Edit tour

Windows Analysis Report
Quotation-Invitation28252-09yzak_1_cdcon.pdf

Overview

General Information

Sample name:	Quotation-Invitation28252-09yzak_1_cdcon.pdf
Analysis ID:	1507703
MD5:	35bb36513f6bdf33f5e9676100fafdff
SHA1:	fd8c0675a1596aac3f3481951d772a157ebc2a68
SHA256:	e30d0b24c933e866e6d99c5fc66b916cbae84e61976937affc78356de196edb2
Infos:

Errors Corrupt sample or wrongly selected analyzer.

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Clickable URLs found in PDF pointing to potentially malicious files

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 5948 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Quotation-Invitation28252-09yzak_1_cdcon.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 4324 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 7344 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1752,i,16318768401358701471,9600872464586009153,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

chrome.exe (PID: 7748 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://000webhhost.com/download.php?file=scope-of-work.zip" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5628 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=2000,i,10083080512340279242,5486818612561399752,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://000webhhost.com/download.php?file=scope-of-work.zip)

Avira URL Cloud: Label: malware

Multi AV Scanner detection for domain / URL

Source: 000webhhost.com

Virustotal: Detection: 7%

Perma Link

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49737 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49738 version: TLS 1.2

Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 104.126.112.182 104.126.112.182

Source: Joe Sandbox View

ASN Name: CASABLANCA-ASInternetCollocationProviderCZ CASABLANCA-ASInternetCollocationProviderCZ

Source: Joe Sandbox View	JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49737 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 104.126.112.182
Source: unknown	TCP traffic detected without corresponding DNS query: 104.126.112.182
Source: unknown	TCP traffic detected without corresponding DNS query: 104.126.112.182
Source: unknown	TCP traffic detected without corresponding DNS query: 104.126.112.182
Source: unknown	TCP traffic detected without corresponding DNS query: 104.126.112.182
Source: unknown	TCP traffic detected without corresponding DNS query: 104.126.112.182
Source: unknown	TCP traffic detected without corresponding DNS query: 104.126.112.182
Source: unknown	TCP traffic detected without corresponding DNS query: 104.126.112.182
Source: unknown	TCP traffic detected without corresponding DNS query: 104.126.112.182
Source: unknown	TCP traffic detected without corresponding DNS query: 104.126.112.182
Source: unknown	TCP traffic detected without corresponding DNS query: 104.126.112.182
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=SvNPcrc7vD4dMwO&MD=goumtm+a HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=SvNPcrc7vD4dMwO&MD=goumtm+a HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: 000webhhost.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: E0F5C59F9FA661F6F4C50B87FEF3A15A0.2.dr	String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: Quotation-Invitation28252-09yzak_1_cdcon.pdf	String found in binary or memory: https://000webhhost.com/download.php?file=scope-of-work.zip)
Source: Quotation-Invitation28252-09yzak_1_cdcon.pdf	String found in binary or memory: https://archdesk.com/)

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49738 version: TLS 1.2

System Summary

Clickable URLs found in PDF pointing to potentially malicious files

Source: Quotation-Invitation28252-09yzak_1_cdcon.pdf

Initial sample: https://000webhhost.com/download.php?file=scope-of-work.zip

Source: classification engine

Classification label: mal60.winPDF@42/50@4/5

Source: Quotation-Invitation28252-09yzak_1_cdcon.pdf	Initial sample: mailto:pankaj@cdcon.net
Source: Quotation-Invitation28252-09yzak_1_cdcon.pdf	Initial sample: https://archdesk.com/
Source: Quotation-Invitation28252-09yzak_1_cdcon.pdf	Initial sample: https://000webhhost.com/download.php?file=scope-of-work.zip

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-09-08 22-55-33-696.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Quotation-Invitation28252-09yzak_1_cdcon.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1752,i,16318768401358701471,9600872464586009153,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://000webhhost.com/download.php?file=scope-of-work.zip"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=2000,i,10083080512340279242,5486818612561399752,262144 /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1752,i,16318768401358701471,9600872464586009153,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=2000,i,10083080512340279242,5486818612561399752,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.8.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.8.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.8.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.8.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.8.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.8.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Quotation-Invitation28252-09yzak_1_cdcon.pdf	Initial sample: PDF keyword /JS count = 0
Source: Quotation-Invitation28252-09yzak_1_cdcon.pdf	Initial sample: PDF keyword /JavaScript count = 0
Source: A9brgess_t4hecd_520.tmp.0.dr	Initial sample: PDF keyword /JS count = 0
Source: A9brgess_t4hecd_520.tmp.0.dr	Initial sample: PDF keyword /JavaScript count = 0

Source: Quotation-Invitation28252-09yzak_1_cdcon.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Spearphishing Link	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
bg.microsoft.map.fastly.net	0%	Virustotal	Browse
000webhhost.com	7%	Virustotal	Browse
www.google.com	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://archdesk.com/)	0%	Avira URL Cloud	safe
https://000webhhost.com/download.php?file=scope-of-work.zip)	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	0%, Virustotal, Browse	unknown
000webhhost.com	109.123.230.181	true	true	7%, Virustotal, Browse	unknown
www.google.com	172.217.16.196	true	false	0%, Virustotal, Browse	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://archdesk.com/)	Quotation-Invitation28252-09yzak_1_cdcon.pdf	false	Avira URL Cloud: safe	unknown
https://000webhhost.com/download.php?file=scope-of-work.zip)	Quotation-Invitation28252-09yzak_1_cdcon.pdf	true	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
109.123.230.181	000webhhost.com	Czech Republic	15685	CASABLANCA-ASInternetCollocationProviderCZ	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.126.112.182	unknown	United States	16625	AKAMAI-ASUS	false
172.217.16.196	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1507703
Start date and time:	2024-09-09 04:54:41 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 39s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Quotation-Invitation28252-09yzak_1_cdcon.pdf
Detection:	MAL
Classification:	mal60.winPDF@42/50@4/5
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document URL browsing timeout or error Close Viewer

Errors

Corrupt sample or wrongly selected analyzer.

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.28.88.176, 107.22.247.231, 18.207.85.246, 34.193.227.236, 54.144.73.197, 162.159.61.3, 172.64.41.3, 2.16.202.123, 95.101.54.195, 199.232.210.172, 2.19.126.143, 2.19.126.149, 192.229.221.95, 142.250.185.227, 142.250.184.238, 142.251.168.84, 34.104.35.123, 142.250.185.170, 172.217.16.202, 142.250.185.234, 142.250.181.234, 142.250.184.202, 142.250.186.106, 172.217.18.10, 142.250.186.138, 142.250.184.234, 142.250.186.170, 142.250.186.42, 142.250.185.202, 142.250.186.74, 216.58.206.74, 142.250.185.138, 142.250.74.202, 142.250.185.131, 172.217.16.131, 172.217.16.206
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, slscr.update.microsoft.com, clientservices.googleapis.com, acroipm2.adobe.com, a1952.dscq.akamai.net, clients2.google.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, www.gstatic.com, apps.identrust.com, wu-b-net.trafficmanager.net, optimizationguide-pa.googleapis.com, clients1.google.com, fs.microsoft.com, identrust.edgesuite.net, accounts.google.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com, geo2.adobe.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.

Simulations

Behavior and APIs

Time	Type	Description
22:55:44	API Interceptor	2x Sleep call for process: AcroCEF.exe modified

LLM Input / Output

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	https://darlin.com.au/	Get hash	malicious	Unknown	Browse
	https://eu-central-1.protection.sophos.com/?d=convertcontacts.com&u=aHR0cDovL21haWwuY29udmVydGNvbnRhY3RzLmNvbS9scy9jbGljaz91cG49dTAwMS4tMkZPZ2p2UDZlSEpMUThnRkNaWFFWYVdwSW9wc2R3cTcyQzhaR2p0eWFDYmt1U25VYkpra2g5YTVWdUxMZ3VQcTA2OFpPX2otMkIzT0FHSFlyemxyWGM0d1dHdkFlaXYtMkZNV2VJQTlOWk9iOTc0YS0yQlpvdnAxN0l5aGZoeWdhczFXVkJvMTNESUhrNWF5eEpuSHB6ZEdzeXI3SEJ4eE9ZVGxlZHp3R090RUNYcFJad0ljUC0yRlU2Um1RMlZZRS0yQm5lNU4zUTZMTHNQNXJRNTNyZi0yQmRGVFc4bThFTlNFdGI2dWFtLTJGR3NrQ3lZQjBVQ3oxalh1elAtMkYxb3BIQmxaaEF3YWI5ZHFmcXhVb3hXU0puWlh5eS0yRmtFS2FJLTJGSUU1eUhCQS0zRC0zRA==&p=m&i=NWNiN2ZlZTg4MWQzYmMxNDQ2YTllMzg2&t=MzVESEtqZVpmK2lydmd6VlJBZ0dOd0VXaHNLamhvK21MK1pYQzM4L0JEUT0=&h=e14b286494664ef891348988c9e838b4&s=AVNPUEhUT0NFTkNSWVBUSVYoFOpcRSmtylFH3LId5iHD0shJ7qIqV8UAVy4ANYCuCYR3Alb2xoJLC7nF0vB_FDAfdi-bbhqFa2YYLKpVwPUnPTAMVQe9kqbfwYJ_E95Mtw	Get hash	malicious	HTMLPhisher	Browse
	http://onlinesecuritycheck.weebly.com/	Get hash	malicious	Unknown	Browse
	http://rakften.click/	Get hash	malicious	Unknown	Browse
	http://subhashadapa.github.io/Netflix	Get hash	malicious	HTMLPhisher	Browse
	http://rdr-centru.blogspot.nl/	Get hash	malicious	HTMLPhisher	Browse
	https://seoservicesiox.firebaseapp.com/0.08157749367335065%22%7D	Get hash	malicious	HTMLPhisher	Browse
	http://abhishekch20.github.io/netflix-clone	Get hash	malicious	HTMLPhisher	Browse
	http://kjkesd.godaddysites.com/	Get hash	malicious	Unknown	Browse
	http://himanshu2312.github.io/netflix-clone	Get hash	malicious	HTMLPhisher	Browse
104.126.112.182	Gide#Invoice.pdf	Get hash	malicious	Unknown	Browse
	virus total.pdf	Get hash	malicious	HTMLPhisher	Browse
	tourmalinellc.com-_DocuSign-.pdf	Get hash	malicious	Unknown	Browse
	Oproeg MVTN.pdf	Get hash	malicious	Unknown	Browse
	Investec Payment-Copy.pdf	Get hash	malicious	HTMLPhisher	Browse
	https://drive.google.com/file/d/1tRr780hsajeou1KA4eMfCzCm-jeRIblh/view?usp=sharing_eil_m&ts=66aa983c	Get hash	malicious	Unknown	Browse
	Complete_with DocuSign_Monday-July-2024 0738 AM.pdf	Get hash	malicious	Unknown	Browse
	Building Made Easy Proposal .pdf	Get hash	malicious	Unknown	Browse
	491357c0ed23d43c0779d4345b355ac6_491357c0ed23d43c0779d4345b355ac6.r.PDF	Get hash	malicious	HTMLPhisher	Browse
	Complete with Docusign dmoore@nsedc.pdf	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
000webhhost.com	Purchase oders-10-03-2023.hta	Get hash	malicious	Unknown	Browse	54.215.253.104
000webhhost.com	Statements of Account-10-02-24.vbs	Get hash	malicious	Unknown	Browse	54.215.253.104
bg.microsoft.map.fastly.net	http://onlinesecuritycheck.weebly.com/	Get hash	malicious	Unknown	Browse	199.232.214.172
	http://rakften.click/	Get hash	malicious	Unknown	Browse	199.232.210.172
	http://rdr-centru.blogspot.nl/	Get hash	malicious	HTMLPhisher	Browse	199.232.214.172
	https://seoservicesiox.firebaseapp.com/0.08157749367335065%22%7D	Get hash	malicious	HTMLPhisher	Browse	199.232.210.172
	http://abhishekch20.github.io/netflix-clone	Get hash	malicious	HTMLPhisher	Browse	199.232.210.172
	http://kjkesd.godaddysites.com/	Get hash	malicious	Unknown	Browse	199.232.214.172
	http://pub-d32e1723091e4c74b19f3caea6a4ed0a.r2.dev/qiye-revised/index.html	Get hash	malicious	Unknown	Browse	199.232.210.172
	http://mudassarqazihere.github.io/Neflix-Clone	Get hash	malicious	HTMLPhisher	Browse	199.232.214.172
	http://sarahhussain00.github.io/zeeeshan-1	Get hash	malicious	HTMLPhisher	Browse	199.232.214.172
	http://ct-relevant-violet.pages.dev/help/contact/432501590512485	Get hash	malicious	Unknown	Browse	199.232.214.172

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CASABLANCA-ASInternetCollocationProviderCZ	SecuriteInfo.com.Exploit.CVE-2017-11882.123.12187.29198.rtf	Get hash	malicious	Remcos	Browse	85.239.241.184
	FakturaPDF.exe	Get hash	malicious	NetSupport RAT	Browse	109.123.227.60
	FakturaPDF.exe	Get hash	malicious	NetSupport RAT	Browse	109.123.227.60
	mirai.x86.elf	Get hash	malicious	Mirai	Browse	109.123.230.89
	205.185.120.123-skid.ppc-2024-07-27T10_33_45.elf	Get hash	malicious	Mirai, Moobot	Browse	77.78.79.177
	LisectAVT_2403002A_201.exe	Get hash	malicious	Amadey	Browse	77.78.111.117
	LisectAVT_2403002B_136.dll	Get hash	malicious	Emotet	Browse	81.0.236.90
	Lisect_AVT_24003_G1B_122.exe	Get hash	malicious	Unknown	Browse	109.123.254.43
	appdrivesound.exe	Get hash	malicious	SystemBC	Browse	77.78.119.119
	5CxmQXL0LD.exe	Get hash	malicious	SystemBC	Browse	77.78.105.168
AKAMAI-ASUS	http://steamcommuninty.com/playtestinvite/deadlock	Get hash	malicious	Unknown	Browse	23.210.122.61
	PM7K6PbAf0.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Neoreklami, PureLog Stealer, RedLine, Stealc	Browse	184.28.90.27
	Payment Confirmation-- (2).pdf	Get hash	malicious	HTMLPhisher	Browse	23.56.162.185
	Armoury.exe	Get hash	malicious	LummaC	Browse	23.192.247.89
	vrgeh.exe	Get hash	malicious	LummaC, Vidar	Browse	23.199.218.33
	https://amazon-101953.weeblysite.com/	Get hash	malicious	Unknown	Browse	2.19.126.211
	QBB2Vby7k2.exe	Get hash	malicious	XenoRAT	Browse	104.77.220.172
	Canon_Scan_239.pdf	Get hash	malicious	Unknown	Browse	23.56.162.185
	Play_VM-NowBarry.doanAudiowav012.html	Get hash	malicious	Unknown	Browse	23.32.184.20
	Amex Message.pdf	Get hash	malicious	HTMLPhisher	Browse	23.56.162.185

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
1138de370e523e824bbca92d049a3777	http://rakften.click/	Get hash	malicious	Unknown	Browse	23.1.237.91
	https://seoservicesiox.firebaseapp.com/0.08157749367335065%22%7D	Get hash	malicious	HTMLPhisher	Browse	23.1.237.91
	http://kjkesd.godaddysites.com/	Get hash	malicious	Unknown	Browse	23.1.237.91
	http://infast.pe/.well-known/acme-challenge/sp	Get hash	malicious	Unknown	Browse	23.1.237.91
	http://sarahhussain00.github.io/zeeeshan-1	Get hash	malicious	HTMLPhisher	Browse	23.1.237.91
	http://tasnimul1331.github.io/Netflix	Get hash	malicious	HTMLPhisher	Browse	23.1.237.91
	http://free-5480836.webadorsite.com/	Get hash	malicious	HTMLPhisher	Browse	23.1.237.91
	https://metetamsssklogin.webflow.io/	Get hash	malicious	Unknown	Browse	23.1.237.91
	https://shahbazni.github.io/profile-issue-verify-account/index.html	Get hash	malicious	HTMLPhisher	Browse	23.1.237.91
	https://grntt.vercel.app/	Get hash	malicious	Unknown	Browse	23.1.237.91
28a2c9bd18a11de089ef85a160da29e4	https://darlin.com.au/	Get hash	malicious	Unknown	Browse	40.127.169.103 184.28.90.27
	https://eu-central-1.protection.sophos.com/?d=convertcontacts.com&u=aHR0cDovL21haWwuY29udmVydGNvbnRhY3RzLmNvbS9scy9jbGljaz91cG49dTAwMS4tMkZPZ2p2UDZlSEpMUThnRkNaWFFWYVdwSW9wc2R3cTcyQzhaR2p0eWFDYmt1U25VYkpra2g5YTVWdUxMZ3VQcTA2OFpPX2otMkIzT0FHSFlyemxyWGM0d1dHdkFlaXYtMkZNV2VJQTlOWk9iOTc0YS0yQlpvdnAxN0l5aGZoeWdhczFXVkJvMTNESUhrNWF5eEpuSHB6ZEdzeXI3SEJ4eE9ZVGxlZHp3R090RUNYcFJad0ljUC0yRlU2Um1RMlZZRS0yQm5lNU4zUTZMTHNQNXJRNTNyZi0yQmRGVFc4bThFTlNFdGI2dWFtLTJGR3NrQ3lZQjBVQ3oxalh1elAtMkYxb3BIQmxaaEF3YWI5ZHFmcXhVb3hXU0puWlh5eS0yRmtFS2FJLTJGSUU1eUhCQS0zRC0zRA==&p=m&i=NWNiN2ZlZTg4MWQzYmMxNDQ2YTllMzg2&t=MzVESEtqZVpmK2lydmd6VlJBZ0dOd0VXaHNLamhvK21MK1pYQzM4L0JEUT0=&h=e14b286494664ef891348988c9e838b4&s=AVNPUEhUT0NFTkNSWVBUSVYoFOpcRSmtylFH3LId5iHD0shJ7qIqV8UAVy4ANYCuCYR3Alb2xoJLC7nF0vB_FDAfdi-bbhqFa2YYLKpVwPUnPTAMVQe9kqbfwYJ_E95Mtw	Get hash	malicious	HTMLPhisher	Browse	40.127.169.103 184.28.90.27
	http://onlinesecuritycheck.weebly.com/	Get hash	malicious	Unknown	Browse	40.127.169.103 184.28.90.27
	http://rakften.click/	Get hash	malicious	Unknown	Browse	40.127.169.103 184.28.90.27
	http://subhashadapa.github.io/Netflix	Get hash	malicious	HTMLPhisher	Browse	40.127.169.103 184.28.90.27
	http://rdr-centru.blogspot.nl/	Get hash	malicious	HTMLPhisher	Browse	40.127.169.103 184.28.90.27
	https://seoservicesiox.firebaseapp.com/0.08157749367335065%22%7D	Get hash	malicious	HTMLPhisher	Browse	40.127.169.103 184.28.90.27
	http://abhishekch20.github.io/netflix-clone	Get hash	malicious	HTMLPhisher	Browse	40.127.169.103 184.28.90.27
	http://kjkesd.godaddysites.com/	Get hash	malicious	Unknown	Browse	40.127.169.103 184.28.90.27
	http://himanshu2312.github.io/netflix-clone	Get hash	malicious	HTMLPhisher	Browse	40.127.169.103 184.28.90.27

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.2304973559079615
Encrypted:	false
SSDEEP:	6:P7N9Iq2P92nKuAl9OmbnIFUt827N3zZZmw+27N3zzkwO92nKuAl9OmbjLJ:Psv4HAahFUt82v/+295LHAaSJ
MD5:	7CD258B8DEE001D71BAB9EAA3F4A43D5
SHA1:	CD332FE72CAC39C760EDDA42C36ABAE47C7E4B4E
SHA-256:	27B958C0CE310FAA0D94F733AA5551A7137CFF5FC7A52FF9ADED9232B153BF23
SHA-512:	78D6612EB1A3EFACA07C056A6D0388414F79CDFDFD316ECB71FF10FAB47465F5A9012B96E9FE84C9C55E14090E60C9848E3C00FEC409ABD937284D35E0ED64FE
Malicious:	false
Reputation:	low
Preview:	2024/09/08-22:55:31.495 1c24 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/09/08-22:55:31.497 1c24 Recovering log #3.2024/09/08-22:55:31.497 1c24 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.2304973559079615
Encrypted:	false
SSDEEP:	6:P7N9Iq2P92nKuAl9OmbnIFUt827N3zZZmw+27N3zzkwO92nKuAl9OmbjLJ:Psv4HAahFUt82v/+295LHAaSJ
MD5:	7CD258B8DEE001D71BAB9EAA3F4A43D5
SHA1:	CD332FE72CAC39C760EDDA42C36ABAE47C7E4B4E
SHA-256:	27B958C0CE310FAA0D94F733AA5551A7137CFF5FC7A52FF9ADED9232B153BF23
SHA-512:	78D6612EB1A3EFACA07C056A6D0388414F79CDFDFD316ECB71FF10FAB47465F5A9012B96E9FE84C9C55E14090E60C9848E3C00FEC409ABD937284D35E0ED64FE
Malicious:	false
Reputation:	low
Preview:	2024/09/08-22:55:31.495 1c24 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/09/08-22:55:31.497 1c24 Recovering log #3.2024/09/08-22:55:31.497 1c24 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.180017897262749
Encrypted:	false
SSDEEP:	6:P7N/GwSQ+q2P92nKuAl9Ombzo2jMGIFUt827NUkgZmw+27NUkQVkwO92nKuAl9OU:PJR+v4HAa8uFUt82i/+2+V5LHAa8RJ
MD5:	2CCFA844C807BF9CA812C3EF421F7E7B
SHA1:	1856EF18E657853BC1C1E59CABF87E6B4BEF222B
SHA-256:	B04A890BB0CAAD17714A8B80889B9869F18A14C7DE96F5C907715993878DB068
SHA-512:	146108201E4900857485ABE3D6C5F47ACEFED68D68F738B9C21333889D1ACF1D52CE29B0125E73B81F8ECEA88A2B02E7AE161E704E127DAA420BED498D2FEAD2
Malicious:	false
Reputation:	low
Preview:	2024/09/08-22:55:31.601 1cdc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/09/08-22:55:31.602 1cdc Recovering log #3.2024/09/08-22:55:31.602 1cdc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.180017897262749
Encrypted:	false
SSDEEP:	6:P7N/GwSQ+q2P92nKuAl9Ombzo2jMGIFUt827NUkgZmw+27NUkQVkwO92nKuAl9OU:PJR+v4HAa8uFUt82i/+2+V5LHAa8RJ
MD5:	2CCFA844C807BF9CA812C3EF421F7E7B
SHA1:	1856EF18E657853BC1C1E59CABF87E6B4BEF222B
SHA-256:	B04A890BB0CAAD17714A8B80889B9869F18A14C7DE96F5C907715993878DB068
SHA-512:	146108201E4900857485ABE3D6C5F47ACEFED68D68F738B9C21333889D1ACF1D52CE29B0125E73B81F8ECEA88A2B02E7AE161E704E127DAA420BED498D2FEAD2
Malicious:	false
Reputation:	low
Preview:	2024/09/08-22:55:31.601 1cdc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/09/08-22:55:31.602 1cdc Recovering log #3.2024/09/08-22:55:31.602 1cdc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\4d32797c-b226-4505-9949-418894c1a4f2.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	508
Entropy (8bit):	5.047981433059437
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqQsBdOg2H+2caq3QYiubxnP7E4T3OF+:Y2sRdsQdMH+J3QYhbxP7nbI+
MD5:	627C2A16C94B2A9FE2D61235C95635E7
SHA1:	BABF197EA60806DA6F41FBBA935B939F99EF6A8D
SHA-256:	B027214D7E071BE0CC95E58C302DD1E3A8B18952637EC29D45DA74EFCFBFC0FE
SHA-512:	DBB1317ECF526CB32F7F2CA37023308F9E86B08D0482EF9D7E47A8DD3A70300A3A5BB502DE6CE7C103650AA061E4101359E85B3ADFA89708C84CF9C26AE96C73
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13370410544156031","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":133611},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	508
Entropy (8bit):	5.047981433059437
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqQsBdOg2H+2caq3QYiubxnP7E4T3OF+:Y2sRdsQdMH+J3QYhbxP7nbI+
MD5:	627C2A16C94B2A9FE2D61235C95635E7
SHA1:	BABF197EA60806DA6F41FBBA935B939F99EF6A8D
SHA-256:	B027214D7E071BE0CC95E58C302DD1E3A8B18952637EC29D45DA74EFCFBFC0FE
SHA-512:	DBB1317ECF526CB32F7F2CA37023308F9E86B08D0482EF9D7E47A8DD3A70300A3A5BB502DE6CE7C103650AA061E4101359E85B3ADFA89708C84CF9C26AE96C73
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13370410544156031","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":133611},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4509
Entropy (8bit):	5.244482027388712
Encrypted:	false
SSDEEP:	96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUsju9LHjdhLZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLI
MD5:	4C3FDBB9D22A7F7B3BDA7B88E824A585
SHA1:	99EA8911A50E1FB7BDA02014A0214BDB9A056E71
SHA-256:	918177389173E314FD0530C07E156FE25A6C7A9572125CE86F1D32C3002EC87C
SHA-512:	5D359BD77D4B5769DFD909D54BDF6238EBFC7E48B80268F5E7AEF69F3F378BBF8C97C3AA7705C9417FF08E2F95C4E1B4C9281F5C7431FE6B9FF2CBBC712883D2
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.\|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	326
Entropy (8bit):	5.210879059794793
Encrypted:	false
SSDEEP:	6:P7N/pQ+q2P92nKuAl9OmbzNMxIFUt827NDgZmw+27NDQVkwO92nKuAl9OmbzNMFd:P4+v4HAa8jFUt82a/+22V5LHAa84J
MD5:	82278C924307E69B7D2A25CD18B006A2
SHA1:	677AAB29E44283C64E3F7CB59398EB56DCC2430A
SHA-256:	2E106482412246E54FC713C3A8FAD62803FE1F3C2A580173E365B1F641CB365C
SHA-512:	5CEC894FF23F1549593D03E8E994A06E15FF27120401CCEC30DEAEB6BB8022B9118D2ECABBEE03F2033CE170CCD84B3E5638F8CDEE87FCFD1EFD21C088F9FFDA
Malicious:	false
Reputation:	low
Preview:	2024/09/08-22:55:31.860 1cdc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/09/08-22:55:31.862 1cdc Recovering log #3.2024/09/08-22:55:31.862 1cdc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	326
Entropy (8bit):	5.210879059794793
Encrypted:	false
SSDEEP:	6:P7N/pQ+q2P92nKuAl9OmbzNMxIFUt827NDgZmw+27NDQVkwO92nKuAl9OmbzNMFd:P4+v4HAa8jFUt82a/+22V5LHAa84J
MD5:	82278C924307E69B7D2A25CD18B006A2
SHA1:	677AAB29E44283C64E3F7CB59398EB56DCC2430A
SHA-256:	2E106482412246E54FC713C3A8FAD62803FE1F3C2A580173E365B1F641CB365C
SHA-512:	5CEC894FF23F1549593D03E8E994A06E15FF27120401CCEC30DEAEB6BB8022B9118D2ECABBEE03F2033CE170CCD84B3E5638F8CDEE87FCFD1EFD21C088F9FFDA
Malicious:	false
Preview:	2024/09/08-22:55:31.860 1cdc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/09/08-22:55:31.862 1cdc Recovering log #3.2024/09/08-22:55:31.862 1cdc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240909025535Z-155.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
Category:	dropped
Size (bytes):	65110
Entropy (8bit):	1.1699049852080767
Encrypted:	false
SSDEEP:	96:DFL/mDOOOOOOOOOOOOOOOOOOOOOOFrCkZ:DFL/TkZ
MD5:	0EA212380E4C32E7653C4A63F225AF34
SHA1:	E03BA66B12BEBB92D19AFB2EDD1E18AC79BCFF57
SHA-256:	4F1E0C2B52A4999FD58E0C6BDB823A619BABAD115430BC69415906146B8A1467
SHA-512:	A450DA6CA93FD08421F998F42D090D49E02C2D13B02AB9AA8E28A9072412034D092BA7BDAE931175C65CD918848F83B0B2D348354A433A7301477087111ED8C6
Malicious:	false
Preview:	BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:	1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	893
Entropy (8bit):	7.366016576663508
Encrypted:	false
SSDEEP:	24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
MD5:	D4AE187B4574036C2D76B6DF8A8C1A30
SHA1:	B06F409FA14BAB33CBAF4A37811B8740B624D9E5
SHA-256:	A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
SHA-512:	1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C
Malicious:	false
Preview:	0..y...H.........j0..f...1.0....H.........N0..J0..2.......D....'..09...@k0....H........0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30...000930211219Z..210930140115Z0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30.."0....H.............0..........P..W..be......,k0.[...}.@......3vI.?!I..N..>H.e...!.e..2....w..{........s.z..2..~..0....8.y.1.P..e.Qc...a.Ka..Rk...K.(.H......>.... .[.....p....%.tr.{j.4.0...h.{T....Z...=d.....Ap..r.&.8U9C....\@........%.......:..n.>..\..<.i.....)W..=....]......B0@0...U.......0....0...U...........0...U.........{,q...K.u...`...0....H...............,...\...(f7:...?K.... ]..YD.>.>..K.t.....t..~.....K. D....}..j.....N..:.pI...........:^H...X._..Z.....Y..n......f3.Y[...sG.+..7H..VK....r2...D.SrmC.&H.Rg.X..gvqx...V..9$1....Z0G..P.......dc`........}...=2.e..\|.Wv..(9..e...w.j..w.......)...55.1.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.236892865807448
Encrypted:	false
SSDEEP:	6:kKo+sL9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:NdDImsLNkPlE99SNxAhUe/3
MD5:	D13B116A301DB4AEF111DFFB5E816BF8
SHA1:	7BA25376AA6F1B1036B1B9B737CDC1727F4CCEE6
SHA-256:	945EB7C42662B28F383481082E938EF3BACD9F83C0CB038AF9CC6F09F8103DEC
SHA-512:	0D3DD0F78AE6E0029FA8A6F1242BBD2AB881A106EDC4E340D9ED327ECEEFE1A54A9D183E351CF405849F79A6FCF37F76D5FF415418ED8509A587B5D84181593C
Malicious:	false
Preview:	p...... ............c...(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	252
Entropy (8bit):	3.0000590695551166
Encrypted:	false
SSDEEP:	3:kkFklYoM/tfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7ln3:kKJR9xliBAIdQZV7I7kc3
MD5:	7A5827B4B9D449B2D6D89A92974E027A
SHA1:	A6BCD81818FA8CA75B5787139716B61C9A251953
SHA-256:	BB139A088187F96AA0F6A272E21E97CD0E45248F6F4001A5CA35C32372DE1019
SHA-512:	CA1A26A0285FD6698FE9E04598D99B8E8AAE9D3ED32164E6D37C8C9B85788C256F484469141E86515722791E626F1E95B6B26966EAB89A142AE85C7B3D72F96D
Malicious:	false
Preview:	p...... ....`.......c...(....................................................... ........!.M........(...........}...h.t.t.p.:././.a.p.p.s...i.d.e.n.t.r.u.s.t...c.o.m./.r.o.o.t.s./.d.s.t.r.o.o.t.c.a.x.3...p.7.c...".3.7.d.-.6.0.7.9.b.8.c.0.9.2.9.c.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	227002
Entropy (8bit):	3.392780893644728
Encrypted:	false
SSDEEP:	1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn
MD5:	87EDBEE38F56C20298F25D5D3D4D1B5C
SHA1:	7F904E9615AC3186A87472EF366DD8202855B0B7
SHA-256:	A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6
SHA-512:	BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.339051423440116
Encrypted:	false
SSDEEP:	6:YEQXJ2HXFCjY2Mu+FIbRI6XVW7+0YIVT5xoAvJM3g98kUwPeUkwRe9:YvXKXFC0DYpW7TV4GMbLUkee9
MD5:	2B4F8931884DD0C576D32633ECEBEED6
SHA1:	C3CFD8033FCB2E48515CB67B0721CA5FCA4F3CA6
SHA-256:	039CA9AB08388CC82E43348BA8768AEEC37CE6141FABEC9F0726BB7C553E3A99
SHA-512:	FDEE9DCF77648252E7C649B6F0BEE8E3C7F2A220173439D047CA12D26D3B52201911FEBE3BF8C27EF8FB87B6DDE7613BDE2BC131EE15F96445B7BDC92A0853AC
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2c4d75b5-620e-41f1-81c5-ab48229871e0","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1726029397311,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.277999775842212
Encrypted:	false
SSDEEP:	6:YEQXJ2HXFCjY2Mu+FIbRI6XVW7+0YIVT5xoAvJfBoTfXpnrPeUkwRe9:YvXKXFC0DYpW7TV4GWTfXcUkee9
MD5:	36765EDD23CC68583BB1E57E21519D04
SHA1:	78EC6BBA3ACB302AEC71DF0FEB2CDAC0261FF756
SHA-256:	D4973813EF07F5AF256AB5C9345EB1D0DBB5BD36B143EA3EF10589EFE888F8B5
SHA-512:	D1967E6BC1A4CAC2F2AB6FFE3A4858308AFA1F4A9EBDC52032D90CC5B2B879AB46721F81B7C2A3D4E460A6A407EB604A6BC5C45890E8A294E382615B2537C85F
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2c4d75b5-620e-41f1-81c5-ab48229871e0","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1726029397311,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.2565480923682175
Encrypted:	false
SSDEEP:	6:YEQXJ2HXFCjY2Mu+FIbRI6XVW7+0YIVT5xoAvJfBD2G6UpnrPeUkwRe9:YvXKXFC0DYpW7TV4GR22cUkee9
MD5:	1E71F946B5C82F315570587817480B7D
SHA1:	E8D47736033A9DAF552299F56B072BECED478094
SHA-256:	396BCBC3B75FD445FAA8EFBC1DC26806785D9A67A03AFDB30C9D5767F3EB2D0A
SHA-512:	1000D6922E159F5A34FA074508A710D8F5F8C904E3B1B8CB145B03AF354924704F083DDEFB7CD067F0CBC933C00033E480123C866DFAF7374D6698F3EAC0EF97
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2c4d75b5-620e-41f1-81c5-ab48229871e0","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1726029397311,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.317091249765032
Encrypted:	false
SSDEEP:	6:YEQXJ2HXFCjY2Mu+FIbRI6XVW7+0YIVT5xoAvJfPmwrPeUkwRe9:YvXKXFC0DYpW7TV4GH56Ukee9
MD5:	AD7A9021B930F6657540B3E33179FC38
SHA1:	26DAFAAEC90687EB28BCB58DB38EBF45D9576FF8
SHA-256:	7A81E65D12F93E11A36092681E6A72ED8CCD4C7558648277DC70A91C20DEF9C5
SHA-512:	86E171387148B07F86CA8341CE23255ACE35F9506D00F6A6700AC0C98C6B988F5739511F59662317DD3ECA300020EFAF7468FB43EDCFB609549691A8065875EA
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2c4d75b5-620e-41f1-81c5-ab48229871e0","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1726029397311,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1063
Entropy (8bit):	5.664444737982911
Encrypted:	false
SSDEEP:	24:Yv6Xw/iTVVpLgEFqciGennl0RCmK8czOCY4w2d:YvmZVhgLtaAh8cvYvG
MD5:	A571F4B912F36FD2D19B670B65054FD0
SHA1:	0100E01818E6E86193457993C99785AA99D09CAB
SHA-256:	9E628C7B7130847AEE1D82D92DAFC9B2435EEEAF7915BB962AC2E3CC9D11119E
SHA-512:	971F707E6EFBC8887BAC9ECE438C204A20FE13B6A7D2E6F8173715253CB8674EF4F6CEA803C34E1C67BEF1F3336C304331F5E0DBD6C2B71D45A8A63D4D4A50A7
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2c4d75b5-620e-41f1-81c5-ab48229871e0","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1726029397311,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_2","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"afb9c2a3-eaf4-41f9-9d73-768e72f72282","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgZmlsZXMgdG8gYW5kIGZyb20gUERGXG53aXRob3V0IGxpbWl0cy4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingSc

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1050
Entropy (8bit):	5.648777734982304
Encrypted:	false
SSDEEP:	24:Yv6Xw/iTV5VLgEF0c7sbnl0RCmK8czOCYHflEpwiVd:YvmZ5Fg6sGAh8cvYHWpwU
MD5:	0574456DB25A370579EFA43E28147910
SHA1:	A1AC5D5FF88681AA339820A1B529D574F44379AE
SHA-256:	D0C03135D917B5C292014F82E02BB7C0C7B11F71551D54B4AD99E4A86D6194DA
SHA-512:	5C29CF493AA5578259F9C4F46FF3B542A901B45194B5B79C422FAAB3422099288CE4A0AE3CE97BC63BD8F90127729BDA6513AFEEF62F24285E3FEBC0F72EE6CE
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2c4d75b5-620e-41f1-81c5-ab48229871e0","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1726029397311,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.264374231586112
Encrypted:	false
SSDEEP:	6:YEQXJ2HXFCjY2Mu+FIbRI6XVW7+0YIVT5xoAvJfQ1rPeUkwRe9:YvXKXFC0DYpW7TV4GY16Ukee9
MD5:	05B1D2624925799D42314D1EA89516FA
SHA1:	C898D1928CD724C9A50481574A20AD8F808B1A57
SHA-256:	0A229AEA1B63C50E95052EFFC2338F29CC499F2B16D0DCD68AED80031548663D
SHA-512:	5583646538821E62BCC68EF880E750286D38058AC509294C18D556F8B3B677F5C04296C8C5C43CED41CE15498A30B0E682AB8D26BC160FB4100BEDB331C90B33
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2c4d75b5-620e-41f1-81c5-ab48229871e0","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1726029397311,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1038
Entropy (8bit):	5.645344297809782
Encrypted:	false
SSDEEP:	24:Yv6Xw/iTVo2LgEF7cciAXs0nl0RCmK8czOCAPtciBd:YvmZoogc8hAh8cvAL
MD5:	FD3C2C4CD277DB389F8121D0E068AB8E
SHA1:	7470DE5CE4FA25FEAD5454B08012BA47D1BDB81A
SHA-256:	28716DB95258A1B82B4F2BFB645E33D702B353E6C724D5EBCB4B44A26460FF9A
SHA-512:	66A113B139C07460E23D432F26336ADADF52B8D5C18DAC07D9BF505A36FA53EDA59D2E2A2AFCBCC56BB8060CBC4F4C01224D34761C3D013885260E797695CCB3
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2c4d75b5-620e-41f1-81c5-ab48229871e0","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1726029397311,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	5.695903415121298
Encrypted:	false
SSDEEP:	24:Yv6Xw/iTVgKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5d:YvmZgEgqprtrS5OZjSlwTmAfSKP
MD5:	EF34F38237B1C64A8EC67C10955618E3
SHA1:	5BDBBAFE75DD5AD04497A41C388FF2F5361C11DE
SHA-256:	D13408217FA7A2178D30E466D711ACBD3B6F1189B8E79CC57701339CDF63FB12
SHA-512:	7E007C52559985D65DE6FAFB2EFFF2EAC11363CFDD9F03B397CC90BEF315687B1C52063908EE600FC219CE4D934ECF6E5BDCF333A94B39A22937D70BAF5D3FFC
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2c4d75b5-620e-41f1-81c5-ab48229871e0","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1726029397311,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.271305288275377
Encrypted:	false
SSDEEP:	6:YEQXJ2HXFCjY2Mu+FIbRI6XVW7+0YIVT5xoAvJfYdPeUkwRe9:YvXKXFC0DYpW7TV4Gg8Ukee9
MD5:	5AAA3A3C03F825BAFDF1EB15052B5604
SHA1:	C30A535EDC4A83C85796B9D9198B7A391818B23D
SHA-256:	03123FA2C41DD78693242110AA07245BEF73682B4BC6927F75D5B171F9A7F228
SHA-512:	CF0D8B9FFB8DD5C61DDA5241F252406389D4C89CCB432B6BDDAC31DFED19AEA5CCE9BC1687FD51A717815235FEE7DCD3E43D5815BFEC7F83B007818B7216750C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2c4d75b5-620e-41f1-81c5-ab48229871e0","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1726029397311,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.772391004026856
Encrypted:	false
SSDEEP:	24:Yv6Xw/iTVvrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNV:YvmZvHgDv3W2aYQfgB5OUupHrQ9FJP
MD5:	E6407D41B40BEC187AE053F489302B5E
SHA1:	1C46C79CEAF99151FF37340ED883410A1C90DD7B
SHA-256:	353A702013B0C37010DA2AF72F4E663C0708AE3AC62EFD47068C9AEEBD501371
SHA-512:	545C3AA3184FD2DD2A6EAF732E01E730E454F0AF7BDB4BA974CE9C49D6096BB9F5B6ADF7A1E2AE431C1B425D1B28F9B6BCF1A674E6A668F0B72449068976E4EF
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2c4d75b5-620e-41f1-81c5-ab48229871e0","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1726029397311,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.255049600462812
Encrypted:	false
SSDEEP:	6:YEQXJ2HXFCjY2Mu+FIbRI6XVW7+0YIVT5xoAvJfbPtdPeUkwRe9:YvXKXFC0DYpW7TV4GDV8Ukee9
MD5:	725A37A88CC211363B6EF1BD8A2652DF
SHA1:	6AABDB0E747422A5EC6B114971AA48B9EC34D626
SHA-256:	84AB3EA25C87977BE470053C4CFF8E2A4FE8F3648DA8CB2D600D695DC67E54AC
SHA-512:	769474D17AFD77104B35CC1EDB7C4EC4BECDF4F282D563388BCA74A5F4D4F36BC03D7BD1B2F9D9D1CF556FA23C1B95045E9AC44FDEAA44E4FEFA70957DA7ADD6
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2c4d75b5-620e-41f1-81c5-ab48229871e0","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1726029397311,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.256011261473597
Encrypted:	false
SSDEEP:	6:YEQXJ2HXFCjY2Mu+FIbRI6XVW7+0YIVT5xoAvJf21rPeUkwRe9:YvXKXFC0DYpW7TV4G+16Ukee9
MD5:	E138F176A98614E0818BFECF4B8ECE29
SHA1:	76AED9751B8FF395EA499CBFE17C577C521045DF
SHA-256:	4042C765FB4ED931A0039AD6BC950EFEC510D13AB046980A56F3D2B83A1B7589
SHA-512:	C97D9F6E158E0A6E1C150BFD81BDFEC49CF87E57831F524E1F74F15CF18950F5B9643632EE20D0451AA7F8CBC8FEA238A99E4FA79F279D08DB673125EB2968F5
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2c4d75b5-620e-41f1-81c5-ab48229871e0","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1726029397311,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1058
Entropy (8bit):	5.653818528699799
Encrypted:	false
SSDEEP:	24:Yv6Xw/iTVNamXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8Bd:YvmZhBguOAh8cv+NKO
MD5:	EAA71413A46EDCA9B3AD4C2E32D5F2B9
SHA1:	F01909489D3647B9D0FC9CB22CB06C874DEABFA9
SHA-256:	98A0317EFA41E94A16ED64270F0B5D9386E8DA99A9563B08EC6C72E0AECA822B
SHA-512:	9575CAF9EE2C6117219970D763527438C31C3F93FE8522C58CFF7D5C063CF2D43287518DC282F3A7071EE3B662B8CEC29ED7A73B862EABF7B7408E91287D3C97
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2c4d75b5-620e-41f1-81c5-ab48229871e0","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1726029397311,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_3","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"ece07729-7db6-4f20-9f8d-7976ad373049","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlNlbmQgZG9jdW1lbnRzICYgZm9ybXNcbmZvciBmYXN0IGUtc2lnbmluZyBvbmxpbmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.231855544330162
Encrypted:	false
SSDEEP:	6:YEQXJ2HXFCjY2Mu+FIbRI6XVW7+0YIVT5xoAvJfshHHrPeUkwRe9:YvXKXFC0DYpW7TV4GUUUkee9
MD5:	3339E9FA62C6D541EA132C660C291639
SHA1:	29F7958642EC4EE67ECC166AE013BF3AB1D99939
SHA-256:	E3A262FDE85B19A769267505FFABDEB2797DF262F37E3915BE79F3A0E3C5CF96
SHA-512:	9DBC992697D0CD0D649E2F5E938EFCA8AA33C07C12F7B0B7305368E88F8203ACEEBC755AB8EAF39F491D0974E694FFD4C1F5E013B396D2D6956BEB8F8921E8DE
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2c4d75b5-620e-41f1-81c5-ab48229871e0","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1726029397311,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.360691110216175
Encrypted:	false
SSDEEP:	12:YvXKXFC0DYpW7TV4GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWHQtS:Yv6Xw/iTVe168CgEXX5kcIfANhU
MD5:	E9B6EC846828E5F8FD3AF012811C1C4B
SHA1:	021F27DD391F9C934B74427E185CDE6354D4CC45
SHA-256:	9FE7B103554DCF6CC2B655E52EAAD8ED47871583FD9202C30F02A0F51FC23F71
SHA-512:	1C901B54545CF33B700487A59E274353CF44C7309C893578F7A9BFBC854D67B9E846DD34F2219BC4827A112758CCB4FA0ACF234709062B6233D384FF71D3AA4B
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2c4d75b5-620e-41f1-81c5-ab48229871e0","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1726029397311,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1725850537340}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2818
Entropy (8bit):	5.125786012068008
Encrypted:	false
SSDEEP:	48:Ym/GtGHO3TIBdEXlrLkVD/K6p0N2Aapox9f2+okNvnzuj9r7Ut:Z/SGHCTCdEdEDC6p0DapM9fzjvnzor7u
MD5:	01A8D9763ED7E786DA49FF04F348E0D8
SHA1:	A1F958A368827D6D918057CB2A0C22EB7A9A3640
SHA-256:	1C0946085A9591157A5EE4EDCB25101F6D423DE14FD313CBEE6264CB431D15FD
SHA-512:	59EF705A9872C00657CEFBA2010063A4A92054AF20DFA7E211369E1F7E5672EB223F16B3A2DCCA1203B62D7102366CDBF7CCDAC22476F346924C30F10C09C5D9
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"5c98ea44ffa206d95701d0e4be7fb1ae","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1725850536000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"ca24e45caa15ef99f7bdd05180dd8847","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1725850536000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"281e1c1f0115d1339a939c3bcc2d527e","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1058,"ts":1725850536000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"063bb8c6c9f739517d68ac9b2e5bbd1e","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1063,"ts":1725850536000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"29244a2cbb7e009944d4a18d869c5b1d","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1725850536000},{"id":"Edit_InApp_Aug2020","info":{"dg":"e3164eb320c82f387387bc38b361ae36","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.9844756076760633
Encrypted:	false
SSDEEP:	24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SpS04zJwtNBwtNbRZ6bRZ4x0F:TVl2GL7ms6ggOVpwzutYtp6P7
MD5:	D91C84BCD97E6C66A039C1AE621F5C30
SHA1:	9B1989C1F68EAF7A884E8F019137FBB3D9ADCFCE
SHA-256:	F0988A5985695675D528BACA14945FE537BCEF160577F0FCD0C5B11DF4BDFE90
SHA-512:	49FB8DB72B8E3DE739A6FB6D334D0463622F75DA68D4BB5F8AB26D48BD3BBCE672C62C3CEDD32D00E9B187EF4D3977F581200ED594211522F3C071AECF42D030
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.338876856546427
Encrypted:	false
SSDEEP:	24:7+tznAD1RZKHs/Ds/SpS0PzJwtNBwtNbRZ6bRZWf1RZKjqLBx/XYKQvGJF7ursp:7M7GgOVp3zutYtp6PMiqll2GL7msp
MD5:	EB8B0BE3680883FEB556061D9B026B7A
SHA1:	AB95012ED2DE927A130196867FF6079436654955
SHA-256:	7FEBC9B33A3AE97D392031F06B6B82B51FAE8FF14C6F3B798A038BD26CA94BAE
SHA-512:	83610F5DB6513D4D567252BCE12EC00FF0FAFFF0A4C911504A796B0864D07CA9A1898E081B7DA5D0385EB97BC8A77D015A4E53C481C05D6F4CF392BC8C54C9E9
Malicious:	false
Preview:	.... .c.....[BJ.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSIbd170.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5406586576927443
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8ek7lVw:Qw946cPbiOxDlbYnuRKaVw
MD5:	107A660E99B08636BBF41776F545C320
SHA1:	9809CF7D2B9D2C98A8C7A9688FC9106CAB732C04
SHA-256:	F6FBC26F43B235856C5A6B602558117D371A818FFDF12CCC6AE0BDF3788F6B46
SHA-512:	8276CE33FA880B53BE30078EA81E0339A676CFCFD2D334EEE3E747D7ED2B7C35814313AB2437936CAAEAACD3934238B2C5DB788593AF5CE04B8D4E5F0F4B931B
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.8./.0.9./.2.0.2.4. . .2.2.:.5.5.:.3.9. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9brgess_t4hecd_520.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PDF document, version 1.6, 0 pages
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.061233655846242
Encrypted:	false
SSDEEP:	6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOKWDfCCSyAAO:IngVMre9T0HQIDmy9g06JXaqfClX
MD5:	291FC6426AD094B0873114D75D5A01CE
SHA1:	7B04C7232F0AE8FE0AA6762674A6F90B50D080E8
SHA-256:	B070A10914B9BACAACA5DEAD8E1E71EA5978F893C3C398816B04445E03915546
SHA-512:	C373230ACB88F7A8FEC41AB3C1CCBC1D11DED6830F266DFE74FE98F7696013CBBB0E2A197A8AD05F477ED6EA69D1CAEF7FA99A3380F89EBA201C8D640F6A6353
Malicious:	false
Preview:	%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<D6BD0E9CD5E5E8458B25D67B1D804FAC><D6BD0E9CD5E5E8458B25D67B1D804FAC>]>>..startxref..127..%%EOF..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-09-08 22-55-33-696.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.376360055978702
Encrypted:	false
SSDEEP:	384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
MD5:	1336667A75083BF81E2632FABAA88B67
SHA1:	46E40800B27D95DAED0DBB830E0D0BA85C031D40
SHA-256:	F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
SHA-512:	D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
Malicious:	false
Preview:	SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	15114
Entropy (8bit):	5.349563913563254
Encrypted:	false
SSDEEP:	384:PPh2ZTULEjWQztBU2UvT1M95GHPTofTBhjB7tRrBs/GIxMhEqnK6SbS7a5P5QLr1:bD8
MD5:	8CFB5194D9443E4DF39EB89A2DCD58D7
SHA1:	280319F1DD7D42F463342DCAA8851E0FC4971AB1
SHA-256:	0D19B59C2B5B51A06F682C6E719568FD5DAD8D0D4CFF45C5D6FA5A4B4D53B0F2
SHA-512:	85C84D3606984C15855B75346F964A11EBAE41BA51F7914C01555DB6D7342D4580E03E252CB233B0DB6D71CE18E9D3E06D38E7FD20067DE8241BA009D14DF785
Malicious:	false
Preview:	SessionID=b5e63736-92ea-4166-91bb-79d7c5aae73e.1725850533714 Timestamp=2024-09-08T22:55:33:714-0400 ThreadID=6172 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=b5e63736-92ea-4166-91bb-79d7c5aae73e.1725850533714 Timestamp=2024-09-08T22:55:33:715-0400 ThreadID=6172 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=b5e63736-92ea-4166-91bb-79d7c5aae73e.1725850533714 Timestamp=2024-09-08T22:55:33:715-0400 ThreadID=6172 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=b5e63736-92ea-4166-91bb-79d7c5aae73e.1725850533714 Timestamp=2024-09-08T22:55:33:715-0400 ThreadID=6172 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=b5e63736-92ea-4166-91bb-79d7c5aae73e.1725850533714 Timestamp=2024-09-08T22:55:33:715-0400 ThreadID=6172 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.4011347316550005
Encrypted:	false
SSDEEP:	768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbJ:t
MD5:	36781CD0DE679FE4AF6F6A16A4731150
SHA1:	0CA3364371AA067A8E8697583AF50F07C3F6B943
SHA-256:	6ED044D590E824E8CA2EEF1E148D3EC28EB1E7653A296FF5A2CC98A3BD99148C
SHA-512:	5823F6809731C47E10B08FB8AF85EAB43772DAD84A9E121D19ED1A309150D5131C999E821D8B0D03D800A7A8257FF40515C083E3178A686F6DEB088DD2FA188A
Malicious:	false
Preview:	04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : *************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***********************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\2913ab08-a496-40bd-8ab1-2f0cb630a319.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:bWNh3P6+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:C3PDegf121YS8lkipdjMMNB1DofjgJJg
MD5:	59EE5E2FB56A099CAA8EDFD7AF821ED6
SHA1:	F5DC4F876768D57B69EC894ADE0A66E813BFED92
SHA-256:	E100AAAA4FB2B3D78E3B6475C3B48BE189C5A39F73CFC2D22423F2CE928D3E75
SHA-512:	77A45C89F6019F92576D88AE67B59F9D6D36BA6FDC020419DAB55DBD8492BA97B3DAC18278EB0210F90758B3D643EA8DCF8EC2BD1481930A59B8BB515E7440FE
Malicious:	false
Preview:	...........].s..R/c..D@..\......3Z.....E.,...d{.k.~..H3....-......A...<>n.......X..Dp..d......f.{...9&F..........R.UW-..^..zC.kjOUUMm...nW...Z.7.J.R.....=.R........4..(WCMQ..u]]R...R......5...N)].....!.-.d]M....7.......i..rmP...6A.Z .=..~..$C-..}..Mo.T......:._'.S....r.9....6.....r....#...<U@.Iiu..X].T x.j....x...:q.....j]P3......[.5]\|..7;.5....^..7(.E..@..s...2..}..j.......t.5J...6Rf..%P{2T^$Y.V.O9.W...4...\ .5............Q.&j....h.+.u......W...4f]..s..(...:....`.<W_...zBs\|tF5 NI4.zD..5...u...!........M.0.K%F....,.c.....>R6..i..Am.y.~5..S....M...^......F.&..V...Z.......i....b....V..,.UH"...W...5}A.....KUT..=6jZ.....B...Z...Y(..u...=....x,2..."._Cf.....b...z7..... r..#.r..L9....2...R,..J?&..p..~.....3.=z...w..m..U..%._#<....r.....B.z..G..D.:4m.Z.&.N......</..Dz+.......vn.....;Qhk....!dw...A......3..a..K...).Q.`t[..)].6.%@....v.g.%E>;Z...uz.L..6Ct..O.Eo.O.e..........J.J$...:....K..)......F.....ZWE...z..5..g.io...l2[.,m9X..f......5\|:bj[.._R{gi...^

C:\Users\user\AppData\Local\Temp\acrocef_low\2b69d854-85a7-4254-ade5-94cf765e4b17.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/M7ouWLaGZjZwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RuWLaGZjZwZGk3mlind9i4ufFXpAXkru
MD5:	AE1E8A5D3E7B2198980A0CA16DE5F3D3
SHA1:	A1DB2C58AFC81E6A114A8EB47BE0243956F79460
SHA-256:	8C2E1B13F6658714D51737D6745FE065B87497923945AB3028706A4171C8328F
SHA-512:	5B36CF0982C5AFED5CCEA4B30A0B31A2B5312FBF5438623D53153E076B59F1B4BEF8C08695EA74E086BCA4EF7221889DB977B5DCFF4C684BA0683FDDECDE2EC4
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\72046c3a-0589-4746-a99a-3a81661f4408.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\88bd3bb4-8e87-4367-a60b-7afddc7e847f.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw
MD5:	8B9FA2EC5118087D19CFDB20DA7C4C26
SHA1:	E32D6A1829B18717EF1455B73E88D36E0410EF93
SHA-256:	4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
SHA-512:	662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 9 01:55:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.978534317092813
Encrypted:	false
SSDEEP:	48:8Id3TvnkHDidAKZdA19ehwiZUklqehJy+3:88bQCy
MD5:	37FFB65A374841330A748BEBDD8EF727
SHA1:	DE4CCC771FDBC80B16AE029B14C49488F5FCD4F7
SHA-256:	6A069E13A0FB8F5F5BF5B97EA3DDF2A7C914174DA138E4CCEAACBA409F2E5F53
SHA-512:	F94B50EE732EDAE7CF8591FF2F5E985E37352C50C2D39C93B880A40616452851E2768D6CC73B4389D78FC81498BBD9D77F8B9F3F71D458831856ED6F9F43EC73
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....%K.c...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I)Y......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V)Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V)Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V)Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............z......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 9 01:55:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9912329413884167
Encrypted:	false
SSDEEP:	48:80d3TvnkHDidAKZdA1weh/iZUkAQkqehyy+2:8obq9Qjy
MD5:	21450837F3560E2B790D7CDB256A87FD
SHA1:	C6596B81F6B79AC13E3D88017E037C7BE79A80BF
SHA-256:	8F2B5922DAF97F5B586B88265A5CBF93BEE4D3E42F009AD7E90212155D60D498
SHA-512:	8374772AC5EDA8E32681B8BADC04672C5F287CD494EDB7AB10895528DD9AC8FF83C1A2B16734F817D4D37C9714482A1E959F80A2DEC158C9B7165116B2160166
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....n=.c...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I)Y......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V)Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V)Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V)Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............z......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.008556864192982
Encrypted:	false
SSDEEP:	48:8xEd3TvnsHDidAKZdA14tseh7sFiZUkmgqeh7sky+BX:8xYb6nmy
MD5:	6B7CAD2607264A6B3F9999DD0FAB0AF1
SHA1:	A88B0722B0022880491B1A79ADE4398B91770D23
SHA-256:	6276696331B18353A1C236957C7907AC4D7B81A963C952B5E224DDA1C73D5ABB
SHA-512:	2DDD63A204F87CE86C350BE712A5450E94910E8231C80B7D713F76793C9D0756F34F83DFF76BBABAFAF5BB63145DF54A5758183F3D1B68402D3FC9D38D3336C6
Malicious:	false
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I)Y......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V)Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V)Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............z......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 9 01:55:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9930795790918325
Encrypted:	false
SSDEEP:	48:8nwd3TvnkHDidAKZdA1vehDiZUkwqeh+y+R:8Ebx8y
MD5:	430FF3A84AC106AEF305FE644C0A3627
SHA1:	3A0BC76245CFF0701965875B3BE7604967C86CF9
SHA-256:	43654CC4EF04088699C4A667510D03C9C6604AD84F57151CDD2DEB28B3C2D09E
SHA-512:	5D8B61E1165AA5DE6CE3455FB7160932BDE6DE7E168DC76A43526AB0C273C7C3DE675085B028064877B2AE3E202410E2782B02596D256E886EB03D95A639F469
Malicious:	false
Preview:	L..................F.@.. ...$+.,....z.8.c...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I)Y......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V)Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V)Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V)Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............z......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 9 01:55:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.980907018149185
Encrypted:	false
SSDEEP:	48:81d3TvnkHDidAKZdA1hehBiZUk1W1qeh4y+C:8fbR9Yy
MD5:	D94C3F4059826DDA1EA8778EB0D54EFF
SHA1:	3A853FDB5C41A579D70CE533B55DCE80EA720B51
SHA-256:	514F6D689AD7CDCF7B5DE775C63E8281A618936572F63AE3819CD360118AA510
SHA-512:	83E579A8F531E49AA29C7F948617CA3894F38C0B37BB601E3AC1021CE6B0028DAFD5E4822AD13F2704616760F7E4EC0909890A52980472DFC40E74B54D11A1EB
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....(C.c...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I)Y......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V)Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V)Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V)Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............z......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 9 01:55:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9903825085139193
Encrypted:	false
SSDEEP:	48:8Fd3TvnkHDidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbmy+yT+:8PbNT/TbxWOvTbmy7T
MD5:	EF180626EF0C1B1B4FDB3FC51A030EA3
SHA1:	33EBE58021DC6DCF65EBE41A071D64C60511BE0F
SHA-256:	FF8A7B2CAE093CC453A13F0164EFD99BBD3BA2A86B58C717C2AB76EE00B1A575
SHA-512:	3E0C6A5E7F06079281D9443F473ECE001C8245E5E0A285B25E2C6D1709D2E1406141BC6963ACDD869EB6293CECBC50C0D99794C81C30DE6601EE9C08DE6A3903
Malicious:	false
Preview:	L..................F.@.. ...$+.,....M.0.c...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I)Y......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V)Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V)Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V)Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............z......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Static File Info

General

File type:	PDF document, version 1.4, 1 pages
Entropy (8bit):	7.8296209837764
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Quotation-Invitation28252-09yzak_1_cdcon.pdf
File size:	31'519 bytes
MD5:	35bb36513f6bdf33f5e9676100fafdff
SHA1:	fd8c0675a1596aac3f3481951d772a157ebc2a68
SHA256:	e30d0b24c933e866e6d99c5fc66b916cbae84e61976937affc78356de196edb2
SHA512:	52d2140c71f789ba9b847f6dcfec68422a0deb225e91ca21f76dd846651c3c9e18a0c557ff2dfcd2cee534f8bafddd398a4d60db30f933f2f9e35ea7ef64af86
SSDEEP:	768:b/FRFuEC/ZNLFwa14Kl1eRkAh4L9xcoLAogKtcDIuyjt:b/ry/ZNLF96K10kAh4LvLAogKtJ7jt
TLSH:	32E2C067C55D4CCCF8E3C2828A3A398F54EE71128ED475D23434439BAC94CD5AA626BE
File Content Preview:	%PDF-1.4.%.....1 0 obj.<<./Title ()./Creator (...w.k.h.t.m.l.t.o.p.d.f. .0...1.2...6)./Producer (...Q.t. .5...1.5...1.3)./CreationDate (D:20240828200213+02'00').>>.endobj.2 0 obj.<<./Type /Catalog./Pages 3 0 R.>>.endobj.4 0 obj.<<./Type /ExtGState./SA tru

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.4
Total Entropy:	7.829621
Total Bytes:	31519
Stream Entropy:	7.964088
Stream Bytes:	26872
Entropy outside Streams:	5.128470
Bytes outside Streams:	4647
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	32
endobj	32
stream	9
endstream	9
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	8
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
7	888898809e9a8484	65cd7e7a43bf90ae48d540cb3ab608b2
9	89888840548a9480	08dec80c4472a465261672c990823f14

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 9, 2024 04:55:27.059647083 CEST	49675	443	192.168.2.5	23.1.237.91
Sep 9, 2024 04:55:27.059647083 CEST	49674	443	192.168.2.5	23.1.237.91
Sep 9, 2024 04:55:27.168989897 CEST	49673	443	192.168.2.5	23.1.237.91
Sep 9, 2024 04:55:36.659976006 CEST	49674	443	192.168.2.5	23.1.237.91
Sep 9, 2024 04:55:36.660267115 CEST	49675	443	192.168.2.5	23.1.237.91
Sep 9, 2024 04:55:36.785092115 CEST	49673	443	192.168.2.5	23.1.237.91
Sep 9, 2024 04:55:37.159641027 CEST	49710	443	192.168.2.5	184.28.90.27
Sep 9, 2024 04:55:37.159686089 CEST	443	49710	184.28.90.27	192.168.2.5
Sep 9, 2024 04:55:37.159753084 CEST	49710	443	192.168.2.5	184.28.90.27
Sep 9, 2024 04:55:37.161396980 CEST	49710	443	192.168.2.5	184.28.90.27
Sep 9, 2024 04:55:37.161411047 CEST	443	49710	184.28.90.27	192.168.2.5
Sep 9, 2024 04:55:37.811295033 CEST	443	49710	184.28.90.27	192.168.2.5
Sep 9, 2024 04:55:37.811367035 CEST	49710	443	192.168.2.5	184.28.90.27
Sep 9, 2024 04:55:37.815072060 CEST	49710	443	192.168.2.5	184.28.90.27
Sep 9, 2024 04:55:37.815083027 CEST	443	49710	184.28.90.27	192.168.2.5
Sep 9, 2024 04:55:37.815319061 CEST	443	49710	184.28.90.27	192.168.2.5
Sep 9, 2024 04:55:37.856832981 CEST	49710	443	192.168.2.5	184.28.90.27
Sep 9, 2024 04:55:37.904503107 CEST	443	49710	184.28.90.27	192.168.2.5
Sep 9, 2024 04:55:38.081752062 CEST	443	49710	184.28.90.27	192.168.2.5
Sep 9, 2024 04:55:38.081819057 CEST	443	49710	184.28.90.27	192.168.2.5
Sep 9, 2024 04:55:38.081866026 CEST	49710	443	192.168.2.5	184.28.90.27
Sep 9, 2024 04:55:38.081933022 CEST	49710	443	192.168.2.5	184.28.90.27
Sep 9, 2024 04:55:38.081953049 CEST	443	49710	184.28.90.27	192.168.2.5
Sep 9, 2024 04:55:38.081963062 CEST	49710	443	192.168.2.5	184.28.90.27
Sep 9, 2024 04:55:38.081968069 CEST	443	49710	184.28.90.27	192.168.2.5
Sep 9, 2024 04:55:38.121033907 CEST	49713	443	192.168.2.5	184.28.90.27
Sep 9, 2024 04:55:38.121083975 CEST	443	49713	184.28.90.27	192.168.2.5
Sep 9, 2024 04:55:38.121155024 CEST	49713	443	192.168.2.5	184.28.90.27
Sep 9, 2024 04:55:38.121468067 CEST	49713	443	192.168.2.5	184.28.90.27
Sep 9, 2024 04:55:38.121483088 CEST	443	49713	184.28.90.27	192.168.2.5
Sep 9, 2024 04:55:38.440627098 CEST	443	49703	23.1.237.91	192.168.2.5
Sep 9, 2024 04:55:38.440718889 CEST	49703	443	192.168.2.5	23.1.237.91
Sep 9, 2024 04:55:38.761357069 CEST	443	49713	184.28.90.27	192.168.2.5
Sep 9, 2024 04:55:38.761421919 CEST	49713	443	192.168.2.5	184.28.90.27
Sep 9, 2024 04:55:38.763010979 CEST	49713	443	192.168.2.5	184.28.90.27
Sep 9, 2024 04:55:38.763024092 CEST	443	49713	184.28.90.27	192.168.2.5
Sep 9, 2024 04:55:38.763262987 CEST	443	49713	184.28.90.27	192.168.2.5
Sep 9, 2024 04:55:38.764286041 CEST	49713	443	192.168.2.5	184.28.90.27
Sep 9, 2024 04:55:38.808499098 CEST	443	49713	184.28.90.27	192.168.2.5
Sep 9, 2024 04:55:39.037142038 CEST	443	49713	184.28.90.27	192.168.2.5
Sep 9, 2024 04:55:39.037204027 CEST	443	49713	184.28.90.27	192.168.2.5
Sep 9, 2024 04:55:39.037332058 CEST	49713	443	192.168.2.5	184.28.90.27
Sep 9, 2024 04:55:39.142678022 CEST	49713	443	192.168.2.5	184.28.90.27
Sep 9, 2024 04:55:39.142713070 CEST	443	49713	184.28.90.27	192.168.2.5
Sep 9, 2024 04:55:39.142729998 CEST	49713	443	192.168.2.5	184.28.90.27
Sep 9, 2024 04:55:39.142736912 CEST	443	49713	184.28.90.27	192.168.2.5
Sep 9, 2024 04:55:44.900827885 CEST	49716	443	192.168.2.5	104.126.112.182
Sep 9, 2024 04:55:44.900867939 CEST	443	49716	104.126.112.182	192.168.2.5
Sep 9, 2024 04:55:44.901031971 CEST	49716	443	192.168.2.5	104.126.112.182
Sep 9, 2024 04:55:44.901171923 CEST	49716	443	192.168.2.5	104.126.112.182
Sep 9, 2024 04:55:44.901185989 CEST	443	49716	104.126.112.182	192.168.2.5
Sep 9, 2024 04:55:45.449687958 CEST	443	49716	104.126.112.182	192.168.2.5
Sep 9, 2024 04:55:45.450005054 CEST	49716	443	192.168.2.5	104.126.112.182
Sep 9, 2024 04:55:45.450025082 CEST	443	49716	104.126.112.182	192.168.2.5
Sep 9, 2024 04:55:45.451144934 CEST	443	49716	104.126.112.182	192.168.2.5
Sep 9, 2024 04:55:45.451426983 CEST	49716	443	192.168.2.5	104.126.112.182
Sep 9, 2024 04:55:45.453362942 CEST	49716	443	192.168.2.5	104.126.112.182
Sep 9, 2024 04:55:45.453448057 CEST	443	49716	104.126.112.182	192.168.2.5
Sep 9, 2024 04:55:45.453591108 CEST	49716	443	192.168.2.5	104.126.112.182
Sep 9, 2024 04:55:45.453598022 CEST	443	49716	104.126.112.182	192.168.2.5
Sep 9, 2024 04:55:45.506892920 CEST	49716	443	192.168.2.5	104.126.112.182
Sep 9, 2024 04:55:45.548916101 CEST	443	49716	104.126.112.182	192.168.2.5
Sep 9, 2024 04:55:45.549141884 CEST	443	49716	104.126.112.182	192.168.2.5
Sep 9, 2024 04:55:45.549567938 CEST	49716	443	192.168.2.5	104.126.112.182
Sep 9, 2024 04:55:45.549580097 CEST	443	49716	104.126.112.182	192.168.2.5
Sep 9, 2024 04:55:45.549608946 CEST	49716	443	192.168.2.5	104.126.112.182
Sep 9, 2024 04:55:45.549634933 CEST	49716	443	192.168.2.5	104.126.112.182
Sep 9, 2024 04:55:47.131022930 CEST	49718	443	192.168.2.5	40.127.169.103
Sep 9, 2024 04:55:47.131072998 CEST	443	49718	40.127.169.103	192.168.2.5
Sep 9, 2024 04:55:47.131165981 CEST	49718	443	192.168.2.5	40.127.169.103
Sep 9, 2024 04:55:47.132047892 CEST	49718	443	192.168.2.5	40.127.169.103
Sep 9, 2024 04:55:47.132061958 CEST	443	49718	40.127.169.103	192.168.2.5
Sep 9, 2024 04:55:47.895409107 CEST	443	49718	40.127.169.103	192.168.2.5
Sep 9, 2024 04:55:47.895559072 CEST	49718	443	192.168.2.5	40.127.169.103
Sep 9, 2024 04:55:47.899231911 CEST	49718	443	192.168.2.5	40.127.169.103
Sep 9, 2024 04:55:47.899245024 CEST	443	49718	40.127.169.103	192.168.2.5
Sep 9, 2024 04:55:47.899502039 CEST	443	49718	40.127.169.103	192.168.2.5
Sep 9, 2024 04:55:47.956187010 CEST	49718	443	192.168.2.5	40.127.169.103
Sep 9, 2024 04:55:48.442871094 CEST	49718	443	192.168.2.5	40.127.169.103
Sep 9, 2024 04:55:48.488507986 CEST	443	49718	40.127.169.103	192.168.2.5
Sep 9, 2024 04:55:48.694212914 CEST	443	49718	40.127.169.103	192.168.2.5
Sep 9, 2024 04:55:48.694241047 CEST	443	49718	40.127.169.103	192.168.2.5
Sep 9, 2024 04:55:48.694250107 CEST	443	49718	40.127.169.103	192.168.2.5
Sep 9, 2024 04:55:48.694278002 CEST	443	49718	40.127.169.103	192.168.2.5
Sep 9, 2024 04:55:48.694295883 CEST	443	49718	40.127.169.103	192.168.2.5
Sep 9, 2024 04:55:48.694307089 CEST	443	49718	40.127.169.103	192.168.2.5
Sep 9, 2024 04:55:48.694333076 CEST	49718	443	192.168.2.5	40.127.169.103
Sep 9, 2024 04:55:48.694363117 CEST	443	49718	40.127.169.103	192.168.2.5
Sep 9, 2024 04:55:48.694376945 CEST	443	49718	40.127.169.103	192.168.2.5
Sep 9, 2024 04:55:48.694405079 CEST	49718	443	192.168.2.5	40.127.169.103
Sep 9, 2024 04:55:48.694458008 CEST	49718	443	192.168.2.5	40.127.169.103
Sep 9, 2024 04:55:48.694905996 CEST	443	49718	40.127.169.103	192.168.2.5
Sep 9, 2024 04:55:48.694963932 CEST	443	49718	40.127.169.103	192.168.2.5
Sep 9, 2024 04:55:48.695013046 CEST	49718	443	192.168.2.5	40.127.169.103
Sep 9, 2024 04:55:49.206703901 CEST	49718	443	192.168.2.5	40.127.169.103
Sep 9, 2024 04:55:49.206736088 CEST	443	49718	40.127.169.103	192.168.2.5
Sep 9, 2024 04:55:49.206751108 CEST	49718	443	192.168.2.5	40.127.169.103
Sep 9, 2024 04:55:49.206757069 CEST	443	49718	40.127.169.103	192.168.2.5
Sep 9, 2024 04:55:57.334389925 CEST	49724	443	192.168.2.5	109.123.230.181
Sep 9, 2024 04:55:57.334443092 CEST	443	49724	109.123.230.181	192.168.2.5
Sep 9, 2024 04:55:57.334511042 CEST	49724	443	192.168.2.5	109.123.230.181
Sep 9, 2024 04:55:57.336180925 CEST	49724	443	192.168.2.5	109.123.230.181
Sep 9, 2024 04:55:57.336189985 CEST	443	49724	109.123.230.181	192.168.2.5
Sep 9, 2024 04:56:01.885992050 CEST	49729	443	192.168.2.5	172.217.16.196
Sep 9, 2024 04:56:01.886027098 CEST	443	49729	172.217.16.196	192.168.2.5
Sep 9, 2024 04:56:01.886094093 CEST	49729	443	192.168.2.5	172.217.16.196
Sep 9, 2024 04:56:01.886286974 CEST	49729	443	192.168.2.5	172.217.16.196
Sep 9, 2024 04:56:01.886301041 CEST	443	49729	172.217.16.196	192.168.2.5
Sep 9, 2024 04:56:02.526890993 CEST	443	49729	172.217.16.196	192.168.2.5
Sep 9, 2024 04:56:02.527179003 CEST	49729	443	192.168.2.5	172.217.16.196
Sep 9, 2024 04:56:02.527201891 CEST	443	49729	172.217.16.196	192.168.2.5
Sep 9, 2024 04:56:02.528162956 CEST	443	49729	172.217.16.196	192.168.2.5
Sep 9, 2024 04:56:02.528225899 CEST	49729	443	192.168.2.5	172.217.16.196
Sep 9, 2024 04:56:02.529239893 CEST	49729	443	192.168.2.5	172.217.16.196
Sep 9, 2024 04:56:02.529298067 CEST	443	49729	172.217.16.196	192.168.2.5
Sep 9, 2024 04:56:02.584325075 CEST	49729	443	192.168.2.5	172.217.16.196
Sep 9, 2024 04:56:02.584335089 CEST	443	49729	172.217.16.196	192.168.2.5
Sep 9, 2024 04:56:02.629817009 CEST	49729	443	192.168.2.5	172.217.16.196
Sep 9, 2024 04:56:12.428385973 CEST	443	49729	172.217.16.196	192.168.2.5
Sep 9, 2024 04:56:12.428450108 CEST	443	49729	172.217.16.196	192.168.2.5
Sep 9, 2024 04:56:12.428520918 CEST	49729	443	192.168.2.5	172.217.16.196
Sep 9, 2024 04:56:13.630731106 CEST	49729	443	192.168.2.5	172.217.16.196
Sep 9, 2024 04:56:13.630759954 CEST	443	49729	172.217.16.196	192.168.2.5
Sep 9, 2024 04:56:18.381943941 CEST	49703	443	192.168.2.5	23.1.237.91
Sep 9, 2024 04:56:18.382076025 CEST	49703	443	192.168.2.5	23.1.237.91
Sep 9, 2024 04:56:18.382432938 CEST	49737	443	192.168.2.5	23.1.237.91
Sep 9, 2024 04:56:18.382482052 CEST	443	49737	23.1.237.91	192.168.2.5
Sep 9, 2024 04:56:18.382944107 CEST	49737	443	192.168.2.5	23.1.237.91
Sep 9, 2024 04:56:18.383271933 CEST	49737	443	192.168.2.5	23.1.237.91
Sep 9, 2024 04:56:18.383284092 CEST	443	49737	23.1.237.91	192.168.2.5
Sep 9, 2024 04:56:18.386904001 CEST	443	49703	23.1.237.91	192.168.2.5
Sep 9, 2024 04:56:18.386919975 CEST	443	49703	23.1.237.91	192.168.2.5
Sep 9, 2024 04:56:18.983690977 CEST	443	49737	23.1.237.91	192.168.2.5
Sep 9, 2024 04:56:18.983794928 CEST	49737	443	192.168.2.5	23.1.237.91
Sep 9, 2024 04:56:25.600649118 CEST	49738	443	192.168.2.5	40.127.169.103
Sep 9, 2024 04:56:25.600703955 CEST	443	49738	40.127.169.103	192.168.2.5
Sep 9, 2024 04:56:25.600774050 CEST	49738	443	192.168.2.5	40.127.169.103
Sep 9, 2024 04:56:25.601113081 CEST	49738	443	192.168.2.5	40.127.169.103
Sep 9, 2024 04:56:25.601125956 CEST	443	49738	40.127.169.103	192.168.2.5
Sep 9, 2024 04:56:26.391649961 CEST	443	49738	40.127.169.103	192.168.2.5
Sep 9, 2024 04:56:26.391726017 CEST	49738	443	192.168.2.5	40.127.169.103
Sep 9, 2024 04:56:26.396162033 CEST	49738	443	192.168.2.5	40.127.169.103
Sep 9, 2024 04:56:26.396172047 CEST	443	49738	40.127.169.103	192.168.2.5
Sep 9, 2024 04:56:26.396418095 CEST	443	49738	40.127.169.103	192.168.2.5
Sep 9, 2024 04:56:26.406970024 CEST	49738	443	192.168.2.5	40.127.169.103
Sep 9, 2024 04:56:26.448503971 CEST	443	49738	40.127.169.103	192.168.2.5
Sep 9, 2024 04:56:26.727314949 CEST	443	49738	40.127.169.103	192.168.2.5
Sep 9, 2024 04:56:26.727351904 CEST	443	49738	40.127.169.103	192.168.2.5
Sep 9, 2024 04:56:26.727369070 CEST	443	49738	40.127.169.103	192.168.2.5
Sep 9, 2024 04:56:26.727426052 CEST	49738	443	192.168.2.5	40.127.169.103
Sep 9, 2024 04:56:26.727449894 CEST	443	49738	40.127.169.103	192.168.2.5
Sep 9, 2024 04:56:26.727502108 CEST	49738	443	192.168.2.5	40.127.169.103
Sep 9, 2024 04:56:26.728517056 CEST	443	49738	40.127.169.103	192.168.2.5
Sep 9, 2024 04:56:26.728559017 CEST	443	49738	40.127.169.103	192.168.2.5
Sep 9, 2024 04:56:26.728575945 CEST	49738	443	192.168.2.5	40.127.169.103
Sep 9, 2024 04:56:26.728583097 CEST	443	49738	40.127.169.103	192.168.2.5
Sep 9, 2024 04:56:26.728610992 CEST	49738	443	192.168.2.5	40.127.169.103
Sep 9, 2024 04:56:26.728612900 CEST	443	49738	40.127.169.103	192.168.2.5
Sep 9, 2024 04:56:26.728652954 CEST	49738	443	192.168.2.5	40.127.169.103
Sep 9, 2024 04:56:26.731048107 CEST	49738	443	192.168.2.5	40.127.169.103
Sep 9, 2024 04:56:26.731059074 CEST	443	49738	40.127.169.103	192.168.2.5
Sep 9, 2024 04:56:26.731072903 CEST	49738	443	192.168.2.5	40.127.169.103
Sep 9, 2024 04:56:26.731079102 CEST	443	49738	40.127.169.103	192.168.2.5
Sep 9, 2024 04:56:27.348418951 CEST	49724	443	192.168.2.5	109.123.230.181
Sep 9, 2024 04:56:27.348565102 CEST	443	49724	109.123.230.181	192.168.2.5
Sep 9, 2024 04:56:27.348623037 CEST	49724	443	192.168.2.5	109.123.230.181
Sep 9, 2024 04:56:28.386271000 CEST	49740	443	192.168.2.5	109.123.230.181
Sep 9, 2024 04:56:28.386322021 CEST	443	49740	109.123.230.181	192.168.2.5
Sep 9, 2024 04:56:28.386385918 CEST	49740	443	192.168.2.5	109.123.230.181
Sep 9, 2024 04:56:28.386477947 CEST	49741	443	192.168.2.5	109.123.230.181
Sep 9, 2024 04:56:28.386529922 CEST	443	49741	109.123.230.181	192.168.2.5
Sep 9, 2024 04:56:28.386576891 CEST	49741	443	192.168.2.5	109.123.230.181
Sep 9, 2024 04:56:28.387232065 CEST	49741	443	192.168.2.5	109.123.230.181
Sep 9, 2024 04:56:28.387244940 CEST	443	49741	109.123.230.181	192.168.2.5
Sep 9, 2024 04:56:28.387455940 CEST	49740	443	192.168.2.5	109.123.230.181
Sep 9, 2024 04:56:28.387473106 CEST	443	49740	109.123.230.181	192.168.2.5
Sep 9, 2024 04:56:38.139159918 CEST	443	49737	23.1.237.91	192.168.2.5
Sep 9, 2024 04:56:38.139231920 CEST	49737	443	192.168.2.5	23.1.237.91
Sep 9, 2024 04:56:58.390074015 CEST	49741	443	192.168.2.5	109.123.230.181
Sep 9, 2024 04:56:58.390152931 CEST	49740	443	192.168.2.5	109.123.230.181
Sep 9, 2024 04:56:58.390203953 CEST	443	49741	109.123.230.181	192.168.2.5
Sep 9, 2024 04:56:58.390286922 CEST	49741	443	192.168.2.5	109.123.230.181
Sep 9, 2024 04:56:58.390328884 CEST	443	49740	109.123.230.181	192.168.2.5
Sep 9, 2024 04:56:58.390378952 CEST	49740	443	192.168.2.5	109.123.230.181
Sep 9, 2024 04:57:01.941507101 CEST	49743	443	192.168.2.5	172.217.16.196
Sep 9, 2024 04:57:01.941543102 CEST	443	49743	172.217.16.196	192.168.2.5
Sep 9, 2024 04:57:01.941632032 CEST	49743	443	192.168.2.5	172.217.16.196
Sep 9, 2024 04:57:01.941899061 CEST	49743	443	192.168.2.5	172.217.16.196
Sep 9, 2024 04:57:01.941917896 CEST	443	49743	172.217.16.196	192.168.2.5
Sep 9, 2024 04:57:02.587865114 CEST	443	49743	172.217.16.196	192.168.2.5
Sep 9, 2024 04:57:02.588188887 CEST	49743	443	192.168.2.5	172.217.16.196
Sep 9, 2024 04:57:02.588208914 CEST	443	49743	172.217.16.196	192.168.2.5
Sep 9, 2024 04:57:02.588565111 CEST	443	49743	172.217.16.196	192.168.2.5
Sep 9, 2024 04:57:02.588849068 CEST	49743	443	192.168.2.5	172.217.16.196
Sep 9, 2024 04:57:02.588906050 CEST	443	49743	172.217.16.196	192.168.2.5
Sep 9, 2024 04:57:02.643387079 CEST	49743	443	192.168.2.5	172.217.16.196
Sep 9, 2024 04:57:03.403827906 CEST	49744	443	192.168.2.5	109.123.230.181
Sep 9, 2024 04:57:03.403855085 CEST	443	49744	109.123.230.181	192.168.2.5
Sep 9, 2024 04:57:03.403938055 CEST	49744	443	192.168.2.5	109.123.230.181
Sep 9, 2024 04:57:03.403990030 CEST	49745	443	192.168.2.5	109.123.230.181
Sep 9, 2024 04:57:03.404023886 CEST	443	49745	109.123.230.181	192.168.2.5
Sep 9, 2024 04:57:03.404077053 CEST	49745	443	192.168.2.5	109.123.230.181
Sep 9, 2024 04:57:03.404792070 CEST	49745	443	192.168.2.5	109.123.230.181
Sep 9, 2024 04:57:03.404803038 CEST	443	49745	109.123.230.181	192.168.2.5
Sep 9, 2024 04:57:03.404928923 CEST	49744	443	192.168.2.5	109.123.230.181
Sep 9, 2024 04:57:03.404937983 CEST	443	49744	109.123.230.181	192.168.2.5
Sep 9, 2024 04:57:12.498012066 CEST	443	49743	172.217.16.196	192.168.2.5
Sep 9, 2024 04:57:12.498087883 CEST	443	49743	172.217.16.196	192.168.2.5
Sep 9, 2024 04:57:12.498151064 CEST	49743	443	192.168.2.5	172.217.16.196
Sep 9, 2024 04:57:13.631083012 CEST	49743	443	192.168.2.5	172.217.16.196
Sep 9, 2024 04:57:13.631107092 CEST	443	49743	172.217.16.196	192.168.2.5
Sep 9, 2024 04:57:33.409560919 CEST	49745	443	192.168.2.5	109.123.230.181
Sep 9, 2024 04:57:33.409627914 CEST	49744	443	192.168.2.5	109.123.230.181
Sep 9, 2024 04:57:33.409712076 CEST	443	49745	109.123.230.181	192.168.2.5
Sep 9, 2024 04:57:33.409799099 CEST	443	49744	109.123.230.181	192.168.2.5
Sep 9, 2024 04:57:33.409868956 CEST	49745	443	192.168.2.5	109.123.230.181
Sep 9, 2024 04:57:33.409885883 CEST	49744	443	192.168.2.5	109.123.230.181
Sep 9, 2024 04:58:02.003104925 CEST	49747	443	192.168.2.5	172.217.16.196
Sep 9, 2024 04:58:02.003138065 CEST	443	49747	172.217.16.196	192.168.2.5
Sep 9, 2024 04:58:02.004194975 CEST	49747	443	192.168.2.5	172.217.16.196
Sep 9, 2024 04:58:02.004431009 CEST	49747	443	192.168.2.5	172.217.16.196
Sep 9, 2024 04:58:02.004445076 CEST	443	49747	172.217.16.196	192.168.2.5
Sep 9, 2024 04:58:02.632360935 CEST	443	49747	172.217.16.196	192.168.2.5
Sep 9, 2024 04:58:02.667098045 CEST	49747	443	192.168.2.5	172.217.16.196
Sep 9, 2024 04:58:02.667124987 CEST	443	49747	172.217.16.196	192.168.2.5
Sep 9, 2024 04:58:02.667486906 CEST	443	49747	172.217.16.196	192.168.2.5
Sep 9, 2024 04:58:02.675688028 CEST	49747	443	192.168.2.5	172.217.16.196
Sep 9, 2024 04:58:02.675825119 CEST	443	49747	172.217.16.196	192.168.2.5
Sep 9, 2024 04:58:02.720769882 CEST	49747	443	192.168.2.5	172.217.16.196
Sep 9, 2024 04:58:03.432081938 CEST	49748	443	192.168.2.5	109.123.230.181
Sep 9, 2024 04:58:03.432121038 CEST	443	49748	109.123.230.181	192.168.2.5
Sep 9, 2024 04:58:03.432276964 CEST	49749	443	192.168.2.5	109.123.230.181
Sep 9, 2024 04:58:03.432281017 CEST	49748	443	192.168.2.5	109.123.230.181
Sep 9, 2024 04:58:03.432315111 CEST	443	49749	109.123.230.181	192.168.2.5
Sep 9, 2024 04:58:03.432508945 CEST	49749	443	192.168.2.5	109.123.230.181
Sep 9, 2024 04:58:03.432512999 CEST	49748	443	192.168.2.5	109.123.230.181
Sep 9, 2024 04:58:03.432526112 CEST	443	49748	109.123.230.181	192.168.2.5
Sep 9, 2024 04:58:03.432743073 CEST	49749	443	192.168.2.5	109.123.230.181
Sep 9, 2024 04:58:03.432753086 CEST	443	49749	109.123.230.181	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 9, 2024 04:55:57.293237925 CEST	53	61762	1.1.1.1	192.168.2.5
Sep 9, 2024 04:55:57.316956997 CEST	64035	53	192.168.2.5	1.1.1.1
Sep 9, 2024 04:55:57.317240953 CEST	50540	53	192.168.2.5	1.1.1.1
Sep 9, 2024 04:55:57.325139046 CEST	53	53241	1.1.1.1	192.168.2.5
Sep 9, 2024 04:55:57.328392029 CEST	53	50540	1.1.1.1	192.168.2.5
Sep 9, 2024 04:55:57.330630064 CEST	53	64035	1.1.1.1	192.168.2.5
Sep 9, 2024 04:55:58.311722994 CEST	53	55549	1.1.1.1	192.168.2.5
Sep 9, 2024 04:56:01.878582001 CEST	54536	53	192.168.2.5	1.1.1.1
Sep 9, 2024 04:56:01.878722906 CEST	65498	53	192.168.2.5	1.1.1.1
Sep 9, 2024 04:56:01.885252953 CEST	53	65498	1.1.1.1	192.168.2.5
Sep 9, 2024 04:56:01.885303974 CEST	53	54536	1.1.1.1	192.168.2.5
Sep 9, 2024 04:56:01.961905956 CEST	53	53859	1.1.1.1	192.168.2.5
Sep 9, 2024 04:56:15.291975021 CEST	53	59895	1.1.1.1	192.168.2.5
Sep 9, 2024 04:56:27.089824915 CEST	53	59152	1.1.1.1	192.168.2.5
Sep 9, 2024 04:56:34.088409901 CEST	53	49154	1.1.1.1	192.168.2.5
Sep 9, 2024 04:56:57.090420961 CEST	53	62910	1.1.1.1	192.168.2.5
Sep 9, 2024 04:56:57.152673006 CEST	53	52750	1.1.1.1	192.168.2.5
Sep 9, 2024 04:57:25.683036089 CEST	53	50849	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 9, 2024 04:55:57.316956997 CEST	192.168.2.5	1.1.1.1	0x91c2	Standard query (0)	000webhhost.com	A (IP address)	IN (0x0001)	false
Sep 9, 2024 04:55:57.317240953 CEST	192.168.2.5	1.1.1.1	0xe30a	Standard query (0)	000webhhost.com	65	IN (0x0001)	false
Sep 9, 2024 04:56:01.878582001 CEST	192.168.2.5	1.1.1.1	0x97b0	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 9, 2024 04:56:01.878722906 CEST	192.168.2.5	1.1.1.1	0xbbbc	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Sep 9, 2024 04:55:45.165601015 CEST	1.1.1.1	192.168.2.5	0x2b82	No error (0)	bg.microsoft.map.fastly.net	199.232.210.172	A (IP address)	IN (0x0001)	false
Sep 9, 2024 04:55:45.165601015 CEST	1.1.1.1	192.168.2.5	0x2b82	No error (0)	bg.microsoft.map.fastly.net	199.232.214.172	A (IP address)	IN (0x0001)	false
Sep 9, 2024 04:55:57.330630064 CEST	1.1.1.1	192.168.2.5	0x91c2	No error (0)	000webhhost.com	109.123.230.181	A (IP address)	IN (0x0001)	false
Sep 9, 2024 04:56:01.885252953 CEST	1.1.1.1	192.168.2.5	0xbbbc	No error (0)	www.google.com		65	IN (0x0001)	false
Sep 9, 2024 04:56:01.885303974 CEST	1.1.1.1	192.168.2.5	0x97b0	No error (0)	www.google.com	172.217.16.196	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

fs.microsoft.com

armmf.adobe.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49710	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-09 02:55:37 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-09 02:55:38 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF70) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=49791 Date: Mon, 09 Sep 2024 02:55:37 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49713	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-09 02:55:38 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-09 02:55:39 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=49859 Date: Mon, 09 Sep 2024 02:55:38 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-09 02:55:39 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49716	104.126.112.182	443	7344	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-09 02:55:45 UTC	475	OUT	GET /onboarding/smskillreader.txt HTTP/1.1 Host: armmf.adobe.com Connection: keep-alive Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br If-None-Match: "78-5faa31cce96da" If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
2024-09-09 02:55:45 UTC	198	IN	HTTP/1.1 304 Not Modified Content-Type: text/plain; charset=UTF-8 Last-Modified: Mon, 01 May 2023 15:02:33 GMT ETag: "78-5faa31cce96da" Date: Mon, 09 Sep 2024 02:55:45 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49718	40.127.169.103	443

Timestamp	Bytes transferred	Direction	Data
2024-09-09 02:55:48 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=SvNPcrc7vD4dMwO&MD=goumtm+a HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-09-09 02:55:48 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 11d5df54-7d20-4cc5-aabc-d217ecc4dedf MS-RequestId: df85aa44-66eb-4f74-afb3-c984a7325955 MS-CV: bQ+ZQkmLcEKMFHSh.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 09 Sep 2024 02:55:48 GMT Connection: close Content-Length: 24490
2024-09-09 02:55:48 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-09-09 02:55:48 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49738	40.127.169.103	443

Timestamp	Bytes transferred	Direction	Data
2024-09-09 02:56:26 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=SvNPcrc7vD4dMwO&MD=goumtm+a HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-09-09 02:56:26 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: e8437830-80bd-46ad-9170-cfdc9a8ebd8b MS-RequestId: 6d2c3194-b655-46a6-b0de-4bff74d5033c MS-CV: 8/8COYvrAk+7esFc.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 09 Sep 2024 02:56:25 GMT Connection: close Content-Length: 30005
2024-09-09 02:56:26 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-09-09 02:56:26 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 5948, Parent PID: 1028

General

Target ID:	0
Start time:	22:55:30
Start date:	08/09/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Quotation-Invitation28252-09yzak_1_cdcon.pdf"
Imagebase:	0x7ff686a00000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 4324, Parent PID: 5948

General

Target ID:	2
Start time:	22:55:31
Start date:	08/09/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff6413e0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7344, Parent PID: 4324

General

Target ID:	4
Start time:	22:55:31
Start date:	08/09/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1752,i,16318768401358701471,9600872464586009153,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff6413e0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7748, Parent PID: 5744

General

Target ID:	8
Start time:	22:55:55
Start date:	08/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://000webhhost.com/download.php?file=scope-of-work.zip"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5628, Parent PID: 7748

General

Target ID:	9
Start time:	22:55:56
Start date:	08/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=2000,i,10083080512340279242,5486818612561399752,262144 /prefetch:8
Imagebase:	0x7ff6068e0000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems. Spearphishing with a link is a specific variant of spearphishing. It is different from other forms of spearphishing in that it employs the use of links to download malware contained in email, instead of attaching malicious files to the email itself, to avoid defenses that may inspect email attachments. Spearphishing may also involve social engineering techniques, such as posing as a trusted source.
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Google Workspace, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Quotation-Invitation28252-09yzak_1_cdcon.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Errors

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\4d32797c-b226-4505-9949-418894c1a4f2.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240909025535Z-155.bmp

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Windows Analysis Report
Quotation-Invitation28252-09yzak_1_cdcon.pdf