Edit tour

Windows Analysis Report
Doc-Secure6033.pdf

Overview

General Information

Sample name:	Doc-Secure6033.pdf
Analysis ID:	1541465
MD5:	c88cc996e4e8aa7809663708a94322f6
SHA1:	0cc91bd50a1ae9c44c45654c5b782c3513ee2af9
SHA256:	fdc880939123388fccac41aa7db7c44575116f931ba1f8e17af9038b1130ed28
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

AI detected landing page (webpage, office document or email)

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

Acrobat.exe (PID: 7160 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Doc-Secure6033.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 6660 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 5204 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2248 --field-trial-handle=1564,i,7677488233155545704,10048145090133627411,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

chrome.exe (PID: 2068 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://policy.groovehq.com/help/hr-review?version%3Dlatest MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6220 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1984,i,1624368531900863041,7144110395526881659,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://policy.groovehq.com/help/hr-review?version%3Dlatest

SlashNext: Label: Credential Stealing type: Phishing & Social Engineering

Source: https://policy.groovehq.com/help/hr-review?version%3Dlatest

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49730 version: TLS 1.2

Source: Joe Sandbox View

IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /help/hr-review?version%3Dlatest HTTP/1.1Host: policy.groovehq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /stylesheets/kb404.css HTTP/1.1Host: policy.groovehq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://policy.groovehq.com/help/hr-review?version%3DlatestAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/404-graphics@2x.png HTTP/1.1Host: policy.groovehq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://policy.groovehq.com/help/hr-review?version%3DlatestAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: policy.groovehq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://policy.groovehq.com/help/hr-review?version%3DlatestAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/404-graphics@2x.png HTTP/1.1Host: policy.groovehq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: policy.groovehq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=1dfWdZ9ZyNNOkzw&MD=gTKszEw5 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=1dfWdZ9ZyNNOkzw&MD=gTKszEw5 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: policy.groovehq.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: x1.i.lencr.org

Source: 77EC63BDA74BD0D0E0426DC8F80085060.6.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.6.dr	String found in binary or memory: http://x1.i.lencr.org/
Source: c2922ff2-012d-40b4-9535-e589657fd403.tmp.8.dr	String found in binary or memory: https://chrome.cloudflare-dns.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49730 version: TLS 1.2

Source: classification engine

Classification label: mal52.winPDF@30/62@7/6

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6384

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-24 15-31-25-844.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Doc-Secure6033.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2248 --field-trial-handle=1564,i,7677488233155545704,10048145090133627411,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://policy.groovehq.com/help/hr-review?version%3Dlatest
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1984,i,1624368531900863041,7144110395526881659,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2248 --field-trial-handle=1564,i,7677488233155545704,10048145090133627411,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1984,i,1624368531900863041,7144110395526881659,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.9.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.9.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.9.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.9.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.9.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.9.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Doc-Secure6033.pdf	Initial sample: PDF keyword /JS count = 0
Source: Doc-Secure6033.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Doc-Secure6033.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Persistence and Installation Behavior

AI detected landing page (webpage, office document or email)

Source: PDF document

LLM: PDF document contains QR code

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Process information queried: ProcessInformation

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://policy.groovehq.com/help/hr-review?version%3Dlatest	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering
https://chrome.cloudflare-dns.com	0%	URL Reputation	safe
http://x1.i.lencr.org/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
www.google.com	142.250.186.100	true	false	unknown
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	217.20.57.18	true	false	unknown
82d61daa-default-apigroove-543c-1829221560.us-east-1.elb.amazonaws.com	18.206.9.70	true	false	unknown
x1.i.lencr.org	unknown	unknown	false	unknown
policy.groovehq.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://policy.groovehq.com/favicon.ico	false		unknown
https://policy.groovehq.com/images/404-graphics@2x.png	false		unknown
https://policy.groovehq.com/stylesheets/kb404.css	false		unknown
https://policy.groovehq.com/help/hr-review?version%3Dlatest	true	SlashNext: Credential Stealing type: Phishing & Social Engineering	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://chrome.cloudflare-dns.com	c2922ff2-012d-40b4-9535-e589657fd403.tmp.8.dr	false	URL Reputation: safe	unknown
http://x1.i.lencr.org/	2D85F72862B55C4EADD9E66E06947F3D0.6.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
18.206.9.70	82d61daa-default-apigroove-543c-1829221560.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false
3.221.0.202	unknown	United States	14618	AMAZON-AESUS	false
142.250.186.100	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16
192.168.2.23

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1541465
Start date and time:	2024-10-24 21:30:49 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 4s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	18
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Doc-Secure6033.pdf
Detection:	MAL
Classification:	mal52.winPDF@30/62@7/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.195, 142.250.186.78, 66.102.1.84, 34.104.35.123, 184.28.88.176, 107.22.247.231, 18.207.85.246, 54.144.73.197, 34.193.227.236, 162.159.61.3, 172.64.41.3, 2.23.197.184, 88.221.168.141, 199.232.210.172, 2.19.126.149, 2.19.126.143, 142.250.186.35, 88.221.110.91, 2.16.100.168, 172.217.16.142, 93.184.221.240
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, e4578.dscb.akamaiedge.net, clientservices.googleapis.com, a767.dspw65.akamai.net, acroipm2.adobe.com, wu.azureedge.net, clients2.google.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, update.googleapis.com, hlb.apr-52dd2-0.edgecastdns.net, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net, clients1.google.com, fs.microsoft.com, accounts.google.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, ssl.adobe.com.edgekey.net, edgedl.me.gvt1.com, armmf.adobe.com, clients.l.google.com, geo2.adobe.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: Doc-Secure6033.pdf

Simulations

Behavior and APIs

Time	Type	Description
15:31:36	API Interceptor	2x Sleep call for process: AcroCEF.exe modified

QR Codes

Source	URL
Screenshot	https://policy.groovehq.com/help/hr-review?version%3Dlatest

LLM Input / Output

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	phish_alert_sp2_2.0.0.0 (1).eml	Get hash	malicious	Unknown	Browse
	https://view.flodesk.com/emails/671a6d1f7ce9f793bb70518a	Get hash	malicious	Unknown	Browse
	https://novisurvey.net/ns/n/z133i.aspx	Get hash	malicious	Unknown	Browse
	http://boulos-sharepoint.com	Get hash	malicious	HTMLPhisher	Browse
	https://u47751895.ct.sendgrid.net/ls/click?upn=u001.LUpianUM71xe7PV7wDA6i1kcuy38W249FfPzE-2Fn4iGArrL0MQBCUZHFEzmfBrwW7hf5h8aNQUml0OSIHqpXf0Hd-2FwQBg2gsGxKHK7PsY2xc-3DPya1_YT5LbHmSQ6soq50ixwpFbSYZshuq6-2FPFgRa8NDnR03IYhL-2F9Rsp4maHC7HKUeszLncLvtZaWCVsMwsguQ5-2FbgriKbvHymTrFFrqjql1V0tvMkZQvyA1xxy-2B6NtGFoUeUGIrvdabsXN8enx2k5c-2BvLXzm-2BRXmD29Cf33DbXC513Cwkuo46G2I7a1uwsANH8eVhz8r5XyLPneRi4ngixWtQkBEaLBBKkl5CzEPySNlMnqJuuWiTBlFswgUf9EX-2BEhUpqAvMFuAlKTpYcteS-2FjAegbPmUSDcSeBkfnhL6yUhTFHUFrxra-2BdIgnamsXKUUqu-2BC45G51EOfBd9qOCqWy3OeOC7KYj3-2FcaIfcOAM1Jkvyddtn3gwRC5w97RLza-2BBM2JcZLNzMYva4SJzBZv7RClCaMcjevyjP6ZFvlR0NECf5zAmWbPLmCUnefze8ZyTvnDqXVb3nrflSdnTlNxWfm617xjOrSoSu-2BVHZVqbE92ZodSyvWqgaCWZg0TMDZeq64M67nuH9ryo7I5u80SS081vnMThCYiPoN3JUoUliQPKbNY46GxAPyVhMs4qqZVi-2FFUtIGEycXziXytxfy6JCzAZ2sa7DZusc1RftLAVM4uJit-2FAhxM-2FK1sEHsKHKvs9o7uDMExZ5YqEBjrD2XHch-2BY6xwRGGg56MeC1Bpa72xAoR6DmInmiEX4j92yaROEh1-2FMsHdtSstN7zc8gxU7ETVWVMBRLf6m4dTRruSfSNaLUi9QLq9d7Qfe8VMdKN1j9FMGIYia88728BDNNxRTaT4nSNITRr9JPa4Z1K1vdUocdyCKNcYSZsN8yguI0-2FqNXUfWFuoxnz5MDqwufLzxub8Fw-3D-3D	Get hash	malicious	HTMLPhisher	Browse
	http://lowes.mooo.com/index.php?search=4&d16852&morde=354-1256&lm=400100KWWT29761&sd=15&page=9u6rpKHD2TMFWFa#izRRKlsmoFgLg4jmhaU9	Get hash	malicious	Phisher	Browse
	https://chapelet-mariae.com.pl/qgxPm/	Get hash	malicious	HTMLPhisher	Browse
	EBalcao_ysx.vbs	Get hash	malicious	Unknown	Browse
	https://tronlkam8s2.z13.web.core.windows.net	Get hash	malicious	TechSupportScam	Browse
	http://google.com	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	QN1BkRVd.eml	Get hash	malicious	Unknown	Browse	217.20.57.18
	http://hybrid-web.global.blackspider.com/urlwrap/?q=AXicLU67UsMwEFQBX0Gf0pbtkywxowHLiZgUDEXoGVmRjbFlJX4wk4bPgT-kJgpp9u72dnb35hZ9_SB0943Q2J8S1kTT-Bk53fbGD_Po-8h4h4C_yGb70WGgwAjaOz_q4TFAY41fhvk0mSXyY4Pe5_kw3cdxP3RRa-M8k0-72IqHZXZvRruDbptBrMLl7L5dnLAh60JMfhmNFbb3x0VfmFDBDrPYPO9Wtj--jtp0271IeaVxWlvNawq24rrmlPAKkyw3hGoetMLaNOFnloGugFFS1QmrM3IGAKg1DSLdBrM0veyzSMIsryXPOUnO_1-dYIUisgSKsdoknOWcZiBlmSvMVaZwLouSpIqRslBScsxYCkWZQUkobEByul4riRAivwj9ATUqckw&Z	Get hash	malicious	Unknown	Browse	217.20.57.23
	https://click.smb-hub-amer.com/CL0/https:%2F%2Faws-experience.com%2Famer%2Fsmb%2Ffaq/1/010f0192953347ae-3c905125-2a17-4574-9bc8-91e7b29508e2-000000/yNxMb5L-NyQC__8b2PYbvEt2zZ-h7CoRCEU0OPMd7LQ=181	Get hash	malicious	Unknown	Browse	217.20.57.37
	https://click.smb-hub-amer.com/CL0/https:%2F%2Faws-experience.com%2Famer%2Fsmb%2Fverify-me-request%3Ftoken=eyJlbWFpbCI6ImJwaW5lZGFAaW1heC5jb20iLCJ2ZXJpZnktdG9rZW4iOiIxZDgyNTBlYjVlMzM4MjNkNDM1ZGIyNDQ2NTRmNGQ1MmM3MTFiNDM4N2QwZDkzNTYwZjlmYzRiYTNmNTJhZjZmNzEyMDkyODdhMzZkYzZiOWQ5ZWNiNTZjYzFjMjRkMjg2ZmYzYzRhYTgxYTQ0MTI4N2I0ODQxZjY5Njg4ZmZmZTcwZDdmZDZkNjZlYzlkMmRjMTAyNTUzZDA2YzNjNjY0ZjM1MjE5NjRhMzFmMzIwYWVhN2FlN2ZlNzU4NDdkN2E2OGQ5YWY1ZTNkYjk2MDI4ZWVlZWVmNjZiNDA4MWI3MzI0MDE0YzIzZDhkNjZmYjQ2YjRkNGQ5OGIzOWM4ZDU1In0%26type=event%26id=6585db7d-9771-4f75-83ae-d72331d5b483%26tier=basic%26path=%252Fe%252F6585d%252Ftech201-generative-ai-activation---prompt-engineering-with-amazon-bedrock/1/010f0192929ffdd9-52e8ab98-0c2d-4477-9745-d305c3580957-000000/bpy3MIKRHDhKHa3naGXB0nUpNkE0SIRP76qCITL47wA=180	Get hash	malicious	Unknown	Browse	217.20.57.18
	http://tracking.nod.ro/tracking/click?d=8REPYbZ94cOn_ul_JxRkLKBjFbxwY-GUgS6EV0s7kapGO_zjZE0f1KtLYT5c7nKgelvuD3vDbSI0lknICwSLWolTib8seslw-_rGaMeEVl6PzTFFf9lSRdtGv9cgKIAiR7f5TSW7wlUFE8pTfmAWGF-pjwVLBAEMrKv3pAyCL9Fm0	Get hash	malicious	Unknown	Browse	217.20.57.34
	Payment for outstanding statements.pdf	Get hash	malicious	HTMLPhisher	Browse	217.20.57.19
	ATT25322.html	Get hash	malicious	Unknown	Browse	217.20.57.18
	https://app.pandadoc.com/document/v2?token=69b8ae0059c2551a9a27ed1b65653c1a0b5ee1ff	Get hash	malicious	Unknown	Browse	217.20.57.34
	Urgent Quotation documents One Pdf.vbs	Get hash	malicious	AgentTesla	Browse	84.201.210.36
	https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiGKhz4oV3PFLo8UDeLKYv23KHw-2BibCQbosx-2BrYm8YSguIMuXvCpYeqDDvEw6xfy3Div01ANz8r2e-2FhGLQvDi-2BscSWac3BuupWFH6VNOvVWTJC9zO-2BHJCietQ-2FJZFwQgpHI-3D-lRS_d2mIoWmaHN9uElWsaXGXS4tx0xN0zdn5dS-2BOd7-2Fl3QSVFRRmw1zxHoUF8IFkv0vPmX9e-2FpcJrwktm83M8wunod8BspGgLLPEF1if2HBchZeffUo4j9EJFkeG71k3QLUGbt-2BPOzOXmt4QJd92N-2FZHTYo2XD8iUgnUizXXtivzF3d3iwCm-2B4LgJBsV4Xj2wRfUmVe-2BZzLNjzm9yfKXdaFtrYnt3SwNpb5k3iumV8n5Skx7pt7Un0CDOQuxQvoQfT71JluCxsB4NeK-2Fb76-2BFnzVpaElc921KXwzYV6gy0TRcRMyq5WidmSlSRF6xkfJgLjfEzUFzNEG7kEBleVDqxb6JQ-3D-3D	Get hash	malicious	Unknown	Browse	217.20.57.18
82d61daa-default-apigroove-543c-1829221560.us-east-1.elb.amazonaws.com	Doc-Secure6025.pdf	Get hash	malicious	Unknown	Browse	34.230.244.214
bg.microsoft.map.fastly.net	https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiGKYA8h-2Fs2ZE4k4Mw5OTNkG7MXiFSxnNtW0j6ofSHAXW1HldotIiuSczAWXKMwqPC9SEFfmHbhfPeJSnLL1byLqHFtV-2B5-2Bzlu3aEmkvEsjdF4pfPyN0cCie5qLdpyqXEVc-3DdW75_nptsQERiP2bxDplO0Yopma5-2B3-2BHXjIBfjCSriTnBL6bDAIVjKAbvVGNCWdU9DqIsFlkV1hwq0qq8QFfBJ4Jw83lxfQiag11eNjful-2F5DZNB0MfOdNL9CUK7i3u0XSRn3tgRxnTXYhlIImrFKtd24RJvAaDi0YLYq-2F-2Bnuc9osPPDAYREdTeCb9pcHCOzNWNquq3heowckATHcFvqXT76Jk2gcbZFXWlQRsFjG8eDMpM-2FLXpgzBvYnGXnUOibU2YR8sPRE-2FoPHFza-2Fw01eQ45phCwYix9qckBwiXG0HXQmAbfGqimPLouUL92q8izxx4IU5EnAunMVPc46qKMPXhEF7g-3D-3D	Get hash	malicious	Unknown	Browse	199.232.214.172
	QN1BkRVd.eml	Get hash	malicious	Unknown	Browse	199.232.210.172
	https://na2.docusign.net/Signing/EmailStart.aspx?a=c6104538-ac3b-4407-b24b-a0b641ee4589&etti=24&acct=7853161b-6814-4528-85bc-ffe96cfca42f&er=09ab18a7-8de5-4c92-931d-cb9cd9f7b00d	Get hash	malicious	Unknown	Browse	199.232.214.172
	https://egift.activationshub.com/gift-card/view/8lPFUrjq1LGzg7JHwS8hJJRdL	Get hash	malicious	Unknown	Browse	199.232.214.172
	https://www.canva.com/design/DAGUUU-VdiI/DdL4Z-_loK4X7NMMbGGnJg/view?utm_content=DAGUUU-VdiI&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	Unknown	Browse	199.232.214.172
	Windows-StandardCollector-x64.exe	Get hash	malicious	Codoso Ghost	Browse	199.232.210.172
	Payment for outstanding statements.pdf	Get hash	malicious	HTMLPhisher	Browse	199.232.214.172
	ATT25322.html	Get hash	malicious	Unknown	Browse	199.232.210.172
	https://app.pandadoc.com/document/v2?token=69b8ae0059c2551a9a27ed1b65653c1a0b5ee1ff	Get hash	malicious	Unknown	Browse	199.232.214.172
	file.exe	Get hash	malicious	Unknown	Browse	199.232.214.172

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AMAZON-AESUS	la.bot.mipsel.elf	Get hash	malicious	Unknown	Browse	44.206.248.96
	phish_alert_sp2_2.0.0.0 (1).eml	Get hash	malicious	Unknown	Browse	52.6.56.188
	la.bot.arm.elf	Get hash	malicious	Unknown	Browse	100.31.42.161
	la.bot.arm.elf	Get hash	malicious	Unknown	Browse	34.226.245.40
	la.bot.powerpc.elf	Get hash	malicious	Unknown	Browse	100.25.217.13
	la.bot.mips.elf	Get hash	malicious	Unknown	Browse	18.233.127.142
	la.bot.m68k.elf	Get hash	malicious	Unknown	Browse	54.243.28.99
	la.bot.sparc.elf	Get hash	malicious	Unknown	Browse	54.56.4.128
	newsample	Get hash	malicious	Mirai, Okiru	Browse	3.221.126.11
	https://nt3e.com/_1.html?%20send_id=eh&tvi2_RxT=www.networksolutionsemail.com/ntpdkptJegwgUbePDCPPdVkFuvAlhtlBYyzZldVkFuvAlhtlBYyzZlPwcjpjmntpdkptJegwgUbePDCPPdVkFuvAlhtlBYyzZlntpdkptJegwgUbePDCPPdVkFuvAlhtlBYyzZl&e=cnlhbl9ob3dhcmRAb3V0bG9vay5jb20=	Get hash	malicious	HTMLPhisher	Browse	18.204.110.8
AMAZON-AESUS	la.bot.mipsel.elf	Get hash	malicious	Unknown	Browse	44.206.248.96
	phish_alert_sp2_2.0.0.0 (1).eml	Get hash	malicious	Unknown	Browse	52.6.56.188
	la.bot.arm.elf	Get hash	malicious	Unknown	Browse	100.31.42.161
	la.bot.arm.elf	Get hash	malicious	Unknown	Browse	34.226.245.40
	la.bot.powerpc.elf	Get hash	malicious	Unknown	Browse	100.25.217.13
	la.bot.mips.elf	Get hash	malicious	Unknown	Browse	18.233.127.142
	la.bot.m68k.elf	Get hash	malicious	Unknown	Browse	54.243.28.99
	la.bot.sparc.elf	Get hash	malicious	Unknown	Browse	54.56.4.128
	newsample	Get hash	malicious	Mirai, Okiru	Browse	3.221.126.11
	https://nt3e.com/_1.html?%20send_id=eh&tvi2_RxT=www.networksolutionsemail.com/ntpdkptJegwgUbePDCPPdVkFuvAlhtlBYyzZldVkFuvAlhtlBYyzZlPwcjpjmntpdkptJegwgUbePDCPPdVkFuvAlhtlBYyzZlntpdkptJegwgUbePDCPPdVkFuvAlhtlBYyzZl&e=cnlhbl9ob3dhcmRAb3V0bG9vay5jb20=	Get hash	malicious	HTMLPhisher	Browse	18.204.110.8

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://novisurvey.net/ns/n/z133i.aspx	Get hash	malicious	Unknown	Browse	52.149.20.212 184.28.90.27
	https://u47751895.ct.sendgrid.net/ls/click?upn=u001.LUpianUM71xe7PV7wDA6i1kcuy38W249FfPzE-2Fn4iGArrL0MQBCUZHFEzmfBrwW7hf5h8aNQUml0OSIHqpXf0Hd-2FwQBg2gsGxKHK7PsY2xc-3DPya1_YT5LbHmSQ6soq50ixwpFbSYZshuq6-2FPFgRa8NDnR03IYhL-2F9Rsp4maHC7HKUeszLncLvtZaWCVsMwsguQ5-2FbgriKbvHymTrFFrqjql1V0tvMkZQvyA1xxy-2B6NtGFoUeUGIrvdabsXN8enx2k5c-2BvLXzm-2BRXmD29Cf33DbXC513Cwkuo46G2I7a1uwsANH8eVhz8r5XyLPneRi4ngixWtQkBEaLBBKkl5CzEPySNlMnqJuuWiTBlFswgUf9EX-2BEhUpqAvMFuAlKTpYcteS-2FjAegbPmUSDcSeBkfnhL6yUhTFHUFrxra-2BdIgnamsXKUUqu-2BC45G51EOfBd9qOCqWy3OeOC7KYj3-2FcaIfcOAM1Jkvyddtn3gwRC5w97RLza-2BBM2JcZLNzMYva4SJzBZv7RClCaMcjevyjP6ZFvlR0NECf5zAmWbPLmCUnefze8ZyTvnDqXVb3nrflSdnTlNxWfm617xjOrSoSu-2BVHZVqbE92ZodSyvWqgaCWZg0TMDZeq64M67nuH9ryo7I5u80SS081vnMThCYiPoN3JUoUliQPKbNY46GxAPyVhMs4qqZVi-2FFUtIGEycXziXytxfy6JCzAZ2sa7DZusc1RftLAVM4uJit-2FAhxM-2FK1sEHsKHKvs9o7uDMExZ5YqEBjrD2XHch-2BY6xwRGGg56MeC1Bpa72xAoR6DmInmiEX4j92yaROEh1-2FMsHdtSstN7zc8gxU7ETVWVMBRLf6m4dTRruSfSNaLUi9QLq9d7Qfe8VMdKN1j9FMGIYia88728BDNNxRTaT4nSNITRr9JPa4Z1K1vdUocdyCKNcYSZsN8yguI0-2FqNXUfWFuoxnz5MDqwufLzxub8Fw-3D-3D	Get hash	malicious	HTMLPhisher	Browse	52.149.20.212 184.28.90.27
	http://lowes.mooo.com/index.php?search=4&d16852&morde=354-1256&lm=400100KWWT29761&sd=15&page=9u6rpKHD2TMFWFa#izRRKlsmoFgLg4jmhaU9	Get hash	malicious	Phisher	Browse	52.149.20.212 184.28.90.27
	https://chapelet-mariae.com.pl/qgxPm/	Get hash	malicious	HTMLPhisher	Browse	52.149.20.212 184.28.90.27
	EBalcao_ysx.vbs	Get hash	malicious	Unknown	Browse	52.149.20.212 184.28.90.27
	https://tronlkam8s2.z13.web.core.windows.net	Get hash	malicious	TechSupportScam	Browse	52.149.20.212 184.28.90.27
	http://tronlkam8s2.z13.web.core.windows.net	Get hash	malicious	TechSupportScam	Browse	52.149.20.212 184.28.90.27
	SecuriteInfo.com.Trojan.Siggen29.57841.15930.23271.exe	Get hash	malicious	RedLine	Browse	52.149.20.212 184.28.90.27
	https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiGKYA8h-2Fs2ZE4k4Mw5OTNkG7MXiFSxnNtW0j6ofSHAXW1HldotIiuSczAWXKMwqPC9SEFfmHbhfPeJSnLL1byLqHFtV-2B5-2Bzlu3aEmkvEsjdF4pfPyN0cCie5qLdpyqXEVc-3DdW75_nptsQERiP2bxDplO0Yopma5-2B3-2BHXjIBfjCSriTnBL6bDAIVjKAbvVGNCWdU9DqIsFlkV1hwq0qq8QFfBJ4Jw83lxfQiag11eNjful-2F5DZNB0MfOdNL9CUK7i3u0XSRn3tgRxnTXYhlIImrFKtd24RJvAaDi0YLYq-2F-2Bnuc9osPPDAYREdTeCb9pcHCOzNWNquq3heowckATHcFvqXT76Jk2gcbZFXWlQRsFjG8eDMpM-2FLXpgzBvYnGXnUOibU2YR8sPRE-2FoPHFza-2Fw01eQ45phCwYix9qckBwiXG0HXQmAbfGqimPLouUL92q8izxx4IU5EnAunMVPc46qKMPXhEF7g-3D-3D	Get hash	malicious	Unknown	Browse	52.149.20.212 184.28.90.27
	_Play__New__VM__01min 04sec____ATT2006587654 (Randiwestbrook) .htm	Get hash	malicious	HTMLPhisher	Browse	52.149.20.212 184.28.90.27

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	290
Entropy (8bit):	5.191876860981542
Encrypted:	false
SSDEEP:	6:++QBfQL+q2PRN2nKuAl9OmbnIFUt8t+QFG1Zmw+t+QFQLVkwORN2nKuAl9OmbjLJ:ZkQ+vaHAahFUt8YwG1/+YwQV5JHAaSJ
MD5:	61C1B2952B162D82FC9D1A4488A765C6
SHA1:	EB5E619D8EBA84B22F50EFA292E27443D9E4E402
SHA-256:	BEC60AF54C1DD6504C3C3AAFFBC3709E889CFE3598A98883B7F5E1E8C3A6E2D6
SHA-512:	648B64E3D3F6FB7F1FC3B015C645174199E234BEB40B2BE0E47D25A6C6DC54157E22273DCA3FE17B67673D3017C50CDC97DC9A598C9030281F6C679354AB2735
Malicious:	false
Reputation:	low
Preview:	2024/10/24-15:31:24.745 1a9c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/24-15:31:24.749 1a9c Recovering log #3.2024/10/24-15:31:24.749 1a9c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	290
Entropy (8bit):	5.191876860981542
Encrypted:	false
SSDEEP:	6:++QBfQL+q2PRN2nKuAl9OmbnIFUt8t+QFG1Zmw+t+QFQLVkwORN2nKuAl9OmbjLJ:ZkQ+vaHAahFUt8YwG1/+YwQV5JHAaSJ
MD5:	61C1B2952B162D82FC9D1A4488A765C6
SHA1:	EB5E619D8EBA84B22F50EFA292E27443D9E4E402
SHA-256:	BEC60AF54C1DD6504C3C3AAFFBC3709E889CFE3598A98883B7F5E1E8C3A6E2D6
SHA-512:	648B64E3D3F6FB7F1FC3B015C645174199E234BEB40B2BE0E47D25A6C6DC54157E22273DCA3FE17B67673D3017C50CDC97DC9A598C9030281F6C679354AB2735
Malicious:	false
Reputation:	low
Preview:	2024/10/24-15:31:24.745 1a9c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/24-15:31:24.749 1a9c Recovering log #3.2024/10/24-15:31:24.749 1a9c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.150128330226147
Encrypted:	false
SSDEEP:	6:++jMq2PRN2nKuAl9Ombzo2jMGIFUt8t+p9Zmw+t+sl/kwORN2nKuAl9Ombzo2jM4:ZYvaHAa8uFUt8Yf/+Y05JHAa8RJ
MD5:	62FA7F0A1963B03FEAF5A151BC8D0A27
SHA1:	ECD136C4A2D438D9DDA4AB20BF3B6E8E566654CA
SHA-256:	153E29B1477C8E7FA7EF25154953A068BFE06645208677F24917E74113C370CF
SHA-512:	FA4B290F0B15035CC7E02E279A26A53673969C8FEA6B10C19BAD18A77757BC8AE60DCCD8C8616B6C085DA5DAA295C249F00D1AFF03C64AA4E496A719D5D5DAEA
Malicious:	false
Preview:	2024/10/24-15:31:24.333 1804 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/24-15:31:24.339 1804 Recovering log #3.2024/10/24-15:31:24.341 1804 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.150128330226147
Encrypted:	false
SSDEEP:	6:++jMq2PRN2nKuAl9Ombzo2jMGIFUt8t+p9Zmw+t+sl/kwORN2nKuAl9Ombzo2jM4:ZYvaHAa8uFUt8Yf/+Y05JHAa8RJ
MD5:	62FA7F0A1963B03FEAF5A151BC8D0A27
SHA1:	ECD136C4A2D438D9DDA4AB20BF3B6E8E566654CA
SHA-256:	153E29B1477C8E7FA7EF25154953A068BFE06645208677F24917E74113C370CF
SHA-512:	FA4B290F0B15035CC7E02E279A26A53673969C8FEA6B10C19BAD18A77757BC8AE60DCCD8C8616B6C085DA5DAA295C249F00D1AFF03C64AA4E496A719D5D5DAEA
Malicious:	false
Preview:	2024/10/24-15:31:24.333 1804 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/24-15:31:24.339 1804 Recovering log #3.2024/10/24-15:31:24.341 1804 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	403
Entropy (8bit):	4.991912620470644
Encrypted:	false
SSDEEP:	12:YHO8sqC5WsBdOg2Hpcaq3QYiubrP7E4TX:YXsnZdMHQ3QYhbz7n7
MD5:	EE9148C06E91D1A2C053DAFDAD0D21B2
SHA1:	DE8ACA4E348102744BA09213E0B799DACA8BDAE3
SHA-256:	0AF29BBA8AAA1089685DDDF329364A89D154DBC5A3C2561C41C0FB9B919A8717
SHA-512:	2347E01A1E9AAF04BC04E4F339CDEAD9FB99BC53E637E1A8B499CF139817DFF6DCF9D068972BB44509B01BE7516C5FC3F61E6C4EB0647C20FDA811ADD1A81277
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374358290296797","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":266779},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\c2922ff2-012d-40b4-9535-e589657fd403.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	403
Entropy (8bit):	4.991912620470644
Encrypted:	false
SSDEEP:	12:YHO8sqC5WsBdOg2Hpcaq3QYiubrP7E4TX:YXsnZdMHQ3QYhbz7n7
MD5:	EE9148C06E91D1A2C053DAFDAD0D21B2
SHA1:	DE8ACA4E348102744BA09213E0B799DACA8BDAE3
SHA-256:	0AF29BBA8AAA1089685DDDF329364A89D154DBC5A3C2561C41C0FB9B919A8717
SHA-512:	2347E01A1E9AAF04BC04E4F339CDEAD9FB99BC53E637E1A8B499CF139817DFF6DCF9D068972BB44509B01BE7516C5FC3F61E6C4EB0647C20FDA811ADD1A81277
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374358290296797","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":266779},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4099
Entropy (8bit):	5.232255021737243
Encrypted:	false
SSDEEP:	96:OLSw0bSwIAnrRqLX2rSq1OUxu/0OZ0xRBTxekN8xek0ntiW:OLT0bTIeYa51Ogu/0OZARBT8kN88lntN
MD5:	A2A0F78F474066861B83E43BA85A8466
SHA1:	B8C4178256F489E8D406F5123C82DB8D037B98C1
SHA-256:	3CECA105C6DBE4B9C331FCB08EA2A4E76B92B99C91DA2F04E48EC29B6140FAAF
SHA-512:	862FD24D34CAA72FAA8BF7B3AC6AC0023D4E5E1CA7C63515CB040C1D4A381A49CDDA0CC5A93BA0329DCF7A8A0D064B207A1476120ED0AAC47EE33E2934F4E4CA
Malicious:	false
Preview:	*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	322
Entropy (8bit):	5.140924464611673
Encrypted:	false
SSDEEP:	6:++Ccq2PRN2nKuAl9OmbzNMxIFUt8t+OMZmw+t+oskwORN2nKuAl9OmbzNMFLJ:ZCcvaHAa8jFUt8YOM/+Y95JHAa84J
MD5:	5D652080A14B2B973A7CC25099E71A20
SHA1:	A407649A753CFC9305AAB210DEB2261AC796ACB2
SHA-256:	13736DF16ABB480549007B33FB6041C26389F037FA781F809C8D445BD256C7B4
SHA-512:	455EE10661391FC574344149D6AECF154988823FC600A5A042052988CB8E4A4F3D114B235D77B8DCC0A4B2132A511512219ECE4456B8E08F7B3396CEA593E0B5
Malicious:	false
Preview:	2024/10/24-15:31:24.800 1804 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/24-15:31:24.801 1804 Recovering log #3.2024/10/24-15:31:24.803 1804 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	322
Entropy (8bit):	5.140924464611673
Encrypted:	false
SSDEEP:	6:++Ccq2PRN2nKuAl9OmbzNMxIFUt8t+OMZmw+t+oskwORN2nKuAl9OmbzNMFLJ:ZCcvaHAa8jFUt8YOM/+Y95JHAa84J
MD5:	5D652080A14B2B973A7CC25099E71A20
SHA1:	A407649A753CFC9305AAB210DEB2261AC796ACB2
SHA-256:	13736DF16ABB480549007B33FB6041C26389F037FA781F809C8D445BD256C7B4
SHA-512:	455EE10661391FC574344149D6AECF154988823FC600A5A042052988CB8E4A4F3D114B235D77B8DCC0A4B2132A511512219ECE4456B8E08F7B3396CEA593E0B5
Malicious:	false
Preview:	2024/10/24-15:31:24.800 1804 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/24-15:31:24.801 1804 Recovering log #3.2024/10/24-15:31:24.803 1804 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241024193127Z-170.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	2.376282213929114
Encrypted:	false
SSDEEP:	192:ziiZ77O6xLK0HrrrSBFt8+dhgkrrrrrrrrrrrrrrriP71+6iKjPHSGqQ777WJLBC:KoP/zNz8xwmpmBa/HRe
MD5:	61F46A4E16C5F2B98465D17AE3719BE4
SHA1:	E6EB9D8C8759BDAF0B0F09173B1950C50F5A3E02
SHA-256:	E0510E204D18D4F9FEB80E134F8913B69EFE6F6B9AB65A60AC3949AC8544BD5B
SHA-512:	847847C3C9C7EFB520AF3198F538A1C27C4163AA46A3A412FBCB96BA4C04E52E736BA8B2F330E8D87F38064BFD82F6DA3F8AE89CAC17B4923C68D447D7A312BD
Malicious:	false
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	57344
Entropy (8bit):	3.291927920232006
Encrypted:	false
SSDEEP:	192:vedRBvVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:veBci5H5FY+EUUUTTcHqFzqFP
MD5:	A4D5FECEFE05F21D6F81ACF4D9A788CF
SHA1:	1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
SHA-256:	83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
SHA-512:	FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	16928
Entropy (8bit):	1.2137411826440032
Encrypted:	false
SSDEEP:	24:7+tu9qLi+zkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9Mzm+Z1:7MoqLmFTIF3XmHjBoGGR+jMz+LhI
MD5:	B17AA1D1BDED0C60C344A36903F0ED43
SHA1:	ECBF2CF24B823E7B300B527EC5E87317FBA212E8
SHA-256:	D3BA5937778E20A9D18725F01133D40EF5F91C08A397AF07E96DECACA85D6FDF
SHA-512:	DADE745A51985CC9F006C2A094A0A1A3221852EB4DCF4EA22E6D5FF6DC90706AAAA853524E8F0CBECCD230FE81F973C18F3BA0EAAA4D9B342C44F888A5F23552
Malicious:	false
Preview:	.... .c......r#.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:	24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:	1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.7686775296558497
Encrypted:	false
SSDEEP:	3:kkFkljOevtfllXlE/HT8ksvNNX8RolJuRdxLlGB9lQRYwpDdt:kKleveT8JVNMa8RdWBwRd
MD5:	5EDA3537C0446EB838D4654FAF0D4D94
SHA1:	65CDD0BD76A0B0A29DB4E4857FF11554A9384C04
SHA-256:	E3CAECD966C77D33F6B219BF5AE0668D85B5F1C180720E740E0DCD3C1F6B2F85
SHA-512:	DFE1B70F5EBA21FCF2220AEF0DEDED673D3659C65977DCD8248F642A1F317FD4304C3E3BD849BD03676D6EFE6BCD2833BFE3E7AB2591C0F58D84BAADA247150F
Malicious:	false
Preview:	p...... ..........EWK&..(....................................................... ..........W....(F..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.2394988199912085
Encrypted:	false
SSDEEP:	6:kKVMDL9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:DDImsLNkPlE99SNxAhUe/3
MD5:	A4FF7179B0540A8C10BDD87BAE7D776E
SHA1:	E3B3C70EA35DCCD60215C9CCA95D711810B21ACA
SHA-256:	16769BA504B89595CDDFA0EEC17967523B5566AC9D0D5074023310E740F95A58
SHA-512:	0BE793D0ABFD4B375767D59DDA1D80659F5FA8BEA9DD89FA747AF56BA2B18032D81BE57CD952A0005142FA3D35765BE640123F8F7C8D6D2636943BA158CDE3B1
Malicious:	false
Preview:	p...... ...........iK&..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6384

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.3748970774747455
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBE2vwW55IRR4UhUR0YNuoAvJM3g98kUwPeUkwRe9:YvXKXBE8j5WRuUhUhFGMbLUkee9
MD5:	58C741D2161A81154E5BDDFE5E1B6844
SHA1:	139547CE3567A52F31D26647AEB481E8AE768C29
SHA-256:	F30AC7E088E9ADED5DDF8A33AF37E0FF3955E153CDC132AE718CBB069DB130B8
SHA-512:	86B612021A5178111C1E78BF0325095812938A2D61610E73C364098DE27D73B8857F2C1C76674D286E5B6D0D8721245CB93367D65D9C4C57EA744687D7A798C4
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b91bf34b-a3a2-4be0-9537-3583e929a0de","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1729974120803,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.3228996923752
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBE2vwW55IRR4UhUR0YNuoAvJfBoTfXpnrPeUkwRe9:YvXKXBE8j5WRuUhUhFGWTfXcUkee9
MD5:	E6991016CC17CCA07B569BDB154AC727
SHA1:	88DD3F7A9D913834AA9162F01A0050B8964D7824
SHA-256:	3CA668D49AF8919F0B939CBC3F2DE22FF5B60B7BFAC43AC112616C2DC43FF4FB
SHA-512:	76B7355E36C276DAAF373B94253569600557D5C74577745083F0BD2DE65E3EF924B3D1BA92CAB30CC37E589003A74E8567A4444E8808BEE84BC1B4373826199B
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b91bf34b-a3a2-4be0-9537-3583e929a0de","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1729974120803,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.302659020032196
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBE2vwW55IRR4UhUR0YNuoAvJfBD2G6UpnrPeUkwRe9:YvXKXBE8j5WRuUhUhFGR22cUkee9
MD5:	3F0451B5AC58D67693AF134C13ACF8C7
SHA1:	02EE01B021392F24C9261C1D41883FD96F8CCC31
SHA-256:	3DD4173832400220A62325578FBF4DEF8B0023EEFC3B339C3C4101FEA563AA7D
SHA-512:	7E7785ED0F2E962A42C46EF0ADF5A013CA9417EDD60D192D4CC16922F8CA8341D21D6CFAF3C4D67A67EA8FBF459211EB1C85A660CC3DFE7BD2F5BBDC6DC1BCAE
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b91bf34b-a3a2-4be0-9537-3583e929a0de","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1729974120803,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.36368195713355
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBE2vwW55IRR4UhUR0YNuoAvJfPmwrPeUkwRe9:YvXKXBE8j5WRuUhUhFGH56Ukee9
MD5:	746B74EDF790C57759BCFC11D4269304
SHA1:	6862722D02FA4ABA3DEDCFB6338C24552D578F6A
SHA-256:	0DBD7902BC5F6FB3CCAC22991D92105912085A2A2124DCFB9C54CA73B59E71FA
SHA-512:	3583340200C0B13DAF2B21F25BC48BDF25502D420EFD329058489C4938F4BC7EB358C7E146F1C3D88465864F8D0457B313F1C838588306FAB7C74E420529BE4C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b91bf34b-a3a2-4be0-9537-3583e929a0de","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1729974120803,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1055
Entropy (8bit):	5.659385019059844
Encrypted:	false
SSDEEP:	24:Yv6XBE8UUhKpLgEscLf7nnl0RCmK8czOCCSPr:YvUE8UUEhgGzaAh8cv/Pr
MD5:	676B09121A8CF459D4179F124DAC1043
SHA1:	F810209E8E90491D564540470C0FE98CC3D6B2D3
SHA-256:	7A446C4F7B892749FC0A5244E123EA9969B1204B4D54D04B3A6A3D6A8D41A93E
SHA-512:	4C30993C608EE6C156CCC6F6450F1AC2B04E80D42222219BD0240A23182652D6ED83881AC16750B74D9D7FEEF0E15F271384D7BD4F7E291100F8E154F708B10E
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b91bf34b-a3a2-4be0-9537-3583e929a0de","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1729974120803,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_1","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"eb1a4bce-8215-46f1-b44c-154b21a85d60","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingScheme":tr

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1050
Entropy (8bit):	5.65458462148655
Encrypted:	false
SSDEEP:	24:Yv6XBE8UUhMVLgEF0c7sbnl0RCmK8czOCYHflEpwiV2r:YvUE8UUeFg6sGAh8cvYHWpwPr
MD5:	4C42A5F43E29FDEBF038ADA2547473FB
SHA1:	717529C5A4ADFDCCA0F50B1EC04C59077D910F89
SHA-256:	BDAAE9D1FD10C6D4E172D0F89AB40846FB81D2DC95DD7BD990E92C7729C2E028
SHA-512:	353555F2096C433FA459041EB4E75D95594ED3E9C356EF2CF6A9A140A8C4B4390CC844108A17A360E0979776D6B3CDD0AD82CC4318B09D80FFB7FF956B062917
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b91bf34b-a3a2-4be0-9537-3583e929a0de","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1729974120803,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.313831129782695
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBE2vwW55IRR4UhUR0YNuoAvJfQ1rPeUkwRe9:YvXKXBE8j5WRuUhUhFGY16Ukee9
MD5:	E51174E3F40D4994F6327C950D2B9931
SHA1:	E13FABB4F06C73ED232227A6C5B2F9E08B603B96
SHA-256:	36E980A8B0861F373E28846C31F42711AC209D1C338D89C3F0623A2CC23FBB96
SHA-512:	38EDF82F88121104B43383C0DA06677D3B06B50CB7C0778BAA3683786A01AE29BD531C2C78A0676A68967CE590345480B18D0C1ABB7FD73BEFE4FC854EB7BFEC
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b91bf34b-a3a2-4be0-9537-3583e929a0de","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1729974120803,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1038
Entropy (8bit):	5.650261244483224
Encrypted:	false
SSDEEP:	24:Yv6XBE8UUhx2LgEF7cciAXs0nl0RCmK8czOCAPtciB2r:YvUE8UUrogc8hAh8cvAor
MD5:	D9D2C19E5C506CC4E917874F22E720DC
SHA1:	62F6B8410449E58F36B88446FFEDFE69E87E619B
SHA-256:	023253DEE848838B0B18A8BF1A265531801AE04F9D4FFA57B93A206E0EAA83E4
SHA-512:	053D220F6FD8101380B92178ACF38026F69775C1D3191831E0624945585D415F02C60CD27E442177C72D772E123A19A4E5A571DB3760A3D9C702B461E25A2B6B
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b91bf34b-a3a2-4be0-9537-3583e929a0de","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1729974120803,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	5.698620884289372
Encrypted:	false
SSDEEP:	24:Yv6XBE8UUhxKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK52r:YvUE8UUnEgqprtrS5OZjSlwTmAfSKkr
MD5:	E97BCB7148A040047EE01DAA0D1B27B2
SHA1:	4698D59C840E53FA6227362AE1298F94000C68D9
SHA-256:	DD6D5643851D0E3192D7FD82170D0F00DB747FB0BF3EB39156219554321BB15A
SHA-512:	CCBF79E5C604EDB2B1078B9EFF3865E885CB08F39DD22E13F4DEA086B94A6BAC0E096A09FE5BBC9EB123BABBDC51D62DB1F5FE541F3869F944E1C6491E99D993
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b91bf34b-a3a2-4be0-9537-3583e929a0de","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1729974120803,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.316235930023473
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBE2vwW55IRR4UhUR0YNuoAvJfYdPeUkwRe9:YvXKXBE8j5WRuUhUhFGg8Ukee9
MD5:	D83F03F96749114556CB63C2E6BA8C77
SHA1:	F4775FA6EC5B3BE45C623E9D3AF93AC6EC9CA2DC
SHA-256:	7085B93F70AD7BB50F7EC0CA76B59D2E116E936ED6C83CF35003E70FDB836402
SHA-512:	914A6CCB04B56F42EE3339990DC565E88A1411990DB60ACB2A02AB04BBD830EB09BE7411EC5FE64599C21BE7AD982F81E597D857E3817AB1EFDF0EF46E4B6F60
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b91bf34b-a3a2-4be0-9537-3583e929a0de","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1729974120803,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.76936521612413
Encrypted:	false
SSDEEP:	24:Yv6XBE8UUh8rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNur:YvUE8UU6HgDv3W2aYQfgB5OUupHrQ9FK
MD5:	B26F59D1D914B94DC5DC3EEBBFD566BE
SHA1:	130587172128222FD1D17F7E33D769BF9D1D61FE
SHA-256:	7A5ADD1AFB4833B2B8B07126BFF53ACDE4EF486905BE1AFB0F0A41033B446C7A
SHA-512:	FF690D8E4EE3D6C0E8061953EB08098F944F34A50EA107B7CB36EE31297FD32E83D01EB00EF87534DF5FBB74CC55AE754FC788722836B1C5C10DF3F25F5F3AC6
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b91bf34b-a3a2-4be0-9537-3583e929a0de","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1729974120803,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.2996714405494085
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBE2vwW55IRR4UhUR0YNuoAvJfbPtdPeUkwRe9:YvXKXBE8j5WRuUhUhFGDV8Ukee9
MD5:	0A21C1D0D262F9E8D625FAB8E327A6C5
SHA1:	DBAEF39C398B9E4035942F50B0D20E913FEDBF09
SHA-256:	F8B72D7E7CB39FBD4A604E5FE47AC21714DEBEAE8805BF550C330E3B530B580B
SHA-512:	A95153A13418CE1C652973FFB0B59740CBFF5C412641748E88A77501CA7775AEACD58467028E184C427340D3B1A0B8006CD8E1B927B325D5A4DEF853509D1727
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b91bf34b-a3a2-4be0-9537-3583e929a0de","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1729974120803,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.303573355967347
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBE2vwW55IRR4UhUR0YNuoAvJf21rPeUkwRe9:YvXKXBE8j5WRuUhUhFG+16Ukee9
MD5:	142F93EE193A5D50B74B52B50ECF9629
SHA1:	7D81CA4EC3A3BE22776E36E9C8A18B184A0090F3
SHA-256:	7390650559808BCEE3DF3AFE3AD36A9B09306EDD69D3FA1A323E7B11B4271A07
SHA-512:	1F1E73D02A641F05D5EFC3228C6746898F0C20915E45657D586AD28ECC463D1D9C76BCA06C35AA3BBE5D82F50BB161A3925DAD74CDF71F2E2FAC1DFA05AE328A
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b91bf34b-a3a2-4be0-9537-3583e929a0de","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1729974120803,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	5.629479747696904
Encrypted:	false
SSDEEP:	24:Yv6XBE8UUhWamXayLgE7cMCBNaqnl0RCmK8czOC/BSPr:YvUE8UUmBgACBOAh8cvMPr
MD5:	EE39200AE7D1BFEBE8FA3434CE3B85D8
SHA1:	D153ABE91EF1DB37A5A9218C0BA5EB619266E193
SHA-256:	ECFFD977A3450006E37F464846C84F07719B7DD722C247FAF394B4C8B085F9A2
SHA-512:	E7E9E50EEB654A882D14A3A77E7A15ECBB4D7417F95040DF25A45D2FC5D7D6909F0A66A2540806C8003883EE1E07BB391FF615CC6DC72C60D722DA8A6180AD67
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b91bf34b-a3a2-4be0-9537-3583e929a0de","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1729974120803,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_0","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"6291f52b-6cb0-4d31-bc46-37ce85e9eb25","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1751323379000,"s

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.280267661536758
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBE2vwW55IRR4UhUR0YNuoAvJfshHHrPeUkwRe9:YvXKXBE8j5WRuUhUhFGUUUkee9
MD5:	067C2F5BFA54552C7F0E06F220491E65
SHA1:	F3B4EB3A9B12BC8D9ED69CD6A7282B89B2C6BA63
SHA-256:	9048FE9B6A443DC9CAD5C17FD2E47C0B83FEBF31B1963A2E1A32BD40B1EE2360
SHA-512:	967F174AD9BF1005F3CE461C12F443D6EBB535A96C64FE36A38348258F461A928FEBCBE98446CB22ECB5ED79CE66230B2F758CA5CA90636733E388767D4AB475
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b91bf34b-a3a2-4be0-9537-3583e929a0de","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1729974120803,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.369273325257867
Encrypted:	false
SSDEEP:	12:YvXKXBE8j5WRuUhUhFGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWySY:Yv6XBE8UUhh168CgEXX5kcIfANhPr
MD5:	2096267AAB9DDE5D1DF3E189B4AC5D6C
SHA1:	772C5EEBA5FC1A384F76F662D427921A80D7C611
SHA-256:	85BE06E1179F9F4AD3EEB4E898F71224D496530AC29EC43DB7DE03B2FD614BA0
SHA-512:	C0EF256D5B94D0DA4DBE3023C066B723EC3AFEE95DC1FCA562EBFE91E6AC4C3BE17EBC74F3145E1EBABF1D174BE65E2776EB21D8036D39A07775D0EFC1BE0E22
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b91bf34b-a3a2-4be0-9537-3583e929a0de","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1729974120803,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1729798290841}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2818
Entropy (8bit):	5.126467898934076
Encrypted:	false
SSDEEP:	24:YpTpxRpEAaymayuEez1CZrZmb9Ov64kjjj0SIwtvfdZC72YtKBP2LSF3SA5Xdx9/:YfxJVGV4o6hvHtTcsPLCAZv9yU
MD5:	2E95FC6E74AA07F25FD4BE0C52470E4A
SHA1:	65F40CB939B3A2A0862124BA1167B2A7D44BA067
SHA-256:	40ED6641CCED564E7E913D50EBA906BED3F171AE6CB47A998359D9BBD3B75119
SHA-512:	ACFFA1BF90BDA26AD30714A234D258625FCBEEA3A4B95BFF1FA8F7C4E9D87A0062F9349826228F388386D6B01AEA05995AC2DAA2B7BDEE87C75CEB3FFE81D433
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"b9755241d5281d90534ceed32eec2864","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1729798290000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"955a083724b87e3135d475122480831f","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1729798290000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"923ae67b3731a3fd8ac201c54b33babc","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1026,"ts":1729798290000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"f31fc6c323d3d6d03c4887196252f780","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1055,"ts":1729798290000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"dc12f780f70faaff562fcae5c4043008","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1729798290000},{"id":"Edit_InApp_Aug2020","info":{"dg":"25543622994e85ae3817f30911c188c9","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.9883509413280345
Encrypted:	false
SSDEEP:	24:TLHRx/XYKQvGJF7urs67Y9QmQ6QeyN3IcLESiAieKN3F:TVl2GL7ms67YXtryNYcI82NV
MD5:	AA092EDB8F3BE3BCAE632BF69D4DD6D4
SHA1:	E9F6EAB6F781E9E2976A48B6FA0727631DEA2A1E
SHA-256:	91BD5B13D96F379A9DD9E73074D647E103BAB5CA07C73FDFA0018804F4029562
SHA-512:	79971DD922A4C27D8CC9BEB0F38C0A269EC5855CC193C8B60D593DB20899B01597C9661D89B809E3E26DE592EDE26535DE356BD637DE85238EFDABD2FAD9BD74
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.344675241283136
Encrypted:	false
SSDEEP:	24:7+t+ASY9QmQ6QeyN37cLESiAi0mY9QGnqLBx/XYKQvGJF7ursF:7M+lYXtryNrcI8KYDqll2GL7msF
MD5:	E440C080942D1DCB943461447D10F45B
SHA1:	8FB25859E617B2E0EC17F2E05978F9D76F2DEE07
SHA-256:	49D5293BE58C9F4CF96584421015A62C763F0DB2D157DF2E5E73E79D4D483ECC
SHA-512:	FF5BF59D93C87774E7E4571BC197178F52C008A9C18A6CAB4CABE696272BC6F34541F51004C6E2A67A8E5FFD52BA01FE8F75BABC2CBE7BAB9FF0257F48B1E3C7
Malicious:	false
Preview:	.... .c.....]k.}......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI3bbcc.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.51161293806784
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8cjqTenH:Qw946cPbiOxDlbYnuRKHb
MD5:	C483793095C22EA76F6EA530E174B4FB
SHA1:	51EA668752206815C2930E8CBC905480296C7D7A
SHA-256:	CF6AD8A36BF1843A604682E2110A9F18210C8600AFEC5404E4D0B3892B93F70C
SHA-512:	B35924FF08B9FA59B8A5B5B435E29531D0DBC6934432A99C9C830434D0A315A95F281745BB38CC9A4174C08F7F6E2AE458AE07B55B0E0AABA88A114EFD9E575C
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.4./.1.0./.2.0.2.4. . .1.5.:.3.1.:.3.1. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-24 15-31-25-844.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.353642815103214
Encrypted:	false
SSDEEP:	384:tbxtsuP+XEWJJQbnR8L31M7HeltV+KYm3wsa2KjF4ODkr/O8r2IUHUHMWwEyZRN2:aPL
MD5:	91F06491552FC977E9E8AF47786EE7C1
SHA1:	8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
SHA-256:	06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
SHA-512:	A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
Malicious:	false
Preview:	SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	15114
Entropy (8bit):	5.355712170224384
Encrypted:	false
SSDEEP:	384:N1h4rXfeTDo4tEtT1iy96goJJq92e6+iXkA8i7EApPIWIBW1FkzE9uOj2xLAR4ID:j+a
MD5:	19B2554057F1A5EB122BDCDE4BB04CE4
SHA1:	2D1CDCA4943E93D4514020F3603860FA1D10B94F
SHA-256:	A5933CDD37D1A21550B1B35A7D783CC6C86D468A38D1883958F356FEB7A56880
SHA-512:	A30A9CE18DCDC901E3DC90993C74D8E65BD6E12991DC44305E99FEA5BA466763CEA86EC946546770E584ADF3EA2EB042D48A095667C75800C40196E50B29C6FA
Malicious:	false
Preview:	SessionID=a21c00f9-f8be-45df-9552-eb62b2efff65.1729798285865 Timestamp=2024-10-24T15:31:25:865-0400 ThreadID=7916 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=a21c00f9-f8be-45df-9552-eb62b2efff65.1729798285865 Timestamp=2024-10-24T15:31:25:869-0400 ThreadID=7916 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=a21c00f9-f8be-45df-9552-eb62b2efff65.1729798285865 Timestamp=2024-10-24T15:31:25:869-0400 ThreadID=7916 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=a21c00f9-f8be-45df-9552-eb62b2efff65.1729798285865 Timestamp=2024-10-24T15:31:25:869-0400 ThreadID=7916 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=a21c00f9-f8be-45df-9552-eb62b2efff65.1729798285865 Timestamp=2024-10-24T15:31:25:870-0400 ThreadID=7916 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.417606068254869
Encrypted:	false
SSDEEP:	768:ZIWWSP2hkX/8/IdQ/IGHgjUIgERAV/hVDiq8IoHMd/dgh3T/:P
MD5:	071A50FCF00F14751D7E4C98E4CD932D
SHA1:	BA603EB0A545455C3952081B0A3E523FAF1EE6ED
SHA-256:	9067B370BE6AA18EB1FBBFDA93F810C5122B54186F22C34769A585B842A6D2AC
SHA-512:	C9740EA767DD18539A34A5A54E389B4F2A6CAE5838D5203A6511A900EB57D7C3E347BA380BA78A6D1020A7F9849D3EFAC15A863B6F7C7E4CCCCE8F573D6F3BAC
Malicious:	false
Preview:	06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : *************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***********************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\68724621-7603-43ae-a990-e0ba979f7e37.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\b66aad0c-01be-4320-a07b-d471b87f5f23.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
MD5:	18E3D04537AF72FDBEB3760B2D10C80E
SHA1:	B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
SHA-256:	BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
SHA-512:	2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\c824fc98-895e-412e-80ed-b8d408c5c580.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\ccdc7bc1-1cbc-4129-b0c9-bcd3ab7dba24.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZjZwYIGNPJe:RB3mlind9i4ufFXpAXkrfUs03WLaGZje
MD5:	716C2C392DCD15C95BBD760EEBABFCD0
SHA1:	4B4CE9C6AED6A7F809236B2DAFA9987CA886E603
SHA-256:	DD3E6CFC38DA1B30D5250B132388EF73536D00628267E7F9C7E21603388724D8
SHA-512:	E164702386F24FF72111A53DA48DC57866D10DAE50A21D4737B5687E149FF9D673729C5D2F2B8DA9EB76A2E5727A2AFCFA5DE6CC0EEEF7D6EBADE784385460AF
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 18:31:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9878957681699703
Encrypted:	false
SSDEEP:	48:8ZdJsTKSlH7idAKZdA1FehwiZUklqehsJy+3:8CT7BJy
MD5:	96C36401E6AE4B2444BA54C72B681BA5
SHA1:	F3480EA1A6347D772B293C7A802E57E85CF94BAE
SHA-256:	6350D293C6227E178908A9F02E5DF71693D9B9F8E136A0574CF31656CE061E91
SHA-512:	D9F453C4AA5CF6E7C7E6BCC15B1091FA4EC07BAE170BA46E2E6C01B2D6D105E90899F50B9DCBFAFFCE86523D51A38E2FBFB26C2EFA3712C2B2E0F4FB01A2A60F
Malicious:	false
Preview:	L..................F.@.. ...$+.,.......QK&..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IXY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VXY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VXY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VXY............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............V.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 18:31:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.001433310700075
Encrypted:	false
SSDEEP:	48:8edJsTKSlH7idAKZdA1seh/iZUkAQkqehxJy+2:8PTl9Q+Jy
MD5:	1AEDAB3C8C3C454DE25E7BC412D03882
SHA1:	E18C3BF3EEFADB3C2F1815AA7631D60181D5B1F8
SHA-256:	381693C1986B6AC70C669778419F239442DFE0F5C37CB32DDEA7B9A9FBCBFFB5
SHA-512:	8633C948F3150517EB06FB1B589FCEC8F5C93CD68E7A356F9853A3689F74C45BBE178B3716E4F39A0C5CBDCDA1DD7191DE753E8CDB5594F4A721898B578CDC8E
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....l.QK&..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IXY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VXY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VXY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VXY............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............V.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.010770071718238
Encrypted:	false
SSDEEP:	48:8vdJsTKSAH7idAKZdA14meh7sFiZUkmgqeh7srJy+BX:8cTOndJy
MD5:	65E359ADE1BAE355E1F230361462A094
SHA1:	DA78DEF12AFD4B99451876083DD460DBCE38E5D0
SHA-256:	532232445014C88C0C8F222DEB5125BA541485131EE2A7C26F1CB0995D968D04
SHA-512:	5258A9A22B28C1F4C1EED5DBC3AA6E3085FB6591504347174A65EB5567C8FDD419290F0EAC49AAEB98B4830F2EF2EA040D3D81ADF7DE670FA33D715EFAC303E9
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IXY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VXY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VXY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............V.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 18:31:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.00001222934742
Encrypted:	false
SSDEEP:	48:8wdJsTKSlH7idAKZdA1TehDiZUkwqeh1Jy+R:8NT2jJy
MD5:	941789FEA745A0693D8187B769A9F3A2
SHA1:	FCEF45B7CCA0B6B1A9EBDD99EF2DD1E9555CA896
SHA-256:	82F05C2C90C5E3B8E12CE63610C20887826EEA84B7F10D4797748B21A8D50386
SHA-512:	365C01230748EBDF0030CF6EFF4DAFD7080E02647D2C49048C2BEF8DA523CB542764F4F568CC62E2412A981B366E1D3C3E58976BA3E3AB0C048247B74E8432A8
Malicious:	false
Preview:	L..................F.@.. ...$+.,....i..QK&..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IXY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VXY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VXY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VXY............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............V.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 18:31:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9901832999883062
Encrypted:	false
SSDEEP:	48:8CdJsTKSlH7idAKZdA1dehBiZUk1W1qehnJy+C:8rT29HJy
MD5:	654B2AD02FE553258EADD3DB7938BE3B
SHA1:	B9065BA1AF7F0293327596ED6F1E9A6418F0F176
SHA-256:	8C0DF6623B6F59390452B700723BA598C45AF8D3F6E1545B1B64D624436EBD21
SHA-512:	1FE85CA4F00B92CB597A47378D3D097E17D22A1BE723055BBA47BA0BF59498FDA0F8FCAECC93F3DC1809DC61D75FBC662454AD157022E27040F017D16848CA5D
Malicious:	false
Preview:	L..................F.@.. ...$+.,.......QK&..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IXY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VXY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VXY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VXY............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............V.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 18:31:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9989779380762456
Encrypted:	false
SSDEEP:	48:8fdJsTKSlH7idAKZdA1duTeehOuTbbiZUk5OjqehOuTbdJy+yT+:8sTMTfTbxWOvTbdJy7T
MD5:	2EC9159DA4473D3C20E6F819DD355D74
SHA1:	7EFA1633F567C482959EFF8EA63DF61FE6CE75DC
SHA-256:	8D313167799D197692538E2F7A07991E8562B11D7F1F2F927147C0D8AD8E66E8
SHA-512:	74EBF6FB7A4364A15E7ED2A51593174488A30812C85F43694A640818B877739498211B94B15EAE8EB0DACE92914007EA40DB7DA5BDEF0FE0BE934528889E7F39
Malicious:	false
Preview:	L..................F.@.. ...$+.,.......QK&..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IXY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VXY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VXY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VXY............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............V.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 159

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 97x98, 32 bits/pixel
Category:	downloaded
Size (bytes):	39654
Entropy (8bit):	1.370637106542055
Encrypted:	false
SSDEEP:	48:SLcaHCm9XzW5yyqN3S3j26cG7vba+X6uSCSGZy7yv6XlxpJDbDDpp144vdpz:SLcaii2eSjaQvbGuS66XlzXLz
MD5:	D25563A3F1F09EEB3EAA2C1DB5674335
SHA1:	06E0FE5BEA6B067B2D753A902138E791011F90CE
SHA-256:	F92C504D2ABACC8BD28C9DF3CDE37ADBA407F154896B5FEF163B7FCAFDA91300
SHA-512:	DB4E146F8233BEE2D34E13CD7D7BBF4E1D0157BB91AFC2070B8A639FE45BAAFE56042F4A19070B81898B6B18EEAAC1DFD593A2C7563C8C77A5E1EEE4F20E8980
Malicious:	false
URL:	https://policy.groovehq.com/favicon.ico
Preview:	......ab.... ........(...a......... ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 160

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 97x98, 32 bits/pixel
Category:	dropped
Size (bytes):	39654
Entropy (8bit):	1.370637106542055
Encrypted:	false
SSDEEP:	48:SLcaHCm9XzW5yyqN3S3j26cG7vba+X6uSCSGZy7yv6XlxpJDbDDpp144vdpz:SLcaii2eSjaQvbGuS66XlzXLz
MD5:	D25563A3F1F09EEB3EAA2C1DB5674335
SHA1:	06E0FE5BEA6B067B2D753A902138E791011F90CE
SHA-256:	F92C504D2ABACC8BD28C9DF3CDE37ADBA407F154896B5FEF163B7FCAFDA91300
SHA-512:	DB4E146F8233BEE2D34E13CD7D7BBF4E1D0157BB91AFC2070B8A639FE45BAAFE56042F4A19070B81898B6B18EEAAC1DFD593A2C7563C8C77A5E1EEE4F20E8980
Malicious:	false
Preview:	......ab.... ........(...a......... ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 161

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	assembler source, ASCII text
Category:	downloaded
Size (bytes):	483
Entropy (8bit):	4.600062624012868
Encrypted:	false
SSDEEP:	12:L2Q884KKkvaJ5AyBU+wgXoxq5Q13L0wiZf6cMfXGS2C:L3K8V4U2V6dgf6J2S2C
MD5:	DEE95FDCC81E6CA8B51B1FD89CF4AE8F
SHA1:	876DDA61FCD76EFB172F6A80ACE6E7C02EE24CB9
SHA-256:	DB95FB1802E3E1F79A4472F9EDA90268EE7C16D837762E6FAD942BD4CFD166DF
SHA-512:	ACFF3BAA2835B6D8490805471AC5FB5D05E29FB23E2882E6B305CD83BAF72C60E6545FEC5125D82ACA9E00F2CE5B2AE4C2A223BE010D4E11FC19AE734C15327B
Malicious:	false
URL:	https://policy.groovehq.com/stylesheets/kb404.css
Preview:	html, body {. padding: 0;. background: #fff;. height: 100%;. overflow: hidden;.}...spacer {. height: 30%;.}...wrapper {. text-align: center;.}..img {. margin-bottom: 32px;. width: 256px;. height: 148px;. object-fit: contain;.}...text {. font-family: Arial;. font-size: 14px;. font-weight: normal;. font-style: normal;. font-stretch: normal;. line-height: 1.57;. letter-spacing: normal;. text-align: center;. color: #666666;.}.

Chrome Cache Entry: 162

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 512 x 294, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	14302
Entropy (8bit):	7.790888061616527
Encrypted:	false
SSDEEP:	384:ergUfcHHtcfIKO5liQP8Uh66FXGp6WrCCi8w2X4IO0a:ervgHtcOOzUhdXGp6G/4IO0a
MD5:	1A0BF3A20FCB29ED2D959B423400B04D
SHA1:	F6F0323A650F348D942B2C7D42D172CF47E50BDF
SHA-256:	1A5C2C23DA32A0D16279B07C9CAA7DC06E7C1909160BAF53A3FFB183B89E387B
SHA-512:	EDC61A0A7AA51FC91ABEDFE1B9FD98973313A2914FD5CC152E196C0A2D7A99CCE6E2994DD2875BE0178F5F3360B2D41C52CDF8BD478B382F02C8DC764BB8E29E
Malicious:	false
Preview:	.PNG........IHDR.......&......e(L....sRGB.......7.IDATx.....E...D.%....d$+...(...=T<..AE..%H.CF.x.......<...(.D%I...... ...........7=...g?..MMu..fkjz..3..\.x.\....(D@..@..@...O.XF...-.........p......B.........@....FB.A..@..@.i....&.} .. .. `.......M.......... .p.(.............`$4..@..@...&...i.... .. ....@.`...D.......p......B.........@....FB.A..@..@.i....&.} .. .. `.......M.......... .p.(.............`$4..@..@...&...i.... .. ....@.`...D.......p......B.........@....FB.A..@..@.i....&.} .. .. `.......M.......... .p.(.............`$4..@..@...&...i.... .. ....@.`...D.......p......B.........@....FB.A..@..@.i....&.} .. .. `.......M.......... .p.(.............`$4..@..@...&...i.... .. ....@.`...D.......p......B.........@....FB.A..@..@.i....&.} .. .. `.......M.......... .p.(.............`$4..@..@...&...i.... .. ....@.`...D.......p......B.........@....FB.A..@..@.i....&.} .. .. `.......M.......... .p.(.............`$4..@..@...&...i.... .. ....@.`...D.......p......B.........@....FB.A..@..

Chrome Cache Entry: 163

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 512 x 294, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	14302
Entropy (8bit):	7.790888061616527
Encrypted:	false
SSDEEP:	384:ergUfcHHtcfIKO5liQP8Uh66FXGp6WrCCi8w2X4IO0a:ervgHtcOOzUhdXGp6G/4IO0a
MD5:	1A0BF3A20FCB29ED2D959B423400B04D
SHA1:	F6F0323A650F348D942B2C7D42D172CF47E50BDF
SHA-256:	1A5C2C23DA32A0D16279B07C9CAA7DC06E7C1909160BAF53A3FFB183B89E387B
SHA-512:	EDC61A0A7AA51FC91ABEDFE1B9FD98973313A2914FD5CC152E196C0A2D7A99CCE6E2994DD2875BE0178F5F3360B2D41C52CDF8BD478B382F02C8DC764BB8E29E
Malicious:	false
URL:	https://policy.groovehq.com/images/404-graphics@2x.png
Preview:	.PNG........IHDR.......&......e(L....sRGB.......7.IDATx.....E...D.%....d$+...(...=T<..AE..%H.CF.x.......<...(.D%I...... ...........7=...g?..MMu..fkjz..3..\.x.\....(D@..@..@...O.XF...-.........p......B.........@....FB.A..@..@.i....&.} .. .. `.......M.......... .p.(.............`$4..@..@...&...i.... .. ....@.`...D.......p......B.........@....FB.A..@..@.i....&.} .. .. `.......M.......... .p.(.............`$4..@..@...&...i.... .. ....@.`...D.......p......B.........@....FB.A..@..@.i....&.} .. .. `.......M.......... .p.(.............`$4..@..@...&...i.... .. ....@.`...D.......p......B.........@....FB.A..@..@.i....&.} .. .. `.......M.......... .p.(.............`$4..@..@...&...i.... .. ....@.`...D.......p......B.........@....FB.A..@..@.i....&.} .. .. `.......M.......... .p.(.............`$4..@..@...&...i.... .. ....@.`...D.......p......B.........@....FB.A..@..@.i....&.} .. .. `.......M.......... .p.(.............`$4..@..@...&...i.... .. ....@.`...D.......p......B.........@....FB.A..@..

Chrome Cache Entry: 164

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	469
Entropy (8bit):	4.942274119868983
Encrypted:	false
SSDEEP:	12:hYzOGBNevXJ6wYfhcCMGAll2qzZkWJFjoMTGL:hYKG8JMpBgllFZ3JFsMTu
MD5:	FDCE9588278D685CD13BF68B85DADA3D
SHA1:	8BE8242C04A521DA673BDDC8079CCDF7D58E9080
SHA-256:	DE4830C7841A16467216AB9220A6D9C9510256AFEC663771560AF488E6C23A3F
SHA-512:	421F74D6533C11DEB46C0A2AA3276F85366C2F37170CEE0F75E339A7265160EEBE3458AA49D6AF6F2898C75AFD5DC2D2A790265678DF28747E32CD50EED16847
Malicious:	false
URL:	https://policy.groovehq.com/help/hr-review?version%3Dlatest
Preview:	<!DOCTYPE html>.<html>..<head>. <title>404 - Page not found</title>. <meta http-equiv="Content-type" content="text/html; charset=utf-8" />. <link rel="stylesheet" href="/stylesheets/kb404.css" type="text/css" media="all" />.</head>..<body>. <div class="spacer"> </div>. <div class="wrapper">. <img src="/images/404-graphics@2x.png" />. <div class="text">Oh no, unfortunately the page you are looking for cannot be found.</div>. </div>.</body>..</html>.

Static File Info

General

File type:	PDF document, version 1.4, 1 pages (zip deflate encoded)
Entropy (8bit):	7.977195226835703
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Doc-Secure6033.pdf
File size:	560'293 bytes
MD5:	c88cc996e4e8aa7809663708a94322f6
SHA1:	0cc91bd50a1ae9c44c45654c5b782c3513ee2af9
SHA256:	fdc880939123388fccac41aa7db7c44575116f931ba1f8e17af9038b1130ed28
SHA512:	a1e7c7aba61f35736e2275a3c978cd11f762cd2749d7922002f086e67344cb528a850867b351577c2086e3992f1cdf78cc3e865e7433e8ebec3b7a8f39ccc4dc
SSDEEP:	12288:smRh0BFla74SIEQolcSaotgEdY7rUwXv6QFyP2YglfpY:s4h0BFs4SIWZaOaUwf6QM+tlfpY
TLSH:	C9C41281D53C5932F62D17B266295FD03AF8A8AF41E96C68F06D3E854313BF01662D3B
File Content Preview:	%PDF-1.4.%......12 0 obj.<</Linearized 1/L 560293/O 14/E 555926/N 1/T 559933/H [ 456 159]>>.endobj. ..xref..12 8..0000000016 00000 n..0000000615 00000 n..0000000749 00000 n..0000000977 00000 n..0000001186 00000 n..0000001222 00000 n..0000001

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.4
Total Entropy:	7.977195
Total Bytes:	560293
Stream Entropy:	7.977383
Stream Bytes:	557835
Entropy outside Streams:	5.211980
Bytes outside Streams:	2458
Number of EOF found:	2
Bytes after EOF:

Keywords Statistics

Name	Count
obj	19
endobj	19
stream	5
endstream	5
xref	2
trailer	2
startxref	2
/Page	1
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
18	0000000000000000	e0ec10c593ae251c6ac0386650e282bd

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 24, 2024 21:31:17.893402100 CEST	49689	80	192.168.2.16	192.229.211.108
Oct 24, 2024 21:31:19.397938013 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 24, 2024 21:31:20.983350039 CEST	49708	443	192.168.2.16	184.28.90.27
Oct 24, 2024 21:31:20.983401060 CEST	443	49708	184.28.90.27	192.168.2.16
Oct 24, 2024 21:31:20.983529091 CEST	49708	443	192.168.2.16	184.28.90.27
Oct 24, 2024 21:31:20.984503031 CEST	49708	443	192.168.2.16	184.28.90.27
Oct 24, 2024 21:31:20.984519958 CEST	443	49708	184.28.90.27	192.168.2.16
Oct 24, 2024 21:31:21.937202930 CEST	443	49708	184.28.90.27	192.168.2.16
Oct 24, 2024 21:31:21.937289000 CEST	49708	443	192.168.2.16	184.28.90.27
Oct 24, 2024 21:31:21.941010952 CEST	49708	443	192.168.2.16	184.28.90.27
Oct 24, 2024 21:31:21.941037893 CEST	443	49708	184.28.90.27	192.168.2.16
Oct 24, 2024 21:31:21.941390991 CEST	443	49708	184.28.90.27	192.168.2.16
Oct 24, 2024 21:31:21.971286058 CEST	49708	443	192.168.2.16	184.28.90.27
Oct 24, 2024 21:31:22.011373043 CEST	443	49708	184.28.90.27	192.168.2.16
Oct 24, 2024 21:31:22.271816015 CEST	443	49708	184.28.90.27	192.168.2.16
Oct 24, 2024 21:31:22.272012949 CEST	443	49708	184.28.90.27	192.168.2.16
Oct 24, 2024 21:31:22.272056103 CEST	49708	443	192.168.2.16	184.28.90.27
Oct 24, 2024 21:31:22.272089958 CEST	443	49708	184.28.90.27	192.168.2.16
Oct 24, 2024 21:31:22.272105932 CEST	49708	443	192.168.2.16	184.28.90.27
Oct 24, 2024 21:31:22.272105932 CEST	49708	443	192.168.2.16	184.28.90.27
Oct 24, 2024 21:31:22.272128105 CEST	443	49708	184.28.90.27	192.168.2.16
Oct 24, 2024 21:31:22.272135973 CEST	443	49708	184.28.90.27	192.168.2.16
Oct 24, 2024 21:31:22.312645912 CEST	49709	443	192.168.2.16	184.28.90.27
Oct 24, 2024 21:31:22.312706947 CEST	443	49709	184.28.90.27	192.168.2.16
Oct 24, 2024 21:31:22.312793016 CEST	49709	443	192.168.2.16	184.28.90.27
Oct 24, 2024 21:31:22.313076019 CEST	49709	443	192.168.2.16	184.28.90.27
Oct 24, 2024 21:31:22.313096046 CEST	443	49709	184.28.90.27	192.168.2.16
Oct 24, 2024 21:31:23.029278040 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 24, 2024 21:31:23.191648960 CEST	443	49709	184.28.90.27	192.168.2.16
Oct 24, 2024 21:31:23.191742897 CEST	49709	443	192.168.2.16	184.28.90.27
Oct 24, 2024 21:31:23.193293095 CEST	49709	443	192.168.2.16	184.28.90.27
Oct 24, 2024 21:31:23.193305016 CEST	443	49709	184.28.90.27	192.168.2.16
Oct 24, 2024 21:31:23.193797112 CEST	443	49709	184.28.90.27	192.168.2.16
Oct 24, 2024 21:31:23.194912910 CEST	49709	443	192.168.2.16	184.28.90.27
Oct 24, 2024 21:31:23.239329100 CEST	443	49709	184.28.90.27	192.168.2.16
Oct 24, 2024 21:31:23.331934929 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 24, 2024 21:31:23.459738970 CEST	443	49709	184.28.90.27	192.168.2.16
Oct 24, 2024 21:31:23.459815979 CEST	443	49709	184.28.90.27	192.168.2.16
Oct 24, 2024 21:31:23.461958885 CEST	49709	443	192.168.2.16	184.28.90.27
Oct 24, 2024 21:31:23.461994886 CEST	49709	443	192.168.2.16	184.28.90.27
Oct 24, 2024 21:31:23.462013006 CEST	443	49709	184.28.90.27	192.168.2.16
Oct 24, 2024 21:31:23.462028980 CEST	49709	443	192.168.2.16	184.28.90.27
Oct 24, 2024 21:31:23.462034941 CEST	443	49709	184.28.90.27	192.168.2.16
Oct 24, 2024 21:31:23.940227985 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 24, 2024 21:31:24.216918945 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 24, 2024 21:31:25.152137041 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 24, 2024 21:31:26.102050066 CEST	49713	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:26.102081060 CEST	443	49713	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:26.102144003 CEST	49713	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:26.102617979 CEST	49713	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:26.102632999 CEST	443	49713	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:26.966555119 CEST	443	49713	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:26.966840982 CEST	49713	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:26.966864109 CEST	443	49713	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:26.968374968 CEST	443	49713	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:26.968478918 CEST	49713	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:26.969528913 CEST	49713	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:26.969646931 CEST	443	49713	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:26.969903946 CEST	49713	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:26.969919920 CEST	443	49713	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:27.021939993 CEST	49713	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:27.148881912 CEST	443	49713	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:27.149068117 CEST	443	49713	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:27.149203062 CEST	49713	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:27.201622963 CEST	49713	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:27.201678038 CEST	443	49713	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:27.260663986 CEST	49714	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:27.260710001 CEST	443	49714	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:27.260795116 CEST	49714	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:27.261092901 CEST	49714	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:27.261115074 CEST	443	49714	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:27.261921883 CEST	49715	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:27.261961937 CEST	443	49715	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:27.262017965 CEST	49715	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:27.262236118 CEST	49715	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:27.262253046 CEST	443	49715	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:27.527348995 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 24, 2024 21:31:27.559952974 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 24, 2024 21:31:27.828083038 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 24, 2024 21:31:27.935163021 CEST	443	49714	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:27.935517073 CEST	49714	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:27.935600042 CEST	443	49714	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:27.936024904 CEST	443	49714	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:27.936415911 CEST	49714	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:27.936530113 CEST	443	49714	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:27.936688900 CEST	49714	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:27.983365059 CEST	443	49714	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:27.987972975 CEST	49714	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:28.100775003 CEST	443	49714	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:28.100877047 CEST	443	49714	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:28.100970984 CEST	49714	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:28.112811089 CEST	49714	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:28.112863064 CEST	443	49714	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:28.249166965 CEST	443	49715	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:28.258100033 CEST	49715	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:28.258142948 CEST	443	49715	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:28.258709908 CEST	443	49715	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:28.265064955 CEST	49715	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:28.265275002 CEST	443	49715	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:28.265434980 CEST	49715	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:28.305994034 CEST	49715	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:28.306025028 CEST	443	49715	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:28.433774948 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 24, 2024 21:31:28.502290010 CEST	443	49715	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:28.502363920 CEST	443	49715	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:28.502393007 CEST	443	49715	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:28.502412081 CEST	443	49715	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:28.502444029 CEST	443	49715	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:28.502470016 CEST	49715	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:28.502490997 CEST	443	49715	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:28.502547979 CEST	49715	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:28.536119938 CEST	443	49715	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:28.536202908 CEST	49715	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:28.536221027 CEST	443	49715	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:28.536293983 CEST	443	49715	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:28.536345959 CEST	49715	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:28.537236929 CEST	49715	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:28.537256002 CEST	443	49715	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:28.545219898 CEST	49717	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:28.545262098 CEST	443	49717	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:28.545392036 CEST	49717	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:28.545677900 CEST	49717	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:28.545697927 CEST	443	49717	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:28.730494022 CEST	49719	443	192.168.2.16	3.221.0.202
Oct 24, 2024 21:31:28.730524063 CEST	443	49719	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:28.730642080 CEST	49719	443	192.168.2.16	3.221.0.202
Oct 24, 2024 21:31:28.730874062 CEST	49719	443	192.168.2.16	3.221.0.202
Oct 24, 2024 21:31:28.730890036 CEST	443	49719	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:29.318120956 CEST	443	49717	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:29.318408012 CEST	49717	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:29.318432093 CEST	443	49717	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:29.318892002 CEST	443	49717	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:29.319386005 CEST	49717	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:29.319585085 CEST	49717	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:29.319591045 CEST	443	49717	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:29.319659948 CEST	443	49717	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:29.368007898 CEST	49717	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:29.500812054 CEST	443	49717	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:29.500850916 CEST	443	49717	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:29.500861883 CEST	443	49717	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:29.500900984 CEST	443	49717	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:29.500940084 CEST	49717	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:29.500952959 CEST	443	49717	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:29.501055956 CEST	49717	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:29.570364952 CEST	443	49719	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:29.570663929 CEST	49719	443	192.168.2.16	3.221.0.202
Oct 24, 2024 21:31:29.570693970 CEST	443	49719	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:29.574311018 CEST	443	49719	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:29.574388981 CEST	49719	443	192.168.2.16	3.221.0.202
Oct 24, 2024 21:31:29.574800968 CEST	49719	443	192.168.2.16	3.221.0.202
Oct 24, 2024 21:31:29.574871063 CEST	49719	443	192.168.2.16	3.221.0.202
Oct 24, 2024 21:31:29.575012922 CEST	443	49719	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:29.622965097 CEST	49719	443	192.168.2.16	3.221.0.202
Oct 24, 2024 21:31:29.623017073 CEST	443	49719	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:29.630754948 CEST	443	49717	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:29.630789995 CEST	443	49717	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:29.630846977 CEST	49717	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:29.630858898 CEST	443	49717	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:29.630868912 CEST	49717	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:29.630876064 CEST	443	49717	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:29.630985975 CEST	49717	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:29.632992983 CEST	443	49717	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:29.633059978 CEST	443	49717	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:29.633115053 CEST	49717	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:29.633115053 CEST	49717	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:29.633116961 CEST	443	49717	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:29.633162022 CEST	49717	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:29.633326054 CEST	49717	443	192.168.2.16	18.206.9.70
Oct 24, 2024 21:31:29.633344889 CEST	443	49717	18.206.9.70	192.168.2.16
Oct 24, 2024 21:31:29.636243105 CEST	49721	443	192.168.2.16	3.221.0.202
Oct 24, 2024 21:31:29.636317968 CEST	443	49721	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:29.636507988 CEST	49721	443	192.168.2.16	3.221.0.202
Oct 24, 2024 21:31:29.636734009 CEST	49721	443	192.168.2.16	3.221.0.202
Oct 24, 2024 21:31:29.636763096 CEST	443	49721	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:29.638963938 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 24, 2024 21:31:29.669974089 CEST	49719	443	192.168.2.16	3.221.0.202
Oct 24, 2024 21:31:29.738276958 CEST	443	49719	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:29.738301992 CEST	443	49719	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:29.738312960 CEST	443	49719	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:29.738348961 CEST	443	49719	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:29.738380909 CEST	443	49719	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:29.738389969 CEST	49719	443	192.168.2.16	3.221.0.202
Oct 24, 2024 21:31:29.738409996 CEST	443	49719	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:29.738424063 CEST	49719	443	192.168.2.16	3.221.0.202
Oct 24, 2024 21:31:29.738460064 CEST	49719	443	192.168.2.16	3.221.0.202
Oct 24, 2024 21:31:29.770708084 CEST	443	49719	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:29.770720005 CEST	443	49719	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:29.770787954 CEST	49719	443	192.168.2.16	3.221.0.202
Oct 24, 2024 21:31:29.770813942 CEST	443	49719	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:29.770874023 CEST	49719	443	192.168.2.16	3.221.0.202
Oct 24, 2024 21:31:29.771071911 CEST	49719	443	192.168.2.16	3.221.0.202
Oct 24, 2024 21:31:29.771114111 CEST	443	49719	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:29.771137953 CEST	49719	443	192.168.2.16	3.221.0.202
Oct 24, 2024 21:31:29.771168947 CEST	49719	443	192.168.2.16	3.221.0.202
Oct 24, 2024 21:31:30.367248058 CEST	49725	443	192.168.2.16	52.149.20.212
Oct 24, 2024 21:31:30.367297888 CEST	443	49725	52.149.20.212	192.168.2.16
Oct 24, 2024 21:31:30.367554903 CEST	49725	443	192.168.2.16	52.149.20.212
Oct 24, 2024 21:31:30.369369984 CEST	49725	443	192.168.2.16	52.149.20.212
Oct 24, 2024 21:31:30.369386911 CEST	443	49725	52.149.20.212	192.168.2.16
Oct 24, 2024 21:31:30.390028954 CEST	443	49721	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:30.390312910 CEST	49721	443	192.168.2.16	3.221.0.202
Oct 24, 2024 21:31:30.390357018 CEST	443	49721	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:30.390844107 CEST	443	49721	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:30.391148090 CEST	49721	443	192.168.2.16	3.221.0.202
Oct 24, 2024 21:31:30.391235113 CEST	443	49721	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:30.391287088 CEST	49721	443	192.168.2.16	3.221.0.202
Oct 24, 2024 21:31:30.432975054 CEST	49721	443	192.168.2.16	3.221.0.202
Oct 24, 2024 21:31:30.432998896 CEST	443	49721	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:30.579543114 CEST	443	49721	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:30.579586983 CEST	443	49721	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:30.579596996 CEST	443	49721	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:30.579658031 CEST	443	49721	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:30.579674006 CEST	49721	443	192.168.2.16	3.221.0.202
Oct 24, 2024 21:31:30.579704046 CEST	443	49721	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:30.579746008 CEST	49721	443	192.168.2.16	3.221.0.202
Oct 24, 2024 21:31:30.719332933 CEST	443	49721	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:30.719362974 CEST	443	49721	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:30.719413996 CEST	443	49721	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:30.719427109 CEST	49721	443	192.168.2.16	3.221.0.202
Oct 24, 2024 21:31:30.719445944 CEST	443	49721	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:30.719472885 CEST	49721	443	192.168.2.16	3.221.0.202
Oct 24, 2024 21:31:30.721091986 CEST	443	49721	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:30.721148968 CEST	443	49721	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:30.721169949 CEST	49721	443	192.168.2.16	3.221.0.202
Oct 24, 2024 21:31:30.721177101 CEST	443	49721	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:30.721203089 CEST	443	49721	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:30.721204996 CEST	49721	443	192.168.2.16	3.221.0.202
Oct 24, 2024 21:31:30.721226931 CEST	49721	443	192.168.2.16	3.221.0.202
Oct 24, 2024 21:31:30.721257925 CEST	49721	443	192.168.2.16	3.221.0.202
Oct 24, 2024 21:31:30.721496105 CEST	49721	443	192.168.2.16	3.221.0.202
Oct 24, 2024 21:31:30.721508026 CEST	443	49721	3.221.0.202	192.168.2.16
Oct 24, 2024 21:31:30.854654074 CEST	49726	443	192.168.2.16	142.250.186.100
Oct 24, 2024 21:31:30.854712009 CEST	443	49726	142.250.186.100	192.168.2.16
Oct 24, 2024 21:31:30.854836941 CEST	49726	443	192.168.2.16	142.250.186.100
Oct 24, 2024 21:31:30.855062962 CEST	49726	443	192.168.2.16	142.250.186.100
Oct 24, 2024 21:31:30.855077028 CEST	443	49726	142.250.186.100	192.168.2.16
Oct 24, 2024 21:31:31.414280891 CEST	443	49725	52.149.20.212	192.168.2.16
Oct 24, 2024 21:31:31.414371014 CEST	49725	443	192.168.2.16	52.149.20.212
Oct 24, 2024 21:31:31.417352915 CEST	49725	443	192.168.2.16	52.149.20.212
Oct 24, 2024 21:31:31.417361975 CEST	443	49725	52.149.20.212	192.168.2.16
Oct 24, 2024 21:31:31.417635918 CEST	443	49725	52.149.20.212	192.168.2.16
Oct 24, 2024 21:31:31.462069988 CEST	49725	443	192.168.2.16	52.149.20.212
Oct 24, 2024 21:31:31.480915070 CEST	49725	443	192.168.2.16	52.149.20.212
Oct 24, 2024 21:31:31.527334929 CEST	443	49725	52.149.20.212	192.168.2.16
Oct 24, 2024 21:31:31.705147982 CEST	443	49726	142.250.186.100	192.168.2.16
Oct 24, 2024 21:31:31.705544949 CEST	49726	443	192.168.2.16	142.250.186.100
Oct 24, 2024 21:31:31.705584049 CEST	443	49726	142.250.186.100	192.168.2.16
Oct 24, 2024 21:31:31.707022905 CEST	443	49726	142.250.186.100	192.168.2.16
Oct 24, 2024 21:31:31.707108974 CEST	49726	443	192.168.2.16	142.250.186.100
Oct 24, 2024 21:31:31.708388090 CEST	49726	443	192.168.2.16	142.250.186.100
Oct 24, 2024 21:31:31.708499908 CEST	443	49726	142.250.186.100	192.168.2.16
Oct 24, 2024 21:31:31.749073029 CEST	49726	443	192.168.2.16	142.250.186.100
Oct 24, 2024 21:31:31.749103069 CEST	443	49726	142.250.186.100	192.168.2.16
Oct 24, 2024 21:31:31.796830893 CEST	49726	443	192.168.2.16	142.250.186.100
Oct 24, 2024 21:31:31.833431959 CEST	443	49725	52.149.20.212	192.168.2.16
Oct 24, 2024 21:31:31.833455086 CEST	443	49725	52.149.20.212	192.168.2.16
Oct 24, 2024 21:31:31.833462000 CEST	443	49725	52.149.20.212	192.168.2.16
Oct 24, 2024 21:31:31.833472013 CEST	443	49725	52.149.20.212	192.168.2.16
Oct 24, 2024 21:31:31.833514929 CEST	443	49725	52.149.20.212	192.168.2.16
Oct 24, 2024 21:31:31.833534002 CEST	49725	443	192.168.2.16	52.149.20.212
Oct 24, 2024 21:31:31.833547115 CEST	443	49725	52.149.20.212	192.168.2.16
Oct 24, 2024 21:31:31.833673000 CEST	49725	443	192.168.2.16	52.149.20.212
Oct 24, 2024 21:31:31.833673000 CEST	49725	443	192.168.2.16	52.149.20.212
Oct 24, 2024 21:31:31.833791018 CEST	443	49725	52.149.20.212	192.168.2.16
Oct 24, 2024 21:31:31.833923101 CEST	49725	443	192.168.2.16	52.149.20.212
Oct 24, 2024 21:31:31.833930016 CEST	443	49725	52.149.20.212	192.168.2.16
Oct 24, 2024 21:31:31.834281921 CEST	443	49725	52.149.20.212	192.168.2.16
Oct 24, 2024 21:31:31.834640026 CEST	49725	443	192.168.2.16	52.149.20.212
Oct 24, 2024 21:31:31.844707966 CEST	49725	443	192.168.2.16	52.149.20.212
Oct 24, 2024 21:31:31.844729900 CEST	443	49725	52.149.20.212	192.168.2.16
Oct 24, 2024 21:31:31.844840050 CEST	49725	443	192.168.2.16	52.149.20.212
Oct 24, 2024 21:31:31.844847918 CEST	443	49725	52.149.20.212	192.168.2.16
Oct 24, 2024 21:31:32.049974918 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 24, 2024 21:31:32.366954088 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 24, 2024 21:31:33.817987919 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 24, 2024 21:31:36.851003885 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 24, 2024 21:31:41.695416927 CEST	443	49726	142.250.186.100	192.168.2.16
Oct 24, 2024 21:31:41.695513010 CEST	443	49726	142.250.186.100	192.168.2.16
Oct 24, 2024 21:31:41.695662975 CEST	49726	443	192.168.2.16	142.250.186.100
Oct 24, 2024 21:31:41.975027084 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 24, 2024 21:31:42.359608889 CEST	49726	443	192.168.2.16	142.250.186.100
Oct 24, 2024 21:31:42.359664917 CEST	443	49726	142.250.186.100	192.168.2.16
Oct 24, 2024 21:31:46.451040030 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 24, 2024 21:32:08.467693090 CEST	49730	443	192.168.2.16	52.149.20.212
Oct 24, 2024 21:32:08.467732906 CEST	443	49730	52.149.20.212	192.168.2.16
Oct 24, 2024 21:32:08.467838049 CEST	49730	443	192.168.2.16	52.149.20.212
Oct 24, 2024 21:32:08.468357086 CEST	49730	443	192.168.2.16	52.149.20.212
Oct 24, 2024 21:32:08.468386889 CEST	443	49730	52.149.20.212	192.168.2.16
Oct 24, 2024 21:32:09.398706913 CEST	443	49730	52.149.20.212	192.168.2.16
Oct 24, 2024 21:32:09.398876905 CEST	49730	443	192.168.2.16	52.149.20.212
Oct 24, 2024 21:32:09.403244019 CEST	49730	443	192.168.2.16	52.149.20.212
Oct 24, 2024 21:32:09.403259039 CEST	443	49730	52.149.20.212	192.168.2.16
Oct 24, 2024 21:32:09.403749943 CEST	443	49730	52.149.20.212	192.168.2.16
Oct 24, 2024 21:32:09.411569118 CEST	49730	443	192.168.2.16	52.149.20.212
Oct 24, 2024 21:32:09.447361946 CEST	49698	80	192.168.2.16	199.232.214.172
Oct 24, 2024 21:32:09.447495937 CEST	49699	80	192.168.2.16	199.232.214.172
Oct 24, 2024 21:32:09.453632116 CEST	80	49698	199.232.214.172	192.168.2.16
Oct 24, 2024 21:32:09.453756094 CEST	49698	80	192.168.2.16	199.232.214.172
Oct 24, 2024 21:32:09.454443932 CEST	80	49699	199.232.214.172	192.168.2.16
Oct 24, 2024 21:32:09.454492092 CEST	49699	80	192.168.2.16	199.232.214.172
Oct 24, 2024 21:32:09.455329895 CEST	443	49730	52.149.20.212	192.168.2.16
Oct 24, 2024 21:32:09.718065023 CEST	443	49730	52.149.20.212	192.168.2.16
Oct 24, 2024 21:32:09.718100071 CEST	443	49730	52.149.20.212	192.168.2.16
Oct 24, 2024 21:32:09.718122005 CEST	443	49730	52.149.20.212	192.168.2.16
Oct 24, 2024 21:32:09.718211889 CEST	49730	443	192.168.2.16	52.149.20.212
Oct 24, 2024 21:32:09.718233109 CEST	443	49730	52.149.20.212	192.168.2.16
Oct 24, 2024 21:32:09.718288898 CEST	49730	443	192.168.2.16	52.149.20.212
Oct 24, 2024 21:32:09.719969988 CEST	443	49730	52.149.20.212	192.168.2.16
Oct 24, 2024 21:32:09.720026970 CEST	443	49730	52.149.20.212	192.168.2.16
Oct 24, 2024 21:32:09.720067024 CEST	49730	443	192.168.2.16	52.149.20.212
Oct 24, 2024 21:32:09.720088959 CEST	443	49730	52.149.20.212	192.168.2.16
Oct 24, 2024 21:32:09.720118046 CEST	49730	443	192.168.2.16	52.149.20.212
Oct 24, 2024 21:32:09.722604036 CEST	49730	443	192.168.2.16	52.149.20.212
Oct 24, 2024 21:32:09.722618103 CEST	443	49730	52.149.20.212	192.168.2.16
Oct 24, 2024 21:32:09.722632885 CEST	49730	443	192.168.2.16	52.149.20.212
Oct 24, 2024 21:32:09.722853899 CEST	443	49730	52.149.20.212	192.168.2.16
Oct 24, 2024 21:32:09.722898960 CEST	443	49730	52.149.20.212	192.168.2.16
Oct 24, 2024 21:32:09.722949028 CEST	49730	443	192.168.2.16	52.149.20.212
Oct 24, 2024 21:32:30.908670902 CEST	49732	443	192.168.2.16	142.250.186.100
Oct 24, 2024 21:32:30.908770084 CEST	443	49732	142.250.186.100	192.168.2.16
Oct 24, 2024 21:32:30.908905029 CEST	49732	443	192.168.2.16	142.250.186.100
Oct 24, 2024 21:32:30.909177065 CEST	49732	443	192.168.2.16	142.250.186.100
Oct 24, 2024 21:32:30.909214973 CEST	443	49732	142.250.186.100	192.168.2.16
Oct 24, 2024 21:32:31.791495085 CEST	443	49732	142.250.186.100	192.168.2.16
Oct 24, 2024 21:32:31.791907072 CEST	49732	443	192.168.2.16	142.250.186.100
Oct 24, 2024 21:32:31.791939020 CEST	443	49732	142.250.186.100	192.168.2.16
Oct 24, 2024 21:32:31.793425083 CEST	443	49732	142.250.186.100	192.168.2.16
Oct 24, 2024 21:32:31.793829918 CEST	49732	443	192.168.2.16	142.250.186.100
Oct 24, 2024 21:32:31.794244051 CEST	443	49732	142.250.186.100	192.168.2.16
Oct 24, 2024 21:32:31.850265980 CEST	49732	443	192.168.2.16	142.250.186.100
Oct 24, 2024 21:32:41.799469948 CEST	443	49732	142.250.186.100	192.168.2.16
Oct 24, 2024 21:32:41.799563885 CEST	443	49732	142.250.186.100	192.168.2.16
Oct 24, 2024 21:32:41.799634933 CEST	49732	443	192.168.2.16	142.250.186.100
Oct 24, 2024 21:32:42.353394985 CEST	49732	443	192.168.2.16	142.250.186.100
Oct 24, 2024 21:32:42.353471041 CEST	443	49732	142.250.186.100	192.168.2.16
Oct 24, 2024 21:32:59.086610079 CEST	49701	80	192.168.2.16	192.229.221.95
Oct 24, 2024 21:32:59.093863964 CEST	80	49701	192.229.221.95	192.168.2.16
Oct 24, 2024 21:32:59.093954086 CEST	49701	80	192.168.2.16	192.229.221.95

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 24, 2024 21:31:26.042980909 CEST	54166	53	192.168.2.16	1.1.1.1
Oct 24, 2024 21:31:26.043155909 CEST	54995	53	192.168.2.16	1.1.1.1
Oct 24, 2024 21:31:26.053034067 CEST	53	55471	1.1.1.1	192.168.2.16
Oct 24, 2024 21:31:26.072103024 CEST	53	54166	1.1.1.1	192.168.2.16
Oct 24, 2024 21:31:26.087188959 CEST	53	58633	1.1.1.1	192.168.2.16
Oct 24, 2024 21:31:26.157320976 CEST	53	54995	1.1.1.1	192.168.2.16
Oct 24, 2024 21:31:27.377137899 CEST	53	63121	1.1.1.1	192.168.2.16
Oct 24, 2024 21:31:28.615714073 CEST	49327	53	192.168.2.16	1.1.1.1
Oct 24, 2024 21:31:28.615854979 CEST	60192	53	192.168.2.16	1.1.1.1
Oct 24, 2024 21:31:28.672358990 CEST	53	60192	1.1.1.1	192.168.2.16
Oct 24, 2024 21:31:28.729887962 CEST	53	49327	1.1.1.1	192.168.2.16
Oct 24, 2024 21:31:30.845915079 CEST	65013	53	192.168.2.16	1.1.1.1
Oct 24, 2024 21:31:30.846065044 CEST	58183	53	192.168.2.16	1.1.1.1
Oct 24, 2024 21:31:30.853521109 CEST	53	58183	1.1.1.1	192.168.2.16
Oct 24, 2024 21:31:30.853687048 CEST	53	65013	1.1.1.1	192.168.2.16
Oct 24, 2024 21:31:36.647979975 CEST	61214	53	192.168.2.16	1.1.1.1
Oct 24, 2024 21:31:44.318214893 CEST	53	63458	1.1.1.1	192.168.2.16
Oct 24, 2024 21:32:03.111361027 CEST	53	49814	1.1.1.1	192.168.2.16
Oct 24, 2024 21:32:19.190937996 CEST	138	138	192.168.2.16	192.168.2.255
Oct 24, 2024 21:32:25.943774939 CEST	53	56765	1.1.1.1	192.168.2.16
Oct 24, 2024 21:32:26.007519960 CEST	53	50336	1.1.1.1	192.168.2.16
Oct 24, 2024 21:32:55.018215895 CEST	53	51789	1.1.1.1	192.168.2.16

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Oct 24, 2024 21:31:26.157413006 CEST	192.168.2.16	1.1.1.1	c298	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 24, 2024 21:31:26.042980909 CEST	192.168.2.16	1.1.1.1	0x3a6e	Standard query (0)	policy.groovehq.com	A (IP address)	IN (0x0001)	false
Oct 24, 2024 21:31:26.043155909 CEST	192.168.2.16	1.1.1.1	0x1b45	Standard query (0)	policy.groovehq.com	65	IN (0x0001)	false
Oct 24, 2024 21:31:28.615714073 CEST	192.168.2.16	1.1.1.1	0x64a5	Standard query (0)	policy.groovehq.com	A (IP address)	IN (0x0001)	false
Oct 24, 2024 21:31:28.615854979 CEST	192.168.2.16	1.1.1.1	0x7f4a	Standard query (0)	policy.groovehq.com	65	IN (0x0001)	false
Oct 24, 2024 21:31:30.845915079 CEST	192.168.2.16	1.1.1.1	0xf63c	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 24, 2024 21:31:30.846065044 CEST	192.168.2.16	1.1.1.1	0x71e	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 24, 2024 21:31:36.647979975 CEST	192.168.2.16	1.1.1.1	0x8078	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 24, 2024 21:31:26.072103024 CEST	1.1.1.1	192.168.2.16	0x3a6e	No error (0)	policy.groovehq.com	82d61daa-default-apigroove-543c-1829221560.us-east-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 24, 2024 21:31:26.072103024 CEST	1.1.1.1	192.168.2.16	0x3a6e	No error (0)	82d61daa-default-apigroove-543c-1829221560.us-east-1.elb.amazonaws.com		18.206.9.70	A (IP address)	IN (0x0001)	false
Oct 24, 2024 21:31:26.072103024 CEST	1.1.1.1	192.168.2.16	0x3a6e	No error (0)	82d61daa-default-apigroove-543c-1829221560.us-east-1.elb.amazonaws.com		34.205.242.243	A (IP address)	IN (0x0001)	false
Oct 24, 2024 21:31:26.072103024 CEST	1.1.1.1	192.168.2.16	0x3a6e	No error (0)	82d61daa-default-apigroove-543c-1829221560.us-east-1.elb.amazonaws.com		3.221.0.202	A (IP address)	IN (0x0001)	false
Oct 24, 2024 21:31:26.157320976 CEST	1.1.1.1	192.168.2.16	0x1b45	No error (0)	policy.groovehq.com	82d61daa-default-apigroove-543c-1829221560.us-east-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 24, 2024 21:31:28.672358990 CEST	1.1.1.1	192.168.2.16	0x7f4a	No error (0)	policy.groovehq.com	82d61daa-default-apigroove-543c-1829221560.us-east-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 24, 2024 21:31:28.729887962 CEST	1.1.1.1	192.168.2.16	0x64a5	No error (0)	policy.groovehq.com	82d61daa-default-apigroove-543c-1829221560.us-east-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 24, 2024 21:31:28.729887962 CEST	1.1.1.1	192.168.2.16	0x64a5	No error (0)	82d61daa-default-apigroove-543c-1829221560.us-east-1.elb.amazonaws.com		3.221.0.202	A (IP address)	IN (0x0001)	false
Oct 24, 2024 21:31:28.729887962 CEST	1.1.1.1	192.168.2.16	0x64a5	No error (0)	82d61daa-default-apigroove-543c-1829221560.us-east-1.elb.amazonaws.com		34.205.242.243	A (IP address)	IN (0x0001)	false
Oct 24, 2024 21:31:28.729887962 CEST	1.1.1.1	192.168.2.16	0x64a5	No error (0)	82d61daa-default-apigroove-543c-1829221560.us-east-1.elb.amazonaws.com		18.206.9.70	A (IP address)	IN (0x0001)	false
Oct 24, 2024 21:31:30.853521109 CEST	1.1.1.1	192.168.2.16	0x71e	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 24, 2024 21:31:30.853687048 CEST	1.1.1.1	192.168.2.16	0xf63c	No error (0)	www.google.com		142.250.186.100	A (IP address)	IN (0x0001)	false
Oct 24, 2024 21:31:36.656339884 CEST	1.1.1.1	192.168.2.16	0x8078	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 24, 2024 21:31:37.568589926 CEST	1.1.1.1	192.168.2.16	0xc058	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Oct 24, 2024 21:31:37.568589926 CEST	1.1.1.1	192.168.2.16	0xc058	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Oct 24, 2024 21:31:50.118783951 CEST	1.1.1.1	192.168.2.16	0x63f2	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 24, 2024 21:31:50.118783951 CEST	1.1.1.1	192.168.2.16	0x63f2	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.18	A (IP address)	IN (0x0001)	false
Oct 24, 2024 21:32:02.544892073 CEST	1.1.1.1	192.168.2.16	0x6740	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Oct 24, 2024 21:32:02.544892073 CEST	1.1.1.1	192.168.2.16	0x6740	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Oct 24, 2024 21:32:18.184354067 CEST	1.1.1.1	192.168.2.16	0x5f59	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Oct 24, 2024 21:32:18.184354067 CEST	1.1.1.1	192.168.2.16	0x5f59	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

fs.microsoft.com

policy.groovehq.com

https:

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.16	49708	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 19:31:21 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-24 19:31:22 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF45) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=249260 Date: Thu, 24 Oct 2024 19:31:22 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.16	49709	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 19:31:23 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-24 19:31:23 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=249259 Date: Thu, 24 Oct 2024 19:31:23 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-24 19:31:23 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.16	49713	18.206.9.70	443	6220	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-24 19:31:26 UTC	693	OUT	GET /help/hr-review?version%3Dlatest HTTP/1.1 Host: policy.groovehq.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-24 19:31:27 UTC	407	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 19:31:27 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff ETag: W/"fdce9588278d685cd13bf68b85dada3d" Cache-Control: max-age=0, private, must-revalidate X-Request-Id: 27122079-7573-4c7e-92b8-e151699982c6 X-Runtime: 0.015459
2024-10-24 19:31:27 UTC	476	IN	Data Raw: 31 64 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 73 68 65 65 74 73 2f 6b 62 34 30 34 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 Data Ascii: 1d5<!DOCTYPE html><html><head> <title>404 - Page not found</title> <meta http-equiv="Content-type" content="text/html; charset=utf-8" /> <link rel="stylesheet" href="/stylesheets/kb404.css" type="text/css" media="all" /></head><body> <div
2024-10-24 19:31:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.16	49714	18.206.9.70	443	6220	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-24 19:31:27 UTC	589	OUT	GET /stylesheets/kb404.css HTTP/1.1 Host: policy.groovehq.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://policy.groovehq.com/help/hr-review?version%3Dlatest Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-24 19:31:28 UTC	166	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 19:31:28 GMT Content-Type: text/css Content-Length: 483 Connection: close Last-Modified: Tue, 22 Oct 2024 12:45:29 GMT
2024-10-24 19:31:28 UTC	483	IN	Data Raw: 68 74 6d 6c 2c 20 62 6f 64 79 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 7d 0a 0a 2e 73 70 61 63 65 72 20 7b 0a 20 20 20 20 68 65 69 67 68 74 3a 20 33 30 25 3b 0a 7d 0a 0a 2e 77 72 61 70 70 65 72 20 7b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 0a 69 6d 67 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 33 32 70 78 3b 0a 20 20 20 20 77 69 64 74 68 3a 20 32 35 36 70 78 3b 0a 20 20 20 20 68 65 69 67 68 74 3a 20 31 34 38 70 78 3b 0a 20 20 20 20 6f 62 6a 65 63 74 2d 66 69 74 3a 20 63 6f 6e 74 61 69 6e 3b 0a Data Ascii: html, body { padding: 0; background: #fff; height: 100%; overflow: hidden;}.spacer { height: 30%;}.wrapper { text-align: center;}img { margin-bottom: 32px; width: 256px; height: 148px; object-fit: contain;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.16	49715	18.206.9.70	443	6220	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-24 19:31:28 UTC	640	OUT	GET /images/404-graphics@2x.png HTTP/1.1 Host: policy.groovehq.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://policy.groovehq.com/help/hr-review?version%3Dlatest Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-24 19:31:28 UTC	169	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 19:31:28 GMT Content-Type: image/png Content-Length: 14302 Connection: close Last-Modified: Tue, 22 Oct 2024 12:45:29 GMT
2024-10-24 19:31:28 UTC	8836	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 01 26 08 06 00 00 00 14 65 28 4c 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 37 98 49 44 41 54 78 01 ed 9d 07 9c 15 45 f2 c7 0b 44 81 25 c3 09 08 88 64 24 2b 82 02 82 28 18 11 04 3d 54 3c 91 03 41 45 c5 bf a4 25 48 e6 43 46 92 78 0a 82 08 9e 88 87 09 3c a2 01 91 28 12 44 25 49 14 04 04 94 1c 97 20 ff ad e7 ed c2 2e fb b6 ab df 9b 99 37 3d fd eb cf 67 3f fb f6 4d 4d 75 f7 b7 66 6b 6a 7a ba ab 33 90 a0 5c bc 78 b1 5c a2 d8 06 81 28 44 40 00 04 40 00 04 40 00 04 fc 4f a0 58 46 ff b7 11 2d 04 01 10 00 01 10 00 01 10 70 9a 00 02 00 a7 89 42 1f 08 80 00 08 80 00 08 18 40 00 01 80 01 46 42 13 41 00 04 40 00 04 40 c0 69 02 08 00 9c 26 0a 7d 20 00 02 20 00 02 20 60 00 01 04 00 06 18 09 4d 04 01 10 Data Ascii: PNGIHDR&e(LsRGB7IDATxED%d$+(=T<AE%HCFx<(D%I .7=g?MMufkjz3\x\(D@@@OXF-pB@FBA@@i&} `M
2024-10-24 19:31:28 UTC	5466	IN	Data Raw: b3 ce b1 b4 51 93 2b 01 c0 89 13 27 42 43 ff 92 ec 5c ad 5b b7 a6 1a 35 6a d8 c8 1e 7d f6 88 80 ce 90 af 64 6b 6a 8f 9a 8d 6a 34 08 f0 0c 78 69 d1 5d 19 22 d5 eb b5 1c fc ac d7 c4 83 57 9f 2b 01 40 ff fe fd 69 f7 ee dd 4a 5a 25 4b 96 a4 ee dd bb 2b e5 20 00 02 d1 10 d0 79 e2 3b 7a f4 68 34 55 e1 dc 18 11 d0 b1 9b 4e 40 18 a3 ee 88 aa 85 9f 15 61 82 50 3a 04 1c 0f 00 16 2c 58 40 53 a7 4e 4d a7 ca bf 0e 71 3e 6e 1e fa cf 92 25 8b 52 16 02 20 10 0d 01 9d 00 e0 c8 91 23 d1 54 85 73 63 44 40 c7 6e 3a d7 43 8c ba a3 ac 16 7e 56 89 08 02 02 02 8e 06 00 1c 85 77 ed da 55 50 2d 51 db b6 6d e9 96 5b 6e 11 c9 42 08 04 a2 21 a0 e3 f0 75 6e 24 d1 b4 09 e7 3a 4b 40 c7 6e 3a d7 83 b3 ad 74 46 1b fc ac 33 1c a1 85 c8 d1 00 80 93 f8 ec dd bb 57 c9 b5 6c d9 b2 14 1f 1f af Data Ascii: Q+'BC\[5j}dkjj4xi]"W+@iJZ%K+ y;zh4UN@aP:,X@SNMq>n%R #TscD@n:C~VwUP-Qm[nB!un$:K@n:tF3Wl

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.16	49717	18.206.9.70	443	6220	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-24 19:31:29 UTC	625	OUT	GET /favicon.ico HTTP/1.1 Host: policy.groovehq.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://policy.groovehq.com/help/hr-review?version%3Dlatest Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-24 19:31:29 UTC	184	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 19:31:29 GMT Content-Type: image/vnd.microsoft.icon Content-Length: 39654 Connection: close Last-Modified: Tue, 22 Oct 2024 12:45:29 GMT
2024-10-24 19:31:29 UTC	8821	IN	Data Raw: 00 00 01 00 01 00 61 62 00 00 01 00 20 00 d0 9a 00 00 16 00 00 00 28 00 00 00 61 00 00 00 c4 00 00 00 01 00 20 00 00 00 00 00 88 94 00 00 12 0b 00 00 12 0b 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff Data Ascii: ab (a
2024-10-24 19:31:29 UTC	16384	IN	Data Raw: ff be a0 0b ff be a0 0b ff be a0 0b ff be a0 0b ff be a0 0b ff be a0 0b ff be a0 0b ff be a0 0b f0 be a0 0b 10 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff Data Ascii:
2024-10-24 19:31:29 UTC	1514	IN	Data Raw: 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 00 00 00 30 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 90 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff Data Ascii: 0
2024-10-24 19:31:29 UTC	12935	IN	Data Raw: 00 00 ff 00 00 00 10 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 00 00 00 30 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 70 ff ff ff 00 ff ff ff 00 Data Ascii: 0p

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.16	49719	3.221.0.202	443	6220	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-24 19:31:29 UTC	369	OUT	GET /images/404-graphics@2x.png HTTP/1.1 Host: policy.groovehq.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-24 19:31:29 UTC	169	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 19:31:29 GMT Content-Type: image/png Content-Length: 14302 Connection: close Last-Modified: Tue, 22 Oct 2024 12:45:29 GMT
2024-10-24 19:31:29 UTC	8836	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 01 26 08 06 00 00 00 14 65 28 4c 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 37 98 49 44 41 54 78 01 ed 9d 07 9c 15 45 f2 c7 0b 44 81 25 c3 09 08 88 64 24 2b 82 02 82 28 18 11 04 3d 54 3c 91 03 41 45 c5 bf a4 25 48 e6 43 46 92 78 0a 82 08 9e 88 87 09 3c a2 01 91 28 12 44 25 49 14 04 04 94 1c 97 20 ff ad e7 ed c2 2e fb b6 ab df 9b 99 37 3d fd eb cf 67 3f fb f6 4d 4d 75 f7 b7 66 6b 6a 7a ba ab 33 90 a0 5c bc 78 b1 5c a2 d8 06 81 28 44 40 00 04 40 00 04 40 00 04 fc 4f a0 58 46 ff b7 11 2d 04 01 10 00 01 10 00 01 10 70 9a 00 02 00 a7 89 42 1f 08 80 00 08 80 00 08 18 40 00 01 80 01 46 42 13 41 00 04 40 00 04 40 c0 69 02 08 00 9c 26 0a 7d 20 00 02 20 00 02 20 60 00 01 04 00 06 18 09 4d 04 01 10 Data Ascii: PNGIHDR&e(LsRGB7IDATxED%d$+(=T<AE%HCFx<(D%I .7=g?MMufkjz3\x\(D@@@OXF-pB@FBA@@i&} `M
2024-10-24 19:31:29 UTC	5466	IN	Data Raw: b3 ce b1 b4 51 93 2b 01 c0 89 13 27 42 43 ff 92 ec 5c ad 5b b7 a6 1a 35 6a d8 c8 1e 7d f6 88 80 ce 90 af 64 6b 6a 8f 9a 8d 6a 34 08 f0 0c 78 69 d1 5d 19 22 d5 eb b5 1c fc ac d7 c4 83 57 9f 2b 01 40 ff fe fd 69 f7 ee dd 4a 5a 25 4b 96 a4 ee dd bb 2b e5 20 00 02 d1 10 d0 79 e2 3b 7a f4 68 34 55 e1 dc 18 11 d0 b1 9b 4e 40 18 a3 ee 88 aa 85 9f 15 61 82 50 3a 04 1c 0f 00 16 2c 58 40 53 a7 4e 4d a7 ca bf 0e 71 3e 6e 1e fa cf 92 25 8b 52 16 02 20 10 0d 01 9d 00 e0 c8 91 23 d1 54 85 73 63 44 40 c7 6e 3a d7 43 8c ba a3 ac 16 7e 56 89 08 02 02 02 8e 06 00 1c 85 77 ed da 55 50 2d 51 db b6 6d e9 96 5b 6e 11 c9 42 08 04 a2 21 a0 e3 f0 75 6e 24 d1 b4 09 e7 3a 4b 40 c7 6e 3a d7 83 b3 ad 74 46 1b fc ac 33 1c a1 85 c8 d1 00 80 93 f8 ec dd bb 57 c9 b5 6c d9 b2 14 1f 1f af Data Ascii: Q+'BC\[5j}dkjj4xi]"W+@iJZ%K+ y;zh4UN@aP:,X@SNMq>n%R #TscD@n:C~VwUP-Qm[nB!un$:K@n:tF3Wl

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.16	49721	3.221.0.202	443	6220	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-24 19:31:30 UTC	354	OUT	GET /favicon.ico HTTP/1.1 Host: policy.groovehq.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-24 19:31:30 UTC	184	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 19:31:30 GMT Content-Type: image/vnd.microsoft.icon Content-Length: 39654 Connection: close Last-Modified: Tue, 22 Oct 2024 12:45:29 GMT
2024-10-24 19:31:30 UTC	8821	IN	Data Raw: 00 00 01 00 01 00 61 62 00 00 01 00 20 00 d0 9a 00 00 16 00 00 00 28 00 00 00 61 00 00 00 c4 00 00 00 01 00 20 00 00 00 00 00 88 94 00 00 12 0b 00 00 12 0b 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff Data Ascii: ab (a
2024-10-24 19:31:30 UTC	16384	IN	Data Raw: ff be a0 0b ff be a0 0b ff be a0 0b ff be a0 0b ff be a0 0b ff be a0 0b ff be a0 0b ff be a0 0b f0 be a0 0b 10 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff Data Ascii:
2024-10-24 19:31:30 UTC	1514	IN	Data Raw: 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 00 00 00 30 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 90 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff Data Ascii: 0
2024-10-24 19:31:30 UTC	12935	IN	Data Raw: 00 00 ff 00 00 00 10 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 00 00 00 30 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 70 ff ff ff 00 ff ff ff 00 Data Ascii: 0p

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.16	49725	52.149.20.212	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 19:31:31 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=1dfWdZ9ZyNNOkzw&MD=gTKszEw5 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-24 19:31:31 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: ed964caf-bc12-42c8-999f-cce9a8c98021 MS-RequestId: 30331ba9-c749-4fa3-b3cd-544f4317eb8c MS-CV: u7XosvEOm06NgaEk.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 24 Oct 2024 19:31:31 GMT Connection: close Content-Length: 24490
2024-10-24 19:31:31 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-24 19:31:31 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.16	49730	52.149.20.212	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 19:32:09 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=1dfWdZ9ZyNNOkzw&MD=gTKszEw5 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-24 19:32:09 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: fe44aa35-d7a9-43f2-bcb7-4d3815c19fc0 MS-RequestId: 2d3cbdbc-1248-4b97-b430-e53627d52081 MS-CV: zKA//hUaA0OzHurS.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 24 Oct 2024 19:32:08 GMT Connection: close Content-Length: 30005
2024-10-24 19:32:09 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-10-24 19:32:09 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 7160, Parent PID: 4380

General

Target ID:	0
Start time:	15:31:21
Start date:	24/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Doc-Secure6033.pdf"
Imagebase:	0x7ff68e3f0000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 6660, Parent PID: 7160

General

Target ID:	6
Start time:	15:31:23
Start date:	24/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff61a6d0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 5204, Parent PID: 6660

General

Target ID:	8
Start time:	15:31:24
Start date:	24/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2248 --field-trial-handle=1564,i,7677488233155545704,10048145090133627411,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff61a6d0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2068, Parent PID: 1848

General

Target ID:	9
Start time:	15:31:24
Start date:	24/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://policy.groovehq.com/help/hr-review?version%3Dlatest
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6220, Parent PID: 2068

General

Target ID:	10
Start time:	15:31:24
Start date:	24/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1984,i,1624368531900863041,7144110395526881659,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Doc-Secure6033.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

QR Codes

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\c2922ff2-012d-40b4-9535-e589657fd403.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241024193127Z-170.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6384

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Windows Analysis Report
Doc-Secure6033.pdf