17:05:56 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49757	52.5.13.197	443	7708	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-27 17:05:57 UTC	1473	OUT	GET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1 Host: p13n.adobe.io Connection: keep-alive sec-ch-ua: "Chromium";v="105" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 x-adobe-uuid: a4ecfc44-3976-4051-8c45-0a7e26b55a37 x-adobe-uuid-type: visitorId x-api-key: AdobeReader9 sec-ch-ua-platform: "Windows" Origin: https://rna-resource.acrobat.com Accept-Language: en-US,en;q=0.9 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://rna-resource.acrobat.com/ Accept-Encoding: gzip, deflate, br
2024-08-27 17:05:58 UTC	608	IN	HTTP/1.1 200 Server: openresty Date: Tue, 27 Aug 2024 17:05:58 GMT Content-Type: application/json;charset=UTF-8 Content-Length: 6301 Connection: close x-request-id: Re1XKyofjZ5NQM7zCX2WPpazJ7eDRliz vary: accept-encoding Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Headers: Authorization,Content-Type,X-Api-Key,cache-control,User-Agent,If-None-Match,x-adobe-uuid,x-adobe-uuid-type, X-Request-Id Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: x-request-id Strict-Transport-Security: max-age=15552000; includeSubDomains
2024-08-27 17:05:58 UTC	6301	IN	Data Raw: 7b 22 73 75 72 66 61 63 65 73 22 3a 7b 22 44 43 5f 52 65 61 64 65 72 5f 52 48 50 5f 42 61 6e 6e 65 72 22 3a 7b 22 63 6f 6e 74 61 69 6e 65 72 73 22 3a 5b 7b 22 63 6f 6e 74 61 69 6e 65 72 49 64 22 3a 31 2c 22 63 6f 6e 74 61 69 6e 65 72 4c 61 62 65 6c 22 3a 22 4a 53 4f 4e 20 66 6f 72 20 52 65 61 64 65 72 20 44 43 20 52 48 50 20 42 61 6e 6e 65 72 22 2c 22 64 61 74 61 54 79 70 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 22 2c 22 64 61 74 61 22 3a 22 65 79 4a 6a 64 47 45 69 4f 6e 73 69 64 48 6c 77 5a 53 49 36 49 6d 4a 31 64 48 52 76 62 69 49 73 49 6e 52 6c 65 48 51 69 4f 69 4a 47 63 6d 56 6c 49 44 63 74 52 47 46 35 49 46 52 79 61 57 46 73 49 69 77 69 5a 32 39 66 64 58 4a 73 49 6a 6f 69 61 48 52 30 63 48 4d 36 4c 79 39 68 59 33 4a 76 59 6d 46 30 Data Ascii: {"surfaces":{"DC_Reader_RHP_Banner":{"containers":[{"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","dataType":"application/json","data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49758	23.56.162.185	443	7708	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-27 17:06:00 UTC	475	OUT	GET /onboarding/smskillreader.txt HTTP/1.1 Host: armmf.adobe.com Connection: keep-alive Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br If-None-Match: "78-5faa31cce96da" If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
2024-08-27 17:06:00 UTC	198	IN	HTTP/1.1 304 Not Modified Content-Type: text/plain; charset=UTF-8 Last-Modified: Mon, 01 May 2023 15:02:33 GMT ETag: "78-5faa31cce96da" Date: Tue, 27 Aug 2024 17:06:00 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49759	40.68.123.157	443

Timestamp	Bytes transferred	Direction	Data
2024-08-27 17:06:03 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=2MtV7WTuch2MuRl&MD=812LGNnf HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-08-27 17:06:03 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: aaf6b893-23d7-4863-a9b2-43ee4d5de4df MS-RequestId: a2bf2da4-60f8-4023-9832-3fba8b37c406 MS-CV: kxJWHfJTxU6bm02T.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 27 Aug 2024 17:06:02 GMT Connection: close Content-Length: 24490
2024-08-27 17:06:03 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-08-27 17:06:03 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	54125	40.68.123.157	443

Timestamp	Bytes transferred	Direction	Data
2024-08-27 17:06:41 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=2MtV7WTuch2MuRl&MD=812LGNnf HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-08-27 17:06:41 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: ec06cbec-8f55-4818-9bb7-e0d353090a7f MS-RequestId: 984e5773-b703-4780-80d1-222acfd370c9 MS-CV: DBTHUOjrQUCLjeo/.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 27 Aug 2024 17:06:41 GMT Connection: close Content-Length: 30005
2024-08-27 17:06:41 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-08-27 17:06:41 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 7304, Parent PID: 2580

General

Target ID:	0
Start time:	13:05:45
Start date:	27/08/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\signature.pdf"
Imagebase:	0x7ff6bc1b0000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7492, Parent PID: 7304

General

Target ID:	1
Start time:	13:05:46
Start date:	27/08/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7708, Parent PID: 7492

General

Target ID:	3
Start time:	13:05:47
Start date:	27/08/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2128 --field-trial-handle=1564,i,13327413171434850786,5061659286395954801,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 8152, Parent PID: 4592

General

Target ID:	4
Start time:	13:05:49
Start date:	27/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://ceo.ca/api/banner_redirect?channel=g&url=https://watercolorjourney.net/afew/ribs.html&banner=824
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 8208, Parent PID: 8152

General

Target ID:	5
Start time:	13:05:50
Start date:	27/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=1940,i,9639960332301973506,1918651692911634053,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly