Edit tour

Windows Analysis Report
Dix7g8PK1e.pdf

Overview

General Information

Sample name:	Dix7g8PK1e.pdf (renamed file extension from none to pdf, renamed because original name is a hash value)
Original sample name:	84b73580b89482d59675adec2722ce2c
Analysis ID:	1578141
MD5:	84b73580b89482d59675adec2722ce2c
SHA1:	eeffe9f7788436ab7e3e60c01c9cd6fd3d9ab4d3
SHA256:	e5175c53f2692ffb1b9a72e3ef6f5214f00b1dc0fcd0bdac46644604283755db
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 2248 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Dix7g8PK1e.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 3520 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 3540 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1576,i,315143911110163366,9954080809254646913,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

chrome.exe (PID: 8032 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https:// ?? ? @trk.klclick3.com/ls/click?upn=u001.mcuXDv9vSuF-2FJzFYU0me2ioCpon3UX6GNmR3I53oU5cD0QwVmlz8a-2FNNXg2ETtpsp5-2FoUylgUD25d-2FmF3IZYstgT8ZBu3AlrGZuVAW-2FkS37HkB-2F0-2BLZCJyh6YbtU7rk-2BMov2_Qi4GG6Y-2FHgv8F87r5EnJbgIBL032Kh4jWMsdHaBdjzY4sJqYrUzpstmf1FbnUZbKt-2FvSa9luayYyIlPzurEmQiqLumXEYTzyZHkwoyErXSmnbbyec7vpxICFxy4TD6Vui448okJAwTpX0PDpu9Qf-2FRawuxVx9bCU63I600JiYo863MzFp3P-2BlgGiPl5n-2BaUeMxR3-2FXz-2FxqOpO9VJJ3bq7ryoSdg-2F25f0uslY4lqTYpg8ZcD7BT6-2BU0ELVOVmbQloiU4UuDbOwnc-2BYX-2BzBn2-2Bkua6mw5ZOAo00fOW10oturPqRKnWXN5tDRkEJFAJnR5E763K1VwmrHrX-2FhmM2T607sB8BrSsQtPNWktp6-2BsJ7TOgcHb2sIkP1mZJPGzeqVDh8L45DfSYktImxsX7-2BKeNjJWVOjLEjVJtAs2-2Fv6wLSztaUF4oZe0UkbqXIfgeHvJOIKPSIXYnLCaW13zLugrDQ7oxjPcUUA1GABF1qfjBS58-3D" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 2720 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1976,i,18348159728783534705,2575685224203264193,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: Dix7g8PK1e.pdf	Virustotal: Detection: 25%			Perma Link
Source: Dix7g8PK1e.pdf	ReversingLabs: Detection: 25%

Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49823 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49891 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49959 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:50028 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:50030 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:50031 version: TLS 1.2

Source: Joe Sandbox View

IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84

Source: global traffic	DNS traffic detected: DNS query: x1.i.lencr.org
Source: global traffic	DNS traffic detected: DNS query: google.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.dr	String found in binary or memory: http://x1.i.lencr.org/

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50030 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 50029 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49823 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49891 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49959 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:50028 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:50030 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:50031 version: TLS 1.2

Source: classification engine

Classification label: mal48.winPDF@43/49@7/3

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-19 04-24-02-728.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: Dix7g8PK1e.pdf	Virustotal: Detection: 25%
Source: Dix7g8PK1e.pdf	ReversingLabs: Detection: 25%

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Dix7g8PK1e.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1576,i,315143911110163366,9954080809254646913,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https:// ?? ? @trk.klclick3.com/ls/click?upn=u001.mcuXDv9vSuF-2FJzFYU0me2ioCpon3UX6GNmR3I53oU5cD0QwVmlz8a-2FNNXg2ETtpsp5-2FoUylgUD25d-2FmF3IZYstgT8ZBu3AlrGZuVAW-2FkS37HkB-2F0-2BLZCJyh6YbtU7rk-2BMov2_Qi4GG6Y-2FHgv8F87r5EnJbgIBL032Kh4jWMsdHaBdjzY4sJqYrUzpstmf1FbnUZbKt-2FvSa9luayYyIlPzurEmQiqLumXEYTzyZHkwoyErXSmnbbyec7vpxICFxy4TD6Vui448okJAwTpX0PDpu9Qf-2FRawuxVx9bCU63I600JiYo863MzFp3P-2BlgGiPl5n-2BaUeMxR3-2FXz-2FxqOpO9VJJ3bq7ryoSdg-2F25f0uslY4lqTYpg8ZcD7BT6-2BU0ELVOVmbQloiU4UuDbOwnc-2BYX-2BzBn2-2Bkua6mw5ZOAo00fOW10oturPqRKnWXN5tDRkEJFAJnR5E763K1VwmrHrX-2FhmM2T607sB8BrSsQtPNWktp6-2BsJ7TOgcHb2sIkP1mZJPGzeqVDh8L45DfSYktImxsX7-2BKeNjJWVOjLEjVJtAs2-2Fv6wLSztaUF4oZe0UkbqXIfgeHvJOIKPSIXYnLCaW13zLugrDQ7oxjPcUUA1GABF1qfjBS58-3D"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1976,i,18348159728783534705,2575685224203264193,262144 /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1576,i,315143911110163366,9954080809254646913,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1976,i,18348159728783534705,2575685224203264193,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Dix7g8PK1e.pdf	Initial sample: PDF keyword /JS count = 0
Source: Dix7g8PK1e.pdf	Initial sample: PDF keyword /JavaScript count = 0
Source: A9liqqg4_1vjgoqu_38k.tmp.0.dr	Initial sample: PDF keyword /JS count = 0
Source: A9liqqg4_1vjgoqu_38k.tmp.0.dr	Initial sample: PDF keyword /JavaScript count = 0

Source: Dix7g8PK1e.pdf

Initial sample: PDF keyword stream count = 34

Source: Dix7g8PK1e.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Dix7g8PK1e.pdf	26%	Virustotal		Browse
Dix7g8PK1e.pdf	25%	ReversingLabs	Document-PDF.Phishing.Generic

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	high
google.com	142.250.181.110	true	false	high
www.google.com	142.250.181.132	true	false	high
x1.i.lencr.org	unknown	unknown	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://x1.i.lencr.org/	2D85F72862B55C4EADD9E66E06947F3D0.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
142.250.181.132	www.google.com	United States		15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false

Private

IP
192.168.2.6

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1578141
Start date and time:	2024-12-19 10:23:07 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 26s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Dix7g8PK1e.pdf (renamed file extension from none to pdf, renamed because original name is a hash value)
Original Sample Name:	84b73580b89482d59675adec2722ce2c
Detection:	MAL
Classification:	mal48.winPDF@43/49@7/3
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, CompPkgSrv.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.218.208.137, 50.16.47.176, 34.237.241.83, 18.213.11.84, 54.224.241.105, 162.159.61.3, 172.64.41.3, 2.19.198.27, 23.32.239.56, 23.195.61.56, 199.232.210.172, 192.229.221.95, 172.217.17.78, 64.233.162.84, 142.250.181.99, 172.217.17.46, 172.217.17.74, 142.250.181.138, 172.217.21.42, 216.58.208.234, 172.217.19.202, 172.217.17.42, 142.250.181.106, 172.217.19.234, 142.250.181.74, 142.250.181.10, 172.217.19.170, 172.217.17.35, 172.217.19.206, 142.250.181.142, 13.107.246.63, 23.218.208.109, 92.122.16.236, 104.77.220.172, 172.202.163.200
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, clientservices.googleapis.com, acroipm2.adobe.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net, optimizationguide-pa.googleapis.com, clients1.google.com, client.wns.windows.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, armmf.adobe.com, clients.l.google.com, geo2.adobe.com
Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

Time	Type	Description
04:24:15	API Interceptor	2x Sleep call for process: AcroCEF.exe modified

Input	Output
URL: PDF document Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Hello, Please check your card info and make a payment.", "prominent_button_name": "MY ACCOUNT", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: PDF document Model: Joe Sandbox AI	{ "brands": [ "Xfinity" ] }

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	encrypted_documents_New_Agreement.pdf.htm	Get hash	malicious	WinSearchAbuse	Browse
	CROC000400 .pdf	Get hash	malicious	Unknown	Browse
	contract_signed.pdf	Get hash	malicious	Unknown	Browse
	https://ipfs.io/ipfs/bafybeih7f27bkklyai5zhnf5s57wuee5khsdrrblepmiz5bozrxxoam2lq/index12.html#pdeneve@vanas.eu	Get hash	malicious	HTMLPhisher	Browse
	SwJD3kiOwV.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse
	s3hvuz3XS0.exe	Get hash	malicious	Cryptbot	Browse
	65AcuGF7W7.exe	Get hash	malicious	Cryptbot	Browse
	8dw8GAvqmM.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse
	UYJ0oreVew.exe	Get hash	malicious	Unknown	Browse
	9nYVfFos77.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
google.com	encrypted_documents_New_Agreement.pdf.htm	Get hash	malicious	WinSearchAbuse	Browse	142.250.181.132
	CROC000400 .pdf	Get hash	malicious	Unknown	Browse	172.217.19.228
	contract_signed.pdf	Get hash	malicious	Unknown	Browse	142.250.181.132
	https://ipfs.io/ipfs/bafybeih7f27bkklyai5zhnf5s57wuee5khsdrrblepmiz5bozrxxoam2lq/index12.html#pdeneve@vanas.eu	Get hash	malicious	HTMLPhisher	Browse	142.250.181.132
	SwJD3kiOwV.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse	172.217.19.228
	s3hvuz3XS0.exe	Get hash	malicious	Cryptbot	Browse	172.217.19.228
	65AcuGF7W7.exe	Get hash	malicious	Cryptbot	Browse	142.250.181.132
	8dw8GAvqmM.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse	172.217.19.228
	9nYVfFos77.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse	142.250.181.132
bg.microsoft.map.fastly.net	CROC000400 .pdf	Get hash	malicious	Unknown	Browse	199.232.210.172
	contract_signed.pdf	Get hash	malicious	Unknown	Browse	199.232.214.172
	T.T_Copy.12.18.2024.exe	Get hash	malicious	ArrowRAT	Browse	199.232.214.172
	22054200882739718047.js	Get hash	malicious	Strela Downloader	Browse	199.232.214.172
	Sh2uIqqKqc.exe	Get hash	malicious	Cryptbot	Browse	199.232.214.172
	alyemenione.lnk	Get hash	malicious	Havoc, Quasar	Browse	199.232.214.172
	R8CAg00Db8.lnk	Get hash	malicious	Unknown	Browse	199.232.214.172
	A file has been sent to you via DROPBOX.pdf	Get hash	malicious	Unknown	Browse	199.232.210.172
	PyIsvSahWy.exe	Get hash	malicious	Unknown	Browse	199.232.210.172
	PkContent.exe	Get hash	malicious	Unknown	Browse	199.232.210.172

ASNs

⊘No context

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	Corporate_Code_of_Ethics_and_Business_Conduct_Policy_2024.pdf.lnk.d.lnk	Get hash	malicious	RHADAMANTHYS	Browse	20.198.119.84
	main1.bat	Get hash	malicious	Abobus Obfuscator	Browse	20.198.119.84
	66776676676.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	20.198.119.84
	dlhost.exe	Get hash	malicious	XWorm	Browse	20.198.119.84
	NOTIFICATION_OF_DEPENDANTS.vbs	Get hash	malicious	Unknown	Browse	20.198.119.84
	Brooming.vbs	Get hash	malicious	Remcos, GuLoader	Browse	20.198.119.84
	TT copy.js	Get hash	malicious	FormBook	Browse	20.198.119.84
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, PureLog Stealer, RHADAMANTHYS	Browse	20.198.119.84
	Rapporteer inbreuk op auteursrechten.lnk.d.lnk	Get hash	malicious	Unknown	Browse	20.198.119.84
	File di reclamo per violazione del copyright File di reclamo per violazione del copyright.lnk.d.lnk	Get hash	malicious	Unknown	Browse	20.198.119.84

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.104199708134372
Encrypted:	false
SSDEEP:	6:7tBN1yq2PN72nKuAl9OmbnIFUt8OtQ21Zmw+OtK31RkwON72nKuAl9OmbjLJ:7d4vVaHAahFUt8OL1/+Ocz5OaHAaSJ
MD5:	2A398319D8C2B6E5C4F81DA7B9095A3F
SHA1:	0B1D197139E627DD86D81B398377BE7CFDCE74FB
SHA-256:	E0E6B5866B701BF41F162F68B7B939F65086E45FB55A2E8774442C830881EF1E
SHA-512:	71D3EFE8B75608D6E468D87FFB19BBEEE7C07FDF9AC1345B128541D799AF53F613FF1B9A8221E1BFEA3E13D4C4D3C661A9E244AF16220ECB61EEDCE38ED9AEF1
Malicious:	false
Reputation:	low
Preview:	2024/12/19-04:24:00.402 7e4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/19-04:24:00.404 7e4 Recovering log #3.2024/12/19-04:24:00.405 7e4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.104199708134372
Encrypted:	false
SSDEEP:	6:7tBN1yq2PN72nKuAl9OmbnIFUt8OtQ21Zmw+OtK31RkwON72nKuAl9OmbjLJ:7d4vVaHAahFUt8OL1/+Ocz5OaHAaSJ
MD5:	2A398319D8C2B6E5C4F81DA7B9095A3F
SHA1:	0B1D197139E627DD86D81B398377BE7CFDCE74FB
SHA-256:	E0E6B5866B701BF41F162F68B7B939F65086E45FB55A2E8774442C830881EF1E
SHA-512:	71D3EFE8B75608D6E468D87FFB19BBEEE7C07FDF9AC1345B128541D799AF53F613FF1B9A8221E1BFEA3E13D4C4D3C661A9E244AF16220ECB61EEDCE38ED9AEF1
Malicious:	false
Reputation:	low
Preview:	2024/12/19-04:24:00.402 7e4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/19-04:24:00.404 7e4 Recovering log #3.2024/12/19-04:24:00.405 7e4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.137998972911192
Encrypted:	false
SSDEEP:	6:7teRVQ+q2PN72nKuAl9Ombzo2jMGIFUt8OtegsSdWZmw+OteTVQVkwON72nKuAlx:7Au+vVaHAa8uFUt8ObsX/+OJV5OaHAaU
MD5:	703A3D3B8217032A179C39193B6A5C18
SHA1:	2C1DDDADDEDCF5E30F65AF7DA485B5F1D13C68CF
SHA-256:	19745E3A808E78AF2F1F2C466E33DC62372137B01003801216D76D22899E0813
SHA-512:	44FF3EA2E5E854D17BB210324CFCEAEEC3D4405B91E90BF9F0A9D5A7638019A6C1512738DAE2E4EC90CF9F92552B6765C7E1A162C6D8BF4AE2D8882B5D2254FC
Malicious:	false
Reputation:	low
Preview:	2024/12/19-04:24:00.474 130c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/19-04:24:00.475 130c Recovering log #3.2024/12/19-04:24:00.476 130c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.137998972911192
Encrypted:	false
SSDEEP:	6:7teRVQ+q2PN72nKuAl9Ombzo2jMGIFUt8OtegsSdWZmw+OteTVQVkwON72nKuAlx:7Au+vVaHAa8uFUt8ObsX/+OJV5OaHAaU
MD5:	703A3D3B8217032A179C39193B6A5C18
SHA1:	2C1DDDADDEDCF5E30F65AF7DA485B5F1D13C68CF
SHA-256:	19745E3A808E78AF2F1F2C466E33DC62372137B01003801216D76D22899E0813
SHA-512:	44FF3EA2E5E854D17BB210324CFCEAEEC3D4405B91E90BF9F0A9D5A7638019A6C1512738DAE2E4EC90CF9F92552B6765C7E1A162C6D8BF4AE2D8882B5D2254FC
Malicious:	false
Reputation:	low
Preview:	2024/12/19-04:24:00.474 130c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/19-04:24:00.475 130c Recovering log #3.2024/12/19-04:24:00.476 130c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\3722dd83-adbc-4771-b609-7b28d50d868f.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.971824627296864
Encrypted:	false
SSDEEP:	12:YH/um3RA8sq1ZhsBdOg2HIJnAcaq3QYiubcP7E4TX:Y2sRdswydMH0r3QYhbA7n7
MD5:	F326539D084B03D88254A74D6018F692
SHA1:	395B367E0E3554C3E78A8211F2D4B9F0F427CA87
SHA-256:	9379694CADD7846403E1B6975502326FBC619E0E3A873BBB7BC2C03EE3623007
SHA-512:	C8B5B1DD28605D3FCD9EF4A28BE1125137E6B3CB967F59CB2113656C8EFFFB3842115962DF8B25E9C3FA504F5E1B0A116D780326B1AB8062DC6AC0D80E7C3539
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341048370594526","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":151499},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.971824627296864
Encrypted:	false
SSDEEP:	12:YH/um3RA8sq1ZhsBdOg2HIJnAcaq3QYiubcP7E4TX:Y2sRdswydMH0r3QYhbA7n7
MD5:	F326539D084B03D88254A74D6018F692
SHA1:	395B367E0E3554C3E78A8211F2D4B9F0F427CA87
SHA-256:	9379694CADD7846403E1B6975502326FBC619E0E3A873BBB7BC2C03EE3623007
SHA-512:	C8B5B1DD28605D3FCD9EF4A28BE1125137E6B3CB967F59CB2113656C8EFFFB3842115962DF8B25E9C3FA504F5E1B0A116D780326B1AB8062DC6AC0D80E7C3539
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341048370594526","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":151499},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF62a451.TMP (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.971824627296864
Encrypted:	false
SSDEEP:	12:YH/um3RA8sq1ZhsBdOg2HIJnAcaq3QYiubcP7E4TX:Y2sRdswydMH0r3QYhbA7n7
MD5:	F326539D084B03D88254A74D6018F692
SHA1:	395B367E0E3554C3E78A8211F2D4B9F0F427CA87
SHA-256:	9379694CADD7846403E1B6975502326FBC619E0E3A873BBB7BC2C03EE3623007
SHA-512:	C8B5B1DD28605D3FCD9EF4A28BE1125137E6B3CB967F59CB2113656C8EFFFB3842115962DF8B25E9C3FA504F5E1B0A116D780326B1AB8062DC6AC0D80E7C3539
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341048370594526","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":151499},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\a08c3252-cc8f-40ec-a525-d549f90056a6.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Unknown
Category:	modified
Size (bytes):	475
Entropy (8bit):	4.969516568575897
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqGksBdOg2HNcaq3QYiubcP7E4TX:Y2sRdsNJdMH83QYhbA7n7
MD5:	4E60261016C95153FC242FD12C4475F7
SHA1:	F1B4D7E253936B6F20D34CFFFCE6813C5192C80A
SHA-256:	0AC2821F72936A6E4E98B022B91EF2E1E22A8784612C62E8AE6394CF83B84E1A
SHA-512:	4038EA05128A35E4B9D8B8127D9992478B7AAA9A9671BF7CF698B23A0BC5A9EC0C337E73FAD2FE317FA1291BC2F1CBD5C32C607D9F771DF87BF758917AC685FA
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13379160252869115","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":626906},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	5859
Entropy (8bit):	5.252704629903095
Encrypted:	false
SSDEEP:	96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE7PWMIJ:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzh2
MD5:	56E5F05C859FB10F3A1269EA465F5A6A
SHA1:	58057F15732668867328A8F0AFA5176EBA2B898E
SHA-256:	07A9CAF5BB1229E5EA2868AF7D61830FC9F79EECA0E85B273903AA31A702A8F6
SHA-512:	A143FEDBFD5CFCD5151EB3645E21FE32E11CCEDDCACB83C42E6941C2FA766B742B52E3D00609A0988AEAC6ABF7B507C9D8642B659D1EF5964CBFB4E233E1CA62
Malicious:	false
Preview:	*...#................version.1..namespace-.X.Bo................next-map-id.1.Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/.0.>j.r................next-map-id.2.Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/.1.J.4r................next-map-id.3.Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/.2..J.o................next-map-id.4.Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.3..M.^...............Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/..d.^...............Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.u..a...............Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/..`aa...............Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/`v.Yo................next-map-id.5.Pnamespace-30587558_ed88_4bd8_adc0_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.128883293016455
Encrypted:	false
SSDEEP:	6:7teVQ+q2PN72nKuAl9OmbzNMxIFUt8OtoX4dWZmw+Ot9F3QVkwON72nKuAl9Ombg:7Iu+vVaHAa8jFUt8OE/+ORAV5OaHAa8E
MD5:	95FFDF06DE10832682FD681299C6E2D6
SHA1:	7A773D5DF783E356F4A18E9162703D150DF2BDCF
SHA-256:	95B6F889655885336C3E0ECE200B9D49AD35F11AFD25CFD8FCA80703A1894384
SHA-512:	3C4EF61C38D368B9E5F1CC3B24F6F1F883915C66AE852DF2DF60B0D3693219F1F0000F3F9394020C0DD6C131C69EFDEBE36AE03271B0A8B7D3BBEE4AA7D4B739
Malicious:	false
Preview:	2024/12/19-04:24:01.398 130c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/19-04:24:01.423 130c Recovering log #3.2024/12/19-04:24:01.436 130c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.128883293016455
Encrypted:	false
SSDEEP:	6:7teVQ+q2PN72nKuAl9OmbzNMxIFUt8OtoX4dWZmw+Ot9F3QVkwON72nKuAl9Ombg:7Iu+vVaHAa8jFUt8OE/+ORAV5OaHAa8E
MD5:	95FFDF06DE10832682FD681299C6E2D6
SHA1:	7A773D5DF783E356F4A18E9162703D150DF2BDCF
SHA-256:	95B6F889655885336C3E0ECE200B9D49AD35F11AFD25CFD8FCA80703A1894384
SHA-512:	3C4EF61C38D368B9E5F1CC3B24F6F1F883915C66AE852DF2DF60B0D3693219F1F0000F3F9394020C0DD6C131C69EFDEBE36AE03271B0A8B7D3BBEE4AA7D4B739
Malicious:	false
Preview:	2024/12/19-04:24:01.398 130c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/19-04:24:01.423 130c Recovering log #3.2024/12/19-04:24:01.436 130c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241219092405Z-174.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
Category:	dropped
Size (bytes):	65110
Entropy (8bit):	2.1260016104345802
Encrypted:	false
SSDEEP:	192:/DvRi+SgEjW666fm6666PaNrA2FgZiqC5kgSxOsfl9IJXc4cY1bA1kxXaWBLhnhn:/Dv0D/jrIKbqqa4KU2y
MD5:	318E32E12D2CAB6234783ED5F7C23398
SHA1:	46EB3610053157B3241499A2656BB8929AE617EB
SHA-256:	9A4B13049520A8F71F4FDDE23225A488BC756E0C319784BFCF71EB00A07B3336
SHA-512:	08FB9331F00DB47B633A164D94B24986795FC94DECD4321D454024C7F29391A8D31F89052E8386C94949A7D13613C30638B19CA0B8DFC4F7B1BEDFF56BA0D544
Malicious:	false
Preview:	BMV.......6...(...k...h..... .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................b_..!...~{......................................................rl........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.444840249210118
Encrypted:	false
SSDEEP:	384:ye6ci5tdiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:m2s3OazzU89UTTgUL
MD5:	727496ABB5063691D52399FD68177E5A
SHA1:	DBBE4CA307C4586D0739BF0BF1B6748708350726
SHA-256:	D0E98836274540DACAE374277579207E04CBA2E2533BEEB5E2EC7976A91F2D3A
SHA-512:	AF87E838E40F084A3F7143EF1EF8D76207D927C6FD5F830D027AAA5EA470FD21F7BCE19B312A8A9B9A87D49DA6EAA4EE529F24FEEC1BC37ED58A36CB2EDF50F9
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.768673535781837
Encrypted:	false
SSDEEP:	48:7MtJioyVLioy7oy1C7oy16oy1RKOioy1noy1AYoy1Wioy1oioykioyBoy1noy1O7:7eJuLB4XjBitb9IVXEBodRBke
MD5:	9B206FAF03C3CE1987CEFDBFF4115714
SHA1:	2D022F1A613EA7725D3F411A88EE7253D0820267
SHA-256:	941F1D1892B2F68B9CC343C4BC0969601C197E0CCD1837D0E803271ACFC88322
SHA-512:	D6C4ADEE63F48D6C046872E6B58F53534BE2AC33F2CE788B57E090A18CF5F8DA4CA65625D667D45BAF4343661707E073BC873A892BB4B67B450FA7E89CBE7E0D
Malicious:	false
Preview:	.... .c......]?................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:	24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:	1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.756901573172974
Encrypted:	false
SSDEEP:	3:kkFkloAh3kVXfllXlE/HT8kol/tNNX8RolJuRdxLlGB9lQRYwpDdt:kKxEUmT85l7NMa8RdWBwRd
MD5:	BEF89BCF2F37C2187CDF54FB429128B3
SHA1:	AC7060C3E1B96D6B4FEC6F6BB750157804DE3BB2
SHA-256:	DAF0688A6E5A27C58FC781F36EC6D6414C6A8D7DF17F7CBCDDFCFFD8ED079ADB
SHA-512:	EB6531732F4A442B0DA1151BD7A755A08467B0918A57673612FB65C9A791D25F2A9C749B797D9A21EE023C9D87489A0D0E8D045D4E61CCA98B1F49333570A653
Malicious:	false
Preview:	p...... .........e...Q..(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.2455963809668185
Encrypted:	false
SSDEEP:	6:kKAJ9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:o4DImsLNkPlE99SNxAhUe/3
MD5:	BBB9319431988460F93E010754164D77
SHA1:	31EA175B719FDF2257AE18B0DAECBEB1DA3C4A68
SHA-256:	7BC6DCCF72A295499D7ECF17072D97F46ACA69D7B95DE20AD7B138312EFAA16A
SHA-512:	106C85007231790A663E5CF0F84CB4C82BB39E3EC9AFD2650BEFB83B61ED5D53065A16899835EC1359951BD4AD307FBD4D346580632BED8623C6408C981F240F
Malicious:	false
Preview:	p...... ..........m..Q..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	227002
Entropy (8bit):	3.392780893644728
Encrypted:	false
SSDEEP:	1536:qKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:XPCaJ/3AYvYwglFoL+sn
MD5:	265E3E1166312A864FB63291EA661C6A
SHA1:	80DFF3187FF929596EB22E1DB9021BAD6F97178C
SHA-256:	C13E08B1887A4E44DC39609D7234E8D732A6BC11313B55D6F4ECFB060CD87728
SHA-512:	48776A2BFE8F25E5601DCC0137F7AB103D5684517334B806E3ACF61683DD9B283828475FC85CE0CBE4E8AF88E6F8B25EED0A77640E2CFFF2CC73708726519AFA
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.370906325306159
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBXa+UzXXmnZiQ0YdDoAvJM3g98kUwPeUkwRe9:YvXKXBKfHmcWsGMbLUkee9
MD5:	9A81E5F53D6C9EA5E6177FF7696EA664
SHA1:	B6E9C965BDD94CF00AF8DB1AA47C75B43C5CD6CB
SHA-256:	7DD8C7CA13D65D7D8050FC57EA98935FE76BB0C80AFFF04DD8C45B2CCBB14238
SHA-512:	63DC6F74AD1B25AABFBDDED9A45DC66DB410E32B62B49DA1EE6C80CF0B25170ADBC9C098CD182961ECD019B3F3CDDF26A1529282F1CBF545E16F95317C2B6E55
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"6eadc699-7d69-4808-ba69-7f4ed831bb22","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1734776664548,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.324141298006912
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBXa+UzXXmnZiQ0YdDoAvJfBoTfXpnrPeUkwRe9:YvXKXBKfHmcWsGWTfXcUkee9
MD5:	5CAB647CDC5C852C99E60B1B9C02FE08
SHA1:	F3D0B53E7589164FF3396FFC49552A5745D062EC
SHA-256:	A7B2F259E1E13F393530FE885ACFDCFD5EB2B99B6CA1C4D3E6245A2C35FDF445
SHA-512:	766366E78116F82749B520B1AF683BFCD4303732FC2510112E833A47AA18BEAEC22E108FDB578FD6A68773660073B56EA27C375D7399EB23308B9276A29A2408
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"6eadc699-7d69-4808-ba69-7f4ed831bb22","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1734776664548,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.303136333401988
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBXa+UzXXmnZiQ0YdDoAvJfBD2G6UpnrPeUkwRe9:YvXKXBKfHmcWsGR22cUkee9
MD5:	36E7BDC916D0D393FCD19CB0D5BD5634
SHA1:	FF4FB91E7B4E3E5FCD6BCF5ACC2FABA299F3C7D5
SHA-256:	035C69F273C533E4B862CAF382488BDC6E2BA05C411EC610CF71BC0F9D8E9623
SHA-512:	5AFF41C8F485F958B4B7F90A635F9595C83AD544B51CD09F643BB83C4B7F295371A03A3B37768DDB3634250F89879ED49018B3815614E8EA09CED1B6BA776DFD
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"6eadc699-7d69-4808-ba69-7f4ed831bb22","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1734776664548,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.351193565496024
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBXa+UzXXmnZiQ0YdDoAvJfPmwrPeUkwRe9:YvXKXBKfHmcWsGH56Ukee9
MD5:	C4576BF13577D9808B7DD6EAC1D7F5EF
SHA1:	2F3E8F4CC30F7148C982B72FE6FC38B4102A6CBF
SHA-256:	594B064C16F5E31551F6CF1CFCD9608B865EC9DAF5370528DC7F1B616AA9A54D
SHA-512:	6FF322395842491E3580774F7E99133C3DC7BB8766832320B092FDC098DFDF2EE703AA4E26EC961393E2E25C1AFC90F26731A40E3995BD38C9BD31809A5A7E60
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"6eadc699-7d69-4808-ba69-7f4ed831bb22","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1734776664548,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1123
Entropy (8bit):	5.687428571004963
Encrypted:	false
SSDEEP:	24:Yv6XBKTWJpLgE9cQx8LennAvzBvkn0RCmK8czOCCSK:YvE9hgy6SAFv5Ah8cv/K
MD5:	74F3B668551980064B465A32A8189ADC
SHA1:	00C7F7EF5F4AB99704A6D72B8FF801054D1C11D6
SHA-256:	0C8E774DC957F6EF736DA6A8C521D72AC341A95511DDC35EA54742BD6B524B14
SHA-512:	40DD07483D6FE33AAA3428DC5D0F9C08B6DB049493D9593E9C0A7BF18EA64F9255FD01F2B21A7688B0A4D5B946FC158D1640E9335DB1A480729232CA64A413A7
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"6eadc699-7d69-4808-ba69-7f4ed831bb22","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1734776664548,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.299577558484606
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBXa+UzXXmnZiQ0YdDoAvJf8dPeUkwRe9:YvXKXBKfHmcWsGU8Ukee9
MD5:	99D6E200D96F7EF3863164BA7B1C95D2
SHA1:	AEE5F544C66C13AA79EEEC458BAA8C301356BDB2
SHA-256:	0A7650C081687384296608C2BFE9149D4C18EA66D34D172F86C55E7968D310B5
SHA-512:	9FB95585B60E79F7016E3E1C1D7736058AD8DA223A3B6EF47EDDB844CF1D245B7E59DB13CE07093F6FCC67CF637C8B9DC4AB2906A1BF7DDB0BC0E0D5AC59EB4C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"6eadc699-7d69-4808-ba69-7f4ed831bb22","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1734776664548,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.30223415077999
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBXa+UzXXmnZiQ0YdDoAvJfQ1rPeUkwRe9:YvXKXBKfHmcWsGY16Ukee9
MD5:	486AEAE4F0D7003131FB385D7568BB62
SHA1:	63A5ECFCDCF1DC76500B0510C9AFBD023313C596
SHA-256:	0557E04AC903A2BCD9D32FFFF93C66236F07BA8F919A9D915A96A391DCE2F220
SHA-512:	8CAF04FFA7D1593C42F6F8178DC5D8581718DF754D9577F79446643F3853446EDD4E6A8F385A75914457CCB3F1CABB9D2E296DF261E40865B38FB99EE3716EEA
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"6eadc699-7d69-4808-ba69-7f4ed831bb22","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1734776664548,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.308726160015602
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBXa+UzXXmnZiQ0YdDoAvJfFldPeUkwRe9:YvXKXBKfHmcWsGz8Ukee9
MD5:	560AF361CFF4D6E0A1530AA406D659C2
SHA1:	1A760BD2CA520921399186C34CEF64FCBDCA23CC
SHA-256:	657AA048F065B708B1E8D322F25DD6CA8F8CDDCC65598B7F30D3AEC62B22347F
SHA-512:	9A3BB349EE7049604E8E26DBE4B627B2E16BBEFAB6778F2360B604411B24C6D5CC711AD1EABF5143D62C1F9BAE0AAEC961FE6C2E38204B162C31532B00C9B7ED
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"6eadc699-7d69-4808-ba69-7f4ed831bb22","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1734776664548,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.325772849859551
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBXa+UzXXmnZiQ0YdDoAvJfzdPeUkwRe9:YvXKXBKfHmcWsGb8Ukee9
MD5:	3A10EA85357496233DD442F6E98B7638
SHA1:	990E5ACF4173C124761F310DFFB9FCA22A2F0BE4
SHA-256:	412235DB757D4963FBF60774E1F8B58E15F406AEE78A146B0040DDEAE845511B
SHA-512:	039EB4D442E6792406940A1FE5E1B877C671C95D544EEC4E33C15550913B782ED7018C1079CF67AD6626347A0EF274CD69FAF09D147C0452AE393AB3A80BCAB3
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"6eadc699-7d69-4808-ba69-7f4ed831bb22","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1734776664548,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.306549656209867
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBXa+UzXXmnZiQ0YdDoAvJfYdPeUkwRe9:YvXKXBKfHmcWsGg8Ukee9
MD5:	850941AB451A93D7344A3C0A7DF577B3
SHA1:	F198D1BEE6B7E3F138AA78A052F5CBD385BFB746
SHA-256:	B6379DBF4CE874865529C99A3ADFF2A91D207F3A94E3CC14F481C1CEC8B85472
SHA-512:	71FD89800D3CD8C86A308F424939E691B34CD82648A917D15417FE6061D067D50700BEA337CC627B89D561129292F749C08ED3BD3DE5AED86F9BC6710DCC7A0C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"6eadc699-7d69-4808-ba69-7f4ed831bb22","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1734776664548,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	284
Entropy (8bit):	5.2930143308091475
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBXa+UzXXmnZiQ0YdDoAvJf+dPeUkwRe9:YvXKXBKfHmcWsG28Ukee9
MD5:	89A45AA79540911B0681F064569F4327
SHA1:	6C89E38E677877D4E6DEE63DB1D1DE86E4EDBB96
SHA-256:	69469B2690CC712EFE64B771F932053F3E7EAE3645CD8A34AE33D15F607F3DE0
SHA-512:	F8A010D06F64A7664BF16CDD72FD29DCF583C20852A121143C034EE6C15158C7080904AA3D22F08A0D43F8E8E95319B5D19C885D0FE1B501A18EE5954B915D2B
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"6eadc699-7d69-4808-ba69-7f4ed831bb22","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1734776664548,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.290051739064419
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBXa+UzXXmnZiQ0YdDoAvJfbPtdPeUkwRe9:YvXKXBKfHmcWsGDV8Ukee9
MD5:	BCEED7FED688C0D550C5D9F367DF92C2
SHA1:	833EDCA26247CF3A1BAC50D7D6A2C4A6170BA516
SHA-256:	713475019241796BA7953A7479BC36DEE117F6C3000BBFB5251A9EC9ED85669E
SHA-512:	17779211E195493C008ADD1175C91178EB0C649AD544DF68288A2B86C7E0F4FC6E050AEEB658D09F293D7AD171A5A5BD341E749E93B132A7CA7729552B580DC7
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"6eadc699-7d69-4808-ba69-7f4ed831bb22","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1734776664548,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.29352371640086
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBXa+UzXXmnZiQ0YdDoAvJf21rPeUkwRe9:YvXKXBKfHmcWsG+16Ukee9
MD5:	BE6196C263F4A77BDADDAA6D13540436
SHA1:	2C2EC3E1A7ED0A1FDF1DEDF5086334535A07DC9C
SHA-256:	BA22542311790FDA313176CFF971D83CCB05AA8C1C7B95F6AD1874F230455DF5
SHA-512:	376934E40607102DB3B35690FD73553F3E6B8E0FCB83376BAFB979135D9CAC687169176BB25CD9544BA4EF5DED564046F174FC8768C1F1044BFE5837A4065055
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"6eadc699-7d69-4808-ba69-7f4ed831bb22","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1734776664548,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	5.663307322794491
Encrypted:	false
SSDEEP:	24:Yv6XBKTW5amXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSK:YvE5BgkDMUJUAh8cvMK
MD5:	6C716374A24E47D282E341492148602B
SHA1:	4C054366A019064CF534DC34C602890E2A6139AD
SHA-256:	CA60494B5D6B4277764B6E57688DAF8289CD5958785C6ECA829ECDB2B91EF30E
SHA-512:	F61000F332CD32C8A56843AD41EE1140F0111558D307B1EF2E03F97DBE7411107380654D5720A6F4145AEB189F51A3026444F258E12306584718F2ACFE4ABC54
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"6eadc699-7d69-4808-ba69-7f4ed831bb22","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1734776664548,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.269613587634899
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBXa+UzXXmnZiQ0YdDoAvJfshHHrPeUkwRe9:YvXKXBKfHmcWsGUUUkee9
MD5:	EF8FD792ECF108B751C9CC9E4BA5860F
SHA1:	09451814B0FF4F1F7E3BEA62E6DEA07C8F0A7FD2
SHA-256:	BE32DE6F3F92E04E13FFD61095266153C8E9106EB298D5ED36E8DE70305D05B4
SHA-512:	EE87051526C97CCA6C7AEFEFD357700EF0D639173EF09C8BFE33999A16322C4AAD43DF0257AB7AEEAF5684F2BFAF21916E5E634485EF59A2B95D0C387FF9AFEC
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"6eadc699-7d69-4808-ba69-7f4ed831bb22","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1734776664548,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	282
Entropy (8bit):	5.281087464917583
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBXa+UzXXmnZiQ0YdDoAvJTqgFCrPeUkwRe9:YvXKXBKfHmcWsGTq16Ukee9
MD5:	48E2B3E57B16EE91240A18E1AE4402CA
SHA1:	26C74262482CACA2E18FE3C797E1AFFE1251294A
SHA-256:	4919215BCE7DE7F3A5B11AD94E198281C599FC6B2870BBD5A4F7B96600A79459
SHA-512:	2BC4849754E1030D61E61E84E6DCC7B7DE1E54788F7265D8A84FDCB704E1F5CD4293F53AF07BEBA5F2DDBD9B6D9200A587A98826B821E99B30D259E1FC1D09FA
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"6eadc699-7d69-4808-ba69-7f4ed831bb22","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1734776664548,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2814
Entropy (8bit):	5.132792040157728
Encrypted:	false
SSDEEP:	24:YgXr0GaLaimayjpwckLJqQ3piWKx0zNGaG0RV/PjWR0j0SdfjlQloC225V2LSdR8:Y2w9qQDKRaBWWUnf5V9SG6RqICfp95S
MD5:	63797B1987DF01B391535108DAFFE2B1
SHA1:	9A007C8DD234439B98B5ECD2CCC6BD509AB91444
SHA-256:	5663992435140688ABA965131045A1E7F3D78C0DC2E37D5D33462A3620ACE3E1
SHA-512:	7E5E83ACA393C0E80467C7C7EC82D8AF3B12A7873FB8993E8862D41FEEB3B9C4E21F23E6D4927BCB721EC1DCF26D07CD649BE509693192150DF31064C5E54A30
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"dbfe50768cf43fb51ebde8e72750b24a","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1734600249000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"6b0717a4ac7db751a6cd1ef4fdd47c61","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1734600249000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"b2bdf8ffbb1c17d234eb39623f5883e6","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1734600249000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"3b67be5a28031124dc663416c5dcdc3d","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1734600249000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"6c7b10998683da5d6eb5e2281565e914","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1734600249000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"cf82a9a99a0c4ad3a741cd951dc99719","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 24, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 24
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.144686721935426
Encrypted:	false
SSDEEP:	24:TLhx/XYKQvGJF7ursNERZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudc9:TFl2GL7msEXc+XcGNFlRYIX2v3kd
MD5:	42D7653DCB96A58EF208396FDC342219
SHA1:	E24DAFCB05B79F6B900D6720EF72B0395ABD480F
SHA-256:	30AFE801ECA83AFE0D352B7291D8072B4110365879DF822CE1A66B3E9B83E3DD
SHA-512:	26DD56EB219C716EC0F61A806D136A6530D1142ADF57317C468C9F0FC545313DB0309D8F2E66EF15D26789C878F2653353D80C2A6E74A7F890CC2734F762353E
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.549596865511709
Encrypted:	false
SSDEEP:	24:7+tt8qEUXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHRuLuxQvqLxx/e:7MLXc+XcGNFlRYIX2v5qVl2GL7ms0
MD5:	EC79B9258A0C53C3B27A4F0795D88FB1
SHA1:	E319A5E4B37C65EC66F59F4A49F06E578AC280DB
SHA-256:	6EAC427EC3DFFB8CDC5AB1FDDC4E9ACF6AE9F5DE59BD2C3B0FD724683D924371
SHA-512:	8CB00A9896C4F722688263B638950F9B58E0AB1EA3F099971DC9CF13C05C78CE43CE40914EB484FF60AEF992627DF1105D4E8D1CDC4307DCEB36A69C310BDFA5
Malicious:	false
Preview:	.... .c......M.L..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................b..b.b.b.b.b.b.b.b.b.b.b.b.b..................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	66726
Entropy (8bit):	5.392739213842091
Encrypted:	false
SSDEEP:	768:RNOpblrU6TBH44ADKZEgMFrgLaGX62FZs8OF+mxIrXbMoYyu:6a6TZ44ADEIrAaGX188OFVSK
MD5:	D203A80B7266105435783D48D638A7D9
SHA1:	63736328631A24B9196C6C1D64E9002CFDC1A6D8
SHA-256:	12F3B0BB6AADABD205B4FCEB68DD8052822997C728AEFB058EBB8D7C11E302D2
SHA-512:	12F61256FFDDDB0B6F75BF57AAF56C9B77C0F81C47DC6A58CBA3E7B01421D814F0BC6CF3B69A2FDB1E4FBD1A1BCC42D3F7C181D0718353641E1E3B4A829F7273
Malicious:	false
Preview:	4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

C:\Users\user\AppData\Local\Temp\MSI267e5.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.513199765407527
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8mUlAZ:Qw946cPbiOxDlbYnuRKR
MD5:	1AA55D544574D57156BC535292276AEE
SHA1:	7EBB66E3CC6EE7306C9AF9BB2093180DDD3063AC
SHA-256:	96A8254FDFB652D7B7CF8F2F48663B6B2E360F96F4B60B35EC2F4BEB01F4E2C3
SHA-512:	9EF3647146EC2F03CFBD7E29860008BAF41EA8535BCC8F873DC4DCB527C81326933C626D6C1CD5845F771F3DF07AB9F8056EA98D4137ED1F1A23F92F23051DEC
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.9./.1.2./.2.0.2.4. . .0.4.:.2.4.:.0.8. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9liqqg4_1vjgoqu_38k.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PDF document, version 1.6, 0 pages
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.029401304319833
Encrypted:	false
SSDEEP:	6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOCkDpWxaLkDpWx+CSyAAO:IngVMre9T0HQIDmy9g06JXSQ4UQ4wlX
MD5:	A7F8798AED0FE219847E058B62526FD8
SHA1:	6131AB2BC1D21B96114F3CD7BC22F63F90211236
SHA-256:	416AC2047014D6F13391B44763A625AE24C8A4FFEF1E0A76EEBB9DBBA403F067
SHA-512:	69449C341F7F7E58732292268F7CF2806A6B0827571183387E62773D6652F0874CD74799AAABF6976047A41AD2CC338C1AB587D6B087DAC952664A594F1384D5
Malicious:	false
Preview:	%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<88328B0B7FA0934CAB00CDC3F69702E4><88328B0B7FA0934CAB00CDC3F69702E4>]>>..startxref..127..%%EOF..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-19 04-24-02-728.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.338264912747007
Encrypted:	false
SSDEEP:	384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb
MD5:	128A51060103D95314048C2F32A15C66
SHA1:	EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB
SHA-256:	601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713
SHA-512:	55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677
Malicious:	false
Preview:	SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	15114
Entropy (8bit):	5.345350593691164
Encrypted:	false
SSDEEP:	384:ZSWrWWf0Bbv/SY5JrkG1vGc5xKxk/37Vb8wOcAu2PzPwOj14YThhS5S7+KYa2JZ1:wzx
MD5:	BA09D95EC5861D62D8108C3A5F34191C
SHA1:	B67945A68C0F83C48CD03FDFC831573AABB03FB2
SHA-256:	685BBEC495013CF0D875A02966DEA33AF44525C51E4BBC06B317DA9F89B16D7A
SHA-512:	B25AE91E92DC53E589C7C29A87213D8E191D000C4B94CD693EC41AA555DCE162CE9F4A09BC257E1C52AEDDB5D07514C63A3FEC02FFEE3D0EA63F6A7ADDF336F4
Malicious:	false
Preview:	SessionID=fc3275d4-325d-4ad5-a0b2-68d9be84a1a7.1734600242772 Timestamp=2024-12-19T04:24:02:772-0500 ThreadID=7288 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=fc3275d4-325d-4ad5-a0b2-68d9be84a1a7.1734600242772 Timestamp=2024-12-19T04:24:02:773-0500 ThreadID=7288 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=fc3275d4-325d-4ad5-a0b2-68d9be84a1a7.1734600242772 Timestamp=2024-12-19T04:24:02:773-0500 ThreadID=7288 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=fc3275d4-325d-4ad5-a0b2-68d9be84a1a7.1734600242772 Timestamp=2024-12-19T04:24:02:773-0500 ThreadID=7288 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=fc3275d4-325d-4ad5-a0b2-68d9be84a1a7.1734600242772 Timestamp=2024-12-19T04:24:02:773-0500 ThreadID=7288 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.398895552177984
Encrypted:	false
SSDEEP:	192:acb4I3dcbPcbaIO4cbYcbqnIdjcb6acbaIewcbikaaGBWjopt8lkLUlk2Vk9syc0:V3fOCIdJDeuWAx
MD5:	847DE4085429251B3E99180CA6CD69FB
SHA1:	601E89F960DE1191D9D16826A0517A9534EA081E
SHA-256:	4B4EC0047A9AA5775A1A1EC1D6E88790D498152E18A92724458B0055E4FB99D2
SHA-512:	4FB5110FDE9BA6315A57A263264227CD23D39445FA36A31EEEAE42FFD73B389C4B4CD32DE7CDFE2F960C9AAE76A0B7599F58B0E79176F83F8C79EB822D071E63
Malicious:	false
Preview:	05-10-2023 08:20:22:.---2---..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : *************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***********************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 08:20:22:.Closing File..05-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\3c61d777-891a-4965-bd4f-73be0dcc1006.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/xA7owWLEwYIGNPMGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLEwZGuGZn3mlind9i4ufFXpAXkru
MD5:	152317AB9AD27A4EF2AEDD551E5C0A26
SHA1:	5C82D6816A32B57F62787823676F32B6568D2072
SHA-256:	130E89C69D9ACB34B88A39245E989EB1E243311D0C2D71BA1DD46FD2A9C0BDDD
SHA-512:	3736755453E7E2045602B92BC1EC015E3F009980EABBD5A25A60489CF07BED123F42284E9209AA96E19503CE5964CEBEEF33DC2C64AFBB69135060E3E45A1B1B
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\5bafa4ab-0472-4b06-ae81-0a980b841d93.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\737aba15-1053-4319-8434-0ac0620f93ca.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw
MD5:	8B9FA2EC5118087D19CFDB20DA7C4C26
SHA1:	E32D6A1829B18717EF1455B73E88D36E0410EF93
SHA-256:	4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
SHA-512:	662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\d8972282-867b-4c31-a078-361d6eb83326.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

Static File Info

General

File type:	PDF document, version 1.7
Entropy (8bit):	7.987903944044224
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Dix7g8PK1e.pdf
File size:	87'123 bytes
MD5:	84b73580b89482d59675adec2722ce2c
SHA1:	eeffe9f7788436ab7e3e60c01c9cd6fd3d9ab4d3
SHA256:	e5175c53f2692ffb1b9a72e3ef6f5214f00b1dc0fcd0bdac46644604283755db
SHA512:	8d6596a5c33b4d5add907d0766c90868ba76b397abdc55225bd1089a84ff62e4738e3142c3c4cc08e2b279873ba4f0fcea6142f4b6b4e81f0e1ee26ad8ae4ca6
SSDEEP:	1536:fB14I+0Vwg69FGHHmuWcLM2Ico8XMVqmEzCdydoc3ztH/pf1dwq:f8I+0j69AnmuWcgJco8XueCdy93ztx1X
TLSH:	DB83F1AE9815B8E4D44A81B03D0E61CD8EDECA935D1D1176344CCB9F3A1EC92B9612FF
File Content Preview:	%PDF-1.7.%.....2 0 obj.<<./Metadata 4 0 R./Pages 5 0 R./Type /Catalog./AcroForm 6 0 R.>>.endobj.4 0 obj.<<./Subtype /XML./Type /Metadata./Filter /FlateDecode./Length 620.>>.stream..x..W.n.0...SX..3.!$`.U..Z.e..H..c...0.......H{..4.H.M....,...~.9.,9..*.6..

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.7
Total Entropy:	7.987904
Total Bytes:	87123
Stream Entropy:	7.996527
Stream Bytes:	83978
Entropy outside Streams:	4.941686
Bytes outside Streams:	3145
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	36
endobj	36
stream	34
endstream	34
xref	0
trailer	0
startxref	1
/Page	0
/Encrypt	0
/ObjStm	1
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	1
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
60	c4d4942b2b28ae82	07147c170663819c907a2139e781abd4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 19, 2024 10:23:55.880433083 CET	49673	443	192.168.2.6	173.222.162.64
Dec 19, 2024 10:23:55.880448103 CET	49674	443	192.168.2.6	173.222.162.64
Dec 19, 2024 10:23:56.130418062 CET	49672	443	192.168.2.6	173.222.162.64
Dec 19, 2024 10:24:02.639635086 CET	49709	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:02.639729977 CET	443	49709	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:02.639815092 CET	49709	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:02.640454054 CET	49709	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:02.640494108 CET	443	49709	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:04.897167921 CET	443	49709	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:04.897314072 CET	49709	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:04.901740074 CET	49709	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:04.901772022 CET	443	49709	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:04.902185917 CET	443	49709	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:04.904031038 CET	49709	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:04.904087067 CET	49709	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:04.904098988 CET	443	49709	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:04.904222012 CET	49709	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:04.947341919 CET	443	49709	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:05.495101929 CET	49674	443	192.168.2.6	173.222.162.64
Dec 19, 2024 10:24:05.532824039 CET	49673	443	192.168.2.6	173.222.162.64
Dec 19, 2024 10:24:05.572658062 CET	443	49709	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:05.572854042 CET	443	49709	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:05.572942972 CET	49709	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:05.573096991 CET	49709	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:05.573117018 CET	443	49709	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:05.818166971 CET	49672	443	192.168.2.6	173.222.162.64
Dec 19, 2024 10:24:08.135181904 CET	443	49703	173.222.162.64	192.168.2.6
Dec 19, 2024 10:24:08.135298014 CET	49703	443	192.168.2.6	173.222.162.64
Dec 19, 2024 10:24:14.770332098 CET	49739	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:14.770425081 CET	443	49739	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:14.770545959 CET	49739	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:14.771152973 CET	49739	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:14.771194935 CET	443	49739	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:16.987365961 CET	443	49739	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:16.987472057 CET	49739	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:16.989878893 CET	49739	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:16.989892960 CET	443	49739	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:16.990211010 CET	443	49739	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:16.992558956 CET	49739	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:16.992621899 CET	49739	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:16.992630005 CET	443	49739	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:16.992800951 CET	49739	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:17.035335064 CET	443	49739	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:17.654021978 CET	443	49739	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:17.654118061 CET	443	49739	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:17.654201984 CET	49739	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:17.654361963 CET	49739	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:17.654403925 CET	443	49739	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:27.385381937 CET	49775	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:27.385428905 CET	443	49775	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:27.385504961 CET	49775	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:27.386121988 CET	49775	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:27.386142015 CET	443	49775	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:29.607431889 CET	443	49775	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:29.607536077 CET	49775	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:29.613317013 CET	49775	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:29.613327980 CET	443	49775	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:29.614125967 CET	443	49775	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:29.616192102 CET	49775	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:29.616264105 CET	49775	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:29.616271019 CET	443	49775	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:29.616400003 CET	49775	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:29.659339905 CET	443	49775	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:30.158229113 CET	443	49775	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:30.158458948 CET	443	49775	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:30.158520937 CET	49775	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:30.159446001 CET	49775	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:30.159461975 CET	443	49775	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:30.159472942 CET	49775	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:30.801985025 CET	49781	443	192.168.2.6	142.250.181.132
Dec 19, 2024 10:24:30.802028894 CET	443	49781	142.250.181.132	192.168.2.6
Dec 19, 2024 10:24:30.802212000 CET	49781	443	192.168.2.6	142.250.181.132
Dec 19, 2024 10:24:30.802406073 CET	49781	443	192.168.2.6	142.250.181.132
Dec 19, 2024 10:24:30.802423954 CET	443	49781	142.250.181.132	192.168.2.6
Dec 19, 2024 10:24:32.502264977 CET	443	49781	142.250.181.132	192.168.2.6
Dec 19, 2024 10:24:32.502633095 CET	49781	443	192.168.2.6	142.250.181.132
Dec 19, 2024 10:24:32.502681017 CET	443	49781	142.250.181.132	192.168.2.6
Dec 19, 2024 10:24:32.504143000 CET	443	49781	142.250.181.132	192.168.2.6
Dec 19, 2024 10:24:32.504220963 CET	49781	443	192.168.2.6	142.250.181.132
Dec 19, 2024 10:24:32.505731106 CET	49781	443	192.168.2.6	142.250.181.132
Dec 19, 2024 10:24:32.505824089 CET	443	49781	142.250.181.132	192.168.2.6
Dec 19, 2024 10:24:32.555840015 CET	49781	443	192.168.2.6	142.250.181.132
Dec 19, 2024 10:24:32.555864096 CET	443	49781	142.250.181.132	192.168.2.6
Dec 19, 2024 10:24:32.602411032 CET	49781	443	192.168.2.6	142.250.181.132
Dec 19, 2024 10:24:42.189620018 CET	443	49781	142.250.181.132	192.168.2.6
Dec 19, 2024 10:24:42.189683914 CET	443	49781	142.250.181.132	192.168.2.6
Dec 19, 2024 10:24:42.189750910 CET	49781	443	192.168.2.6	142.250.181.132
Dec 19, 2024 10:24:42.352081060 CET	49781	443	192.168.2.6	142.250.181.132
Dec 19, 2024 10:24:42.352152109 CET	443	49781	142.250.181.132	192.168.2.6
Dec 19, 2024 10:24:43.021030903 CET	49823	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:43.021070004 CET	443	49823	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:43.021142006 CET	49823	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:43.022128105 CET	49823	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:43.022144079 CET	443	49823	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:45.234544992 CET	443	49823	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:45.234630108 CET	49823	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:45.236469984 CET	49823	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:45.236485004 CET	443	49823	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:45.236711025 CET	443	49823	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:45.238730907 CET	49823	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:45.238782883 CET	49823	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:45.238792896 CET	443	49823	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:45.238909006 CET	49823	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:45.283327103 CET	443	49823	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:45.900091887 CET	443	49823	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:45.900285959 CET	443	49823	20.198.119.84	192.168.2.6
Dec 19, 2024 10:24:45.900423050 CET	49823	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:45.900510073 CET	49823	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:24:45.900549889 CET	443	49823	20.198.119.84	192.168.2.6
Dec 19, 2024 10:25:07.606440067 CET	49891	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:25:07.606535912 CET	443	49891	20.198.119.84	192.168.2.6
Dec 19, 2024 10:25:07.606631041 CET	49891	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:25:07.607254028 CET	49891	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:25:07.607306004 CET	443	49891	20.198.119.84	192.168.2.6
Dec 19, 2024 10:25:09.830710888 CET	443	49891	20.198.119.84	192.168.2.6
Dec 19, 2024 10:25:09.830881119 CET	49891	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:25:09.832993031 CET	49891	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:25:09.833029985 CET	443	49891	20.198.119.84	192.168.2.6
Dec 19, 2024 10:25:09.833375931 CET	443	49891	20.198.119.84	192.168.2.6
Dec 19, 2024 10:25:09.835026979 CET	49891	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:25:09.835086107 CET	49891	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:25:09.835098982 CET	443	49891	20.198.119.84	192.168.2.6
Dec 19, 2024 10:25:09.835340977 CET	49891	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:25:09.879365921 CET	443	49891	20.198.119.84	192.168.2.6
Dec 19, 2024 10:25:10.498027086 CET	443	49891	20.198.119.84	192.168.2.6
Dec 19, 2024 10:25:10.498262882 CET	443	49891	20.198.119.84	192.168.2.6
Dec 19, 2024 10:25:10.498346090 CET	49891	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:25:10.498471975 CET	49891	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:25:10.498509884 CET	443	49891	20.198.119.84	192.168.2.6
Dec 19, 2024 10:25:30.724920988 CET	49948	443	192.168.2.6	142.250.181.132
Dec 19, 2024 10:25:30.724993944 CET	443	49948	142.250.181.132	192.168.2.6
Dec 19, 2024 10:25:30.725150108 CET	49948	443	192.168.2.6	142.250.181.132
Dec 19, 2024 10:25:30.725446939 CET	49948	443	192.168.2.6	142.250.181.132
Dec 19, 2024 10:25:30.725464106 CET	443	49948	142.250.181.132	192.168.2.6
Dec 19, 2024 10:25:32.425292015 CET	443	49948	142.250.181.132	192.168.2.6
Dec 19, 2024 10:25:32.426137924 CET	49948	443	192.168.2.6	142.250.181.132
Dec 19, 2024 10:25:32.426218987 CET	443	49948	142.250.181.132	192.168.2.6
Dec 19, 2024 10:25:32.427536011 CET	443	49948	142.250.181.132	192.168.2.6
Dec 19, 2024 10:25:32.428116083 CET	49948	443	192.168.2.6	142.250.181.132
Dec 19, 2024 10:25:32.428317070 CET	443	49948	142.250.181.132	192.168.2.6
Dec 19, 2024 10:25:32.472778082 CET	49948	443	192.168.2.6	142.250.181.132
Dec 19, 2024 10:25:33.832685947 CET	49702	80	192.168.2.6	199.232.214.172
Dec 19, 2024 10:25:33.832935095 CET	49701	443	192.168.2.6	20.190.147.4
Dec 19, 2024 10:25:33.953154087 CET	80	49702	199.232.214.172	192.168.2.6
Dec 19, 2024 10:25:33.953166962 CET	443	49701	20.190.147.4	192.168.2.6
Dec 19, 2024 10:25:33.953213930 CET	49702	80	192.168.2.6	199.232.214.172
Dec 19, 2024 10:25:33.953249931 CET	49701	443	192.168.2.6	20.190.147.4
Dec 19, 2024 10:25:35.688898087 CET	49959	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:25:35.688986063 CET	443	49959	20.198.119.84	192.168.2.6
Dec 19, 2024 10:25:35.689065933 CET	49959	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:25:35.689677000 CET	49959	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:25:35.689702988 CET	443	49959	20.198.119.84	192.168.2.6
Dec 19, 2024 10:25:37.896632910 CET	443	49959	20.198.119.84	192.168.2.6
Dec 19, 2024 10:25:37.896939993 CET	49959	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:25:37.898813009 CET	49959	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:25:37.898833990 CET	443	49959	20.198.119.84	192.168.2.6
Dec 19, 2024 10:25:37.899075985 CET	443	49959	20.198.119.84	192.168.2.6
Dec 19, 2024 10:25:37.901086092 CET	49959	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:25:37.901155949 CET	49959	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:25:37.901165009 CET	443	49959	20.198.119.84	192.168.2.6
Dec 19, 2024 10:25:37.901295900 CET	49959	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:25:37.947350979 CET	443	49959	20.198.119.84	192.168.2.6
Dec 19, 2024 10:25:38.562139988 CET	443	49959	20.198.119.84	192.168.2.6
Dec 19, 2024 10:25:38.562294960 CET	443	49959	20.198.119.84	192.168.2.6
Dec 19, 2024 10:25:38.562370062 CET	49959	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:25:38.562480927 CET	49959	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:25:38.562516928 CET	443	49959	20.198.119.84	192.168.2.6
Dec 19, 2024 10:25:39.254312992 CET	49705	443	192.168.2.6	20.190.147.4
Dec 19, 2024 10:25:39.377548933 CET	443	49705	20.190.147.4	192.168.2.6
Dec 19, 2024 10:25:39.377626896 CET	49705	443	192.168.2.6	20.190.147.4
Dec 19, 2024 10:25:42.113322973 CET	443	49948	142.250.181.132	192.168.2.6
Dec 19, 2024 10:25:42.113398075 CET	443	49948	142.250.181.132	192.168.2.6
Dec 19, 2024 10:25:42.113698959 CET	49948	443	192.168.2.6	142.250.181.132
Dec 19, 2024 10:25:43.210536957 CET	49948	443	192.168.2.6	142.250.181.132
Dec 19, 2024 10:25:43.210611105 CET	443	49948	142.250.181.132	192.168.2.6
Dec 19, 2024 10:26:05.248845100 CET	50028	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:26:05.248908997 CET	443	50028	20.198.119.84	192.168.2.6
Dec 19, 2024 10:26:05.249003887 CET	50028	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:26:05.249764919 CET	50028	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:26:05.249784946 CET	443	50028	20.198.119.84	192.168.2.6
Dec 19, 2024 10:26:07.460767031 CET	443	50028	20.198.119.84	192.168.2.6
Dec 19, 2024 10:26:07.460932970 CET	50028	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:26:07.463465929 CET	50028	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:26:07.463502884 CET	443	50028	20.198.119.84	192.168.2.6
Dec 19, 2024 10:26:07.463896990 CET	443	50028	20.198.119.84	192.168.2.6
Dec 19, 2024 10:26:07.467525005 CET	50028	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:26:07.467725039 CET	50028	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:26:07.467753887 CET	443	50028	20.198.119.84	192.168.2.6
Dec 19, 2024 10:26:07.468121052 CET	50028	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:26:07.511372089 CET	443	50028	20.198.119.84	192.168.2.6
Dec 19, 2024 10:26:08.129148006 CET	443	50028	20.198.119.84	192.168.2.6
Dec 19, 2024 10:26:08.129262924 CET	443	50028	20.198.119.84	192.168.2.6
Dec 19, 2024 10:26:08.129477978 CET	50028	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:26:08.129703999 CET	50028	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:26:08.129724979 CET	443	50028	20.198.119.84	192.168.2.6
Dec 19, 2024 10:26:30.789233923 CET	50029	443	192.168.2.6	142.250.181.132
Dec 19, 2024 10:26:30.789315939 CET	443	50029	142.250.181.132	192.168.2.6
Dec 19, 2024 10:26:30.789540052 CET	50029	443	192.168.2.6	142.250.181.132
Dec 19, 2024 10:26:30.790323019 CET	50029	443	192.168.2.6	142.250.181.132
Dec 19, 2024 10:26:30.790354013 CET	443	50029	142.250.181.132	192.168.2.6
Dec 19, 2024 10:26:32.479731083 CET	443	50029	142.250.181.132	192.168.2.6
Dec 19, 2024 10:26:32.480602026 CET	50029	443	192.168.2.6	142.250.181.132
Dec 19, 2024 10:26:32.480640888 CET	443	50029	142.250.181.132	192.168.2.6
Dec 19, 2024 10:26:32.481117964 CET	443	50029	142.250.181.132	192.168.2.6
Dec 19, 2024 10:26:32.482331991 CET	50029	443	192.168.2.6	142.250.181.132
Dec 19, 2024 10:26:32.482426882 CET	443	50029	142.250.181.132	192.168.2.6
Dec 19, 2024 10:26:32.535744905 CET	50029	443	192.168.2.6	142.250.181.132
Dec 19, 2024 10:26:35.926182985 CET	50030	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:26:35.926232100 CET	443	50030	20.198.119.84	192.168.2.6
Dec 19, 2024 10:26:35.926357985 CET	50030	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:26:35.927479029 CET	50030	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:26:35.927491903 CET	443	50030	20.198.119.84	192.168.2.6
Dec 19, 2024 10:26:38.144071102 CET	443	50030	20.198.119.84	192.168.2.6
Dec 19, 2024 10:26:38.144303083 CET	50030	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:26:38.147138119 CET	50030	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:26:38.147172928 CET	443	50030	20.198.119.84	192.168.2.6
Dec 19, 2024 10:26:38.147586107 CET	443	50030	20.198.119.84	192.168.2.6
Dec 19, 2024 10:26:38.151423931 CET	50030	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:26:38.151613951 CET	50030	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:26:38.151626110 CET	443	50030	20.198.119.84	192.168.2.6
Dec 19, 2024 10:26:38.152093887 CET	50030	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:26:38.199323893 CET	443	50030	20.198.119.84	192.168.2.6
Dec 19, 2024 10:26:38.692609072 CET	443	50030	20.198.119.84	192.168.2.6
Dec 19, 2024 10:26:38.692718029 CET	443	50030	20.198.119.84	192.168.2.6
Dec 19, 2024 10:26:38.692874908 CET	50030	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:26:38.693217993 CET	50030	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:26:38.693240881 CET	443	50030	20.198.119.84	192.168.2.6
Dec 19, 2024 10:26:42.189512968 CET	443	50029	142.250.181.132	192.168.2.6
Dec 19, 2024 10:26:42.189673901 CET	443	50029	142.250.181.132	192.168.2.6
Dec 19, 2024 10:26:42.189769030 CET	50029	443	192.168.2.6	142.250.181.132
Dec 19, 2024 10:26:42.615264893 CET	50029	443	192.168.2.6	142.250.181.132
Dec 19, 2024 10:26:42.615341902 CET	443	50029	142.250.181.132	192.168.2.6
Dec 19, 2024 10:27:08.138220072 CET	50031	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:27:08.138281107 CET	443	50031	20.198.119.84	192.168.2.6
Dec 19, 2024 10:27:08.138423920 CET	50031	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:27:08.139070988 CET	50031	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:27:08.139090061 CET	443	50031	20.198.119.84	192.168.2.6
Dec 19, 2024 10:27:10.350955009 CET	443	50031	20.198.119.84	192.168.2.6
Dec 19, 2024 10:27:10.351058960 CET	50031	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:27:10.352801085 CET	50031	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:27:10.352816105 CET	443	50031	20.198.119.84	192.168.2.6
Dec 19, 2024 10:27:10.353219986 CET	443	50031	20.198.119.84	192.168.2.6
Dec 19, 2024 10:27:10.355060101 CET	50031	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:27:10.355150938 CET	50031	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:27:10.355171919 CET	443	50031	20.198.119.84	192.168.2.6
Dec 19, 2024 10:27:10.355304956 CET	50031	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:27:10.395328045 CET	443	50031	20.198.119.84	192.168.2.6
Dec 19, 2024 10:27:11.017587900 CET	443	50031	20.198.119.84	192.168.2.6
Dec 19, 2024 10:27:11.017812014 CET	443	50031	20.198.119.84	192.168.2.6
Dec 19, 2024 10:27:11.017905951 CET	50031	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:27:11.018229961 CET	50031	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:27:11.018280029 CET	443	50031	20.198.119.84	192.168.2.6
Dec 19, 2024 10:27:11.018309116 CET	50031	443	192.168.2.6	20.198.119.84

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 19, 2024 10:24:13.970415115 CET	52224	53	192.168.2.6	1.1.1.1
Dec 19, 2024 10:24:27.018112898 CET	137	137	192.168.2.6	192.168.2.255
Dec 19, 2024 10:24:27.153788090 CET	53	61117	1.1.1.1	192.168.2.6
Dec 19, 2024 10:24:27.173851967 CET	53	61351	1.1.1.1	192.168.2.6
Dec 19, 2024 10:24:27.774964094 CET	137	137	192.168.2.6	192.168.2.255
Dec 19, 2024 10:24:28.525012016 CET	137	137	192.168.2.6	192.168.2.255
Dec 19, 2024 10:24:29.502654076 CET	62539	53	192.168.2.6	8.8.8.8
Dec 19, 2024 10:24:29.506582022 CET	49924	53	192.168.2.6	1.1.1.1
Dec 19, 2024 10:24:29.637131929 CET	53	62539	8.8.8.8	192.168.2.6
Dec 19, 2024 10:24:29.643523932 CET	53	49924	1.1.1.1	192.168.2.6
Dec 19, 2024 10:24:29.851366997 CET	53	51310	1.1.1.1	192.168.2.6
Dec 19, 2024 10:24:30.498868942 CET	137	137	192.168.2.6	192.168.2.255
Dec 19, 2024 10:24:30.661581039 CET	60257	53	192.168.2.6	1.1.1.1
Dec 19, 2024 10:24:30.661734104 CET	64133	53	192.168.2.6	1.1.1.1
Dec 19, 2024 10:24:30.798549891 CET	53	60257	1.1.1.1	192.168.2.6
Dec 19, 2024 10:24:30.800899029 CET	53	64133	1.1.1.1	192.168.2.6
Dec 19, 2024 10:24:31.253608942 CET	137	137	192.168.2.6	192.168.2.255
Dec 19, 2024 10:24:32.005919933 CET	137	137	192.168.2.6	192.168.2.255
Dec 19, 2024 10:24:32.044919014 CET	53	56986	1.1.1.1	192.168.2.6
Dec 19, 2024 10:24:37.801069975 CET	137	137	192.168.2.6	192.168.2.255
Dec 19, 2024 10:24:38.551955938 CET	137	137	192.168.2.6	192.168.2.255
Dec 19, 2024 10:24:39.305387974 CET	137	137	192.168.2.6	192.168.2.255
Dec 19, 2024 10:24:46.911735058 CET	53	62299	1.1.1.1	192.168.2.6
Dec 19, 2024 10:25:05.632833958 CET	53	52855	1.1.1.1	192.168.2.6
Dec 19, 2024 10:25:10.094319105 CET	137	137	192.168.2.6	192.168.2.255
Dec 19, 2024 10:25:10.847946882 CET	137	137	192.168.2.6	192.168.2.255
Dec 19, 2024 10:25:11.600002050 CET	137	137	192.168.2.6	192.168.2.255
Dec 19, 2024 10:25:26.068150997 CET	53	51924	1.1.1.1	192.168.2.6
Dec 19, 2024 10:25:28.579998970 CET	53	58175	1.1.1.1	192.168.2.6
Dec 19, 2024 10:25:58.723390102 CET	53	50735	1.1.1.1	192.168.2.6
Dec 19, 2024 10:26:12.431854010 CET	137	137	192.168.2.6	192.168.2.255
Dec 19, 2024 10:26:13.194228888 CET	137	137	192.168.2.6	192.168.2.255
Dec 19, 2024 10:26:13.946641922 CET	137	137	192.168.2.6	192.168.2.255
Dec 19, 2024 10:26:42.754426003 CET	53	53441	1.1.1.1	192.168.2.6
Dec 19, 2024 10:26:45.853420973 CET	137	137	192.168.2.6	192.168.2.255
Dec 19, 2024 10:26:46.613599062 CET	137	137	192.168.2.6	192.168.2.255
Dec 19, 2024 10:26:47.378216028 CET	137	137	192.168.2.6	192.168.2.255
Dec 19, 2024 10:26:48.240700006 CET	62962	53	192.168.2.6	1.1.1.1
Dec 19, 2024 10:26:48.241717100 CET	63297	53	192.168.2.6	8.8.8.8
Dec 19, 2024 10:26:48.377599001 CET	53	62962	1.1.1.1	192.168.2.6
Dec 19, 2024 10:26:48.493513107 CET	53	63297	8.8.8.8	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 19, 2024 10:24:13.970415115 CET	192.168.2.6	1.1.1.1	0x2e01	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:24:29.502654076 CET	192.168.2.6	8.8.8.8	0x8280	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:24:29.506582022 CET	192.168.2.6	1.1.1.1	0x81ee	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:24:30.661581039 CET	192.168.2.6	1.1.1.1	0x28b	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:24:30.661734104 CET	192.168.2.6	1.1.1.1	0xf405	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 19, 2024 10:26:48.240700006 CET	192.168.2.6	1.1.1.1	0x8409	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:26:48.241717100 CET	192.168.2.6	8.8.8.8	0x4188	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 19, 2024 10:24:14.107800961 CET	1.1.1.1	192.168.2.6	0x2e01	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 19, 2024 10:24:15.891577959 CET	1.1.1.1	192.168.2.6	0x12d0	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:24:15.891577959 CET	1.1.1.1	192.168.2.6	0x12d0	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:24:29.637131929 CET	8.8.8.8	192.168.2.6	0x8280	No error (0)	google.com		142.250.181.110	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:24:29.643523932 CET	1.1.1.1	192.168.2.6	0x81ee	No error (0)	google.com		172.217.17.78	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:24:30.798549891 CET	1.1.1.1	192.168.2.6	0x28b	No error (0)	www.google.com		142.250.181.132	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:24:30.800899029 CET	1.1.1.1	192.168.2.6	0xf405	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 19, 2024 10:26:48.377599001 CET	1.1.1.1	192.168.2.6	0x8409	No error (0)	google.com		172.217.17.78	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:26:48.493513107 CET	8.8.8.8	192.168.2.6	0x4188	No error (0)	google.com		142.250.181.110	A (IP address)	IN (0x0001)	false

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49709	20.198.119.84	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:24:04 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 57 53 35 44 75 38 39 4e 68 45 53 45 4c 4d 35 63 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 64 38 39 35 62 34 34 31 36 65 32 34 34 36 38 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: WS5Du89NhESELM5c.1Context: 3d895b4416e24468
2024-12-19 09:24:04 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-19 09:24:04 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 57 53 35 44 75 38 39 4e 68 45 53 45 4c 4d 35 63 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 64 38 39 35 62 34 34 31 36 65 32 34 34 36 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 63 45 6d 76 44 79 6c 75 56 74 48 71 4d 42 47 62 77 30 65 73 52 76 56 55 35 36 49 30 4c 53 32 78 30 77 38 33 5a 45 77 4a 4d 4a 63 7a 63 31 59 4d 66 47 44 49 7a 31 66 76 64 71 47 33 2f 53 65 37 68 58 4b 67 31 45 32 6b 41 52 44 75 50 79 6b 72 4d 48 76 63 58 49 61 42 43 56 70 52 45 50 74 79 31 67 36 54 67 34 75 54 43 30 69 75 41 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: WS5Du89NhESELM5c.2Context: 3d895b4416e24468<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAcEmvDyluVtHqMBGbw0esRvVU56I0LS2x0w83ZEwJMJczc1YMfGDIz1fvdqG3/Se7hXKg1E2kARDuPykrMHvcXIaBCVpREPty1g6Tg4uTC0iuA
2024-12-19 09:24:04 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 57 53 35 44 75 38 39 4e 68 45 53 45 4c 4d 35 63 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 64 38 39 35 62 34 34 31 36 65 32 34 34 36 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: WS5Du89NhESELM5c.3Context: 3d895b4416e24468<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-19 09:24:05 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-19 09:24:05 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 44 61 5a 48 74 41 32 56 31 55 75 72 62 44 51 41 58 51 67 66 63 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: DaZHtA2V1UurbDQAXQgfcQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.6	49739	20.198.119.84	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:24:16 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 55 5a 49 4c 66 69 6a 63 7a 6b 75 57 49 6d 4d 70 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 32 39 31 62 39 34 31 30 64 39 35 39 34 62 33 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: UZILfijczkuWImMp.1Context: 5291b9410d9594b3
2024-12-19 09:24:16 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-19 09:24:16 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 55 5a 49 4c 66 69 6a 63 7a 6b 75 57 49 6d 4d 70 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 32 39 31 62 39 34 31 30 64 39 35 39 34 62 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 63 45 6d 76 44 79 6c 75 56 74 48 71 4d 42 47 62 77 30 65 73 52 76 56 55 35 36 49 30 4c 53 32 78 30 77 38 33 5a 45 77 4a 4d 4a 63 7a 63 31 59 4d 66 47 44 49 7a 31 66 76 64 71 47 33 2f 53 65 37 68 58 4b 67 31 45 32 6b 41 52 44 75 50 79 6b 72 4d 48 76 63 58 49 61 42 43 56 70 52 45 50 74 79 31 67 36 54 67 34 75 54 43 30 69 75 41 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: UZILfijczkuWImMp.2Context: 5291b9410d9594b3<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAcEmvDyluVtHqMBGbw0esRvVU56I0LS2x0w83ZEwJMJczc1YMfGDIz1fvdqG3/Se7hXKg1E2kARDuPykrMHvcXIaBCVpREPty1g6Tg4uTC0iuA
2024-12-19 09:24:16 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 55 5a 49 4c 66 69 6a 63 7a 6b 75 57 49 6d 4d 70 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 32 39 31 62 39 34 31 30 64 39 35 39 34 62 33 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: UZILfijczkuWImMp.3Context: 5291b9410d9594b3<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-19 09:24:17 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-19 09:24:17 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 7a 50 4b 77 65 30 2b 47 47 30 47 39 31 70 6a 67 2b 50 6e 77 4f 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: zPKwe0+GG0G91pjg+PnwOA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.6	49775	20.198.119.84	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:24:29 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 2b 66 47 49 4b 64 31 4b 67 30 6d 41 4f 6b 61 6b 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 65 37 66 35 38 62 63 32 30 62 39 62 36 32 62 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: +fGIKd1Kg0mAOkak.1Context: be7f58bc20b9b62b
2024-12-19 09:24:29 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-19 09:24:29 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 2b 66 47 49 4b 64 31 4b 67 30 6d 41 4f 6b 61 6b 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 65 37 66 35 38 62 63 32 30 62 39 62 36 32 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 63 45 6d 76 44 79 6c 75 56 74 48 71 4d 42 47 62 77 30 65 73 52 76 56 55 35 36 49 30 4c 53 32 78 30 77 38 33 5a 45 77 4a 4d 4a 63 7a 63 31 59 4d 66 47 44 49 7a 31 66 76 64 71 47 33 2f 53 65 37 68 58 4b 67 31 45 32 6b 41 52 44 75 50 79 6b 72 4d 48 76 63 58 49 61 42 43 56 70 52 45 50 74 79 31 67 36 54 67 34 75 54 43 30 69 75 41 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: +fGIKd1Kg0mAOkak.2Context: be7f58bc20b9b62b<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAcEmvDyluVtHqMBGbw0esRvVU56I0LS2x0w83ZEwJMJczc1YMfGDIz1fvdqG3/Se7hXKg1E2kARDuPykrMHvcXIaBCVpREPty1g6Tg4uTC0iuA
2024-12-19 09:24:29 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 2b 66 47 49 4b 64 31 4b 67 30 6d 41 4f 6b 61 6b 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 65 37 66 35 38 62 63 32 30 62 39 62 36 32 62 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: +fGIKd1Kg0mAOkak.3Context: be7f58bc20b9b62b<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-19 09:24:30 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-19 09:24:30 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 76 52 61 32 57 61 76 50 4e 55 47 68 4d 35 73 71 53 53 71 34 54 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: vRa2WavPNUGhM5sqSSq4TA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.6	49823	20.198.119.84	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:24:45 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 46 2f 48 74 32 7a 56 74 5a 30 61 41 6a 75 47 68 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 30 62 64 63 66 64 65 64 30 34 39 32 38 34 39 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: F/Ht2zVtZ0aAjuGh.1Context: 70bdcfded0492849
2024-12-19 09:24:45 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-19 09:24:45 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 46 2f 48 74 32 7a 56 74 5a 30 61 41 6a 75 47 68 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 30 62 64 63 66 64 65 64 30 34 39 32 38 34 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 63 45 6d 76 44 79 6c 75 56 74 48 71 4d 42 47 62 77 30 65 73 52 76 56 55 35 36 49 30 4c 53 32 78 30 77 38 33 5a 45 77 4a 4d 4a 63 7a 63 31 59 4d 66 47 44 49 7a 31 66 76 64 71 47 33 2f 53 65 37 68 58 4b 67 31 45 32 6b 41 52 44 75 50 79 6b 72 4d 48 76 63 58 49 61 42 43 56 70 52 45 50 74 79 31 67 36 54 67 34 75 54 43 30 69 75 41 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: F/Ht2zVtZ0aAjuGh.2Context: 70bdcfded0492849<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAcEmvDyluVtHqMBGbw0esRvVU56I0LS2x0w83ZEwJMJczc1YMfGDIz1fvdqG3/Se7hXKg1E2kARDuPykrMHvcXIaBCVpREPty1g6Tg4uTC0iuA
2024-12-19 09:24:45 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 46 2f 48 74 32 7a 56 74 5a 30 61 41 6a 75 47 68 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 30 62 64 63 66 64 65 64 30 34 39 32 38 34 39 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: F/Ht2zVtZ0aAjuGh.3Context: 70bdcfded0492849<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-19 09:24:45 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-19 09:24:45 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 51 78 38 73 36 30 34 6e 48 55 4b 41 6f 41 7a 54 32 57 43 6e 45 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: Qx8s604nHUKAoAzT2WCnEw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.6	49891	20.198.119.84	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:25:09 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 50 4c 41 4d 68 63 53 6e 4c 45 75 4f 34 6d 75 76 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 62 33 39 62 36 61 32 32 37 66 39 64 35 36 35 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: PLAMhcSnLEuO4muv.1Context: ab39b6a227f9d565
2024-12-19 09:25:09 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-19 09:25:09 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 50 4c 41 4d 68 63 53 6e 4c 45 75 4f 34 6d 75 76 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 62 33 39 62 36 61 32 32 37 66 39 64 35 36 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 63 45 6d 76 44 79 6c 75 56 74 48 71 4d 42 47 62 77 30 65 73 52 76 56 55 35 36 49 30 4c 53 32 78 30 77 38 33 5a 45 77 4a 4d 4a 63 7a 63 31 59 4d 66 47 44 49 7a 31 66 76 64 71 47 33 2f 53 65 37 68 58 4b 67 31 45 32 6b 41 52 44 75 50 79 6b 72 4d 48 76 63 58 49 61 42 43 56 70 52 45 50 74 79 31 67 36 54 67 34 75 54 43 30 69 75 41 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: PLAMhcSnLEuO4muv.2Context: ab39b6a227f9d565<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAcEmvDyluVtHqMBGbw0esRvVU56I0LS2x0w83ZEwJMJczc1YMfGDIz1fvdqG3/Se7hXKg1E2kARDuPykrMHvcXIaBCVpREPty1g6Tg4uTC0iuA
2024-12-19 09:25:09 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 50 4c 41 4d 68 63 53 6e 4c 45 75 4f 34 6d 75 76 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 62 33 39 62 36 61 32 32 37 66 39 64 35 36 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: PLAMhcSnLEuO4muv.3Context: ab39b6a227f9d565<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-19 09:25:10 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-19 09:25:10 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4c 53 49 37 73 6a 6d 70 72 30 32 6c 6d 30 49 63 48 37 48 6d 76 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: LSI7sjmpr02lm0IcH7Hmvg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.6	49959	20.198.119.84	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:25:37 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 32 69 52 41 79 78 47 51 43 6b 79 6b 61 41 56 35 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 63 63 37 30 62 61 37 38 39 66 36 31 61 61 30 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 2iRAyxGQCkykaAV5.1Context: 4cc70ba789f61aa0
2024-12-19 09:25:37 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-19 09:25:37 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 32 69 52 41 79 78 47 51 43 6b 79 6b 61 41 56 35 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 63 63 37 30 62 61 37 38 39 66 36 31 61 61 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 63 45 6d 76 44 79 6c 75 56 74 48 71 4d 42 47 62 77 30 65 73 52 76 56 55 35 36 49 30 4c 53 32 78 30 77 38 33 5a 45 77 4a 4d 4a 63 7a 63 31 59 4d 66 47 44 49 7a 31 66 76 64 71 47 33 2f 53 65 37 68 58 4b 67 31 45 32 6b 41 52 44 75 50 79 6b 72 4d 48 76 63 58 49 61 42 43 56 70 52 45 50 74 79 31 67 36 54 67 34 75 54 43 30 69 75 41 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 2iRAyxGQCkykaAV5.2Context: 4cc70ba789f61aa0<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAcEmvDyluVtHqMBGbw0esRvVU56I0LS2x0w83ZEwJMJczc1YMfGDIz1fvdqG3/Se7hXKg1E2kARDuPykrMHvcXIaBCVpREPty1g6Tg4uTC0iuA
2024-12-19 09:25:37 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 32 69 52 41 79 78 47 51 43 6b 79 6b 61 41 56 35 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 63 63 37 30 62 61 37 38 39 66 36 31 61 61 30 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 2iRAyxGQCkykaAV5.3Context: 4cc70ba789f61aa0<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-19 09:25:38 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-19 09:25:38 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 39 70 4d 56 71 78 50 66 6d 45 4f 74 46 6b 4c 71 2f 48 7a 5a 2f 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 9pMVqxPfmEOtFkLq/HzZ/g.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.6	50028	20.198.119.84	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:26:07 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 58 55 63 65 51 6e 30 42 31 30 2b 32 59 4d 73 4f 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 31 66 64 33 63 35 65 30 33 33 61 35 62 65 63 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: XUceQn0B10+2YMsO.1Context: f1fd3c5e033a5bec
2024-12-19 09:26:07 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-19 09:26:07 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 58 55 63 65 51 6e 30 42 31 30 2b 32 59 4d 73 4f 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 31 66 64 33 63 35 65 30 33 33 61 35 62 65 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 63 45 6d 76 44 79 6c 75 56 74 48 71 4d 42 47 62 77 30 65 73 52 76 56 55 35 36 49 30 4c 53 32 78 30 77 38 33 5a 45 77 4a 4d 4a 63 7a 63 31 59 4d 66 47 44 49 7a 31 66 76 64 71 47 33 2f 53 65 37 68 58 4b 67 31 45 32 6b 41 52 44 75 50 79 6b 72 4d 48 76 63 58 49 61 42 43 56 70 52 45 50 74 79 31 67 36 54 67 34 75 54 43 30 69 75 41 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: XUceQn0B10+2YMsO.2Context: f1fd3c5e033a5bec<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAcEmvDyluVtHqMBGbw0esRvVU56I0LS2x0w83ZEwJMJczc1YMfGDIz1fvdqG3/Se7hXKg1E2kARDuPykrMHvcXIaBCVpREPty1g6Tg4uTC0iuA
2024-12-19 09:26:07 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 58 55 63 65 51 6e 30 42 31 30 2b 32 59 4d 73 4f 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 31 66 64 33 63 35 65 30 33 33 61 35 62 65 63 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: XUceQn0B10+2YMsO.3Context: f1fd3c5e033a5bec<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-19 09:26:08 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-19 09:26:08 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 6f 6e 63 41 6e 43 64 2b 45 55 47 4e 6b 43 75 6c 6d 32 6b 45 75 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: oncAnCd+EUGNkCulm2kEug.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.6	50030	20.198.119.84	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:26:38 UTC	70	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 34 0d 0a 4d 53 2d 43 56 3a 20 4f 4c 49 47 41 6e 30 46 42 6b 65 48 43 2b 72 4d 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 62 63 38 64 63 39 63 64 32 63 37 32 31 31 0d 0a 0d 0a Data Ascii: CNT 1 CON 304MS-CV: OLIGAn0FBkeHC+rM.1Context: cbc8dc9cd2c7211
2024-12-19 09:26:38 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-19 09:26:38 UTC	1083	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 30 0d 0a 4d 53 2d 43 56 3a 20 4f 4c 49 47 41 6e 30 46 42 6b 65 48 43 2b 72 4d 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 62 63 38 64 63 39 63 64 32 63 37 32 31 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 63 45 6d 76 44 79 6c 75 56 74 48 71 4d 42 47 62 77 30 65 73 52 76 56 55 35 36 49 30 4c 53 32 78 30 77 38 33 5a 45 77 4a 4d 4a 63 7a 63 31 59 4d 66 47 44 49 7a 31 66 76 64 71 47 33 2f 53 65 37 68 58 4b 67 31 45 32 6b 41 52 44 75 50 79 6b 72 4d 48 76 63 58 49 61 42 43 56 70 52 45 50 74 79 31 67 36 54 67 34 75 54 43 30 69 75 41 77 Data Ascii: ATH 2 CON\DEVICE 1060MS-CV: OLIGAn0FBkeHC+rM.2Context: cbc8dc9cd2c7211<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAcEmvDyluVtHqMBGbw0esRvVU56I0LS2x0w83ZEwJMJczc1YMfGDIz1fvdqG3/Se7hXKg1E2kARDuPykrMHvcXIaBCVpREPty1g6Tg4uTC0iuAw
2024-12-19 09:26:38 UTC	217	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 36 0d 0a 4d 53 2d 43 56 3a 20 4f 4c 49 47 41 6e 30 46 42 6b 65 48 43 2b 72 4d 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 62 63 38 64 63 39 63 64 32 63 37 32 31 31 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 196MS-CV: OLIGAn0FBkeHC+rM.3Context: cbc8dc9cd2c7211<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-19 09:26:38 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-19 09:26:38 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 63 38 64 34 49 6a 5a 6c 73 30 53 42 64 47 4d 77 7a 63 39 6e 6f 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: c8d4IjZls0SBdGMwzc9now.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.6	50031	20.198.119.84	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:27:10 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 68 6a 6f 74 67 47 34 31 39 6b 65 49 4b 5a 2b 75 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 63 37 33 33 31 38 65 39 39 65 32 62 37 35 33 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: hjotgG419keIKZ+u.1Context: 1c73318e99e2b753
2024-12-19 09:27:10 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-19 09:27:10 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 68 6a 6f 74 67 47 34 31 39 6b 65 49 4b 5a 2b 75 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 63 37 33 33 31 38 65 39 39 65 32 62 37 35 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 63 45 6d 76 44 79 6c 75 56 74 48 71 4d 42 47 62 77 30 65 73 52 76 56 55 35 36 49 30 4c 53 32 78 30 77 38 33 5a 45 77 4a 4d 4a 63 7a 63 31 59 4d 66 47 44 49 7a 31 66 76 64 71 47 33 2f 53 65 37 68 58 4b 67 31 45 32 6b 41 52 44 75 50 79 6b 72 4d 48 76 63 58 49 61 42 43 56 70 52 45 50 74 79 31 67 36 54 67 34 75 54 43 30 69 75 41 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: hjotgG419keIKZ+u.2Context: 1c73318e99e2b753<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAcEmvDyluVtHqMBGbw0esRvVU56I0LS2x0w83ZEwJMJczc1YMfGDIz1fvdqG3/Se7hXKg1E2kARDuPykrMHvcXIaBCVpREPty1g6Tg4uTC0iuA
2024-12-19 09:27:10 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 68 6a 6f 74 67 47 34 31 39 6b 65 49 4b 5a 2b 75 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 63 37 33 33 31 38 65 39 39 65 32 62 37 35 33 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: hjotgG419keIKZ+u.3Context: 1c73318e99e2b753<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-19 09:27:11 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-19 09:27:11 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 55 41 64 4e 4f 41 50 77 37 55 65 4b 44 45 31 6a 42 2b 4c 62 50 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: UAdNOAPw7UeKDE1jB+LbPQ.0Payload parsing failed.

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 2248, Parent PID: 4004

General

Target ID:	0
Start time:	04:23:59
Start date:	19/12/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Dix7g8PK1e.pdf"
Imagebase:	0x7ff651090000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 3520, Parent PID: 2248

General

Target ID:	2
Start time:	04:24:00
Start date:	19/12/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff70df30000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 3540, Parent PID: 3520

General

Target ID:	4
Start time:	04:24:00
Start date:	19/12/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1576,i,315143911110163366,9954080809254646913,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff70df30000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 8032, Parent PID: 5772

General

Target ID:	11
Start time:	04:24:24
Start date:	19/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https:// ?? ? @trk.klclick3.com/ls/click?upn=u001.mcuXDv9vSuF-2FJzFYU0me2ioCpon3UX6GNmR3I53oU5cD0QwVmlz8a-2FNNXg2ETtpsp5-2FoUylgUD25d-2FmF3IZYstgT8ZBu3AlrGZuVAW-2FkS37HkB-2F0-2BLZCJyh6YbtU7rk-2BMov2_Qi4GG6Y-2FHgv8F87r5EnJbgIBL032Kh4jWMsdHaBdjzY4sJqYrUzpstmf1FbnUZbKt-2FvSa9luayYyIlPzurEmQiqLumXEYTzyZHkwoyErXSmnbbyec7vpxICFxy4TD6Vui448okJAwTpX0PDpu9Qf-2FRawuxVx9bCU63I600JiYo863MzFp3P-2BlgGiPl5n-2BaUeMxR3-2FXz-2FxqOpO9VJJ3bq7ryoSdg-2F25f0uslY4lqTYpg8ZcD7BT6-2BU0ELVOVmbQloiU4UuDbOwnc-2BYX-2BzBn2-2Bkua6mw5ZOAo00fOW10oturPqRKnWXN5tDRkEJFAJnR5E763K1VwmrHrX-2FhmM2T607sB8BrSsQtPNWktp6-2BsJ7TOgcHb2sIkP1mZJPGzeqVDh8L45DfSYktImxsX7-2BKeNjJWVOjLEjVJtAs2-2Fv6wLSztaUF4oZe0UkbqXIfgeHvJOIKPSIXYnLCaW13zLugrDQ7oxjPcUUA1GABF1qfjBS58-3D"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2720, Parent PID: 8032

General

Target ID:	12
Start time:	04:24:24
Start date:	19/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1976,i,18348159728783534705,2575685224203264193,262144 /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Dix7g8PK1e.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\3722dd83-adbc-4771-b609-7b28d50d868f.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF62a451.TMP (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\a08c3252-cc8f-40ec-a525-d549f90056a6.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241219092405Z-174.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Windows Analysis Report
Dix7g8PK1e.pdf