Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
H565rymIuO.doc

Overview

General Information

Sample name:H565rymIuO.doc
renamed because original name is a hash value
Original sample name:25fe7ce806195948532624d2c2462ec952da03a3312abd79de06aa2423da03f8.docx.doc
Analysis ID:1585126
MD5:162dd4e4ed6c0ef700b3c95385b5dc0a
SHA1:1afc58e221337c3f8b18dc97e3156f8dbcc7d119
SHA256:25fe7ce806195948532624d2c2462ec952da03a3312abd79de06aa2423da03f8
Tags:docuser-zhuzhu0009
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Contains an external reference to another file
Document exploit detected (process start blacklist hit)
Contains long sleeps (>= 3 min)
Detected non-DNS traffic on DNS port
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Sigma detected: Suspicious Office Outbound Connections
Uses a known web browser user agent for HTTP communication

Classification

  • System is w11x64_office
  • WINWORD.EXE (PID: 6372 cmdline: "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding MD5: A9F0EC89897AC6C878D217DFB64CA752)
    • conhost.exe (PID: 112 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
    • Acrobat.exe (PID: 112 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" -Embedding MD5: 4354BCD7483AABB81809350484FFD58F)
      • AcroCEF.exe (PID: 4888 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: B104218348848F1F113AF11C0982931A)
        • AcroCEF.exe (PID: 2732 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/24.4.20272 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\UserData" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1708,i,12768743643217058386,12655822951649345806,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: B104218348848F1F113AF11C0982931A)
      • AdobeCollabSync.exe (PID: 8420 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 1C26C611BFACED153F60CB1653A8745D)
        • AdobeCollabSync.exe (PID: 8508 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=8420 MD5: 1C26C611BFACED153F60CB1653A8745D)
          • FullTrustNotifier.exe (PID: 9008 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri MD5: 92366A2F482926C3D0DD02D6F952F742)
      • AdobeCollabSync.exe (PID: 8592 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 1C26C611BFACED153F60CB1653A8745D)
        • AdobeCollabSync.exe (PID: 8664 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=8592 MD5: 1C26C611BFACED153F60CB1653A8745D)
  • cleanup
No configs have been found
No yara matches
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.24, DestinationIsIpv6: false, DestinationPort: 64898, EventID: 3, Image: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE, Initiated: true, ProcessId: 6372, Protocol: tcp, SourceIp: 172.67.162.95, SourceIsIpv6: false, SourcePort: 443
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-07T06:06:25.868953+010018100041Potentially Bad Traffic192.168.2.2464904172.67.162.95443TCP
2025-01-07T06:06:26.567370+010018100041Potentially Bad Traffic192.168.2.2464907172.67.162.95443TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-07T06:06:23.452719+010018100051Potentially Bad Traffic192.168.2.2464901172.67.162.95443TCP

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: H565rymIuO.docVirustotal: Detection: 33%Perma Link
Source: H565rymIuO.docReversingLabs: Detection: 28%
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEFile opened: C:\Program Files\Microsoft Office\root\vfs\System\MSVCR100.dllJump to behavior
Source: unknownHTTPS traffic detected: 172.67.162.95:443 -> 192.168.2.24:64898 version: TLS 1.2

Software Vulnerabilities

barindex
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess created: C:\Windows\System32\conhost.exe
Source: global trafficDNS query: name: acesso.run
Source: global trafficTCP traffic: 192.168.2.24:64904 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64907 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64898 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64898 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64898 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64898 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64898 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64898 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64898 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64898 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64901 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64901 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64901 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64901 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64901 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64901 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64901 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64901 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64901 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64901 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64901 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64901 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64902 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64902 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64902 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64902 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64902 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64902 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64902 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64902 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64903 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64903 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64903 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64902 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64903 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64903 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64903 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64903 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64903 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64904 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64904 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64904 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64904 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64904 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64904 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64904 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64904 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64904 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64904 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64904 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64904 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64904 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64907 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64907 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64907 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64907 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64907 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64907 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64907 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64907 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64907 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64907 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64907 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64907 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64907 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64907 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64907 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64907 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64907 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64898 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64898
Source: global trafficTCP traffic: 192.168.2.24:64898 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64898 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64898
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64898
Source: global trafficTCP traffic: 192.168.2.24:64898 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64898 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64898
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64898
Source: global trafficTCP traffic: 192.168.2.24:64898 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64898
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64898
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64898
Source: global trafficTCP traffic: 192.168.2.24:64898 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64898 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64898
Source: global trafficTCP traffic: 192.168.2.24:64901 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64901
Source: global trafficTCP traffic: 192.168.2.24:64901 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64901 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64901
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64901
Source: global trafficTCP traffic: 192.168.2.24:64901 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64901 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64901
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64901
Source: global trafficTCP traffic: 192.168.2.24:64901 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64901 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64901
Source: global trafficTCP traffic: 192.168.2.24:64901 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64901
Source: global trafficTCP traffic: 192.168.2.24:64901 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64901 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64901
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64901
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64901
Source: global trafficTCP traffic: 192.168.2.24:64901 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64901 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64901
Source: global trafficTCP traffic: 192.168.2.24:64902 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64902
Source: global trafficTCP traffic: 192.168.2.24:64902 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64902 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64902
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64902
Source: global trafficTCP traffic: 192.168.2.24:64902 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64902
Source: global trafficTCP traffic: 192.168.2.24:64902 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64902
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64902
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64902
Source: global trafficTCP traffic: 192.168.2.24:64902 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64902 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64902 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64903 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64903
Source: global trafficTCP traffic: 192.168.2.24:64903 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64903 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64903
Source: global trafficTCP traffic: 192.168.2.24:64902 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64902
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64903
Source: global trafficTCP traffic: 192.168.2.24:64903 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64903
Source: global trafficTCP traffic: 192.168.2.24:64903 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64903
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64903
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64903
Source: global trafficTCP traffic: 192.168.2.24:64903 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64903 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64903
Source: global trafficTCP traffic: 192.168.2.24:64903 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64903
Source: global trafficTCP traffic: 192.168.2.24:64904 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64904
Source: global trafficTCP traffic: 192.168.2.24:64904 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64904 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64904
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64904
Source: global trafficTCP traffic: 192.168.2.24:64904 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64904 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64904
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64904
Source: global trafficTCP traffic: 192.168.2.24:64904 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64904 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64904
Source: global trafficTCP traffic: 192.168.2.24:64904 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64904 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64904
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64904
Source: global trafficTCP traffic: 192.168.2.24:64904 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64904
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64904
Source: global trafficTCP traffic: 192.168.2.24:64904 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64904 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64904 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64904
Source: global trafficTCP traffic: 192.168.2.24:64907 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64907
Source: global trafficTCP traffic: 192.168.2.24:64907 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64907 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64907
Source: global trafficTCP traffic: 192.168.2.24:58476 -> 1.1.1.1:53
Source: global trafficTCP traffic: 1.1.1.1:53 -> 192.168.2.24:58476
Source: global trafficTCP traffic: 192.168.2.24:58476 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.24:58476 -> 1.1.1.1:53
Source: global trafficTCP traffic: 1.1.1.1:53 -> 192.168.2.24:58476
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64907
Source: global trafficTCP traffic: 192.168.2.24:64907 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64907 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64907
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64907
Source: global trafficTCP traffic: 192.168.2.24:64907 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64907 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64907
Source: global trafficTCP traffic: 192.168.2.24:64907 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64907 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64907
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64907
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64907
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64907
Source: global trafficTCP traffic: 192.168.2.24:64907 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64907
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64907
Source: global trafficTCP traffic: 192.168.2.24:64907 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64907 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64907
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64907
Source: global trafficTCP traffic: 192.168.2.24:64907 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64907 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64907 -> 172.67.162.95:443
Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.24:64907
Source: global trafficTCP traffic: 192.168.2.24:64907 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:64907 -> 172.67.162.95:443
Source: global trafficTCP traffic: 1.1.1.1:53 -> 192.168.2.24:58476
Source: global trafficTCP traffic: 192.168.2.24:58476 -> 1.1.1.1:53
Source: global trafficTCP traffic: 1.1.1.1:53 -> 192.168.2.24:58476
Source: global trafficTCP traffic: 192.168.2.24:58476 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.24:59433 -> 1.1.1.1:53
Source: global trafficTCP traffic: 1.1.1.1:53 -> 192.168.2.24:59433
Source: global trafficTCP traffic: 192.168.2.24:59433 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.24:59433 -> 1.1.1.1:53
Source: global trafficTCP traffic: 1.1.1.1:53 -> 192.168.2.24:59433
Source: global trafficTCP traffic: 1.1.1.1:53 -> 192.168.2.24:59433
Source: global trafficTCP traffic: 192.168.2.24:59433 -> 1.1.1.1:53
Source: global trafficTCP traffic: 1.1.1.1:53 -> 192.168.2.24:59433
Source: global trafficTCP traffic: 192.168.2.24:59433 -> 1.1.1.1:53

Networking

barindex
Source: Network trafficSuricata IDS: 1810005 - Severity 1 - Joe Security ANOMALY Microsoft Office WebDAV Discovery : 192.168.2.24:64901 -> 172.67.162.95:443
Source: Network trafficSuricata IDS: 1810004 - Severity 1 - Joe Security ANOMALY Microsoft Office HTTP activity : 192.168.2.24:64904 -> 172.67.162.95:443
Source: Network trafficSuricata IDS: 1810004 - Severity 1 - Joe Security ANOMALY Microsoft Office HTTP activity : 192.168.2.24:64907 -> 172.67.162.95:443
Source: global trafficTCP traffic: 192.168.2.24:58476 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.24:59433 -> 1.1.1.1:53
Source: Joe Sandbox ViewIP Address: 172.67.162.95 172.67.162.95
Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox ViewJA3 fingerprint: 258a5a1e95b8a911872bae9081526644
Source: global trafficHTTP traffic detected: GET /bkeoxH?&bondsman=troubled&shrimp=harsh&sewer=tense&cold=warlike&briefs=unsuitable&oasis=numberless&cowbell=rough&airport=lowly&dust HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: acesso.runConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /404 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: acesso.runConnection: Keep-Alive
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /bkeoxH?&bondsman=troubled&shrimp=harsh&sewer=tense&cold=warlike&briefs=unsuitable&oasis=numberless&cowbell=rough&airport=lowly&dust HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: acesso.runConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /404 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: acesso.runConnection: Keep-Alive
Source: global trafficDNS traffic detected: DNS query: acesso.run
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 07 Jan 2025 05:06:24 GMTContent-Type: text/html; charset=utf-8Connection: closeX-DNS-Prefetch-Control: offX-Frame-Options: SAMEORIGINStrict-Transport-Security: max-age=15552000; includeSubDomainsX-Download-Options: noopenX-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockX-Powered-By: Next.jsVary: Accept-Encodingcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gfkzyqaOm%2BU3ovduLMg1uKWUmz%2FqxML47pAquPB24C8tgROWqnIjFY91qxoT%2BPlkgB42zRsVLFmu12p8XoYMoq5UtptzSspr8Vt%2FlPvZ%2FUHgFrYhqBdhjdZMEDwv"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8fe16b187feb43fe-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1604&min_rtt=1588&rtt_var=628&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2824&recv_bytes=919&delivery_rate=1699650&cwnd=236&unsent_bytes=0&cid=90ce4d5ff39547b7&ts=194&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 07 Jan 2025 05:06:26 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeX-DNS-Prefetch-Control: offX-Frame-Options: SAMEORIGINStrict-Transport-Security: max-age=15552000; includeSubDomainsX-Download-Options: noopenX-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockX-Powered-By: Next.jsVary: Accept-Encodingcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LY02GS1SlFUPGOjFjLgs222b7WdnvdmWayHLcC3YgHqQ5Rbu%2FKVE%2B9MQ1HehfLyDROtfOVyHZ3L8RI8YMUvzA45JxymRu41MZxDoJ4v%2FtH3vhYPsjuU5Un8juWF2"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8fe16b232d9ef797-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1671&min_rtt=1665&rtt_var=636&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=767&delivery_rate=1704611&cwnd=162&unsent_bytes=0&cid=bc8a8c6dd464f27a&ts=232&x=0"
Source: NGLClient_AcrobatReader124.4.20272.6.log.12.drString found in binary or memory: https://cc-api-data.adobe.io/ingest
Source: AdobeCollabSync.exe, 00000011.00000003.12508181738.0000019DF3A6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.(g
Source: AdobeCollabSync.exe, 00000011.00000002.13084267579.0000019DF3A5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.Ldj
Source: AdobeCollabSync.exe, 00000011.00000002.13084003147.0000019DF3920000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io
Source: AdobeCollabSync.exe, 00000011.00000002.13084267579.0000019DF3A5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/s
Source: AdobeCollabSync.exe, 00000011.00000002.13084267579.0000019DF3A5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schem
Source: AdobeCollabSync.exe, 00000011.00000003.12508181738.0000019DF3A6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schemas
Source: AdobeCollabSync.exe, 00000011.00000002.13084003147.0000019DF3920000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schemas/bulk_entity_v1.json
Source: AdobeCollabSync.exe, 00000011.00000003.12508206550.0000019DF3A0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schemas/e
Source: AdobeCollabSync.exe, 00000011.00000002.13084267579.0000019DF3A5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schemas/entit
Source: AdobeCollabSync.exe, 00000011.00000002.13084267579.0000019DF3A5A000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000011.00000002.13084003147.0000019DF39FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schemas/entity_v1
Source: AdobeCollabSync.exe, 00000011.00000002.13084267579.0000019DF3A5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schemas/entity_v1.jso
Source: AdobeCollabSync.exe, 00000011.00000002.13084003147.0000019DF39FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schemas/entity_v1.json
Source: AdobeCollabSync.exe, 00000011.00000003.12508206550.0000019DF3A0F000.00000004.00000020.00020000.00000000.sdmp, EntitySync-2025-01-07.log.17.drString found in binary or memory: https://comments.adobe.io/sync/
Source: AdobeCollabSync.exe, 00000011.00000002.13084003147.0000019DF39DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/R
Source: AdobeCollabSync.exe, 00000011.00000003.12508181738.0000019DF3A6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/d
Source: AdobeCollabSync.exe, 00000011.00000002.13084003147.0000019DF39DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/q
Source: AdobeCollabSync.exe, 00000011.00000002.13084003147.0000019DF39DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/w
Source: AdobeCollabSync.exe, 00000011.00000002.13084003147.0000019DF3920000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io_1
Source: AdobeCollabSync.exe, 00000011.00000003.12508206550.0000019DF3A0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://commets.adobe.io/s
Source: AdobeCollabSync.exe, 00000011.00000002.13084003147.0000019DF39DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reviews.adobe.io
Source: AdobeCollabSync.exe, 00000011.00000002.13084003147.0000019DF39DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reviews.adobe.io/sync/969:
Source: unknownNetwork traffic detected: HTTP traffic on port 64898 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64901
Source: unknownNetwork traffic detected: HTTP traffic on port 64904 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64903 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64903
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64902
Source: unknownNetwork traffic detected: HTTP traffic on port 64901 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64907 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64902 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64904
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64907
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64898
Source: unknownHTTPS traffic detected: 172.67.162.95:443 -> 192.168.2.24:64898 version: TLS 1.2
Source: classification engineClassification label: mal64.expl.evad.winDOC@28/49@1/1
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Users\user\Desktop\~$65rymIuO.docJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:112:120:WilError_03
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\{AEA1AF5C-F5BC-4C62-91CA-B024268DD79E} - OProcSessId.datJump to behavior
Source: H565rymIuO.docOLE indicator, Word Document stream: true
Source: H565rymIuO.docOLE indicator, Word Document stream: true
Source: H565rymIuO.docOLE document summary: title field not present or empty
Source: H565rymIuO.docOLE document summary: edited time not present or 0
Source: H565rymIuO.docOLE document summary: title field not present or empty
Source: H565rymIuO.docOLE document summary: edited time not present or 0
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: AdobeCollabSync.exe, 00000011.00000002.13084003147.0000019DF39FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: select rid, url, state, lastsynchronized, ttl, skiphours, skipdays, synchpriority, synchretries, flags, contentsize, cursyncetag, cursynclastmodified, cursynccontentsize, cursynctotalsynced, responsecode, hash, guid from resources where synchpriority< 50 and state =5 and ttl!=2147483647 order by synchpriority asc limit ?t;:&q#
Source: AdobeCollabSync.exe, 00000011.00000002.13084267579.0000019DF3A45000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT * FROM device_mappings WHERE( content_item_type = :resourceType);
Source: AdobeCollabSync.exe, 00000011.00000002.13084003147.0000019DF39FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: select rid, url, state, lastsynchronized, ttl, skiphours, skipdays, synchpriority, synchretries, flags, contentsize, cursyncetag, cursynclastmodified, cursynccontentsize, cursynctotalsynced, responsecode, hash, guid from resources where synchpriority< 50 and state =5 and ttl!=2147483647 order by synchpriority asc limit ?uot;:88
Source: AdobeCollabSync.exe, 00000011.00000003.12121447532.0000019DF3982000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000011.00000003.12121414257.0000019DF3981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE global_state(gid integer not null primary key, notification_state text not null default '3600', notification_enabled integer not null default 1, schema_version integer not null)`;
Source: AdobeCollabSync.exe, 00000011.00000002.13084267579.0000019DF3A45000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT pending_request_id, request_type, content_item_id, context, pending_request_created, request_status, message, status_code, device_mapping_id FROM pending_requests;
Source: H565rymIuO.docVirustotal: Detection: 33%
Source: H565rymIuO.docReversingLabs: Detection: 28%
Source: unknownProcess created: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" -Embedding
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/24.4.20272 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\UserData" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1708,i,12768743643217058386,12655822951649345806,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=8420
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=8592
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -cJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -cJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/24.4.20272 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\UserData" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1708,i,12768743643217058386,12655822951649345806,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=8420Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUriJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=8592Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: vccorlib140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: msvcp140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: vcruntime140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: appcontracts.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: wintypes.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: H565rymIuO.docInitial sample: OLE zip file path = word/_rels/header2.xml.rels
Source: H565rymIuO.docInitial sample: OLE zip file path = word/media/image2.emf
Source: H565rymIuO.docInitial sample: OLE zip file path = word/embeddings/oleObject2.bin
Source: H565rymIuO.docInitial sample: OLE zip file path = word/_rels/settings.xml.rels
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEFile opened: C:\Program Files\Microsoft Office\root\vfs\System\MSVCR100.dllJump to behavior
Source: H565rymIuO.docInitial sample: OLE indicators vbamacros = False

Persistence and Installation Behavior

barindex
Source: settings.xml.relsExtracted files from sample: https://acesso.run/bkeoxh?&bondsman=troubled&shrimp=harsh&sewer=tense&cold=warlike&briefs=unsuitable&oasis=numberless&cowbell=rough&airport=lowly&dust
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeThread delayed: delay time: 21600000Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeThread delayed: delay time: 30000Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeThread delayed: delay time: 21600000Jump to behavior
Source: AdobeCollabSync.exe, 00000011.00000002.13083714951.0000019DF1B69000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000011.00000003.12770460760.0000019DF1B82000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000011.00000003.13044785962.0000019DF1B82000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlldb
Source: AdobeCollabSync.exe, 00000012.00000002.12147101198.00000276FF4EB000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000012.00000003.12146605317.00000276FF4EA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: AdobeCollabSync.exe, 00000010.00000002.13083024989.000001434F645000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000014.00000002.12144611952.000001A3A0B95000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
Windows Management Instrumentation
1
DLL Side-Loading
1
Process Injection
1
Masquerading
OS Credential Dumping11
Security Software Discovery
Remote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts13
Exploitation for Client Execution
Boot or Logon Initialization Scripts1
DLL Side-Loading
21
Virtualization/Sandbox Evasion
LSASS Memory1
Process Discovery
Remote Desktop ProtocolData from Removable Media3
Ingress Tool Transfer
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection
Security Account Manager21
Virtualization/Sandbox Evasion
SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading
NTDS1
File and Directory Discovery
Distributed Component Object ModelInput Capture14
Application Layer Protocol
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets4
System Information Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1585126 Sample: H565rymIuO.doc Startdate: 07/01/2025 Architecture: WINDOWS Score: 64 31 acesso.run 2->31 35 Suricata IDS alerts for network traffic 2->35 37 Multi AV Scanner detection for submitted file 2->37 39 Contains an external reference to another file 2->39 41 Document exploit detected (process start blacklist hit) 2->41 10 WINWORD.EXE 504 115 2->10         started        signatures3 process4 dnsIp5 33 acesso.run 172.67.162.95, 443, 64898, 64901 CLOUDFLARENETUS United States 10->33 13 Acrobat.exe 98 10->13         started        15 conhost.exe 10->15         started        process6 process7 17 AdobeCollabSync.exe 3 13->17         started        19 AcroCEF.exe 100 13->19         started        21 AdobeCollabSync.exe 3 13->21         started        process8 23 AdobeCollabSync.exe 1 6 17->23         started        25 AcroCEF.exe 2 19->25         started        27 AdobeCollabSync.exe 21->27         started        process9 29 FullTrustNotifier.exe 23->29         started       

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
H565rymIuO.doc33%VirustotalBrowse
H565rymIuO.doc29%ReversingLabsWin32.Exploit.Generic
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://acesso.run/4040%Avira URL Cloudsafe
https://comments.adobe.(g0%Avira URL Cloudsafe
https://comments.adobe.Ldj0%Avira URL Cloudsafe
https://acesso.run/bkeoxH?&bondsman=troubled&shrimp=harsh&sewer=tense&cold=warlike&briefs=unsuitable&oasis=numberless&cowbell=rough&airport=lowly&dust0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
acesso.run
172.67.162.95
truetrue
    unknown
    NameMaliciousAntivirus DetectionReputation
    https://acesso.run/404true
    • Avira URL Cloud: safe
    unknown
    https://acesso.run/bkeoxH?&bondsman=troubled&shrimp=harsh&sewer=tense&cold=warlike&briefs=unsuitable&oasis=numberless&cowbell=rough&airport=lowly&dusttrue
    • Avira URL Cloud: safe
    unknown
    NameSourceMaliciousAntivirus DetectionReputation
    https://comments.adobe.LdjAdobeCollabSync.exe, 00000011.00000002.13084267579.0000019DF3A5A000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://comments.adobe.(gAdobeCollabSync.exe, 00000011.00000003.12508181738.0000019DF3A6A000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs
    IPDomainCountryFlagASNASN NameMalicious
    172.67.162.95
    acesso.runUnited States
    13335CLOUDFLARENETUStrue
    Joe Sandbox version:41.0.0 Charoite
    Analysis ID:1585126
    Start date and time:2025-01-07 06:05:23 +01:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 5m 31s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:defaultwindowsofficecookbook.jbs
    Analysis system description:Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
    Run name:Potential for more IOCs and behavior
    Number of analysed new started processes analysed:37
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:H565rymIuO.doc
    renamed because original name is a hash value
    Original Sample Name:25fe7ce806195948532624d2c2462ec952da03a3312abd79de06aa2423da03f8.docx.doc
    Detection:MAL
    Classification:mal64.expl.evad.winDOC@28/49@1/1
    EGA Information:Failed
    HCA Information:
    • Successful, ratio: 100%
    • Number of executed functions: 0
    • Number of non-executed functions: 0
    Cookbook Comments:
    • Found application associated with file extension: .doc
    • Found Word or Excel or PowerPoint or XPS Viewer
    • Attach to Office via COM
    • Active ActiveX Object
    • Scroll down
    • Close Viewer
    • Exclude process from analysis (whitelisted): dllhost.exe, sppsvc.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, SIHClient.exe, appidcertstorecheck.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
    • Excluded IPs from analysis (whitelisted): 52.109.32.97, 52.109.68.130, 52.113.194.132, 104.208.16.95, 52.109.8.36, 95.100.110.77, 95.100.110.74, 52.111.236.34, 52.111.236.33, 52.111.236.32, 52.111.236.35, 95.100.110.68, 95.100.110.78, 52.31.218.129, 34.252.184.159, 52.48.8.54, 184.30.228.213, 23.56.252.213, 172.64.41.3, 162.159.61.3, 2.16.168.107, 2.16.168.105, 20.190.159.2, 4.245.163.56, 20.199.58.43, 54.224.241.105
    • Excluded domains from analysis (whitelisted): odc.officeapps.live.com, slscr.update.microsoft.com, acroipm2.adobe.com, mobile.events.data.microsoft.com, login.live.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, officeclient.microsoft.com, templatesmetadata.office.net, ukw-azsc-config.officeapps.live.com, ecs.office.com, e40491.dscg.akamaiedge.net, acroipm2.adobe.com.edgesuite.net, frc-azsc-000.odc.officeapps.live.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, us1.roaming1.live.com.akadns.net, ssl.adobe.com.edgekey.net, x1.c.lencr.org, nleditor.osi.office.net, res-prod.trafficmanager.net, owamail.public.cdn.office.net.edgekey.net, s-0005.s-msedge.net, osiprod-frc-bronze-azsc-000.francecentral.cloudapp.azure.com, owamail.public.cdn.office.net.edgekey.net.globalredir.akadns.net, metadata.templates.cdn.office.net, ecs.office.trafficmanager.net, geo2.adobe.com, europe.configsvc1.live.com.akadns.net, mobile.events.data.trafficmanager.net, e4578.dscg.akamaiedge.net, chrome.cl
    • Not all processes where analyzed, report is missing behavior information
    • Report size exceeded maximum capacity and may have missing behavior information.
    • Report size getting too big, too many NtCreateFile calls found.
    • Report size getting too big, too many NtCreateKey calls found.
    • Report size getting too big, too many NtQueryAttributesFile calls found.
    • Report size getting too big, too many NtQueryValueKey calls found.
    • Report size getting too big, too many NtReadVirtualMemory calls found.
    • Report size getting too big, too many NtSetValueKey calls found.
    TimeTypeDescription
    00:06:57API Interceptor284745x Sleep call for process: AdobeCollabSync.exe modified
    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    172.67.162.95A & C Metrology OC 545714677889Materiale.xlsGet hashmaliciousRemcos, HTMLPhisherBrowse
      PO.2407010.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
        AWB-M09CT560.docx.docGet hashmaliciousUnknownBrowse
          NUEVA ORDEN DE COMPRA 73244.xla.xlsxGet hashmaliciousUnknownBrowse
            NUEVA ORDEN DE COMPRA 73244.xla.xlsxGet hashmaliciousUnknownBrowse
              0001.xlsGet hashmaliciousRemcosBrowse
                Payment Advice.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                  Order-1351125X.docx.docGet hashmaliciousFormBookBrowse
                    2MbHBiqXH2.rtfGet hashmaliciousRedLineBrowse
                      Invoice LGMSCH0040924 Paid - EFT Remittance Advice and Receipt.docx.docGet hashmaliciousRedLineBrowse
                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        acesso.runA & C Metrology OC 545714677889Materiale.xlsGet hashmaliciousRemcos, HTMLPhisherBrowse
                        • 172.67.162.95
                        PO.2407010.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                        • 172.67.162.95
                        Po docs.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                        • 104.21.74.191
                        AWB-M09CT560.docx.docGet hashmaliciousUnknownBrowse
                        • 104.21.74.191
                        AWB-M09CT560.docx.docGet hashmaliciousUnknownBrowse
                        • 104.21.74.191
                        NUEVA ORDEN DE COMPRA 73244.xla.xlsxGet hashmaliciousUnknownBrowse
                        • 172.67.162.95
                        NUEVA ORDEN DE COMPRA 73244.xla.xlsxGet hashmaliciousUnknownBrowse
                        • 172.67.162.95
                        NUEVA ORDEN DE COMPRA 73244.xla.xlsxGet hashmaliciousUnknownBrowse
                        • 104.21.74.191
                        0001.xlsGet hashmaliciousRemcosBrowse
                        • 172.67.162.95
                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        CLOUDFLARENETUSNjFiIQNSid.exeGet hashmaliciousLummaCBrowse
                        • 104.21.112.1
                        MV DESPINA_VESSEL_DESCRIPTION.doc.scr.exeGet hashmaliciousMassLogger RATBrowse
                        • 188.114.97.3
                        https://u896278.ct.sendgrid.net/ls/click?upn=u001.qpi-2F0q-2FpcJZ7AGoG9N-2BrxLxoGn8scq-2BedBfmGHFAiwRCk-2Fciku7nsS3YfQMNNJI09mLo_nYx4-2F6dkZkjW10KMIp5mXhxys1ng1sBiI-2Bi9ROMYt6d5xhIh5rIqEUIaIxVHh8-2Ftz-2FouCgfXZk6mMUe2uKm92SOgBLlBdhjnRJuhENZnIuGoEoPqnROi7OCzdabJBBnGjEwd2iK-2BngR2RyIIgM3XrJQ7wQhHrfqScifSW3iAsv3H5nGFK9ntcSdChvkxj0yXdE-2FQ0ICDszl57i6aZSB-2Fow-3D-3DGet hashmaliciousUnknownBrowse
                        • 104.26.0.123
                        FORTUNE RICH_PARTICULARS.pdf.scr.exeGet hashmaliciousMassLogger RATBrowse
                        • 188.114.97.3
                        https://report-scam.malwarebouncer.com/XcUR2TnV2VTlXT0s0Z0NYa01KSGt3dUtWMWNiblBrc29mMlpZUU1WdThBSjdDdTlRQTVDV1ZZd0pDeWRmUU5rQ1QvVDNiSlBNYWd2bTd0eTRkZW5jT0hrYTBKWHFiVUc4TVZBOGpiNkh4VG9OTm9zNTVUWHNmNWVydHpqbzhIc1llSzdzTHZ0dENVNWRLZy9BbCsyVDRMSGRHOThUWnV5QUxPU0RZL1dPalNYTmUzMTVoRzl5bmk1ZVZRPT0tLUdVYnJkMC9GazI3MWlxYmotLUpFOURyOWkzK1l6Vy9BYTVOVDBVNkE9PQ==?cid=2346401253Get hashmaliciousKnowBe4Browse
                        • 104.17.25.14
                        x86_64.elfGet hashmaliciousMiraiBrowse
                        • 8.44.60.50
                        sh4.elfGet hashmaliciousMiraiBrowse
                        • 162.158.206.216
                        w3245.exeGet hashmaliciousUnknownBrowse
                        • 104.21.80.52
                        w3245.exeGet hashmaliciousUnknownBrowse
                        • 104.21.80.52
                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        258a5a1e95b8a911872bae9081526644Sample_Order_000000991.xlsGet hashmaliciousUnknownBrowse
                        • 172.67.162.95
                        Payment_swift_copy.xlsGet hashmaliciousUnknownBrowse
                        • 172.67.162.95
                        No context
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):292
                        Entropy (8bit):5.17124374985407
                        Encrypted:false
                        SSDEEP:6:iOpFchGN+q2Pccwi2nKuAl9OmbnIFUtLFc+ZmwlFcj93VkwOccwi2nKuAl9Ombjd:7pFchGIv0cwZHAahFUtLFc+/lFcZF5dK
                        MD5:FE817BECFF77ED728F78059805562BAE
                        SHA1:7DCA15449C39B8A1A19DBD0FA2409B34B4166AD6
                        SHA-256:169C4781511660F660015459E627C55A21714DB815C63E9FA4BF41C14B8F411D
                        SHA-512:9001AE298EE2A19F8EAA14B9CACA81737B8B5468C9DB536D86A600E2747F3B45446C4E72E9C774CDEC19B134CE4CBD6CABCA1D315320D8F081CEFF9588D27635
                        Malicious:false
                        Preview:2025/01/07-00:06:51.959 1c58 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/01/07-00:06:51.962 1c58 Recovering log #3.2025/01/07-00:06:51.963 1c58 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):292
                        Entropy (8bit):5.17124374985407
                        Encrypted:false
                        SSDEEP:6:iOpFchGN+q2Pccwi2nKuAl9OmbnIFUtLFc+ZmwlFcj93VkwOccwi2nKuAl9Ombjd:7pFchGIv0cwZHAahFUtLFc+/lFcZF5dK
                        MD5:FE817BECFF77ED728F78059805562BAE
                        SHA1:7DCA15449C39B8A1A19DBD0FA2409B34B4166AD6
                        SHA-256:169C4781511660F660015459E627C55A21714DB815C63E9FA4BF41C14B8F411D
                        SHA-512:9001AE298EE2A19F8EAA14B9CACA81737B8B5468C9DB536D86A600E2747F3B45446C4E72E9C774CDEC19B134CE4CBD6CABCA1D315320D8F081CEFF9588D27635
                        Malicious:false
                        Preview:2025/01/07-00:06:51.959 1c58 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/01/07-00:06:51.962 1c58 Recovering log #3.2025/01/07-00:06:51.963 1c58 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):336
                        Entropy (8bit):5.131700961637344
                        Encrypted:false
                        SSDEEP:6:iOpFcXhF1M+q2Pccwi2nKuAl9Ombzo2jMGIFUtLFcXhbFZZmwlFcXhbFMMVkwOcI:7pFc/1M+v0cwZHAa8uFUtLFcJFZ/lFcc
                        MD5:6CF1D20E6EB8D0D22EF758682CA828B5
                        SHA1:90D846E5A22227D2661060DF30BC6F6D847AF81D
                        SHA-256:BE1A6163DC8EBED721C2B325C21FDE54DF325A88DD6A2799F4BCC4FF96521745
                        SHA-512:54EE8DFBC62358FDE27611E20F49C1B34B804AE432F5EECB01F7B63EB1F6A3B36183CD5AED0B84C6E37C3D5D1E5477721CF5E536F6CC822427DC3DDF2A26D0AB
                        Malicious:false
                        Preview:2025/01/07-00:06:52.038 1dfc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/01/07-00:06:52.039 1dfc Recovering log #3.2025/01/07-00:06:52.039 1dfc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):336
                        Entropy (8bit):5.131700961637344
                        Encrypted:false
                        SSDEEP:6:iOpFcXhF1M+q2Pccwi2nKuAl9Ombzo2jMGIFUtLFcXhbFZZmwlFcXhbFMMVkwOcI:7pFc/1M+v0cwZHAa8uFUtLFcJFZ/lFcc
                        MD5:6CF1D20E6EB8D0D22EF758682CA828B5
                        SHA1:90D846E5A22227D2661060DF30BC6F6D847AF81D
                        SHA-256:BE1A6163DC8EBED721C2B325C21FDE54DF325A88DD6A2799F4BCC4FF96521745
                        SHA-512:54EE8DFBC62358FDE27611E20F49C1B34B804AE432F5EECB01F7B63EB1F6A3B36183CD5AED0B84C6E37C3D5D1E5477721CF5E536F6CC822427DC3DDF2A26D0AB
                        Malicious:false
                        Preview:2025/01/07-00:06:52.038 1dfc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/01/07-00:06:52.039 1dfc Recovering log #3.2025/01/07-00:06:52.039 1dfc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):476
                        Entropy (8bit):4.973505116292176
                        Encrypted:false
                        SSDEEP:12:YH/um3RA8sqpKksBdOg2HWgcaq3QYiubYnP7E4TX:Y2sRdsRJdMHW3QYhbYP7n7
                        MD5:3F6D43E499358D6E027EBFEA6FA1E541
                        SHA1:656C76E3D78661D25AD0FACAFD1AC5440C6E1D1B
                        SHA-256:B3E136914E08E1EF0C2309FDFF568E8430FFE8E0A40AFAB87FE2E215E2DE21F9
                        SHA-512:9EC162D09BB594EF9B5CE0B827E3E190063A63BAD6645C3C20AAD73617D07410A33FA8406F228F091B2268C953BD13C123D3E2E51529AFA9938D921A2E9FE7F5
                        Malicious:false
                        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13380786419976227","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":129841},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.24","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:JSON data
                        Category:modified
                        Size (bytes):476
                        Entropy (8bit):4.973505116292176
                        Encrypted:false
                        SSDEEP:12:YH/um3RA8sqpKksBdOg2HWgcaq3QYiubYnP7E4TX:Y2sRdsRJdMHW3QYhbYP7n7
                        MD5:3F6D43E499358D6E027EBFEA6FA1E541
                        SHA1:656C76E3D78661D25AD0FACAFD1AC5440C6E1D1B
                        SHA-256:B3E136914E08E1EF0C2309FDFF568E8430FFE8E0A40AFAB87FE2E215E2DE21F9
                        SHA-512:9EC162D09BB594EF9B5CE0B827E3E190063A63BAD6645C3C20AAD73617D07410A33FA8406F228F091B2268C953BD13C123D3E2E51529AFA9938D921A2E9FE7F5
                        Malicious:false
                        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13380786419976227","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":129841},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.24","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):2490
                        Entropy (8bit):5.202476242876067
                        Encrypted:false
                        SSDEEP:48:k/tsLHT4MhflKz/w57sr8flKg9ui7CIfqmtX8zNDeGzfqGvoXZ:kVsLHTj2zYJs15BIyUX8zNCKyRXZ
                        MD5:130CC4EBA0A03B64A75B2F10D850854A
                        SHA1:EC2076C3C730DE8E034BF87A7BF8ECAA873F1CA8
                        SHA-256:DEC5CFF9239518C2753425C52DD24C2B95A5DE839E10D5E1BAD5E4B2FD21700F
                        SHA-512:C667F8D64B923A3C59AA0B5F99D4A3567B64706730CE9C3A6DB6E7649A10DEF3423518F29B03191091174D107320ABE1E1F437F204AE3208260E036CCDFD6FD3
                        Malicious:false
                        Preview:*...#................version.1..namespace-'I^.r................next-map-id.1.Snamespace-ae05de33_8cc0_4e34_9d2f_86511228726c-https://rna-v2-resource.acrobat.com/.0x.%8r................next-map-id.2.Snamespace-620912f0_b173_44a4_a2dd_2b6e03d5a667-https://rna-v2-resource.acrobat.com/.1.Oxho................next-map-id.3.Pnamespace-3f93b5cc_0b3a_45a1_a898_aa1d734e1e48-https://rna-resource.acrobat.com/.2.8.so................next-map-id.4.Pnamespace-9a1097df_23ac_40f2_a28a_c79f118db6c8-https://rna-resource.acrobat.com/.3z...r................next-map-id.5.Snamespace-7d7de5b5_9dd5_4b56_8ca5_38e8c6a17e9b-https://rna-v2-resource.acrobat.com/.4Z..mo................next-map-id.6.Pnamespace-30fc8b2c_fe8d_484e_8547_bfceb1dd86b3-https://rna-resource.acrobat.com/.5.'..^...............Pnamespace-3f93b5cc_0b3a_45a1_a898_aa1d734e1e48-https://rna-resource.acrobat.com/D..^...............Pnamespace-30fc8b2c_fe8d_484e_8547_bfceb1dd86b3-https://rna-resource.acrobat.com/&.^...............Pnamespace-9a1097df
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):324
                        Entropy (8bit):5.140642344352958
                        Encrypted:false
                        SSDEEP:6:iOpFcXagM+q2Pccwi2nKuAl9OmbzNMxIFUtLFcXbZmwlFcXUYMVkwOccwi2nKuAo:7pFc7M+v0cwZHAa8jFUtLFcL/lFckYMB
                        MD5:18498E312CB42E8EAA70248E6F957DCA
                        SHA1:B752144E2C378D54096F395FA466DB45160FABCF
                        SHA-256:082D452F550A2D2927A77DE75FA325D1AEC58A5569F2BCD0458F6F7483AAC847
                        SHA-512:833F4693F8690C8A96359FDF2234592B5C798B9EAAD7B188CA9DC1B2F07B577D975D94848566E95DDAF108385E0E90F8DEA280E32546DBCFD9A83B0D276FD270
                        Malicious:false
                        Preview:2025/01/07-00:06:52.568 1dfc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/01/07-00:06:52.572 1dfc Recovering log #3.2025/01/07-00:06:52.580 1dfc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):324
                        Entropy (8bit):5.140642344352958
                        Encrypted:false
                        SSDEEP:6:iOpFcXagM+q2Pccwi2nKuAl9OmbzNMxIFUtLFcXbZmwlFcXUYMVkwOccwi2nKuAo:7pFc7M+v0cwZHAa8jFUtLFcL/lFckYMB
                        MD5:18498E312CB42E8EAA70248E6F957DCA
                        SHA1:B752144E2C378D54096F395FA466DB45160FABCF
                        SHA-256:082D452F550A2D2927A77DE75FA325D1AEC58A5569F2BCD0458F6F7483AAC847
                        SHA-512:833F4693F8690C8A96359FDF2234592B5C798B9EAAD7B188CA9DC1B2F07B577D975D94848566E95DDAF108385E0E90F8DEA280E32546DBCFD9A83B0D276FD270
                        Malicious:false
                        Preview:2025/01/07-00:06:52.568 1dfc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/01/07-00:06:52.572 1dfc Recovering log #3.2025/01/07-00:06:52.580 1dfc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):131072
                        Entropy (8bit):0.01330908196861665
                        Encrypted:false
                        SSDEEP:3:ImtV93zgg/oXlu3ElLv/llsU//tzDtSmlasJl9wWdHb5U/l:IiV98geu3Mr8UJcgIWdK/
                        MD5:D01E4DF3703B53AE2AFDF91A7881AE11
                        SHA1:EBFA8EED2B60A68055026D32DEB9B80F3A8CAB84
                        SHA-256:9AEA2D4B77867EDEFAD0144B249D41213CE6A39D34C257FD4A7C3C8411966E5D
                        SHA-512:0C755E3AFBACD18B796F5A664C62E4E90343E8A7728A8CFF668420E6241A879D4376358B2E6C1DC858C2087D8F3550F8CD442BE69493FF3174AD8BF55EC95FDF
                        Malicious:false
                        Preview:VLnk.....?.......V.D."..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):32768
                        Entropy (8bit):0.03742837346724666
                        Encrypted:false
                        SSDEEP:3:Gtl+t/lllxcimAM+8/RSCbJl3l+t/lllxcimAM+8/RSCbAcR9//blW/lvlfl:GtEttii34n3Ettii34HR9Xm
                        MD5:2312C46C1F06B738F188FF662137B6B4
                        SHA1:B2A6C02C2C456626ECBF583FF75CB4937421BEBB
                        SHA-256:E3A3A2FE5DC73BDBBFB3761C505F246B7E073264655CF07B8E0906B706A81847
                        SHA-512:18797C8824F5436FE8AA8F7CEB433B9689B8438BFF0CCB1512FFA378202D489844FFFF698BFA93A055D6C628FDA9D150B7FB44085A854E83CBE6B2A17EAE4774
                        Malicious:false
                        Preview:..-.......................K....^..e.j..t7../....-.......................K....^..e.j..t7../..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                        File Type:SQLite Write-Ahead Log, version 3007000
                        Category:dropped
                        Size (bytes):12392
                        Entropy (8bit):0.0921597606399227
                        Encrypted:false
                        SSDEEP:3:OlH/l7p9CP+8Zxy//lCP+8A4R4lNllGCP+89GSp1/Nll7r/8zukrLXFll:KDv4K717i
                        MD5:9CE9F7BE179EBD24B280455A45CB14C1
                        SHA1:296B394837E9878BC0B4D26C6206884DD4CE13B8
                        SHA-256:F69CFE8C02BC8E10D1E1B7D56FB582C198A811AB4F2C0284858E3E7836A3DEBF
                        SHA-512:7A15BCAE6A023572EA9D4393D4F29342892AF43B6E8AA5A97FD331D7E48436B47C7C37E9B6C7E6A0C91280B6B9ACBCA6721F1CB7E5625524B334295A100034FC
                        Malicious:false
                        Preview:7....-..........^..e.j.:..q.W.........^..e.j.g.B?*t.8................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                        File Type:ASCII text, with very long lines (336), with CRLF line terminators
                        Category:dropped
                        Size (bytes):3512
                        Entropy (8bit):5.167683505672503
                        Encrypted:false
                        SSDEEP:96:MOHC9Gygygy1QC3+/o3n+oem+oI2n74KK5eoeDoISOuXD0wUfzR4JZTz:fHyII+gX+oX+o1nsHYoWo/OIpUrRuTz
                        MD5:5CD4FC76649CA79C1C42A69A7C164C2E
                        SHA1:79C01E55190C9949D470BFEF49C65338122A0B13
                        SHA-256:69496FBB8EF162F200F06A2371C02DFC0AC5DED771FEDF62C490F025D7107467
                        SHA-512:DFF43F39707541720B0188CF57D4F1F7DA5CB8C9E2BEA394BE972705A752AA38A1A62C1A1F71CD972B2BEED9B44BEC4A8173C696607E6F1B893B64BBCA198CD4
                        Malicious:false
                        Preview:20250107-000657.880: t=21f8: Info: app: Begin Starting up (AppController.cpp.musync::AppControllerImpl::startHandler.304)..20250107-000727.969: t=2140: Info: AppShell: End start (AppShell.cpp.musync::AppShell::startup.178)..20250107-000727.969: t=2140: Info: Cosylib: getContext. baseUrl: https://comments.adobe.io/sync/ (CosyLibImpl.h.cosylib::CosyLibImpl::getContext.181)..20250107-000727.969: t=2140: Info: Cosylib: getContext. baseUrl: https://comments.adobe.io/sync/ (CosyLibImpl.h.cosylib::CosyLibImpl::getContext.181)..20250107-000727.969: t=2140: Info: Cosylib: getEntityClient (CosyLibImpl.h.cosylib::CosyLibImpl::getEntityClient.166)..20250107-000727.969: t=21f8: Info: app: End Starting up (AppController.cpp.musync::AppControllerImpl::startHandler.304)..20250107-000728.033: t=2140: Info: ES::cosylib: EntityClientImpl::getRegisteredLoginInfo : (EntityClientImpl.cpp.cosylib::EntityClientImpl::getRegisteredLoginInfo.975)..20250107-000728.033: t=2140: Info: ES::cosylib: RequestHandle :
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):295
                        Entropy (8bit):5.34280181693847
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXD5dXIKmWZsVsPuvLF0Y5UoAvJM3g98kUwPeUkwRe9:YvXKX/Y7VsPuv1nGMbLUkee9
                        MD5:9EB59A29720D1FD12AEB69C8ADDFDC96
                        SHA1:72D5A43CA746AAD8FF3E7CA5E9E8B73DE6D371ED
                        SHA-256:D3FE0FB03B2686AC2BADA7679FA5517CB23281987B93F91DE68ADD0DE1D2D955
                        SHA-512:FEEDA8D6171F966B248777CA46A7B0EAC6DB994D329834C64DF3BC5874B174745F71E0809A7D399F4F0016553D6655C27AA77B6B4971988F442F93518458F7FD
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"4d3ef835-6593-46e9-9ece-02c1ed6c529d","sophiaUUID":"EC75C70C-C593-4807-92E9-A6C23785378E"},"encodingScheme":true,"expirationDTS":1736318747170,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):295
                        Entropy (8bit):5.222714889617404
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXD5dXIKmWZsVsPuvLF0Y5UoAvJfNpc2VpnrPeUkwRe9:YvXKX/Y7VsPuv1nG5cUkee9
                        MD5:E9ADFF030113369D30C312273ABBA236
                        SHA1:E6E454B8AAD8071DC1A713043014AE13D405B4E7
                        SHA-256:B980D5DDBF23E26F05B3BD5C22E3C808A4ECCC539D4E0A0BB6CDCA200C7F3122
                        SHA-512:EA490FF7E0E8A74184CAA43C85E3685FD3D90A6FD56FB56A90BEA7F4DB0D44BAC37AF21CEE5725B3BEB7DABB0D914C92788458C0FB854990340ECBFFBA3500B5
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"4d3ef835-6593-46e9-9ece-02c1ed6c529d","sophiaUUID":"EC75C70C-C593-4807-92E9-A6C23785378E"},"encodingScheme":true,"expirationDTS":1736318747170,"statusCode":200,"surfaceID":"DC_Acrobat_Notification_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):294
                        Entropy (8bit):5.278071982531337
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXD5dXIKmWZsVsPuvLF0Y5UoAvJfBoTfXpnrPeUkwRe9:YvXKX/Y7VsPuv1nGWTfXcUkee9
                        MD5:EB7CF135074239DF78E9A3B8A0242E47
                        SHA1:B09B46151BC019377F06F72709595A5D1E4FCBE6
                        SHA-256:1E3EF1925BD4B93C1EC9C4376B90BCA771C74F10AA3DAD10AAC2D2C276D06D6E
                        SHA-512:3A5108E9335C86A4F2DC6E626B5CEA5623C3B9FAA2FEFCB9D537D0D71DFA0E71EFF7241CD9A13205081D7746921F830748239230F0F9BFC737F2F7C292F69002
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"4d3ef835-6593-46e9-9ece-02c1ed6c529d","sophiaUUID":"EC75C70C-C593-4807-92E9-A6C23785378E"},"encodingScheme":true,"expirationDTS":1736318747170,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):294
                        Entropy (8bit):5.256987503589192
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXD5dXIKmWZsVsPuvLF0Y5UoAvJfBD2G6UpnrPeUkwRe9:YvXKX/Y7VsPuv1nGR22cUkee9
                        MD5:156EDCD06C2E824AA2F883D7D51F4867
                        SHA1:AF1CA5D095ECBA72C7C56FF8E9B04D39E9348D6E
                        SHA-256:D639EFCFF345C0E28F49A548C18FB884AC55270B90722F70F1D58DD0A7A61D78
                        SHA-512:D1453EA754DAC3E29B03A076CA3A200237CB27ECE2BDD7DBC459944474D8B6B6AD6EAA1EB61C6DF5F33EE816772CA06148A4DA57363A36B0DC80940981AD5E7F
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"4d3ef835-6593-46e9-9ece-02c1ed6c529d","sophiaUUID":"EC75C70C-C593-4807-92E9-A6C23785378E"},"encodingScheme":true,"expirationDTS":1736318747170,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):285
                        Entropy (8bit):5.308128290768725
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXD5dXIKmWZsVsPuvLF0Y5UoAvJfPmwrPeUkwRe9:YvXKX/Y7VsPuv1nGH56Ukee9
                        MD5:909CED90AA95445C1C287E1792240EF9
                        SHA1:BB994C4B4ACB4FA8FAFE683D176A46FA558F0932
                        SHA-256:7597F03636EA39FCEF6BD8060FB891CBD5AF58CB32407B48CFCF6E5BC7279A8D
                        SHA-512:B4F242E9FCFF8ECCBADB206BF8D7D2C2A91FF01E2EF177EB3C5F1B2E6D973E46934BD52D1A2C46F2AA8DCE7817033F775F6FBC85B9515A1741D54A851D8D4549
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"4d3ef835-6593-46e9-9ece-02c1ed6c529d","sophiaUUID":"EC75C70C-C593-4807-92E9-A6C23785378E"},"encodingScheme":true,"expirationDTS":1736318747170,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1123
                        Entropy (8bit):5.682497788940571
                        Encrypted:false
                        SSDEEP:24:Yv6X/Y779spLgE9cQx8LennAvzBvkn0RCmK8czOCCSn:YvkYdshgy6SAFv5Ah8cv/n
                        MD5:71F6F6E5F7F4BC5EBA4CB13A4EC42B57
                        SHA1:049CD7F222E4E4332E7CFC51D6846C0F26E80F16
                        SHA-256:E986132DB96C22C8C95FE10B20E87C9811D1A7E48D066B2BA3E56AB9A35584AC
                        SHA-512:6F251CE7B51950E02AE039F5A98BA10CD45F242129C9937E73303C358380A0DE4179A03BA569655A794C641FE6091AB0405AE09FBAD1BB749F48D40DCB6566E8
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"4d3ef835-6593-46e9-9ece-02c1ed6c529d","sophiaUUID":"EC75C70C-C593-4807-92E9-A6C23785378E"},"encodingScheme":true,"expirationDTS":1736318747170,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):289
                        Entropy (8bit):5.2672723016184095
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXD5dXIKmWZsVsPuvLF0Y5UoAvJf8dPeUkwRe9:YvXKX/Y7VsPuv1nGU8Ukee9
                        MD5:17157733B3B350473115AF71A9AA9D21
                        SHA1:B4D9D973959282AAD0C19774EBCD97DDDFF575D7
                        SHA-256:3BB04F4C6F144E93D1BE9D2826F390B4D93B34320F847571CE914FEBFF54A758
                        SHA-512:D2B598911F2DF912B5FE730DA556374E2E121F3BCE5B12BFE8321A5BCA6E1501238A583A4EABDEE8097CA665783C9D5C2DF46F3633DA3086CA9A7A90214A6FF7
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"4d3ef835-6593-46e9-9ece-02c1ed6c529d","sophiaUUID":"EC75C70C-C593-4807-92E9-A6C23785378E"},"encodingScheme":true,"expirationDTS":1736318747170,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):292
                        Entropy (8bit):5.2577268485060085
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXD5dXIKmWZsVsPuvLF0Y5UoAvJfQ1rPeUkwRe9:YvXKX/Y7VsPuv1nGY16Ukee9
                        MD5:5EDDE32191AC0A0736C95C643DCCFCDE
                        SHA1:737E0ACD69348C6AE77A7BA3BED85C3C13936AC2
                        SHA-256:981C09BFB187765F25B918B32D3149E5A5C71A9BD3296938EAF416FB431C8B82
                        SHA-512:98BA6C0318B806540B7CDBA9A2BB54AD463B226E43BB2CEA4B7D694AA5D11808B2E0C81A48BDF2B15053FC1324A314538B3EC9756F760AD6D05A84DB53739728
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"4d3ef835-6593-46e9-9ece-02c1ed6c529d","sophiaUUID":"EC75C70C-C593-4807-92E9-A6C23785378E"},"encodingScheme":true,"expirationDTS":1736318747170,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):289
                        Entropy (8bit):5.273782061579374
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXD5dXIKmWZsVsPuvLF0Y5UoAvJfFldPeUkwRe9:YvXKX/Y7VsPuv1nGz8Ukee9
                        MD5:56DB081CC911DC70AAB4B5D464A1A190
                        SHA1:C9D2339DC87721278A9F26D08D1994742218C0CE
                        SHA-256:560ADBF81E49A309C928E506446683DEA05EC80A0CDD49E0E9D0A8FBE7707A16
                        SHA-512:20A1A72B4369A08BB32C800E2FDB02913EEF604850AFEC97D96CFA28392E5422A5580F293C0A879333C2916E68EAB371C85B77560507C95FCDA64ED6C2E45E1F
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"4d3ef835-6593-46e9-9ece-02c1ed6c529d","sophiaUUID":"EC75C70C-C593-4807-92E9-A6C23785378E"},"encodingScheme":true,"expirationDTS":1736318747170,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):295
                        Entropy (8bit):5.293020981895268
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXD5dXIKmWZsVsPuvLF0Y5UoAvJfzdPeUkwRe9:YvXKX/Y7VsPuv1nGb8Ukee9
                        MD5:E99F37DF6F884AFA158F119C62614C1F
                        SHA1:036110FD4B7E2E2DA7550D081EA991A3E4B5DD71
                        SHA-256:4A3E1D38C54AE15AB36745E632E97A58C6E85E013C1CE7FF7BDBD30C79F0347F
                        SHA-512:A808B78900710C72686FEAA1E146F69D9871637D505CEBAC705385237755995DFF36ECDF7EFF27BAD315F13A411D57063FB98F815D1A75D17C0217FD2880A9EB
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"4d3ef835-6593-46e9-9ece-02c1ed6c529d","sophiaUUID":"EC75C70C-C593-4807-92E9-A6C23785378E"},"encodingScheme":true,"expirationDTS":1736318747170,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):289
                        Entropy (8bit):5.272511795627523
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXD5dXIKmWZsVsPuvLF0Y5UoAvJfYdPeUkwRe9:YvXKX/Y7VsPuv1nGg8Ukee9
                        MD5:F6E96830431E8E9CA7548D148B0E2F58
                        SHA1:B0D01C0C21351C2FFF74F66CAC7B741B0D09B625
                        SHA-256:26C825404FB54978476482A97EB92342DB62547BCAB653592619E54F3619E1D2
                        SHA-512:6FC83A8235A62CD755B69C20713219377A9084B537D7B646B45F4EEAB221530099AE1740A2CD8F64F40CC27956BF60C8ED175287597ABFB3C32D5493B154FC76
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"4d3ef835-6593-46e9-9ece-02c1ed6c529d","sophiaUUID":"EC75C70C-C593-4807-92E9-A6C23785378E"},"encodingScheme":true,"expirationDTS":1736318747170,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):284
                        Entropy (8bit):5.259181163723244
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXD5dXIKmWZsVsPuvLF0Y5UoAvJf+dPeUkwRe9:YvXKX/Y7VsPuv1nG28Ukee9
                        MD5:DF75501BFF32A3A1839739C3FD72B737
                        SHA1:A5E65705EA18F214740FD3C0C660549BD2ABC0B9
                        SHA-256:5DB7CB429F46F9D2F7EBA31C0ED6879006A1FA301150E06C5A7256D1E7AF27E1
                        SHA-512:0A4581496D586D7D09E5DFDA7F4FECCC4954A41C457C8DD13B0879280CADD4662F1A8C52F07A4B10D01B42B83EC66D4313363AA705EC3A75E4D47AC23ABCC24C
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"4d3ef835-6593-46e9-9ece-02c1ed6c529d","sophiaUUID":"EC75C70C-C593-4807-92E9-A6C23785378E"},"encodingScheme":true,"expirationDTS":1736318747170,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):291
                        Entropy (8bit):5.256247815668209
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXD5dXIKmWZsVsPuvLF0Y5UoAvJfbPtdPeUkwRe9:YvXKX/Y7VsPuv1nGDV8Ukee9
                        MD5:4D86D084A6FC8984BA7605A3E8C7900F
                        SHA1:CF63369BC071E8D5BA75F5EE88B31B64457BB457
                        SHA-256:77DDB9483335D3B42493919F82D53E4546C60666E2112B9C44666FD9C9F03277
                        SHA-512:8CF73C5523736872BAE3968E025D8328CBFC4A36881B3143C55C93C13CBBF7DB7EFF82042EA6A189931771522AC0B8DA9B561A8EFD9908D64EB167DC92B1CF1C
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"4d3ef835-6593-46e9-9ece-02c1ed6c529d","sophiaUUID":"EC75C70C-C593-4807-92E9-A6C23785378E"},"encodingScheme":true,"expirationDTS":1736318747170,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):287
                        Entropy (8bit):5.247291895905849
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXD5dXIKmWZsVsPuvLF0Y5UoAvJf21rPeUkwRe9:YvXKX/Y7VsPuv1nG+16Ukee9
                        MD5:05A099FE3249CFD0C73BF6A0A5D095D9
                        SHA1:499EB734A80FEF9BE2DD80A8A51223D47EA33C08
                        SHA-256:3C83637AFD1958981E48130D0A7891AB4FA3EC813D2C44306AACA4C5C4FB7680
                        SHA-512:C10C42FEEC9FE51407AA842801A322B4D3A2B0AFB291EB113196670CBDFE86865EC2498CEBD6FA1CC20B3DF1285A767CEC19E9779B0D9520B6C44F910AA8FF52
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"4d3ef835-6593-46e9-9ece-02c1ed6c529d","sophiaUUID":"EC75C70C-C593-4807-92E9-A6C23785378E"},"encodingScheme":true,"expirationDTS":1736318747170,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1090
                        Entropy (8bit):5.658404259401691
                        Encrypted:false
                        SSDEEP:24:Yv6X/Y779YamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSU:YvkYdeBgkDMUJUAh8cvMU
                        MD5:094EC4587DD49705BC9494C6E8B7A48E
                        SHA1:153CCC79898E649A1AB7D5B04698FEC3C2805914
                        SHA-256:685301D84968E9BEB96D3A4DE449B69BCC8D6EAD32B495FB36B92039B5CCFB62
                        SHA-512:CF0ACA343280BCC521AA80D8EA528822F96E0CF127C7BC71CDD43C513D66400822D84FC9C0A90EBF3FFA7675E603566BDCB8AFCD4482915844C8300CBEAB0546
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"4d3ef835-6593-46e9-9ece-02c1ed6c529d","sophiaUUID":"EC75C70C-C593-4807-92E9-A6C23785378E"},"encodingScheme":true,"expirationDTS":1736318747170,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):4647
                        Entropy (8bit):5.799242191469345
                        Encrypted:false
                        SSDEEP:96:GFSgFGzavDLsr+EsDaQhsDXDCwsDcMJCsDP0KaKO05CM3DTv:gFvLsrzsDnhsDXD7sDHCsDP0B0N3DTv
                        MD5:7A021E0C994A2421BEC7B4619BBF21E8
                        SHA1:BE4D8397B883269F754F9D6170D9E9248A4D66EA
                        SHA-256:0245CA3400934822901E74CD1CB82BAF6AF99586038405A4A9C68F9FD8C4D7E9
                        SHA-512:BDDC8F2EFE0D7976CD97EDEC8B616364CEADEF166409C6D236CCFA28EBAB31D448DA9A3698656830ADEBED33131B048CF9681D3C8C9176059EFFC63066723E44
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"4d3ef835-6593-46e9-9ece-02c1ed6c529d","sophiaUUID":"EC75C70C-C593-4807-92E9-A6C23785378E"},"encodingScheme":true,"expirationDTS":1736318747170,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Upsell_Cards"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93813_290796ActionBlock_0","campaignId":93813,"containerId":"1","controlGroupId":"","treatmentId":"0be09e78-bbb0-4ac9-b112-1bb22b5f1b4b","variationId":"290796"},"containerId":1,"containerLabel":"JSON for DC Reader Upsell Cards","content":{"data":"eyJSZWRhY3RQREYiOnsiZGF0YVR5cGUiOiJ1cmwiLCJkYXRhIjp7ImxpZ2h0IjoiaHR0cHM6Ly9vZGluLmFkb2JlLmNvbS9jb250ZW50L2RhbS9hY3JvYmF0ZGVza3RvcC9jdnMvZ3Jvd3RoL3JlYWRlci9yZ3MwMzU5L3YyL2luZGV4Lmh0bWw\/ZXhwZXJpZW5jZT1yZWRhY3R8ZW58MXxsaWdodHxyZWFkZXJ8VVMiLCJkYXJrIjoiaHR0cHM6Ly9vZGluLmFkb2JlLmNvbS9jb250ZW50L2RhbS9hY3JvYmF0ZGVza3RvcC9jdnMvZ3Jvd3RoL3JlYWRlci9yZ3MwMzU5L3YyL2luZGV4Lmh0bWw\/ZXhwZXJpZW5jZT1y
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):282
                        Entropy (8bit):5.237363723552516
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXD5dXIKmWZsVsPuvLF0Y5UoAvJTqgFCrPeUkwRe9:YvXKX/Y7VsPuv1nGTq16Ukee9
                        MD5:EE326A301AC5F5EFD41E47CE60139AAB
                        SHA1:3FD0A0D771E32CF0015A1CE5ED26F35372C8825B
                        SHA-256:0F3CF0C8DDA84BDB04AB10DA4B0882A408B2F59C714F4C48269B6017AA319237
                        SHA-512:64F77A774F18E64F843669BA9600F017E3BD82FB42E8072439D37389BE988569EE5B7B29AC9801C346038EB32E5B2B9006AE31EF2D141465808822F40DFC6559
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"4d3ef835-6593-46e9-9ece-02c1ed6c529d","sophiaUUID":"EC75C70C-C593-4807-92E9-A6C23785378E"},"encodingScheme":true,"expirationDTS":1736318747170,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):4
                        Entropy (8bit):0.8112781244591328
                        Encrypted:false
                        SSDEEP:3:e:e
                        MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                        SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                        SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                        SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                        Malicious:false
                        Preview:....
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):2993
                        Entropy (8bit):5.139016191574149
                        Encrypted:false
                        SSDEEP:24:YuM2L1P2LS0iB1H2oIaBayz1W7DcuWinuIcK0WcB9ePljLp5j0SNXCfkJtkv9NFN:YpKPBE7JuLCLptFUkJt89NuNX9Q
                        MD5:88E7A5B79EF18E6E69EEBAD09C94A55D
                        SHA1:3832A977071F5738D29FB5A726CFF9E46B151757
                        SHA-256:B3073FDB41BFFB1A6D481DAD8EF010598680DFB2D830F0054243F55F20C67537
                        SHA-512:F8CB3E1346F9F555D7A3126DED90A760098CBBF87739C2042E39C30204ED6F4A138CF622C2DA7C8EC4276F7CB53050552CBB8FE3387D3D75A5BCFABA3474A16A
                        Malicious:false
                        Preview:{"all":[{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"438028d74af4a9055b597a85d46af3aa","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1736226450000},{"id":"DC_FirstMile_Right_Sec_Surface","info":{"dg":"4eb55037b8c00a362d7999f507b5483e","sid":"DC_FirstMile_Right_Sec_Surface"},"mimeType":"file","size":294,"ts":1736226450000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"cdd8783a582a450dc9d0c4a7e1e795a5","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1736226422000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"a554ec75dc7efcc6f1d9f43d5e53ae31","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1736226421000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"3d263661f7f9b6bc95a900ccd6ce78f7","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1736226421000},{"id":"DC_Acrobat_Notification_Surface","info":{"dg":"3eeec0a399c332da3777fb8dc2d5a119","sid":"DC_Acrobat_Notification_Surface"},"mi
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:PostScript document text
                        Category:dropped
                        Size (bytes):206621
                        Entropy (8bit):5.168186166598788
                        Encrypted:false
                        SSDEEP:6144:AcNiWAnctOlUNU7iRytIbSRGdWPkn6jklyhApwnet4n:7NiWAnctOlUNU7iRytIbSRGdWPkn6jke
                        MD5:05EE17877E2DB947BF365A05028DB5B8
                        SHA1:0F6613FFB68A46323691F0FBE550725E36831424
                        SHA-256:319A508167532306084CA8C7F0484530F078C01E6E5A38EB181A71C7B7AD8BFC
                        SHA-512:080232AB69A0D88F3E33923BFB9529191B52C11BB725B71135CE9C84D885A18CA3F7FCE3D70BEDEC99B2084103421AC6E7E4F9F86BF41C841854521EFA6B134D
                        Malicious:false
                        Preview:%!Adobe-FontList 1.24.%Locale:0x409..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:PostScript document text
                        Category:dropped
                        Size (bytes):206621
                        Entropy (8bit):5.168186166598788
                        Encrypted:false
                        SSDEEP:6144:AcNiWAnctOlUNU7iRytIbSRGdWPkn6jklyhApwnet4n:7NiWAnctOlUNU7iRytIbSRGdWPkn6jke
                        MD5:05EE17877E2DB947BF365A05028DB5B8
                        SHA1:0F6613FFB68A46323691F0FBE550725E36831424
                        SHA-256:319A508167532306084CA8C7F0484530F078C01E6E5A38EB181A71C7B7AD8BFC
                        SHA-512:080232AB69A0D88F3E33923BFB9529191B52C11BB725B71135CE9C84D885A18CA3F7FCE3D70BEDEC99B2084103421AC6E7E4F9F86BF41C841854521EFA6B134D
                        Malicious:false
                        Preview:%!Adobe-FontList 1.24.%Locale:0x409..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):197087
                        Entropy (8bit):3.103898301002015
                        Encrypted:false
                        SSDEEP:768:+iZitAPQumNw4gnHwvAPX7V6TdHzsW54ouQPuPgig3n:tMKPx37V6RHQWGoF+4n
                        MD5:194E19545EB45C2E5EA61655365C780E
                        SHA1:93E1243BC5AB03F6A1421DEE44E697008C7CC912
                        SHA-256:40D139A6139143DFEAD3EBAD564EEC6FD81039D93D31692CBD4819B4CE90FB33
                        SHA-512:A45CC7A9AFA7253E7BE7882E1D0DD80E4A09922B2BFEE6388C2679558227D6C8F62ECD02506E961ABF261E51391056BAA8E29B91A151892A69AF363289F70760
                        Malicious:false
                        Preview:Adobe Acrobat Reader (64-bit) 24.4.20272....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 11
                        Category:dropped
                        Size (bytes):12288
                        Entropy (8bit):0.9224507900710746
                        Encrypted:false
                        SSDEEP:24:TL0Ox/XYKQvGJF7ursqofqhdDh7VyhZhjks3hfghfXFhhZdloF:T1l2GL7msqdXtsYFvlU
                        MD5:FDAA7909390D1806F870656DD8481D20
                        SHA1:AB803CFF315AAC7E8F57930CA762B88A3CDB0588
                        SHA-256:DC3C0728BDFDAD7FADB0D072B3E4A4452C939E142721E24DCDE50A451F28C588
                        SHA-512:03DCF68F7B263254932CC8FD3C96CF61E184372618611EBDDB083193E26D0BFE0939C7D65391184421CE488A12659236B96594051DAD2070C3DF755FE7959283
                        Malicious:false
                        Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:SQLite Rollback Journal
                        Category:dropped
                        Size (bytes):8720
                        Entropy (8bit):1.2595437322344696
                        Encrypted:false
                        SSDEEP:24:7+tvoBqhdDh7VyhZhjks3hfghfXFhhZch/qLc2x/XYKQvGJF7ursc:7MvrXtsYFcqY2l2GL7msc
                        MD5:57EEC096BF28245B4CA07239FD7C2EF0
                        SHA1:7F460E2E828D52EBEB3F2C308F3895015DAE9265
                        SHA-256:2968811794E76BF87BC73527F41A82A0693B8C9647A81EDBD7C2F308BD62458F
                        SHA-512:2FC5C46A1B75902A5739285BC104BDBA79D648B1B65C29EA590D9C4E24E06F91160BB1FDA140DF486EA2EB7715B770FCFED211F561211229E2E79BF44ACDFE37
                        Malicious:false
                        Preview:.... .c.....<...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):63336
                        Entropy (8bit):5.39842223089392
                        Encrypted:false
                        SSDEEP:768:nOpjlrUlTZ44ADKemgIxyxQdSk6I5mCEh8NAJ/ehYyu:yalTZ44ADZay9k6IE8WJWhK
                        MD5:2CFC2936BD644BE57C2E54693B1D934F
                        SHA1:0158FCC11DA08CAB33745E54012CEBEE07069F98
                        SHA-256:643A5C13475292B2AA8943E1A68BE5DBBA802CD78D269BB2A9166645FFBA2AA9
                        SHA-512:2CFC172DB6AB49EDA3F40C2627D523D20215FA2E7BD6F340E73D5C482B69264C89ED144D5AD524EE8060A0D8D8BB5B8431C664C0974EAE8B708F3AE26C8FAD21
                        Malicious:false
                        Preview:4.375.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2
                        Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                        File Type:data
                        Category:dropped
                        Size (bytes):1772
                        Entropy (8bit):2.6943123162171814
                        Encrypted:false
                        SSDEEP:48:m8/WKGKLszdpepI4Mh8bEtK0Ial1RgpSkyTzU:lQzdGtqJbr0
                        MD5:3024C94AAED117F2E7D0D93831B238BD
                        SHA1:454B2342A2155F871B8F4A7A8E37E4EA7C534255
                        SHA-256:45B8812E93F96C2C97AC338465CF8C522D0970F6E148276473F47D84FF9C4FA3
                        SHA-512:20A95715E38DADA08FFE5D2FC5D95B7130A935231616C58AAE0FA68175C2AF95F787AE55C7E749EE52A2075AA9D27A540332BD0EB1B35E978AF7C767BBC57CF9
                        Malicious:false
                        Preview:1.0.7.,.3.7.4.6.3.7.6.,.1.2.3.,.7.7.8.7.0.2.2.2.4.,.6.3.6.4.3.3.4.,.1.4.6.1.9.5.4.,.2.6.0.1.,.1.1.9.,.3.7.4.6.3.7.2.,.1.5.6.1.9.5.8.,.3.7.4.6.2.5.9.,.1.1.9.6.3.7.8.,.3.7.4.6.3.6.8.,.4.2.1.4.2.1.7.,.6.3.6.4.3.3.1.,.1.2.5.,.1.5.6.1.9.5.5.,.7.7.8.7.0.2.2.2.5.,.4.8.0.9.1.5.7.6.3.,.3.7.4.6.3.7.3.,.4.8.0.9.1.5.7.6.5.,.7.7.8.7.0.2.2.3.4.,.1.2.2.3.4.3.4.,.5.2.1.6.4.2.,.1.2.8.,.1.2.2.0.7.7.9.,.4.8.0.9.1.5.7.6.4.,.7.2.9.1.8.1.0.4.3.,.6.3.6.4.3.3.2.,.1.0.0.,.1.0.1.,.1.0.3.,.1.0.4.,.1.0.5.,.1.0.6.,.1.0.8.,.1.0.9.,.1.1.2.,.1.1.4.,.1.1.8.,.1.2.0.,.1.2.1.,.1.2.2.,.5.4.5.6.5.4.3.,.1.2.4.,.6.5.4.2.1.8.5.1.,.1.2.6.,.1.4.6.1.9.5.5.,.;.1.0.3.4.5.0.2.0.,.3.,.1.0.6.9.5.5.3.,.6.5.4.0.2.1.5.,.3.2.9.4.5.8.7.9.9.,.1.2.7.,.1.6.5.7.4.5.2.,.7.4.5.3.4.5.9.,.2.3.7.1.6.5.1.,.1.6.5.7.4.5.3.,.3.0.1.2.3.4.6.6.,.3.1.4.1.5.9.1.5.,.3.0.1.5.3.7.2.1.,.2.7.1.5.3.4.9.7.,.3.7.4.6.3.7.9.,.6.3.7.1.6.9.4.,.1.0.3.4.5.0.2.1.,.1.0.6.9.5.3.3.,.3.4.4.1.3.9.5.3.,.6.3.6.4.3.3.7.,.2.6.4.8.5.7.8.4.,.6.1.7.0.7.3.0.7.,.2.5.4.8.7.8.5.4.,.6.7.
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):246
                        Entropy (8bit):3.4760239644818096
                        Encrypted:false
                        SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8yQpClIlClYH:Qw946cPbiOxDlbYnuRKTWPlmYH
                        MD5:5AC62EA26A23FFF561FEA808B7B64B25
                        SHA1:0B7A5F43E0E3C41D813B3BFE1A1191EB90080127
                        SHA-256:C0A4ABFA44142D47B8264A8C8F69BE277C17AFBECD9D1651F3229520B28C53AC
                        SHA-512:FF6C193170E566889860130EF51E715F3894D989B140675775494337220EEA4FF19B7F4F7416B4FFC728DEB968EF2F86F9AE9ADE79E9122A5C6BF77A482CB749
                        Malicious:false
                        Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.7./.0.1./.2.0.2.5. . .0.0.:.0.7.:.0.0. .=.=.=.....
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):3210880
                        Entropy (8bit):2.16899962284044
                        Encrypted:false
                        SSDEEP:6144:xBC7KmSopyrAWDOY1wYlJ65QrHNJRdYDjWOWMQSu1TgkPH:rmSocrNwYlJ3rtj8WO4
                        MD5:ACA3F83B42DF3AB90AEB8B7EE7F0DF56
                        SHA1:56AD47AC0631189CA63462726E48F2CDCA7AF65D
                        SHA-256:85072820F0823D644E51085987B6A61392DEF5AF1B88469B89E31C608095F75B
                        SHA-512:71E92B06427B3F98BED826F4BADD8224D15E28F94AE94240DF90AD2AA73529624FB902781B2142A7EA4D8091850D06F29AE085853056C4ABB63DE0C3A7CE6DBE
                        Malicious:false
                        Preview:............................................................................................................................................................................................................................................................................................................t...........................................................................................^......._.......c.......d...........................................................................................................................................-...)...A12_acrobat_multiFile_generic_dark_32.pdf...................................................................................................8...........................................................................................................%...!...A12_acrobat_parcel_generic_64.pdf...........................................................................................................9.......................................
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:ASCII text, with very long lines (393), with CRLF line terminators
                        Category:dropped
                        Size (bytes):36869
                        Entropy (8bit):5.355345513407048
                        Encrypted:false
                        SSDEEP:384:iv3g+l+EFevRPEuc23YSHctoyVrV/VwlYgFAkZOygnqAhazJbyowIEsf4F+YuOL5:X41Bi22dBY
                        MD5:AE5384610F67033EF555F458BBDA7038
                        SHA1:F20E47D63797B5415EB2A18CCB01B8E84615D8DD
                        SHA-256:59FAABB4072821867F75818AA21CB790110C7641B227723070AD838865306C0E
                        SHA-512:F7948D64E642E1D74FF5231D8794C1DAAC967D5A7FA4FC82FB67C24B1A2766B58F82764742FCCB0C0A2371DDCB75BAF1C4522F7E4F08BA91B9EA35D33642975D
                        Malicious:false
                        Preview:SessionID=86c44db2-9bc3-4f0e-a93b-61280e6bd2df.1736226408781 Timestamp=2025-01-07T00:06:48:781-0500 ThreadID=4748 Component=ngl-lib_NglAppLib Description="InitializeLogger: -------- Initializing session logs --------"..SessionID=86c44db2-9bc3-4f0e-a93b-61280e6bd2df.1736226408781 Timestamp=2025-01-07T00:06:48:782-0500 ThreadID=4748 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=86c44db2-9bc3-4f0e-a93b-61280e6bd2df.1736226408781 Timestamp=2025-01-07T00:06:48:782-0500 ThreadID=4748 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=86c44db2-9bc3-4f0e-a93b-61280e6bd2df.1736226408781 Timestamp=2025-01-07T00:06:48:784-0500 ThreadID=4748 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.22631.1"..SessionID=86c44db2-9bc3-4f0e-a93b-61280e6bd2df.1736226408781 Timestamp=2025-01-07T00:06:48:784-0500 ThreadID=4748 Component=ngl-lib_NglAppLib De
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):13250
                        Entropy (8bit):5.41328100862615
                        Encrypted:false
                        SSDEEP:96:448gJSbjLevbUaIcoIchgJjbjLevbUaALot0W22QWgJ5bjLevbUabrrAIs7tegJP:5JocbUIciJHcbPtCJpcbiIs7tFJTcbi
                        MD5:B79D171D5A7E9C60B48D825D59606DBB
                        SHA1:7256C27CE1CAA07C416B642225BA0DD9A4910AA5
                        SHA-256:5D54386D4E0F547A9ABC2F10BC96730C2D254A350B765783F4D10D8FC11D054E
                        SHA-512:3817F5ACF52DABC04742EB38DD7DCEE8BB4C7FD5AB12B0BFA33D566892AA2D4FDAFDD160ACD28C6872ADE907997F57FFF109CA176A518B8AD75F477A7494FDC9
                        Malicious:false
                        Preview:09-12-2024 07:34:53:.---2---..09-12-2024 07:34:53:.AcroNGL Integ ADC-4240758 : ***************************************..09-12-2024 07:34:53:.AcroNGL Integ ADC-4240758 : ***************************************..09-12-2024 07:34:53:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..09-12-2024 07:34:53:.AcroNGL Integ ADC-4240758 : Starting NGL..09-12-2024 07:34:53:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...09-12-2024 07:34:53:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..09-12-2024 07:34:53:.AcroNGL Integ ADC-4240758 : NGLAppVersion 24.4.20220.6..09-12-2024 07:34:53:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..09-12-2024 07:34:54:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..09-12-2024 07:34:54:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..09-12-2024 07:34:54:.Closing File..09-12-
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5297098
                        Category:dropped
                        Size (bytes):1447012
                        Entropy (8bit):7.976416178300351
                        Encrypted:false
                        SSDEEP:24576:W5v19kgklacAihegkWC+T+BWzphJK7OItMUaGuId3huN/1IbPM+B36h:WN19kgPc7hegkWC+Xzz8Szwub6bUIK
                        MD5:92F92875CB6CE478B7D34CE33A202BC3
                        SHA1:733800293C62F911E525EB59C917642F91E92753
                        SHA-256:950BED1133E270250BC9D789D2CB3BFD0657ADA1C32D48F98624BE82EDE91968
                        SHA-512:D34380A170FB54CC42DA772D8CA566B0514A8C04BF663908BEF35592B5B81A0481FDD9CC57FFA6E09F30329A4FD350E48CC6FDFDDA761F46F55738E22ED31316
                        Malicious:false
                        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 15506
                        Category:dropped
                        Size (bytes):750018
                        Entropy (8bit):7.980449716544286
                        Encrypted:false
                        SSDEEP:12288:ONh3PwFGnx0MR1ybxrr/IxkB1mabFhOXZ/fEa+WY8xE+Tegs6ajnt56QPIm/E9ul:O3PwFGiMMNB1Dofjq8x5egfatfW9i
                        MD5:EF4C4B36E28C22D527C8F28735C9B257
                        SHA1:B6937224530E9100329113B74E1BCFA29DE72328
                        SHA-256:2859D6AA9B3F2171D31343D355D1CD1C48748F5B8C0A7B3A6425AC5BDCAC4879
                        SHA-512:76ED5D73F691484ABC2AA1B91489C00D2BB80BCD7A45CE45BB3D36DA0F5C5DF5B0318425C852DFB04C32A92300F466811EF4899742BAFCC2BD012988E7F0E5C4
                        Malicious:false
                        Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                        Category:dropped
                        Size (bytes):349066
                        Entropy (8bit):7.974867674341838
                        Encrypted:false
                        SSDEEP:6144:363nxPvUMrMkBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOFjNOX1L5:qnx0Mz+Tegs661ybxrr/IxkB1mabFhOD
                        MD5:C9A0D7F389FA4D046AE4EDC33E8781DB
                        SHA1:7F050C2FD8BE4C671160994972D27181B03D048A
                        SHA-256:AD732111E59FD39FC2321F88A43B90D10F6CEED5649FDE877A6B5C01986972C4
                        SHA-512:D036654F71583182CA007396A5F2D9DE43EE237CE4A38D149BBB3276AE77672C2C72D57198386A311DB42D215F8E69D1B7C5814D9C90F8275D1E6E8D1873A664
                        Malicious:false
                        Preview:............r.I..Z..K.w.p..4A..?..Z-..5..mI.Mqi..I.$.&@R.H.........G.........O........{fB.M...........!.............o...y.E4.w#......8..B..x$ND[...W....gW.../...lq ?.O...X..C.I.?9...d....v.O...|.S..%?.W0.+.m.)|6.O..#..0...'....<4W..6b0W./.~.......@..l....$>c...~-......u...l3......q.O$L..l.!.q.G.;..X....0.~.K^..O.X...){..4.J(.....X.7..c...,b.X.O.l9...-......l..j./....|..A..8~.\.Wq|..PR.-G.qo....$<.......){/........-.aU..&a. ....e.1'.-....I..*...I..........w...K..;|.kvC.|......v]...O........#.....}..N..]......8...'.e.`.m..-.z...v.........&...s.X.9....O[..G.;..?...Z7..5..]...u..@.5........m \.~Q..#.#..%..<.J...*8..x..i|xM.6..X~......f'.G......T_..Gl....J).w".y..y;1f..]|.....f.G..V%....'..@.%J..g.......pR.e......x...(]B=.;>...}<........gMa.*.ZsVv i.:.i.>.I .........K.L.iJ.Z..e.&J.W.lw[~.$.5..|....Ot+.y.h../....+E..7...rE......,.`.?!g...a.+`.w>%8..O.....m.f.i.n}s...Z....3..X..R...>G.nI*.9>..`.....|N....#....7...\....l.A.. ..
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41808
                        Category:dropped
                        Size (bytes):1434443
                        Entropy (8bit):7.975962985186076
                        Encrypted:false
                        SSDEEP:24576:a6SlacAihegkWu+T+BJv19kgiK7OItMUaGuId3huN/1IbPM+B36Uphv:a69c7hegkWu+u19kgHSzwub6bUIZzv
                        MD5:59250D03AFB07DC06FACDD922D83CEE2
                        SHA1:6D6E60E629B78E4C37409D51052EE05D52C98964
                        SHA-256:3AE5CE9BB28F1E2CA26F7697C91A18B294C78247296910DA1E935B364522DBEF
                        SHA-512:B278234BB218642A63EFB37C94DD37EA215F34DA46C4A11E6E8BF0B553C8C7B1A3117551963D23FFA10E63ECFA8B8A5460E9200505F5920A45A28F7E625378D4
                        Malicious:false
                        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                        Category:dropped
                        Size (bytes):349066
                        Entropy (8bit):7.974867674341838
                        Encrypted:false
                        SSDEEP:6144:363nxPvUMrMkBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOFjNOX1L5:qnx0Mz+Tegs661ybxrr/IxkB1mabFhOD
                        MD5:C9A0D7F389FA4D046AE4EDC33E8781DB
                        SHA1:7F050C2FD8BE4C671160994972D27181B03D048A
                        SHA-256:AD732111E59FD39FC2321F88A43B90D10F6CEED5649FDE877A6B5C01986972C4
                        SHA-512:D036654F71583182CA007396A5F2D9DE43EE237CE4A38D149BBB3276AE77672C2C72D57198386A311DB42D215F8E69D1B7C5814D9C90F8275D1E6E8D1873A664
                        Malicious:false
                        Preview:............r.I..Z..K.w.p..4A..?..Z-..5..mI.Mqi..I.$.&@R.H.........G.........O........{fB.M...........!.............o...y.E4.w#......8..B..x$ND[...W....gW.../...lq ?.O...X..C.I.?9...d....v.O...|.S..%?.W0.+.m.)|6.O..#..0...'....<4W..6b0W./.~.......@..l....$>c...~-......u...l3......q.O$L..l.!.q.G.;..X....0.~.K^..O.X...){..4.J(.....X.7..c...,b.X.O.l9...-......l..j./....|..A..8~.\.Wq|..PR.-G.qo....$<.......){/........-.aU..&a. ....e.1'.-....I..*...I..........w...K..;|.kvC.|......v]...O........#.....}..N..]......8...'.e.`.m..-.z...v.........&...s.X.9....O[..G.;..?...Z7..5..]...u..@.5........m \.~Q..#.#..%..<.J...*8..x..i|xM.6..X~......f'.G......T_..Gl....J).w".y..y;1f..]|.....f.G..V%....'..@.%J..g.......pR.e......x...(]B=.;>...}<........gMa.*.ZsVv i.:.i.>.I .........K.L.iJ.Z..e.&J.W.lw[~.$.5..|....Ot+.y.h../....+E..7...rE......,.`.?!g...a.+`.w>%8..O.....m.f.i.n}s...Z....3..X..R...>G.nI*.9>..`.....|N....#....7...\....l.A.. ..
                        Process:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                        File Type:data
                        Category:dropped
                        Size (bytes):162
                        Entropy (8bit):2.8772852135576357
                        Encrypted:false
                        SSDEEP:3:blRmMhTHE1c/t17Ot2h//lflQ/lWF+kMKll/DxKn:bzmMSc11mg/lu/l9K//cn
                        MD5:F50DC43FCBBEB1B11C18C3177CC34DBD
                        SHA1:1048980719C7683229587263FD38742C203209CB
                        SHA-256:0A60E3D09459D4FD477E7D36F282DE75B0FA825B8BF58B18410F6BDBC0CA4B26
                        SHA-512:5139C43C027BD8F4452B8F9BB2A3C5E364C763B427BA0CB8506FA86F0D264EE5F71C485D4C9AD0FD3D1800BC2A5F3128A55A03FFE93572C9E83F7DBF034DE36C
                        Malicious:false
                        Preview:.user..................................................M.a.o.g.a........v.....9oM6....9oM6........................................`...O97:#..n....`..........6.M2
                        File type:Microsoft Word 2007+
                        Entropy (8bit):7.997560538515653
                        TrID:
                        • Word Microsoft Office Open XML Format document (49504/1) 58.23%
                        • Word Microsoft Office Open XML Format document (27504/1) 32.35%
                        • ZIP compressed archive (8000/1) 9.41%
                        File name:H565rymIuO.doc
                        File size:772'883 bytes
                        MD5:162dd4e4ed6c0ef700b3c95385b5dc0a
                        SHA1:1afc58e221337c3f8b18dc97e3156f8dbcc7d119
                        SHA256:25fe7ce806195948532624d2c2462ec952da03a3312abd79de06aa2423da03f8
                        SHA512:9f0a61a472232c6ed8dfcc4573a52143221862abcd282c82129047621a9fb547ca9a0d3058e2fd61151ec4c7254b0dbf67bb537b40314eec7ec21496292e147e
                        SSDEEP:12288:PgQZ2ZnS2Q57FPCSX3IOwatF3UhqmecJ3baH5d8nncr9/KU4SEkgqCzPrF2:P4ZSLBqK3UeF3UVTJ2wncdJ4SEkgqcJ2
                        TLSH:83F423C60EEF903481B9FFF413414CA3B5B229265B2945433B78D51C6EF84BAC796A78
                        File Content Preview:PK.........a]Ys"P)............[Content_Types].xmlUT..... g.. g.. g.V.N.0.._....E.[...j.....n.......d.....7.B..B....9.1s.vF..k...I{W.a5`.8..v..=Ln.sV$.N....l..]....&... .K5.#...'9.+R..8Zi|...5.x..I.....g\z........;2....^D...t....7.....":V\..,]3...R ../N}.-
                        Icon Hash:35e1cc889a8a8599
                        Document Type:OpenXML
                        Number of OLE Files:2
                        Has Summary Info:
                        Application Name:
                        Encrypted Document:False
                        Contains Word Document Stream:True
                        Contains Workbook/Book Stream:False
                        Contains PowerPoint Document Stream:False
                        Contains Visio Document Stream:False
                        Contains ObjectPool Stream:False
                        Flash Objects Count:0
                        Contains VBA Macros:False
                        Title:
                        Subject:
                        Author:91974
                        Keywords:
                        Template:Normal.dotm
                        Last Saved By:91974
                        Revion Number:4
                        Total Edit Time:0
                        Create Time:2024-10-29T02:17:00Z
                        Last Saved Time:2024-10-29T06:44:00Z
                        Number of Pages:1
                        Number of Words:12
                        Number of Characters:71
                        Creating Application:Microsoft Office Word
                        Security:0
                        Number of Lines:1
                        Number of Paragraphs:1
                        Thumbnail Scaling Desired:false
                        Company:Grizli777
                        Contains Dirty Links:false
                        Shared Document:false
                        Changed Hyperlinks:false
                        Application Version:12.0000
                        General
                        Stream Path:\x1Ole10Native
                        CLSID:
                        File Type:data
                        Stream Size:721346
                        Entropy:7.687301120111189
                        Base64 Encoded:True
                        Data ASCII:. . . . . 2 4 0 9 2 4 ? ? ? ? ? ? ? ? ? ? ? ? ? . p d f . C : \\ U s e r s \\ 9 1 9 7 4 \\ O n e D r i v e \\ D e s k t o p \\ W o r d F i l e \\ N E W F I L E S \\ 2 4 0 9 2 4 ? ? ? ? ? ? ? ? ? ? ? ? ? . p d f . . . . . = . . . C : \\ U s e r s \\ 9 1 9 7 4 \\ A p p D a t a \\ L o c a l \\ T e m p \\ 2 4 0 9 2 4 ? ? ? ? ? ? ? ? ? ? ? ? ? . p d f . . . % P D F - 1 . 7 . % . . . . 1 0 o b j . < < / A c r o F o r m 6 4 0 R / M e t a d a t a 6 3 0 R / P a g e s 3 0 R / T y p
                        Data Raw:be 01 0b 00 02 00 32 34 30 39 32 34 20 3f 3f 3f 3f 3f 20 3f 3f 3f 3f 20 3f 3f 3f 3f 2e 70 64 66 00 43 3a 5c 55 73 65 72 73 5c 39 31 39 37 34 5c 4f 6e 65 44 72 69 76 65 5c 44 65 73 6b 74 6f 70 5c 57 6f 72 64 46 69 6c 65 5c 4e 45 57 46 49 4c 45 53 5c 32 34 30 39 32 34 20 3f 3f 3f 3f 3f 20 3f 3f 3f 3f 20 3f 3f 3f 3f 2e 70 64 66 00 00 00 03 00 3d 00 00 00 43 3a 5c 55 73 65 72 73 5c 39
                        General
                        Stream Path:\x3ObjInfo
                        CLSID:
                        File Type:data
                        Stream Size:6
                        Entropy:1.2516291673878228
                        Base64 Encoded:False
                        Data ASCII:. . . . . .
                        Data Raw:00 00 03 00 01 00
                        Has Summary Info:
                        Application Name:
                        Encrypted Document:False
                        Contains Word Document Stream:True
                        Contains Workbook/Book Stream:False
                        Contains PowerPoint Document Stream:False
                        Contains Visio Document Stream:False
                        Contains ObjectPool Stream:False
                        Flash Objects Count:0
                        Contains VBA Macros:False
                        Title:
                        Subject:
                        Author:91974
                        Keywords:
                        Template:Normal.dotm
                        Last Saved By:91974
                        Revion Number:4
                        Total Edit Time:0
                        Create Time:2024-10-29T02:17:00Z
                        Last Saved Time:2024-10-29T06:44:00Z
                        Number of Pages:1
                        Number of Words:12
                        Number of Characters:71
                        Creating Application:Microsoft Office Word
                        Security:0
                        Number of Lines:1
                        Number of Paragraphs:1
                        Thumbnail Scaling Desired:false
                        Company:Grizli777
                        Contains Dirty Links:false
                        Shared Document:false
                        Changed Hyperlinks:false
                        Application Version:12.0000
                        General
                        Stream Path:\x1CompObj
                        CLSID:
                        File Type:data
                        Stream Size:94
                        Entropy:4.345966460061678
                        Base64 Encoded:False
                        Data ASCII:. . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o E x c h . D o c u m e n t . D C . 9 q . . . . . . . . . . . .
                        Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 15 00 00 00 41 63 72 6f 45 78 63 68 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                        General
                        Stream Path:\x1Ole
                        CLSID:
                        File Type:data
                        Stream Size:20
                        Entropy:0.8475846798245739
                        Base64 Encoded:False
                        Data ASCII:. . . . . . . . . . . . . . . . . . . .
                        Data Raw:01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                        General
                        Stream Path:\x3ObjInfo
                        CLSID:
                        File Type:data
                        Stream Size:6
                        Entropy:1.2516291673878228
                        Base64 Encoded:False
                        Data ASCII:. . . . . .
                        Data Raw:00 00 03 00 0d 00
                        General
                        Stream Path:CONTENTS
                        CLSID:
                        File Type:PDF document, version 1.7, 1 pages
                        Stream Size:56395
                        Entropy:7.879183004467334
                        Base64 Encoded:True
                        Data ASCII:% P D F - 1 . 7 . . 4 0 o b j . ( I d e n t i t y ) . e n d o b j . 5 0 o b j . ( A d o b e ) . e n d o b j . 8 0 o b j . < < . / F i l t e r / F l a t e D e c o d e . / L e n g t h 3 1 7 3 8 . / L e n g t h 1 4 0 2 7 6 0 . / T y p e / S t r e a m . > > . s t r e a m . x } . | \\ U 9 r % . I 2 Y & I I t . i i . $ ) P V v , H A _ ~ . . . / " L d u m = = s = . . A . ! ? * l X _ . . . } . . z . f , ^ > z 6 4 # / . \\ m 3 . . # { . l 8 . 0 } F . E . 6 o } . . ? a ? . k . . " . q . Z . [
                        Data Raw:25 50 44 46 2d 31 2e 37 0a 0a 34 20 30 20 6f 62 6a 0a 28 49 64 65 6e 74 69 74 79 29 0a 65 6e 64 6f 62 6a 0a 35 20 30 20 6f 62 6a 0a 28 41 64 6f 62 65 29 0a 65 6e 64 6f 62 6a 0a 38 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 46 69 6c 74 65 72 20 2f 46 6c 61 74 65 44 65 63 6f 64 65 0a 2f 4c 65 6e 67 74 68 20 33 31 37 33 38 0a 2f 4c 65 6e 67 74 68 31 20 34 30 32 37 36 30 0a 2f 54 79 70 65 20 2f
                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                        2025-01-07T06:06:23.452719+01001810005Joe Security ANOMALY Microsoft Office WebDAV Discovery1192.168.2.2464901172.67.162.95443TCP
                        2025-01-07T06:06:25.868953+01001810004Joe Security ANOMALY Microsoft Office HTTP activity1192.168.2.2464904172.67.162.95443TCP
                        2025-01-07T06:06:26.567370+01001810004Joe Security ANOMALY Microsoft Office HTTP activity1192.168.2.2464907172.67.162.95443TCP
                        TimestampSource PortDest PortSource IPDest IP
                        Jan 7, 2025 06:06:22.147399902 CET64898443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:22.147466898 CET44364898172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:22.147526979 CET64898443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:22.148156881 CET64898443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:22.148179054 CET44364898172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:22.609095097 CET44364898172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:22.609169006 CET64898443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:22.612843990 CET64898443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:22.612860918 CET44364898172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:22.613183022 CET44364898172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:22.620471954 CET64898443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:22.667335987 CET44364898172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:22.764138937 CET44364898172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:22.764236927 CET44364898172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:22.764290094 CET64898443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:22.765984058 CET64898443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:22.766010046 CET44364898172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:22.778096914 CET64901443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:22.778139114 CET44364901172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:22.778378963 CET64901443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:22.779983997 CET64901443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:22.779999018 CET44364901172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:23.264671087 CET44364901172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:23.264875889 CET64901443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:23.266057014 CET64901443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:23.266069889 CET44364901172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:23.266969919 CET44364901172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:23.267045975 CET64901443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:23.268449068 CET64901443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:23.268517971 CET44364901172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:23.268560886 CET64901443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:23.268572092 CET44364901172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:23.272624016 CET64901443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:23.272753000 CET64901443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:23.315325975 CET44364901172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:23.452723980 CET44364901172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:23.452830076 CET44364901172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:23.452924967 CET64901443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:23.455065966 CET64901443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:23.455092907 CET44364901172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:23.465156078 CET64902443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:23.465197086 CET44364902172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:23.468653917 CET64902443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:23.468869925 CET64902443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:23.468882084 CET44364902172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:23.949397087 CET44364902172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:23.950278997 CET64902443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:23.950306892 CET44364902172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:23.950879097 CET64902443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:23.950886011 CET44364902172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:24.168802023 CET44364902172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:24.168872118 CET44364902172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:24.169123888 CET64902443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:24.169123888 CET64902443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:24.169123888 CET64902443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:24.170367002 CET64903443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:24.170428991 CET44364903172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:24.170515060 CET64903443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:24.170737028 CET64903443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:24.170752048 CET44364903172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:24.377564907 CET64902443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:24.377614975 CET44364902172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:24.645814896 CET44364903172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:24.670388937 CET64903443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:24.670419931 CET44364903172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:24.670845985 CET64903443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:24.670851946 CET44364903172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:24.832695007 CET44364903172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:24.832789898 CET44364903172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:24.832871914 CET64903443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:24.832927942 CET64903443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:24.832948923 CET44364903172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:24.832958937 CET64903443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:24.832963943 CET44364903172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:25.180619001 CET64904443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:25.180692911 CET44364904172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:25.180797100 CET64904443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:25.181667089 CET64904443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:25.181698084 CET44364904172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:25.658706903 CET44364904172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:25.658763885 CET64904443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:25.661343098 CET64904443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:25.661354065 CET44364904172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:25.661840916 CET44364904172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:25.661890984 CET64904443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:25.663209915 CET64904443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:25.663309097 CET44364904172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:25.663358927 CET64904443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:25.663675070 CET64904443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:25.711342096 CET44364904172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:25.868977070 CET44364904172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:25.869046926 CET64904443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:25.869081974 CET44364904172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:25.869098902 CET44364904172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:25.869118929 CET64904443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:25.869148016 CET64904443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:25.869179010 CET64904443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:25.869198084 CET44364904172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:25.875263929 CET64907443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:25.875303984 CET44364907172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:25.875390053 CET64907443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:25.876333952 CET64907443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:25.876346111 CET44364907172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:26.161712885 CET5847653192.168.2.241.1.1.1
                        Jan 7, 2025 06:06:26.166548014 CET53584761.1.1.1192.168.2.24
                        Jan 7, 2025 06:06:26.166646004 CET5847653192.168.2.241.1.1.1
                        Jan 7, 2025 06:06:26.166666031 CET5847653192.168.2.241.1.1.1
                        Jan 7, 2025 06:06:26.171534061 CET53584761.1.1.1192.168.2.24
                        Jan 7, 2025 06:06:26.341682911 CET44364907172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:26.341748953 CET64907443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:26.343183041 CET64907443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:26.343194962 CET44364907172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:26.343683958 CET44364907172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:26.343741894 CET64907443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:26.344456911 CET64907443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:26.344538927 CET44364907172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:26.344595909 CET64907443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:26.344681978 CET64907443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:26.387330055 CET44364907172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:26.567378998 CET44364907172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:26.567429066 CET44364907172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:26.567461967 CET44364907172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:26.567490101 CET64907443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:26.567492008 CET44364907172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:26.567512035 CET44364907172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:26.567522049 CET64907443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:26.567555904 CET64907443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:26.567560911 CET44364907172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:26.567598104 CET44364907172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:26.567599058 CET64907443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:26.567636967 CET64907443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:26.568231106 CET64907443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:26.568245888 CET44364907172.67.162.95192.168.2.24
                        Jan 7, 2025 06:06:26.568267107 CET64907443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:26.568293095 CET64907443192.168.2.24172.67.162.95
                        Jan 7, 2025 06:06:26.610049009 CET53584761.1.1.1192.168.2.24
                        Jan 7, 2025 06:06:26.617070913 CET5847653192.168.2.241.1.1.1
                        Jan 7, 2025 06:06:26.622169018 CET53584761.1.1.1192.168.2.24
                        Jan 7, 2025 06:06:26.622351885 CET5847653192.168.2.241.1.1.1
                        Jan 7, 2025 06:06:58.174014091 CET5943353192.168.2.241.1.1.1
                        Jan 7, 2025 06:06:58.179318905 CET53594331.1.1.1192.168.2.24
                        Jan 7, 2025 06:06:58.179393053 CET5943353192.168.2.241.1.1.1
                        Jan 7, 2025 06:06:58.179969072 CET5943353192.168.2.241.1.1.1
                        Jan 7, 2025 06:06:58.184786081 CET53594331.1.1.1192.168.2.24
                        Jan 7, 2025 06:06:58.641611099 CET53594331.1.1.1192.168.2.24
                        Jan 7, 2025 06:06:58.641895056 CET5943353192.168.2.241.1.1.1
                        Jan 7, 2025 06:06:58.646898031 CET53594331.1.1.1192.168.2.24
                        Jan 7, 2025 06:06:58.647490025 CET5943353192.168.2.241.1.1.1
                        TimestampSource PortDest PortSource IPDest IP
                        Jan 7, 2025 06:06:22.132247925 CET6056653192.168.2.241.1.1.1
                        Jan 7, 2025 06:06:22.146101952 CET53605661.1.1.1192.168.2.24
                        Jan 7, 2025 06:06:26.161329985 CET53605661.1.1.1192.168.2.24
                        Jan 7, 2025 06:06:58.170762062 CET53545721.1.1.1192.168.2.24
                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Jan 7, 2025 06:06:22.132247925 CET192.168.2.241.1.1.10x3469Standard query (0)acesso.runA (IP address)IN (0x0001)false
                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Jan 7, 2025 06:06:22.146101952 CET1.1.1.1192.168.2.240x3469No error (0)acesso.run172.67.162.95A (IP address)IN (0x0001)false
                        Jan 7, 2025 06:06:22.146101952 CET1.1.1.1192.168.2.240x3469No error (0)acesso.run104.21.74.191A (IP address)IN (0x0001)false
                        • acesso.run
                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        0192.168.2.2464898172.67.162.954436372C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                        TimestampBytes transferredDirectionData
                        2025-01-07 05:06:22 UTC323OUTOPTIONS / HTTP/1.1
                        Connection: Keep-Alive
                        Authorization: Bearer
                        User-Agent: Microsoft Office Word 2014
                        X-Office-Major-Version: 16
                        X-MS-CookieUri-Requested: t
                        X-FeatureVersion: 1
                        Accept-Auth: badger,Wlid1.1,Bearer,Basic,NTLM,Digest,Kerberos,Negotiate,Nego2
                        X-MSGETWEBURL: t
                        X-IDCRL_ACCEPTED: t
                        Host: acesso.run
                        2025-01-07 05:06:22 UTC1012INHTTP/1.1 200 OK
                        Date: Tue, 07 Jan 2025 05:06:22 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        X-DNS-Prefetch-Control: off
                        X-Frame-Options: SAMEORIGIN
                        Strict-Transport-Security: max-age=15552000; includeSubDomains
                        X-Download-Options: noopen
                        X-Content-Type-Options: nosniff
                        X-XSS-Protection: 1; mode=block
                        Allow: GET,HEAD
                        cf-cache-status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nCnMr7Pd%2Fu%2FIjmRhJQr0Nn03ciWwUKjfrugAL0Gg%2FfdfUGGvWIJdV67opw3ICSqUFu9lOSryQxEJcT3osx6gkgoWOJ9leR5A7v9ryKjMfOQNNlZtT%2FzlA6Mgs9lG"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8fe16b0baa5443ac-EWR
                        alt-svc: h3=":443"; ma=86400
                        server-timing: cfL4;desc="?proto=TCP&rtt=1544&min_rtt=1534&rtt_var=595&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=937&delivery_rate=1806930&cwnd=181&unsent_bytes=0&cid=678e6004c2c2b0ea&ts=167&x=0"
                        2025-01-07 05:06:22 UTC13INData Raw: 38 0d 0a 47 45 54 2c 48 45 41 44 0d 0a
                        Data Ascii: 8GET,HEAD
                        2025-01-07 05:06:22 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        1192.168.2.2464901172.67.162.954436372C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                        TimestampBytes transferredDirectionData
                        2025-01-07 05:06:23 UTC226OUTOPTIONS / HTTP/1.1
                        Authorization: Bearer
                        X-MS-CookieUri-Requested: t
                        X-FeatureVersion: 1
                        X-IDCRL_ACCEPTED: t
                        User-Agent: Microsoft Office Protocol Discovery
                        Host: acesso.run
                        Content-Length: 0
                        Connection: Keep-Alive
                        2025-01-07 05:06:23 UTC1008INHTTP/1.1 200 OK
                        Date: Tue, 07 Jan 2025 05:06:23 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        X-DNS-Prefetch-Control: off
                        X-Frame-Options: SAMEORIGIN
                        Strict-Transport-Security: max-age=15552000; includeSubDomains
                        X-Download-Options: noopen
                        X-Content-Type-Options: nosniff
                        X-XSS-Protection: 1; mode=block
                        Allow: GET,HEAD
                        cf-cache-status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C0haE%2F753Pln3E5ZfGisN5GGlof6EYPi8CL1bU7qdUdDs8Da2S3kUP6JqNGhJi0rOjllj2Zr0LWU50ZAh4BnS45Y8gMcuMq4%2FzTkYfQg9xuukxjs2pVJrLPopkG0"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8fe16b0fdf4b8cb4-EWR
                        alt-svc: h3=":443"; ma=86400
                        server-timing: cfL4;desc="?proto=TCP&rtt=1840&min_rtt=1826&rtt_var=714&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=840&delivery_rate=1502830&cwnd=189&unsent_bytes=0&cid=4243655752927f67&ts=195&x=0"
                        2025-01-07 05:06:23 UTC13INData Raw: 38 0d 0a 47 45 54 2c 48 45 41 44 0d 0a
                        Data Ascii: 8GET,HEAD
                        2025-01-07 05:06:23 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        2192.168.2.2464902172.67.162.954436372C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                        TimestampBytes transferredDirectionData
                        2025-01-07 05:06:23 UTC433OUTHEAD /bkeoxH?&bondsman=troubled&shrimp=harsh&sewer=tense&cold=warlike&briefs=unsuitable&oasis=numberless&cowbell=rough&airport=lowly&dust HTTP/1.1
                        Connection: Keep-Alive
                        Authorization: Bearer
                        User-Agent: Microsoft Office Word 2014
                        X-Office-Major-Version: 16
                        X-MS-CookieUri-Requested: t
                        X-FeatureVersion: 1
                        Accept-Auth: badger,Wlid1.1,Bearer,Basic,NTLM,Digest,Kerberos,Negotiate,Nego2
                        X-IDCRL_ACCEPTED: t
                        Host: acesso.run
                        2025-01-07 05:06:24 UTC1030INHTTP/1.1 301 Moved Permanently
                        Date: Tue, 07 Jan 2025 05:06:24 GMT
                        Content-Type: text/plain; charset=utf-8
                        Content-Length: 38
                        Connection: close
                        X-DNS-Prefetch-Control: off
                        X-Frame-Options: SAMEORIGIN
                        Strict-Transport-Security: max-age=15552000; includeSubDomains
                        X-Download-Options: noopen
                        X-Content-Type-Options: nosniff
                        X-XSS-Protection: 1; mode=block
                        Location: /404
                        Vary: Accept
                        cf-cache-status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8ICcDnrwP1nWdGVaGTSfqr0cSllKUB8LRjtPWpV7sQ3yUDgke6qMxFm0JDE6aOVbbVeLxh69XzLy3s%2Bi78gNZTtrBrmgbW%2BY2z7xxDn93SQjiI9695SjAeaHyq7M"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8fe16b142cdc42ec-EWR
                        alt-svc: h3=":443"; ma=86400
                        server-timing: cfL4;desc="?proto=TCP&rtt=1590&min_rtt=1583&rtt_var=607&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2825&recv_bytes=1047&delivery_rate=1781574&cwnd=183&unsent_bytes=0&cid=26b1d79d1055d0fb&ts=225&x=0"


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        3192.168.2.2464903172.67.162.954436372C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                        TimestampBytes transferredDirectionData
                        2025-01-07 05:06:24 UTC305OUTHEAD /404 HTTP/1.1
                        Connection: Keep-Alive
                        Authorization: Bearer
                        User-Agent: Microsoft Office Word 2014
                        X-Office-Major-Version: 16
                        X-MS-CookieUri-Requested: t
                        X-FeatureVersion: 1
                        Accept-Auth: badger,Wlid1.1,Bearer,Basic,NTLM,Digest,Kerberos,Negotiate,Nego2
                        X-IDCRL_ACCEPTED: t
                        Host: acesso.run
                        2025-01-07 05:06:24 UTC1022INHTTP/1.1 404 Not Found
                        Date: Tue, 07 Jan 2025 05:06:24 GMT
                        Content-Type: text/html; charset=utf-8
                        Connection: close
                        X-DNS-Prefetch-Control: off
                        X-Frame-Options: SAMEORIGIN
                        Strict-Transport-Security: max-age=15552000; includeSubDomains
                        X-Download-Options: noopen
                        X-Content-Type-Options: nosniff
                        X-XSS-Protection: 1; mode=block
                        X-Powered-By: Next.js
                        Vary: Accept-Encoding
                        cf-cache-status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gfkzyqaOm%2BU3ovduLMg1uKWUmz%2FqxML47pAquPB24C8tgROWqnIjFY91qxoT%2BPlkgB42zRsVLFmu12p8XoYMoq5UtptzSspr8Vt%2FlPvZ%2FUHgFrYhqBdhjdZMEDwv"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8fe16b187feb43fe-EWR
                        alt-svc: h3=":443"; ma=86400
                        server-timing: cfL4;desc="?proto=TCP&rtt=1604&min_rtt=1588&rtt_var=628&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2824&recv_bytes=919&delivery_rate=1699650&cwnd=236&unsent_bytes=0&cid=90ce4d5ff39547b7&ts=194&x=0"


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        4192.168.2.2464904172.67.162.954436372C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                        TimestampBytes transferredDirectionData
                        2025-01-07 05:06:25 UTC313OUTGET /bkeoxH?&bondsman=troubled&shrimp=harsh&sewer=tense&cold=warlike&briefs=unsuitable&oasis=numberless&cowbell=rough&airport=lowly&dust HTTP/1.1
                        Accept: */*
                        User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)
                        UA-CPU: AMD64
                        Accept-Encoding: gzip, deflate
                        Host: acesso.run
                        Connection: Keep-Alive
                        2025-01-07 05:06:25 UTC1035INHTTP/1.1 301 Moved Permanently
                        Date: Tue, 07 Jan 2025 05:06:25 GMT
                        Content-Type: text/plain; charset=utf-8
                        Content-Length: 38
                        Connection: close
                        X-DNS-Prefetch-Control: off
                        X-Frame-Options: SAMEORIGIN
                        Strict-Transport-Security: max-age=15552000; includeSubDomains
                        X-Download-Options: noopen
                        X-Content-Type-Options: nosniff
                        X-XSS-Protection: 1; mode=block
                        Location: /404
                        Vary: Accept
                        cf-cache-status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x%2BDCZT%2FxaKDXHPa3WRQo3P7%2Bx9cFYS7hGBYrg%2B4qE20naqG%2FAXH86uUFJn2zFAfiqwUd44I8H57zJvE6chNkhXWiRvmzuGbq8hX0HskDZCjYRMXcRfinrxdFDHeK"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8fe16b1edc897291-EWR
                        alt-svc: h3=":443"; ma=86400
                        server-timing: cfL4;desc="?proto=TCP&rtt=1905&min_rtt=1895&rtt_var=731&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=895&delivery_rate=1476985&cwnd=218&unsent_bytes=0&cid=b2b7baf24fea3d9f&ts=214&x=0"
                        2025-01-07 05:06:25 UTC38INData Raw: 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 2f 34 30 34
                        Data Ascii: Moved Permanently. Redirecting to /404


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        5192.168.2.2464907172.67.162.954436372C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                        TimestampBytes transferredDirectionData
                        2025-01-07 05:06:26 UTC185OUTGET /404 HTTP/1.1
                        Accept: */*
                        User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)
                        UA-CPU: AMD64
                        Accept-Encoding: gzip, deflate
                        Host: acesso.run
                        Connection: Keep-Alive
                        2025-01-07 05:06:26 UTC1046INHTTP/1.1 404 Not Found
                        Date: Tue, 07 Jan 2025 05:06:26 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        X-DNS-Prefetch-Control: off
                        X-Frame-Options: SAMEORIGIN
                        Strict-Transport-Security: max-age=15552000; includeSubDomains
                        X-Download-Options: noopen
                        X-Content-Type-Options: nosniff
                        X-XSS-Protection: 1; mode=block
                        X-Powered-By: Next.js
                        Vary: Accept-Encoding
                        cf-cache-status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LY02GS1SlFUPGOjFjLgs222b7WdnvdmWayHLcC3YgHqQ5Rbu%2FKVE%2B9MQ1HehfLyDROtfOVyHZ3L8RI8YMUvzA45JxymRu41MZxDoJ4v%2FtH3vhYPsjuU5Un8juWF2"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8fe16b232d9ef797-EWR
                        alt-svc: h3=":443"; ma=86400
                        server-timing: cfL4;desc="?proto=TCP&rtt=1671&min_rtt=1665&rtt_var=636&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=767&delivery_rate=1704611&cwnd=162&unsent_bytes=0&cid=bc8a8c6dd464f27a&ts=232&x=0"
                        2025-01-07 05:06:26 UTC323INData Raw: 31 32 32 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 76 69 65 77 70 6f 72 74 2d 66 69 74 3d 63 6f 76 65 72 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 75 6e 64 65 66 69 6e 65 64 20 69 73 20 61 20 66 72 65 65 20 61 6e 64 20 6f 70 65 6e 20 73 6f 75 72 63 65 20 55 52 4c 20 73 68 6f 72 74 65 6e 65 72 20 77 69 74 68 20 63 75 73 74 6f 6d 20 64 6f 6d 61
                        Data Ascii: 1225<!DOCTYPE html><html lang="en"><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover"/><meta name="description" content="undefined is a free and open source URL shortener with custom doma
                        2025-01-07 05:06:26 UTC1369INData Raw: 3d 4e 75 6e 69 74 6f 3a 33 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 39 36 78 31 39 36 22 20 68 72 65 66 3d 22 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 2d 31 39 36 78 31 39 36 2e 70 6e 67 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 20 68 72 65 66 3d 22 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 2d 33 32 78 33 32 2e 70 6e 67 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 36 78 31 36 22 20 68 72 65 66 3d 22 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 2d 31 36 78 31 36 2e 70 6e 67 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d
                        Data Ascii: =Nunito:300,400,700" rel="stylesheet"/><link rel="icon" sizes="196x196" href="/images/favicon-196x196.png"/><link rel="icon" sizes="32x32" href="/images/favicon-32x32.png"/><link rel="icon" sizes="16x16" href="/images/favicon-16x16.png"/><link rel="apple-
                        2025-01-07 05:06:26 UTC1369INData Raw: 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6e 65 78 74 2d 68 65 61 64 2d 63 6f 75 6e 74 22 20 63 6f 6e 74 65 6e 74 3d 22 33 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f 75 6d 32 32 67 32 4c 50 38 4b 6f 30 6a 6b 31 76 48 72 50 43 63 2f 70 61 67 65 73 2f 5f 61 70 70 2e 6a 73 22 20 61 73 3d 22 73 63 72 69 70 74 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f 72 75 6e 74 69 6d 65 2f 77 65 62 70 61 63 6b 2d 31 63 35 31 39 39 66 66 36 36 35 35 30 64 32 36 65 34 39 39 2e 6a 73 22 20 61 73 3d 22 73 63 72 69 70 74 22 2f 3e 3c 6c 69
                        Data Ascii: could not be found</title><meta name="next-head-count" content="3"/><link rel="preload" href="/_next/static/um22g2LP8Ko0jk1vHrPCc/pages/_app.js" as="script"/><link rel="preload" href="/_next/static/runtime/webpack-1c5199ff66550d26e499.js" as="script"/><li
                        2025-01-07 05:06:26 UTC1369INData Raw: 68 31 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 34 39 70 78 3b 68 65 69 67 68 74 3a 34 39 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 22 3e 3c 68 32 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61 6c 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 69 6e 68 65 72 69 74 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 22 3e 54 68 69 73 20 70 61 67 65 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 3c 21 2d 2d 20 2d 2d 3e 2e 3c 2f 68 32 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e
                        Data Ascii: h1><div style="display:inline-block;text-align:left;line-height:49px;height:49px;vertical-align:middle"><h2 style="font-size:14px;font-weight:normal;line-height:inherit;margin:0;padding:0">This page could not be found... -->.</h2></div></div></div></div>
                        2025-01-07 05:06:26 UTC223INData Raw: 61 37 33 30 66 63 34 35 32 39 36 61 32 30 2e 6a 73 22 20 61 73 79 6e 63 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f 75 6d 32 32 67 32 4c 50 38 4b 6f 30 6a 6b 31 76 48 72 50 43 63 2f 5f 62 75 69 6c 64 4d 61 6e 69 66 65 73 74 2e 6a 73 22 20 61 73 79 6e 63 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f 75 6d 32 32 67 32 4c 50 38 4b 6f 30 6a 6b 31 76 48 72 50 43 63 2f 5f 73 73 67 4d 61 6e 69 66 65 73 74 2e 6a 73 22 20 61 73 79 6e 63 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                        Data Ascii: a730fc45296a20.js" async=""></script><script src="/_next/static/um22g2LP8Ko0jk1vHrPCc/_buildManifest.js" async=""></script><script src="/_next/static/um22g2LP8Ko0jk1vHrPCc/_ssgManifest.js" async=""></script></body></html>
                        2025-01-07 05:06:26 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Click to jump to process

                        Click to jump to process

                        Click to dive into process behavior distribution

                        Click to jump to process

                        Target ID:0
                        Start time:00:06:19
                        Start date:07/01/2025
                        Path:C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
                        Imagebase:0x7ff6b7600000
                        File size:1'637'952 bytes
                        MD5 hash:A9F0EC89897AC6C878D217DFB64CA752
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:moderate
                        Has exited:true

                        Target ID:6
                        Start time:00:06:30
                        Start date:07/01/2025
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff6038b0000
                        File size:1'040'384 bytes
                        MD5 hash:9698384842DA735D80D278A427A229AB
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Reputation:moderate
                        Has exited:true

                        Target ID:12
                        Start time:00:06:45
                        Start date:07/01/2025
                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" -Embedding
                        Imagebase:0x7ff72c250000
                        File size:5'887'384 bytes
                        MD5 hash:4354BCD7483AABB81809350484FFD58F
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:moderate
                        Has exited:true

                        Target ID:13
                        Start time:00:06:48
                        Start date:07/01/2025
                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                        Imagebase:0x7ff60c850000
                        File size:3'661'208 bytes
                        MD5 hash:B104218348848F1F113AF11C0982931A
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:moderate
                        Has exited:true

                        Target ID:14
                        Start time:00:06:51
                        Start date:07/01/2025
                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/24.4.20272 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\UserData" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1708,i,12768743643217058386,12655822951649345806,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                        Imagebase:0x7ff60c850000
                        File size:3'661'208 bytes
                        MD5 hash:B104218348848F1F113AF11C0982931A
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:moderate
                        Has exited:true

                        Target ID:16
                        Start time:00:06:55
                        Start date:07/01/2025
                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
                        Imagebase:0x7ff63e420000
                        File size:12'292'504 bytes
                        MD5 hash:1C26C611BFACED153F60CB1653A8745D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:moderate
                        Has exited:false

                        Target ID:17
                        Start time:00:06:56
                        Start date:07/01/2025
                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=8420
                        Imagebase:0x7ff63e420000
                        File size:12'292'504 bytes
                        MD5 hash:1C26C611BFACED153F60CB1653A8745D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:moderate
                        Has exited:false

                        Target ID:18
                        Start time:00:06:57
                        Start date:07/01/2025
                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
                        Imagebase:0x7ff63e420000
                        File size:12'292'504 bytes
                        MD5 hash:1C26C611BFACED153F60CB1653A8745D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:moderate
                        Has exited:true

                        Target ID:20
                        Start time:00:06:57
                        Start date:07/01/2025
                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=8592
                        Imagebase:0x7ff63e420000
                        File size:12'292'504 bytes
                        MD5 hash:1C26C611BFACED153F60CB1653A8745D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:moderate
                        Has exited:true

                        Target ID:21
                        Start time:00:07:02
                        Start date:07/01/2025
                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri
                        Imagebase:0xad0000
                        File size:218'280 bytes
                        MD5 hash:92366A2F482926C3D0DD02D6F952F742
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:moderate
                        Has exited:true

                        No disassembly