Edit tour

Windows Analysis Report
https://download.symartech.sk/19v3_5n9ec_0sedb_5045S9Y3M_7c1o_.pdf

Overview

General Information

Sample URL:	https://download.symartech.sk/19v3_5n9ec_0sedb_5045S9Y3M_7c1o_.pdf
Analysis ID:	1672159
Infos:

Detection

Score:	0
Range:	0 - 100
Confidence:	100%

Signatures

Drops files with a non-matching file extension (content does not match file extension)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4480 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 2752 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2276,i,3354336885574799863,12937995516537574573,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2304 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6800 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://download.symartech.sk/19v3_5n9ec_0sedb_5045S9Y3M_7c1o_.pdf" MD5: E81F54E6C1129887AEA47E7D092680BF)

Acrobat.exe (PID: 2228 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\downloaded.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 4208 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 5000 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2140 --field-trial-handle=1592,i,8577638526050460801,9605109857572831664,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• Phishing
• Compliance
• Networking
• System Summary
• Persistence and Installation Behavior
• Hooking and other Techniques for Hiding and Protection

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://download.symartech.sk/19v3_5n9ec_0sedb_5045S9Y3M_7c1o_.pdf	HTTP Parser: No favicon
Source: file:///C:/Users/user/Downloads/downloaded.pdf	HTTP Parser: No favicon
Source: file:///C:/Users/user/Downloads/downloaded.pdf	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 192.178.49.196:443 -> 192.168.2.4:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 212.57.32.77:443 -> 192.168.2.4:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 212.57.32.77:443 -> 192.168.2.4:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 212.57.32.77:443 -> 192.168.2.4:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 212.57.32.77:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 131.253.33.254:443 -> 192.168.2.4:49737 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /19v3_5n9ec_0sedb_5045S9Y3M_7c1o_.pdf HTTP/1.1Host: download.symartech.skConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: download.symartech.skConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://download.symartech.sk/19v3_5n9ec_0sedb_5045S9Y3M_7c1o_.pdfAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /19v3_5n9ec_0sedb_5045S9Y3M_7c1o_.pdf HTTP/1.1Host: download.symartech.skConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: download.symartech.skConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: download.symartech.sk
Source: global traffic	DNS traffic detected: DNS query: x1.i.lencr.org

Source: 77EC63BDA74BD0D0E0426DC8F80085060.22.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: chromecache_228.2.dr, downloaded.pdf.crdownload.1.dr, 0db888d4-3808-4662-9e22-34f6e003c210.tmp.1.dr, 9daa0ac0-d8ea-4f54-b9e7-2e5cac66b836.tmp.1.dr	String found in binary or memory: http://www.clicktoconvert.com
Source: chromecache_228.2.dr, downloaded.pdf.crdownload.1.dr, 0db888d4-3808-4662-9e22-34f6e003c210.tmp.1.dr	String found in binary or memory: http://www.clicktoconvert.com)
Source: 2D85F72862B55C4EADD9E66E06947F3D0.22.dr	String found in binary or memory: http://x1.i.lencr.org/

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 192.178.49.196:443 -> 192.168.2.4:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 212.57.32.77:443 -> 192.168.2.4:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 212.57.32.77:443 -> 192.168.2.4:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 212.57.32.77:443 -> 192.168.2.4:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 212.57.32.77:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 131.253.33.254:443 -> 192.168.2.4:49737 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@43/53@7/4

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\Downloads\0db888d4-3808-4662-9e22-34f6e003c210.tmp

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-04-23 10-33-01-221.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2276,i,3354336885574799863,12937995516537574573,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2304 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://download.symartech.sk/19v3_5n9ec_0sedb_5045S9Y3M_7c1o_.pdf"
Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\downloaded.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2140 --field-trial-handle=1592,i,8577638526050460801,9605109857572831664,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2276,i,3354336885574799863,12937995516537574573,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2304 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2140 --field-trial-handle=1592,i,8577638526050460801,9605109857572831664,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\crash_reporter.cfg

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 228
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 228			Jump to dropped file

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	11 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://download.symartech.sk/19v3_5n9ec_0sedb_5045S9Y3M_7c1o_.pdf	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://www.clicktoconvert.com	0%	Avira URL Cloud	safe
https://download.symartech.sk/favicon.ico	0%	Avira URL Cloud	safe
http://www.clicktoconvert.com)	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	high
e8652.dscx.akamaiedge.net	23.202.57.36	true	false	high
download.symartech.sk	212.57.32.77	true	false	unknown
www.google.com	192.178.49.196	true	false	high
x1.i.lencr.org	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://x1.i.lencr.org/	false		high
https://download.symartech.sk/favicon.ico	false	Avira URL Cloud: safe	unknown
file:///C:/Users/user/Downloads/downloaded.pdf	false		high
https://download.symartech.sk/19v3_5n9ec_0sedb_5045S9Y3M_7c1o_.pdf	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.clicktoconvert.com	chromecache_228.2.dr, downloaded.pdf.crdownload.1.dr, 0db888d4-3808-4662-9e22-34f6e003c210.tmp.1.dr, 9daa0ac0-d8ea-4f54-b9e7-2e5cac66b836.tmp.1.dr	false	Avira URL Cloud: safe	unknown
http://www.clicktoconvert.com)	chromecache_228.2.dr, downloaded.pdf.crdownload.1.dr, 0db888d4-3808-4662-9e22-34f6e003c210.tmp.1.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
192.178.49.196	www.google.com	United States	15169	GOOGLEUS	false
212.57.32.77	download.symartech.sk	Slovakia (SLOVAK Republic)	48689	WEBGLOBE-SK-ASSK	false
23.202.57.36	e8652.dscx.akamaiedge.net	United States	20940	AKAMAI-ASN1EU	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1672159
Start date and time:	2025-04-23 16:30:37 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 58s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://download.symartech.sk/19v3_5n9ec_0sedb_5045S9Y3M_7c1o_.pdf
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	26
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@43/53@7/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, sppsvc.exe, RuntimeBroker.exe, ShellExperienceHost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.69.3, 192.178.49.174, 142.250.101.84, 142.250.68.238, 142.250.69.14, 23.220.73.19, 192.178.49.195, 23.194.100.185, 23.209.84.55, 23.209.84.11, 23.209.84.12, 23.209.84.77, 23.209.84.76, 23.209.84.46, 23.209.84.42, 23.209.84.58, 23.209.84.40, 18.213.11.84, 54.224.241.105, 34.237.241.83, 50.16.47.176, 172.64.41.3, 162.159.61.3, 23.220.73.6, 184.29.183.29, 20.109.210.53, 23.202.56.131
Excluded domains from analysis (whitelisted): a-ring-fallback.msedge.net, e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, slscr.update.microsoft.com, clientservices.googleapis.com, a767.dspw65.akamai.net, acroipm2.adobe.com, clients2.google.com, redirector.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, wu-b-net.trafficmanager.net, fs.microsoft.com, accounts.google.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, edgedl.me.gvt1.com, armmf.adobe.com, clients.l.google.com, geo2.adobe.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://download.symartech.sk/19v3_5n9ec_0sedb_5045S9Y3M_7c1o_.pdf

Simulations

Behavior and APIs

Time	Type	Description
10:33:10	API Interceptor	2x Sleep call for process: AcroCEF.exe modified

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.2457677830642035
Encrypted:	false
SSDEEP:	6:iORLfK44q2Pwkn2nKuAl9OmbnIFUtDLfK+JZmw9LfK+DkwOwkn2nKuAl9OmbjLJ:7Rl4vYfHAahFUtD1/9n5JfHAaSJ
MD5:	9C554433F0D99178E25239BAE0570BC0
SHA1:	68F410ECD5F276DCC9031AE32CEE5D8E9CDC08BB
SHA-256:	3E4913AF29347D21FAB77684B39AAE04B1A69B662DF1C9CE13F33182017FB30D
SHA-512:	FA06F2E05849138F303B495941C3F7D0FA0F03D8784D791CED8466C0EF73E994057D1CD68ACA59B8705842C9721E59C817BE805FD514B1F89E23A422CAD5C978
Malicious:	false
Reputation:	low
Preview:	2025/04/23-10:32:59.762 6d0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/04/23-10:32:59.764 6d0 Recovering log #3.2025/04/23-10:32:59.764 6d0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.2457677830642035
Encrypted:	false
SSDEEP:	6:iORLfK44q2Pwkn2nKuAl9OmbnIFUtDLfK+JZmw9LfK+DkwOwkn2nKuAl9OmbjLJ:7Rl4vYfHAahFUtD1/9n5JfHAaSJ
MD5:	9C554433F0D99178E25239BAE0570BC0
SHA1:	68F410ECD5F276DCC9031AE32CEE5D8E9CDC08BB
SHA-256:	3E4913AF29347D21FAB77684B39AAE04B1A69B662DF1C9CE13F33182017FB30D
SHA-512:	FA06F2E05849138F303B495941C3F7D0FA0F03D8784D791CED8466C0EF73E994057D1CD68ACA59B8705842C9721E59C817BE805FD514B1F89E23A422CAD5C978
Malicious:	false
Reputation:	low
Preview:	2025/04/23-10:32:59.762 6d0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/04/23-10:32:59.764 6d0 Recovering log #3.2025/04/23-10:32:59.764 6d0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.216453582417513
Encrypted:	false
SSDEEP:	6:iORLfKhun+q2Pwkn2nKuAl9Ombzo2jMGIFUtDLfKDZZmw9LfKDNVkwOwkn2nKuAv:7RAvYfHAa8uFUtDK/925JfHAa8RJ
MD5:	28E36D7666471A4EB655E2ABB08655C2
SHA1:	37AB96CDCC8F626ECA39D93F53B8AF24195E32A4
SHA-256:	1CAD14D376A798AD636B542AEE84036A7DA4E8625953B1C1A2C871B5FEC03496
SHA-512:	640F67FE56AF5365476C5FDFF83B89858DB65088C19D7A53F2673EC0F86009D80D8EC2129CE0635388C666A9F63443DCE3DFCB39301B3901DCC606AA35165951
Malicious:	false
Reputation:	low
Preview:	2025/04/23-10:32:59.248 1378 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/04/23-10:32:59.252 1378 Recovering log #3.2025/04/23-10:32:59.252 1378 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.216453582417513
Encrypted:	false
SSDEEP:	6:iORLfKhun+q2Pwkn2nKuAl9Ombzo2jMGIFUtDLfKDZZmw9LfKDNVkwOwkn2nKuAv:7RAvYfHAa8uFUtDK/925JfHAa8RJ
MD5:	28E36D7666471A4EB655E2ABB08655C2
SHA1:	37AB96CDCC8F626ECA39D93F53B8AF24195E32A4
SHA-256:	1CAD14D376A798AD636B542AEE84036A7DA4E8625953B1C1A2C871B5FEC03496
SHA-512:	640F67FE56AF5365476C5FDFF83B89858DB65088C19D7A53F2673EC0F86009D80D8EC2129CE0635388C666A9F63443DCE3DFCB39301B3901DCC606AA35165951
Malicious:	false
Reputation:	low
Preview:	2025/04/23-10:32:59.248 1378 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/04/23-10:32:59.252 1378 Recovering log #3.2025/04/23-10:32:59.252 1378 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\90ffe435-68e4-4516-b35b-677d850131f8.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	475
Entropy (8bit):	4.96354027269954
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqPHWsBdOg2Hqcaq3QYiubInP7E4T3y:Y2sRdsqdMHF3QYhbG7nby
MD5:	06D882B62AB49C5875CD1BCAC9B6DADD
SHA1:	290F417AA69F31E2EF02A9F9AD762CAF98FF77D7
SHA-256:	DC5FE583ADAF01E6F3CC11BC851EA0D6C68E9415500D4C9C8AAAAB7861C62EF7
SHA-512:	A950A1C10EC0CC34F65AB6DA3FFF6C857E25763A25C6DCB2F2D10795C50F1D77036E4574D887F0E7C08270EB686D694621594A64EEA787C0BC93A7762573596E
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13389978791233331","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":142058},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.96354027269954
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqPHWsBdOg2Hqcaq3QYiubInP7E4T3y:Y2sRdsqdMHF3QYhbG7nby
MD5:	06D882B62AB49C5875CD1BCAC9B6DADD
SHA1:	290F417AA69F31E2EF02A9F9AD762CAF98FF77D7
SHA-256:	DC5FE583ADAF01E6F3CC11BC851EA0D6C68E9415500D4C9C8AAAAB7861C62EF7
SHA-512:	A950A1C10EC0CC34F65AB6DA3FFF6C857E25763A25C6DCB2F2D10795C50F1D77036E4574D887F0E7C08270EB686D694621594A64EEA787C0BC93A7762573596E
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13389978791233331","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":142058},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4730
Entropy (8bit):	5.254995117523074
Encrypted:	false
SSDEEP:	96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7gY+5Z:etJCV4FiN/jTN/2r8Mta02fEhgO73gos
MD5:	58FB2026F8F6AA6F1CF675D7078DCDC9
SHA1:	98A5839640CB886AFA4664283F96AFA277171386
SHA-256:	BF6814979550008DF47DFE4C017F7394138B74F36DA2E92312130A7451D45865
SHA-512:	1A6E0FC98BEF3A6389589C499857FC1F9AE00B4F80EE3F860551D4A2E4D270E3901AF8736B7C483144C9168849B129A6D7DDECD78E43E54A84151A0372157912
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..\|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.236388953109561
Encrypted:	false
SSDEEP:	6:iORLfKyqHN+q2Pwkn2nKuAl9OmbzNMxIFUtDLfKH+Zmw9LfKmCVkwOwkn2nKuAlG:7RNqovYfHAa8jFUtD1/9B65JfHAa84J
MD5:	315542CCF49F525D8434375EBCD076C3
SHA1:	919052EC4DD2B98DF71D220A0C12C349AC9C3832
SHA-256:	45D41553483F602905B8D19CD408E69AC7F288DB68CE6C2EE41E4DCB25BDA61B
SHA-512:	58706325E14C6D3ACE1DC12B5A6BAD13E4F5786274A47590278F7EDAA380188F2EF9EE93B187F92CDD1E12AE1F5C3C497F5244C49F36FCE58B57E736513CE093
Malicious:	false
Reputation:	low
Preview:	2025/04/23-10:32:59.870 1378 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/04/23-10:32:59.873 1378 Recovering log #3.2025/04/23-10:32:59.874 1378 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.236388953109561
Encrypted:	false
SSDEEP:	6:iORLfKyqHN+q2Pwkn2nKuAl9OmbzNMxIFUtDLfKH+Zmw9LfKmCVkwOwkn2nKuAlG:7RNqovYfHAa8jFUtD1/9B65JfHAa84J
MD5:	315542CCF49F525D8434375EBCD076C3
SHA1:	919052EC4DD2B98DF71D220A0C12C349AC9C3832
SHA-256:	45D41553483F602905B8D19CD408E69AC7F288DB68CE6C2EE41E4DCB25BDA61B
SHA-512:	58706325E14C6D3ACE1DC12B5A6BAD13E4F5786274A47590278F7EDAA380188F2EF9EE93B187F92CDD1E12AE1F5C3C497F5244C49F36FCE58B57E736513CE093
Malicious:	false
Reputation:	low
Preview:	2025/04/23-10:32:59.870 1378 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/04/23-10:32:59.873 1378 Recovering log #3.2025/04/23-10:32:59.874 1378 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250423143303Z-194.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
Category:	dropped
Size (bytes):	65110
Entropy (8bit):	2.431631976010944
Encrypted:	false
SSDEEP:	384:axXhvEcXTv25TCaGpppppbxsqJaA6GLRjUut81Xvh:yv25TCaGpppppts/A6qAZ
MD5:	DFDACA1F6D25B5F4C1DE9827A323F91A
SHA1:	05E137C020007174B1F014ECA66F98B130D7E49B
SHA-256:	BCC001CDDA8DC99638CA31A05ECB027B37F73E9AA29C30D8FA9239110C25D6E6
SHA-512:	5E6F0C8404F88BAB930F81E6B5D8E3B2005A8D49B62288BF8D40AAB09BBA0C1A6FB5EE9ABB1F1875EA7BC3834954126CDC1F8E485622EC49CB302644093CA54F
Malicious:	false
Reputation:	low
Preview:	BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.4449376495519966
Encrypted:	false
SSDEEP:	384:yezci5tYiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:r/s3OazzU89UTTgUL
MD5:	5D981EDC95813637BE95F1D71DFD03BC
SHA1:	8D12FF753ADB0513333D9DCAAFD386C03CF5F0A7
SHA-256:	3230630AAFD4056E0F2E78BC14D654A7037003DE2FC045F6C1D283E8287C8937
SHA-512:	D01F0D4BC5B1E12638A49036FDB7BBCD29EA0459727BB841FDDE3AF040508944A8A5B8DC3D57469F3E98759679AC7472DB08C6E8DED7C0EF9CF69587D2412F70
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.7741561784677877
Encrypted:	false
SSDEEP:	48:7MPp/E2ioyVOioy9oWoy1Cwoy1CKOioy1noy1AYoy1Wioy1hioybioyooy1noy1l:7MpjuOFNXKQ59b9IVXEBodRBkv
MD5:	C74D2EF976AC20143CC7C7AC35549E64
SHA1:	EB3574815E60220243D674FA20BFE1214A5928AA
SHA-256:	7FB7E69D3AA0C09303F4188D656CDDD1CFA3F3B808C91C2ECC66DB6FAD44D6B8
SHA-512:	8B765A721F08843F5149E2AD56B01876D35EFE5CC275FF5C362078ED2247692B75B2A328E7C69ED5DBB55238ED2B83591EC0AA90EC8C595B328007EAD4AD5DA3
Malicious:	false
Reputation:	low
Preview:	.... .c......!9................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:	24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Reputation:	low
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 73305 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	73305
Entropy (8bit):	7.996028107841645
Encrypted:	true
SSDEEP:	1536:krha8mqJ7v3CeFMz/akys7nSTK7QMuK+C/Oh5:kAOFq+Mba9Ok7C/O/
MD5:	83142242E97B8953C386F988AA694E4A
SHA1:	833ED12FC15B356136DCDD27C61A50F59C5C7D50
SHA-256:	D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755
SHA-512:	BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10
Malicious:	false
Reputation:	low
Preview:	MSCF....Y.......,...................I.................;Za. .authroot.stl.98.?.6..CK..<Tk......4..c... .Ec...U.d.d.E&I.DH..M.KB."..rK.RQ..}f..f...}..1....9...........$.8q..fa...7.o.1.0...bfsM4.........u..l..0..4.a.t....0.....6#....n. :... ....%.,CQ5uU..(.3.<7#.0..JN.$...=j\|w...#.oU..Eq[..P..^..~.V...;..m...I\|...l..@-W..=.QQ.._./.M.nZ..(.........`.$Z.9wW:W.]..8E.......I.D{..n...K:.m..^.(.S.......c..s.y..<...2.%o.o.....H.B.R.....11.\|!.(...........h.SZ........<...^....Z>.Pp?... .pT@p.#.&..........#VEV=.....p........y..."T=l.n..egf.w..X.Y..-G...........KQ.]...pM..[m..-6.wd:........T...:.P5Zs....c.oT`..F1#......EuD.......7....V ..-....!.N..%S...k...S. ...@.J..../..b!B.(=\../.l......`.\...q9..>4!b..8EH.....zdy.....#...X>%0w...i.,>c.z.g"p.S..2W.+mMs.....5Def.....#._D.4....>}...i...\.&`D.......z;..ZY.3.+t.`....z_.q'w.z.)..j3.+.co.s..:.........qK...{...E....uPO...#vs.XxH.B!..(t. 8k+.....G\..?..GF8....'..w.>.ms..\ve.nFN..W)....xi..u..5.f.l....

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.7895108629891827
Encrypted:	false
SSDEEP:	3:kkFklMzPhfllXlE/HT8khUl7vNNX8RolJuRdxLlGB9lQRYwpDdt:kKVziT8oUhVNMa8RdWBwRd
MD5:	C6606E9C7087423138C50E4C5675529D
SHA1:	2EE1DA30F503D6BD722DAF353CA05AEC254856ED
SHA-256:	F5AFBACEFFC965B2E656E3D7DF41E54737E8D6C7C8FD4C5C58986F4EC379A0C8
SHA-512:	971B555055D007DCA0A4AF5FF2D0E0D671EB4AA6110B8FFD9138A9AFADDBB90DD38C15C6992250A251A86F23A3BBE43BF9A1A8EE7CE6CCE89477756FCCFC2A18
Malicious:	false
Reputation:	low
Preview:	p...... ........?*m.\...(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	330
Entropy (8bit):	3.1836515609579115
Encrypted:	false
SSDEEP:	6:kKRPmcvSN+SkQlPlEGYRMY9z+4KlDA3RUeqpGVuys1:pPmCkPlE99SNxAhUeq8S
MD5:	3C4AAC02F7AD1FDC12D0C967A71BE72D
SHA1:	30F3B1D0919B04FDF13B99C42DEE3120F613FE2F
SHA-256:	5719BBFD66A9E6D8E161668D597353A88C1773F6133C90C59A4F853C431E8BD0
SHA-512:	9046089911B2FB3C510F374CA78488E3F0199986C750B35590C17BC7489A419FA00D199C87FD90100321F861977B9A934EEC75A1175B451F7FEAA486353DB3BD
Malicious:	false
Reputation:	low
Preview:	p...... ........T...\...(....................................................... ..................(...........Y...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.4.2.7.f.6.c.2.b.7.8.7.d.b.1.:.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.3892

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	low
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	low
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	250032
Entropy (8bit):	3.3152670221123004
Encrypted:	false
SSDEEP:	1536:mKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+R/n:TPClJ/3AYvYwghFo+R/n
MD5:	04E2BA381F1654260977DD7CBF8F3FF9
SHA1:	A6922B285C77DC66F3677298FEBE2572122F4657
SHA-256:	518BAF9AAD0FDC5785DD77E56C8A01E402C8FF095A0D27943660EEE500511669
SHA-512:	8FC7F335B47C00EEE1C958FDA9EF5011BF3F828A06F29CAF3790900CBF39805C9EEBE43BE6AAD6681D52112CC7A58535757F9C4798D13412841096FCB05E9E3A
Malicious:	false
Reputation:	low
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.382259161149906
Encrypted:	false
SSDEEP:	6:YEQXJ2HX4GknEkVpD9VoZcg1vRcR0Y78sWxoAvJM3g98kUwPeUkwRe9:YvXKX4GnkZEZc0vps5GMbLUkee9
MD5:	8D5F206B6720856A3812119B039A3675
SHA1:	AA9C615E8D0899DE33F1A327F93D925138561BD1
SHA-256:	575E78604B78C17AF413ED99577CB8142A2D01EC9F7D71372679CAE4D9738869
SHA-512:	45D5822A6438EE6E2904A488E4D41369CE1E863B2C737B9914175C82C86635BE205A5993EE820914FE3FA812BEE6FD8F3A1B64D10584AA470FE81CC63E0B1F20
Malicious:	false
Reputation:	low
Preview:	{"analyticsData":{"responseGUID":"71d37a21-cfcf-4112-af2b-839b7cb8354f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1745593626397,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.3316685068795815
Encrypted:	false
SSDEEP:	6:YEQXJ2HX4GknEkVpD9VoZcg1vRcR0Y78sWxoAvJfBoTfXpnrPeUkwRe9:YvXKX4GnkZEZc0vps5GWTfXcUkee9
MD5:	B620CB5F24122A9606FBC3D8B4B1D639
SHA1:	278E39BFF603C84AE724B6F63B453AA9C8B9FF74
SHA-256:	36E5FB88B0367548DDAACAF3E38E23C1462FA78A1B2CF7F3A23E19767B49FA70
SHA-512:	A5D7F090050C4BDAD287DE504715FABC8A8ED88E04A9A5A9423F337741DCC80A0167348687F801CBA9F8474A75F5E2AF3AAF9DECE6A358B947A8742BDFF52252
Malicious:	false
Reputation:	low
Preview:	{"analyticsData":{"responseGUID":"71d37a21-cfcf-4112-af2b-839b7cb8354f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1745593626397,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.309211705098203
Encrypted:	false
SSDEEP:	6:YEQXJ2HX4GknEkVpD9VoZcg1vRcR0Y78sWxoAvJfBD2G6UpnrPeUkwRe9:YvXKX4GnkZEZc0vps5GR22cUkee9
MD5:	141C9EF6DD1A087C2C9700808527E597
SHA1:	B87C67BEDB2B5303A2921964AC2DAE7D8AF4E98B
SHA-256:	65D5288D0C55454643107D4128E8BA44221E368BEF9F61A36DEC16256D34CA74
SHA-512:	AA78E50D431650C8A543CD1C03F8C3B4B8636D7903D76CF964E41D6669E0556941EE85B5C5162A3A4E002AE585FBD3ADDCDF8D6AF057B30CC92D0FD449F8BD5E
Malicious:	false
Reputation:	low
Preview:	{"analyticsData":{"responseGUID":"71d37a21-cfcf-4112-af2b-839b7cb8354f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1745593626397,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.36993267698832
Encrypted:	false
SSDEEP:	6:YEQXJ2HX4GknEkVpD9VoZcg1vRcR0Y78sWxoAvJfPmwrPeUkwRe9:YvXKX4GnkZEZc0vps5GH56Ukee9
MD5:	7387DBB13CCD1A13D3C3534102B7DA5D
SHA1:	928CA0F075AE09093F52A670FF71E748CA4BDF6E
SHA-256:	A1D9305E8F4A7E574D63582DA637721575AC3FA90606AC52BACA52C1693B4227
SHA-512:	D3D457A3701F284E8EB59763F7744CC06A8E2A084394596B6A3F010A1FD6A5D05D076332A802C3B600B0BEB6E85781886139A0D553D70FCE3808DE3AF91EAEF8
Malicious:	false
Reputation:	low
Preview:	{"analyticsData":{"responseGUID":"71d37a21-cfcf-4112-af2b-839b7cb8354f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1745593626397,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2213
Entropy (8bit):	5.851795205582885
Encrypted:	false
SSDEEP:	24:Yv6XVnmEzvpsepLgEGycjycR84b0nNFmerISIedJGWQxiEDtbpEsrAr3IAHlO25Y:Yv6hCehgly48zFm/TWCt8KOP/nDi/VR
MD5:	54165FE530554C85DBAF6D9D907B225E
SHA1:	08F2AB4BC8F47C7680789931577A37E95E9344D7
SHA-256:	9872C62F617D5B88D902F2A45C9EE9E93BB965CCF0105040470CDFE359DF604A
SHA-512:	4B7217D71809052669824F986ACF2C3329255EE211DDB7E09CDCAA50CCEDC2FE3AF61DD85AFAF1A665A0545E08527DC94272BA3C2199BD022BF2DE94E13C013F
Malicious:	false
Reputation:	low
Preview:	{"analyticsData":{"responseGUID":"71d37a21-cfcf-4112-af2b-839b7cb8354f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1745593626397,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_1","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"5a9d1955-ab74-4b89-837a-074b702313c0","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2NvbnZlcnQiLCJfaWQiOiJlYjYyOWYwOC00YmZiLTRkYmEtYjQzNC01MzUyZTg1MGU4NWYiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRXhwb3J0IFBERnMgdG8gTWljcm9zb2Z0IFdvcmQgYW5kIEV4Y2VsLiIsImN0YUxhYmVsIjpudWxsLCJjdGFCZW

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.3182926735940885
Encrypted:	false
SSDEEP:	6:YEQXJ2HX4GknEkVpD9VoZcg1vRcR0Y78sWxoAvJf8dPeUkwRe9:YvXKX4GnkZEZc0vps5GU8Ukee9
MD5:	BDE539FF615371ABD0C09EAAEC1EDFCA
SHA1:	29B14F0FE474F7E867BA9E253CAFFD1EFD207398
SHA-256:	A267DB48359028196C85E0847E11884AE1DC2397DA4CF2836458DCAA7E5AE764
SHA-512:	3127DB271E22883E5BCA2D80B2021D10FA2EC0F30587430CBBAC3F6308CF80B2D9724C1652FF4F75A590B694F3F4D7AAB68FBAC32D146BAA76DF46411331C463
Malicious:	false
Reputation:	low
Preview:	{"analyticsData":{"responseGUID":"71d37a21-cfcf-4112-af2b-839b7cb8354f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1745593626397,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.3226051675679145
Encrypted:	false
SSDEEP:	6:YEQXJ2HX4GknEkVpD9VoZcg1vRcR0Y78sWxoAvJfQ1rPeUkwRe9:YvXKX4GnkZEZc0vps5GY16Ukee9
MD5:	A91AD2BE8E3C4EDE3C66B5ED8A6C16D8
SHA1:	FBB052CB49241AA68868830E9AFDCD5F6C026B1C
SHA-256:	22CABDF8F56F2ED54D99A92EF67B3EC6F96672FF02D0EDE278A22C902781E141
SHA-512:	3508937E133ABCDFB46C5CE333E8DE1E519F58985965457DC5266E1E97B44149E626371CF618FED81F97B4D0A76B4C249F951C0C2C95FB8F61658B91D5DB3030
Malicious:	false
Reputation:	low
Preview:	{"analyticsData":{"responseGUID":"71d37a21-cfcf-4112-af2b-839b7cb8354f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1745593626397,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2160
Entropy (8bit):	5.83925289617517
Encrypted:	false
SSDEEP:	48:Yv6hCNogbN48uOQ/GiyL4TwKOkQJi+ohJR:G6cOg54nf/IQOkQJiF5
MD5:	B71C9D5999E35620B8B22CD656EEF823
SHA1:	859CC64CFCC41247E43FC8CC55CCEA24F88FFB2D
SHA-256:	A634539859663AA367BD8E8CC65C8B5B79FBB1B39A61D789A1721EC8CEF658D1
SHA-512:	FB064B2458E4ABB1CF08CBA6337256D3AAEBC4F52FFAA680CCD6A6722FFEEA6FEC86AA90F176395DE82CCC65F710B0BCDC43BF33FA39C31B109D26FC8D458A6D
Malicious:	false
Reputation:	low
Preview:	{"analyticsData":{"responseGUID":"71d37a21-cfcf-4112-af2b-839b7cb8354f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1745593626397,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_2","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"164bf29d-ee04-491c-adf2-c0bfeedb2d1b","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2VkaXQiLCJfaWQiOiIzNzkzMGExNC1kOGMwLTRlZDYtYjI0Yi0zZGUzY2FlZjZlNjAiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjpudWxsLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.344478662750834
Encrypted:	false
SSDEEP:	6:YEQXJ2HX4GknEkVpD9VoZcg1vRcR0Y78sWxoAvJfzdPeUkwRe9:YvXKX4GnkZEZc0vps5Gb8Ukee9
MD5:	F3D0EB7736B96B7341C2771F92979441
SHA1:	70BDB679B2E22B9B823B4B9920B44CAF3AAE20BB
SHA-256:	04317FE26452C8D29F2513AAE841D32A208198F21D5AF2A88026B423DAC82CD5
SHA-512:	FF67F4DD76B6D619CFD32E43801C0BF30AA165FE799B8E55F7C74EED3321C42C7AE97717594492A88533F8AB8CF8A775F36E064592E3AAD545D4FB539A365B2E
Malicious:	false
Reputation:	low
Preview:	{"analyticsData":{"responseGUID":"71d37a21-cfcf-4112-af2b-839b7cb8354f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1745593626397,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.325643825078132
Encrypted:	false
SSDEEP:	6:YEQXJ2HX4GknEkVpD9VoZcg1vRcR0Y78sWxoAvJfYdPeUkwRe9:YvXKX4GnkZEZc0vps5Gg8Ukee9
MD5:	17449C16D10F8300529CED67AA5CF269
SHA1:	87527CF58B4AC2DA2D18F24A30F82F3FDEFFC067
SHA-256:	8826874ABAFE3EECD5283ECC3C7D54B44F360275FC920663C1B9466513606117
SHA-512:	489DC55B2C81EDED53D97B4F2932AC03AD410B0315103D1DA964762E16CA957C5C1F9047EFCB5CB4FEB6AC32420362CFF8E5D9BD674E4DC2FEAAA716C40BA805
Malicious:	false
Reputation:	low
Preview:	{"analyticsData":{"responseGUID":"71d37a21-cfcf-4112-af2b-839b7cb8354f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1745593626397,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	284
Entropy (8bit):	5.311827972161595
Encrypted:	false
SSDEEP:	6:YEQXJ2HX4GknEkVpD9VoZcg1vRcR0Y78sWxoAvJf+dPeUkwRe9:YvXKX4GnkZEZc0vps5G28Ukee9
MD5:	BAEC7759C980787587887841BF2D86BB
SHA1:	6A671D68EA1277FC3D4279B4F13A23DFEF4A29B5
SHA-256:	F853C6290D13510CE44A23ADABD56597AB3563369E134607A9134949DF5E6677
SHA-512:	05F808B119E18CAFE54B60ECD90B0F08B0A6B99E7E3A6F2AF6A912EA61F929E7A0BB20DB1C63183591CCFEC46700AD37032C165E4D4CE1D1DE3E2D9AC2C5C390
Malicious:	false
Reputation:	low
Preview:	{"analyticsData":{"responseGUID":"71d37a21-cfcf-4112-af2b-839b7cb8354f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1745593626397,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.309014676531528
Encrypted:	false
SSDEEP:	6:YEQXJ2HX4GknEkVpD9VoZcg1vRcR0Y78sWxoAvJfbPtdPeUkwRe9:YvXKX4GnkZEZc0vps5GDV8Ukee9
MD5:	C4324171DEF77FD3BBFB72E16AB6B98E
SHA1:	ECEEE61B711D46C61654B7AA5F1285CDDC067FCD
SHA-256:	A71A97E096D053FC979B891AFCD94410DF5AF1031517A6C033A5B2CE9976A1A4
SHA-512:	F3D828F666E162F3E6B8CAA5D52E7700A3481419A5077ACDC8943BAB50B0369364CAFA7C1F5EB8988344C6EE0D2C0745FE034B341B82B84C860E0FE3428700ED
Malicious:	false
Reputation:	low
Preview:	{"analyticsData":{"responseGUID":"71d37a21-cfcf-4112-af2b-839b7cb8354f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1745593626397,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.314021078002005
Encrypted:	false
SSDEEP:	6:YEQXJ2HX4GknEkVpD9VoZcg1vRcR0Y78sWxoAvJf21rPeUkwRe9:YvXKX4GnkZEZc0vps5G+16Ukee9
MD5:	032E5982AEB30548B72FA640FBBD3EBD
SHA1:	423F4B1B95C7305E73AD16D21FEAACFA2A9430FA
SHA-256:	3A27B4F70F12E63D3129F1D787340E5298A7C1D6B217919958B6C2EFDEF78CE7
SHA-512:	6DEBCAF2E9BB163EFC7567A31F68D47DDECB058A64ED029708267F25ADC72949FC346F83F6FCE84ACB5758BCD7C62331F86651CA0BA70AF8EA5D6C10450A0057
Malicious:	false
Reputation:	low
Preview:	{"analyticsData":{"responseGUID":"71d37a21-cfcf-4112-af2b-839b7cb8354f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1745593626397,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2112
Entropy (8bit):	5.854995616584351
Encrypted:	false
SSDEEP:	24:Yv6XVnmEzvpsCamXayLgEdycgNaLcR84brvXJkoerISIQ1iyLVFgKy1N8IAHlOBG:Yv6hCcBgBG48kJko/SiyL4T0AFDA/VR
MD5:	8CE16428A24596E2958CB8C2F01A5A01
SHA1:	ECC8874CFD23FD07EC3AD1867443394AE21D198C
SHA-256:	E2F4932965AD5BA00617D2672826F73710333155744A4A89E428BF0EA5058A93
SHA-512:	241B19CECA692E676E566E32F891DD11DE57D24F557D560395D8FA390BEE6323F969BF31399C0EBB77317BF12ECFB28DB863D20C82F9D7816D21F73D5FDCCA53
Malicious:	false
Reputation:	low
Preview:	{"analyticsData":{"responseGUID":"71d37a21-cfcf-4112-af2b-839b7cb8354f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1745593626397,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_0","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"339c0ba6-2e61-4622-82f6-f07787d206b8","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL3NpZ24iLCJfaWQiOiJkMDQzMmY0Yy1hNTM2LTRlMzktOGNkNS1jYThiYjRhZTY2YzIiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRWFzaWx5IGZpbGwgYW5kIHNpZ24gUERGcy4iLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnV

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.290156046095508
Encrypted:	false
SSDEEP:	6:YEQXJ2HX4GknEkVpD9VoZcg1vRcR0Y78sWxoAvJfshHHrPeUkwRe9:YvXKX4GnkZEZc0vps5GUUUkee9
MD5:	59037F8F3D8EAED2445B6B001AD97DA4
SHA1:	219090B1F90B873EF76F186739A0CCCDDC0CCBF2
SHA-256:	9C026941DC1CB12DFEA02ABB0A9F6837D4BAA142D42B9B8AF93ACBF33755483E
SHA-512:	9DF1AA09A54A42A05FC6A83E198B5E267CA21E21E6AFC5AEBC1B6BFA1B01C0F3C3C294970867975035546EDAD1E4A0E8EFEC758ED63FF373E957DFB6CF8EF6AC
Malicious:	false
Reputation:	low
Preview:	{"analyticsData":{"responseGUID":"71d37a21-cfcf-4112-af2b-839b7cb8354f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1745593626397,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	282
Entropy (8bit):	5.300295841168771
Encrypted:	false
SSDEEP:	6:YEQXJ2HX4GknEkVpD9VoZcg1vRcR0Y78sWxoAvJTqgFCrPeUkwRe9:YvXKX4GnkZEZc0vps5GTq16Ukee9
MD5:	C96404789F53DD2B9A075FDAA0CA918B
SHA1:	4705546E7F75BA4856E49E937B98CFEB4A3CD244
SHA-256:	D88BD59261EADA5D32E22894F9A35AD6ADE3D67B45E9CED0EDBDA94900CDD212
SHA-512:	6FB5DA3FBF887C344EA45E6EFF086490DC4755D67369FE4EFEE5252406160A14D842E50D72B4FBBE30B07BD2B70BC181A6EF5F5E06FDE2701008A71C4B0B4C36
Malicious:	false
Reputation:	low
Preview:	{"analyticsData":{"responseGUID":"71d37a21-cfcf-4112-af2b-839b7cb8354f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1745593626397,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Reputation:	low
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2815
Entropy (8bit):	5.133951754701716
Encrypted:	false
SSDEEP:	24:Y0lOwaaZAaylS5DvJWP0fOPr1TePXAUBOVNb9j0xj0SdFhAKA2l4/2LSdfCqOpME:YgZLGWw1KPXAUqfgA3P7IMQshZ/9Ot
MD5:	2AF4655F6276D3C01FA84A0152F8AE42
SHA1:	11642D78DE53BBC5D9D3543CC48AE164EAF6CDAC
SHA-256:	01AADD9C9CA77619319E4D4DC5233F086C2EC8B2478E10A7926AD777E9043401
SHA-512:	83E2652C832C82237349CBF5FB898D790DF7FF1C1F8DE4195C7B0E752E5FED346609B39C57AA30350334FC178860A7C8E8E7101E4CE75AC7C20A5ACA733A7BE2
Malicious:	false
Reputation:	low
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"6d409d96ba1e521ecc004bd9ad296f32","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1745418785000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"2baf05df436b2b70c058a8fe27fa90f3","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":2112,"ts":1745418785000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"02fb8234cb315bf1afd65a20039a25d6","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":2213,"ts":1745418785000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"8beedc3d3eeca22fabdfc372e16dea60","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":2160,"ts":1745418785000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"82c28403c98375c51b69654732632068","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1745418785000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"1e4b6c08bdeadad5e05f3246b9fdb3f1","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file",

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.1869810681221824
Encrypted:	false
SSDEEP:	48:TGufl2GL7msEHUUUUUUUUnsSvR9H9vxFGiDIAEkGVvpTS:lNVmswUUUUUUUUns+FGSItnS
MD5:	3BD57B25CA6DF519E66CD8D3F2CEE99C
SHA1:	77AED98E7E52E6D0A9DED55C19D845E2B475666D
SHA-256:	51B2A13ED777BC26A34B8702673BD4062DD4AADBAE9400E23617F36CAA70843B
SHA-512:	21258D71D19DC84DF5CFBFDE996655760E9FABCB94FF300732BE5CB7D4EF6C301429AF54C36E0C8A20427A54FFC38A568ECF64993FA0E0045B4DBB48B7B8EB13
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.6039107158325974
Encrypted:	false
SSDEEP:	48:7MVKUUUUUUUUUUn+vR9H9vxFGiDIAEkGVv2nqFl2GL7ms1:7DUUUUUUUUUUnCFGSItgnKVms1
MD5:	818CE5791EAC41348E282642B6F0BD0D
SHA1:	60FF8AFB5EE70C2903543DBF074C17CEEA95B2F6
SHA-256:	97E426D9BB929C114468FDB20197206F64E8D6F4BEE8F038EBA697E4A2491709
SHA-512:	4BF120F0EF83A118C989B0CE77867BBED942412BBCE97D2CE716E1CAD27B8A2ED0F2B7611C16F8D8E3906002247359B64436B5F575C2788F5EF42EB333AE6F1C
Malicious:	false
Reputation:	low
Preview:	.... .c......eXv......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSIfaf6c.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5278731006694652
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8rkClEdN1+le:Qw946cPbiOxDlbYnuRKNx
MD5:	8BA04611A2C0ECBD41D1C373E040C9DE
SHA1:	9A6CC1FBFF801CC8E1CF87AA1C93048153750F28
SHA-256:	10B5AB27F55C21CA684EE94E9D68EEBEFABB14EA441205CD78FE096C39FF8AC4
SHA-512:	736528FBACBA1ACF8B0457047CB3A223F488829CF7201804FB0FF2D15C02698A349F4F2AF8D6781DA7A485D3E39B42967EEF8EFC21CF2D38404DF9C04746D9B4
Malicious:	false
Reputation:	low
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.3./.0.4./.2.0.2.5. . .1.0.:.3.3.:.0.6. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-04-23 10-33-01-221.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.345946398610936
Encrypted:	false
SSDEEP:	384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
MD5:	8947C10F5AB6CFFFAE64BCA79B5A0BE3
SHA1:	70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
SHA-256:	4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
SHA-512:	B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
Malicious:	false
Reputation:	low
Preview:	SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	16602
Entropy (8bit):	5.342902598047393
Encrypted:	false
SSDEEP:	384:uOnanDnH3S4o+F90t5k+pfNBfx4oDwQe7ffi15VLn7ybgLQ+7p+ueTe7U7CTpLcI:iufx
MD5:	356A45152959AD734EC51F5C6418494E
SHA1:	B497A5394C9A9024A0C7240E977C3C626637A21E
SHA-256:	8879050ECFE50F632FD0B23E8FEF38F1461BAF19A0CBA3FFB2EE4E50FA4DF2D1
SHA-512:	ED2702BF8F7FA2557AEFE83EC43C6E8D5164328356E1FA9AA851C284953469A6C17B8B389AAEEE6BCF044910FFEA325C1C0A09867DA9AEDFDFCF73AF40545CEC
Malicious:	false
Reputation:	low
Preview:	SessionID=a76cc492-338a-40fe-861d-69e1218528ec.1745418781266 Timestamp=2025-04-23T10:33:01:266-0400 ThreadID=7712 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=a76cc492-338a-40fe-861d-69e1218528ec.1745418781266 Timestamp=2025-04-23T10:33:01:286-0400 ThreadID=7712 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=a76cc492-338a-40fe-861d-69e1218528ec.1745418781266 Timestamp=2025-04-23T10:33:01:286-0400 ThreadID=7712 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=a76cc492-338a-40fe-861d-69e1218528ec.1745418781266 Timestamp=2025-04-23T10:33:01:286-0400 ThreadID=7712 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=a76cc492-338a-40fe-861d-69e1218528ec.1745418781266 Timestamp=2025-04-23T10:33:01:287-0400 ThreadID=7712 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29845
Entropy (8bit):	5.38415758266573
Encrypted:	false
SSDEEP:	768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2r0:Q
MD5:	77EBEEADCDBC734E6B3747A5946A9EC0
SHA1:	2646E52EC8025BFEEF94D6A9478BCBBD6BC2B644
SHA-256:	4AD70F290BA00729E558D0F4B1A05C9EBDBFA927271364FE8B3BE50FEE98F414
SHA-512:	25EC9FBC9E03642AE191094F0B19CF823D3AED51193CF2C5AD36DCCEC25A97E72D23E598A2164C444AA64C2274FF04C3AD11D444EAF4E3B0587A3BD0871BA1D8
Malicious:	false
Reputation:	low
Preview:	03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : *************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***********************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\254edaa5-f0fd-44b6-9735-075ec94791d6.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Reputation:	low
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\2fd061d3-2bf2-4e9b-b842-1cf8732085e3.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Reputation:	low
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\5142b746-eaf0-44a0-aef5-75e4b2972d2e.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
MD5:	A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:	54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:	74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:	false
Reputation:	low
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\dd9eb84b-7bc4-4c56-8758-e5705146e345.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/gWLYZwYIGNPe7oYGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:4WLYZwZGtYGZn3mlind9i4ufFXpAXkru
MD5:	1F3E811175B5D73885F1DD3F2FE1F921
SHA1:	EC3183A73D7D77A44CA4C5C84D8049AB840D3220
SHA-256:	7A48BE8A0B41905F012843995073183E0268612002A31EDA7276923E72E7C3B5
SHA-512:	65FF02B46982E7E15B34BD7F59443B72BB062CC3107A1A4FFC6B66FAB32AE9229D8C48F183E7C4210474698798BD92D7CAB824FA5FDF7C9DC16DFF1182F73186
Malicious:	false
Reputation:	low
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\Downloads\0db888d4-3808-4662-9e22-34f6e003c210.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PDF document, version 1.4
Category:	dropped
Size (bytes):	32492
Entropy (8bit):	7.738392484402309
Encrypted:	false
SSDEEP:	768:MmwhKkXC6586zHrD+YzT89QN4+Lu0rSxVAc3Zp8x3/26vjN:RwhZfy6TryYzwQNpr2VFvwe6rN
MD5:	92F0D6CEF0486BBA7A8F698A11FBA1BD
SHA1:	C8614BFA5804A78CDFDD616EA161140030A3B3C6
SHA-256:	6C10BC56C6D6A1A5C4414AC9473C5BE5030839487F5345359A448D30C513F3D0
SHA-512:	FBA0484AC7D7CB6786E663DCDAEA537A5FFCBFAF2B258DA2CF8E09F00ADD3AD6A763484F0D4882A29227619C7169A8E3EAA902E71BC9ED46E7ECDB5B87775C32
Malicious:	false
Reputation:	low
Preview:	%PDF-1.4..%......%..%wPDF by WPCubed GmbH V3.54[40]..%..%..1 0 obj.<</Type/Metadata/Subtype/XML/Length 1620 >>..stream.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="3.1-701">.<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">.<rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:CreatorTool>Click to Convert - http://www.clicktoconvert.com</xmp:CreatorTool>. <xmp:CreateDate>2011-02-09T15:32:24Z</xmp:CreateDate>. <xmp:ModifyDate>2011-02-09T15:32:24Z</xmp:ModifyDate>. <xmp:MetadataDate>2011-02-09T15:32:24Z</xmp:MetadataDate>.</rdf:Description>.<rdf:Description rdf:about="". xmlns:dc="http://purl.org/dc/elements/1.1/">. <dc:format>application/pdf</dc:format>. <dc:title><rdf:Alt>. <rdf:li xml:lang="x-default"/>.</rdf:Alt></dc:title>. <dc:description>. <rdf:Alt>. <rdf:li xml:lang="x-default">Preliminary Data Sheet: German</rdf:li>. </rdf:Alt></dc:description>. <dc:subject>. <rdf:Bag>. <rdf:li>Prel

C:\Users\user\Downloads\9daa0ac0-d8ea-4f54-b9e7-2e5cac66b836.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PDF document, version 1.4
Category:	dropped
Size (bytes):	1024
Entropy (8bit):	5.434911192721655
Encrypted:	false
SSDEEP:	24:jGcIJxTrSH1ntbUWGVoSDvx05XCdoAkzzsoBcPQ:jGccgVtFGxvCkLkv8Q
MD5:	994331E2C0FF2C5A7B7B3EC77ECF246F
SHA1:	1FA9D0CCD3502BD86E51206397CCD3881E83E08F
SHA-256:	3EA8ED81A44236FFA17C3FC498177FBEE3EF978B73785224129E39B3AA06FE93
SHA-512:	9F3353631F2BE32E40B894B0EADE11B3D66AB8C4F2EC401BEC887C8DC87B16B460A3C19E8C52CD8D0328C612CAD7F1D179637838600D32566B1688444653333E
Malicious:	false
Reputation:	low
Preview:	%PDF-1.4..%......%..%wPDF by WPCubed GmbH V3.54[40]..%..%..1 0 obj.<</Type/Metadata/Subtype/XML/Length 1620 >>..stream.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="3.1-701">.<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">.<rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:CreatorTool>Click to Convert - http://www.clicktoconvert.com</xmp:CreatorTool>. <xmp:CreateDate>2011-02-09T15:32:24Z</xmp:CreateDate>. <xmp:ModifyDate>2011-02-09T15:32:24Z</xmp:ModifyDate>. <xmp:MetadataDate>2011-02-09T15:32:24Z</xmp:MetadataDate>.</rdf:Description>.<rdf:Description rdf:about="". xmlns:dc="http://purl.org/dc/elements/1.1/">. <dc:format>application/pdf</dc:format>. <dc:title><rdf:Alt>. <rdf:li xml:lang="x-default"/>.</rdf:Alt></dc:title>. <dc:description>. <rdf:Alt>. <rdf:li xml:lang="x-default">Preliminary Data Sheet: German</rdf:li>. </rdf:Alt></dc:description>. <dc:subject>. <rdf:Bag>. <rdf:li>Prel

C:\Users\user\Downloads\downloaded.pdf (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PDF document, version 1.4, 2 pages
Category:	dropped
Size (bytes):	299070
Entropy (8bit):	7.95586171096207
Encrypted:	false
SSDEEP:	6144:z6THwl9g0+yLex1aFCWuNFt+FPHFHUvRrhVHYuP4J7I0QbmMk:RlW0a4FRuNFt+TUvVhHP4J7IpqMk
MD5:	5C487599AD96C3EF6BF53CD543CF6D99
SHA1:	6D371CE7D7A7B83F8E9BB7748F4FD6BA6739B861
SHA-256:	5E15D6FBFCE981BA22C7768D2BD5D0B94CBF0235ECA2A15BFF47A9BDCD5B98C0
SHA-512:	AE0DA62ED34F62EFCEA2CF4A44633D343697D9A20C50CA5A8864B8A99EF0EC3C95D20F91207808C04DE3CBDD41106F25535A9FE1B0DC4073E075AB98CABF7BD4
Malicious:	false
Reputation:	low
Preview:	%PDF-1.4..%......%..%wPDF by WPCubed GmbH V3.54[40]..%..%..1 0 obj.<</Type/Metadata/Subtype/XML/Length 1620 >>..stream.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="3.1-701">.<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">.<rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:CreatorTool>Click to Convert - http://www.clicktoconvert.com</xmp:CreatorTool>. <xmp:CreateDate>2011-02-09T15:32:24Z</xmp:CreateDate>. <xmp:ModifyDate>2011-02-09T15:32:24Z</xmp:ModifyDate>. <xmp:MetadataDate>2011-02-09T15:32:24Z</xmp:MetadataDate>.</rdf:Description>.<rdf:Description rdf:about="". xmlns:dc="http://purl.org/dc/elements/1.1/">. <dc:format>application/pdf</dc:format>. <dc:title><rdf:Alt>. <rdf:li xml:lang="x-default"/>.</rdf:Alt></dc:title>. <dc:description>. <rdf:Alt>. <rdf:li xml:lang="x-default">Preliminary Data Sheet: German</rdf:li>. </rdf:Alt></dc:description>. <dc:subject>. <rdf:Bag>. <rdf:li>Prel

C:\Users\user\Downloads\downloaded.pdf.crdownload

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PDF document, version 1.4, 2 pages
Category:	dropped
Size (bytes):	299070
Entropy (8bit):	7.95586171096207
Encrypted:	false
SSDEEP:	6144:z6THwl9g0+yLex1aFCWuNFt+FPHFHUvRrhVHYuP4J7I0QbmMk:RlW0a4FRuNFt+TUvVhHP4J7IpqMk
MD5:	5C487599AD96C3EF6BF53CD543CF6D99
SHA1:	6D371CE7D7A7B83F8E9BB7748F4FD6BA6739B861
SHA-256:	5E15D6FBFCE981BA22C7768D2BD5D0B94CBF0235ECA2A15BFF47A9BDCD5B98C0
SHA-512:	AE0DA62ED34F62EFCEA2CF4A44633D343697D9A20C50CA5A8864B8A99EF0EC3C95D20F91207808C04DE3CBDD41106F25535A9FE1B0DC4073E075AB98CABF7BD4
Malicious:	false
Reputation:	low
Preview:	%PDF-1.4..%......%..%wPDF by WPCubed GmbH V3.54[40]..%..%..1 0 obj.<</Type/Metadata/Subtype/XML/Length 1620 >>..stream.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="3.1-701">.<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">.<rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:CreatorTool>Click to Convert - http://www.clicktoconvert.com</xmp:CreatorTool>. <xmp:CreateDate>2011-02-09T15:32:24Z</xmp:CreateDate>. <xmp:ModifyDate>2011-02-09T15:32:24Z</xmp:ModifyDate>. <xmp:MetadataDate>2011-02-09T15:32:24Z</xmp:MetadataDate>.</rdf:Description>.<rdf:Description rdf:about="". xmlns:dc="http://purl.org/dc/elements/1.1/">. <dc:format>application/pdf</dc:format>. <dc:title><rdf:Alt>. <rdf:li xml:lang="x-default"/>.</rdf:Alt></dc:title>. <dc:description>. <rdf:Alt>. <rdf:li xml:lang="x-default">Preliminary Data Sheet: German</rdf:li>. </rdf:Alt></dc:description>. <dc:subject>. <rdf:Bag>. <rdf:li>Prel

Chrome Cache Entry: 228

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PDF document, version 1.4, 2 pages
Category:	downloaded
Size (bytes):	299070
Entropy (8bit):	7.95586171096207
Encrypted:	false
SSDEEP:	6144:z6THwl9g0+yLex1aFCWuNFt+FPHFHUvRrhVHYuP4J7I0QbmMk:RlW0a4FRuNFt+TUvVhHP4J7IpqMk
MD5:	5C487599AD96C3EF6BF53CD543CF6D99
SHA1:	6D371CE7D7A7B83F8E9BB7748F4FD6BA6739B861
SHA-256:	5E15D6FBFCE981BA22C7768D2BD5D0B94CBF0235ECA2A15BFF47A9BDCD5B98C0
SHA-512:	AE0DA62ED34F62EFCEA2CF4A44633D343697D9A20C50CA5A8864B8A99EF0EC3C95D20F91207808C04DE3CBDD41106F25535A9FE1B0DC4073E075AB98CABF7BD4
Malicious:	false
Reputation:	low
URL:	https://download.symartech.sk/19v3_5n9ec_0sedb_5045S9Y3M_7c1o_.pdf
Preview:	%PDF-1.4..%......%..%wPDF by WPCubed GmbH V3.54[40]..%..%..1 0 obj.<</Type/Metadata/Subtype/XML/Length 1620 >>..stream.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="3.1-701">.<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">.<rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:CreatorTool>Click to Convert - http://www.clicktoconvert.com</xmp:CreatorTool>. <xmp:CreateDate>2011-02-09T15:32:24Z</xmp:CreateDate>. <xmp:ModifyDate>2011-02-09T15:32:24Z</xmp:ModifyDate>. <xmp:MetadataDate>2011-02-09T15:32:24Z</xmp:MetadataDate>.</rdf:Description>.<rdf:Description rdf:about="". xmlns:dc="http://purl.org/dc/elements/1.1/">. <dc:format>application/pdf</dc:format>. <dc:title><rdf:Alt>. <rdf:li xml:lang="x-default"/>.</rdf:Alt></dc:title>. <dc:description>. <rdf:Alt>. <rdf:li xml:lang="x-default">Preliminary Data Sheet: German</rdf:li>. </rdf:Alt></dc:description>. <dc:subject>. <rdf:Bag>. <rdf:li>Prel

Static File Info

⊘No static file info

File Icon


Icon Hash:	b29a8a8e86868381

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 148
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 23, 2025 16:31:32.515171051 CEST	49681	80	192.168.2.4	2.17.190.73
Apr 23, 2025 16:31:39.658716917 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 23, 2025 16:31:40.065409899 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 23, 2025 16:31:40.672532082 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 23, 2025 16:31:41.873876095 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 23, 2025 16:31:42.123856068 CEST	49681	80	192.168.2.4	2.17.190.73
Apr 23, 2025 16:31:44.223157883 CEST	49725	443	192.168.2.4	192.178.49.196
Apr 23, 2025 16:31:44.223206997 CEST	443	49725	192.178.49.196	192.168.2.4
Apr 23, 2025 16:31:44.223273993 CEST	49725	443	192.168.2.4	192.178.49.196
Apr 23, 2025 16:31:44.223460913 CEST	49725	443	192.168.2.4	192.178.49.196
Apr 23, 2025 16:31:44.223476887 CEST	443	49725	192.178.49.196	192.168.2.4
Apr 23, 2025 16:31:44.281688929 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 23, 2025 16:31:44.541196108 CEST	443	49725	192.178.49.196	192.168.2.4
Apr 23, 2025 16:31:44.541265965 CEST	49725	443	192.168.2.4	192.178.49.196
Apr 23, 2025 16:31:44.542556047 CEST	49725	443	192.168.2.4	192.178.49.196
Apr 23, 2025 16:31:44.542565107 CEST	443	49725	192.178.49.196	192.168.2.4
Apr 23, 2025 16:31:44.542795897 CEST	443	49725	192.178.49.196	192.168.2.4
Apr 23, 2025 16:31:44.594132900 CEST	49725	443	192.168.2.4	192.178.49.196
Apr 23, 2025 16:31:46.060785055 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:46.060831070 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:46.060888052 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:46.082427025 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:46.082458019 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:46.082525969 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:46.085555077 CEST	49729	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:46.085592031 CEST	443	49729	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:46.085653067 CEST	49729	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:46.085819006 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:46.085839033 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:46.085939884 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:46.085964918 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:46.086008072 CEST	49729	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:46.086023092 CEST	443	49729	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:46.668592930 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:46.668828011 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:46.668926001 CEST	443	49729	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:46.668977976 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:46.668999910 CEST	49729	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:46.669032097 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:46.669964075 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:46.669970989 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:46.670193911 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:46.671698093 CEST	49729	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:46.671713114 CEST	443	49729	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:46.671960115 CEST	443	49729	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:46.672076941 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:46.672087908 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:46.672230959 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:46.672329903 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:46.712270975 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:46.716909885 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:46.716912031 CEST	49729	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:47.525032043 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:47.525055885 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:47.525072098 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:47.525127888 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:47.525142908 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:47.525212049 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:47.525265932 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:47.525281906 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:47.525331020 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:47.525336981 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:47.573728085 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:47.810718060 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:47.810745955 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:47.810797930 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:47.810812950 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:47.810864925 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:47.810883045 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:47.811098099 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:47.811106920 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:47.811106920 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:47.811115026 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:47.811127901 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:47.811163902 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:47.811171055 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:47.811211109 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:47.811384916 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:47.811403036 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:47.811450958 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:47.811455965 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:47.811491966 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:47.814068079 CEST	49729	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:47.860272884 CEST	443	49729	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:47.861682892 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:48.096460104 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.096487999 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.096550941 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:48.096575022 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.096656084 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:48.096673012 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.096689939 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.096728086 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:48.096733093 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.096827030 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.096848965 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.096878052 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:48.096884012 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.096905947 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:48.096937895 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:48.097173929 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.097188950 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.097238064 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:48.097244024 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.097296953 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:48.097398996 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.097414017 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.097457886 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:48.097464085 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.097510099 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:48.097594976 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.097609997 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.097651005 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:48.097656012 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.097681046 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:48.097696066 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:48.102077007 CEST	443	49729	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.102159023 CEST	443	49729	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.102227926 CEST	49729	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:48.102905989 CEST	49729	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:48.102916002 CEST	443	49729	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.136841059 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.136862993 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.136905909 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:48.136919022 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.136950970 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:48.136985064 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:48.238514900 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 23, 2025 16:31:48.369687080 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:48.383033037 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.383060932 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.383224010 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.383382082 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:48.383400917 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.383420944 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.383480072 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:48.383487940 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.383691072 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.383708000 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.383747101 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:48.383752108 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.383785009 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:48.384068012 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.384080887 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.384128094 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.384207010 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.384274960 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:48.416271925 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.436220884 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:48.448631048 CEST	49732	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:48.448669910 CEST	443	49732	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.448766947 CEST	49732	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:48.449074030 CEST	49732	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:48.449090958 CEST	443	49732	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.549666882 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 23, 2025 16:31:48.676048994 CEST	49727	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:48.676084042 CEST	443	49727	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.946098089 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.946122885 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.946130037 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.946137905 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.946171999 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.946193933 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:48.946214914 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.946227074 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:48.946238041 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:48.946274996 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.028704882 CEST	443	49732	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.028772116 CEST	49732	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.033729076 CEST	49732	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.033746958 CEST	443	49732	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.033973932 CEST	443	49732	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.034614086 CEST	49732	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.080272913 CEST	443	49732	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.092658997 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 23, 2025 16:31:49.156196117 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 23, 2025 16:31:49.231708050 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.231730938 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.231775045 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.231791019 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.231802940 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.231805086 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.231821060 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.231828928 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.231838942 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.231857061 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.231892109 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.232022047 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.232038021 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.232085943 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.232093096 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.232124090 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.232327938 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.232343912 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.232372999 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.232378960 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.232389927 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.232414007 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.517400026 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.517426014 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.517471075 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.517483950 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.517503977 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.517529964 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.517544031 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.517559052 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.517591953 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.517599106 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.517622948 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.517637968 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.518223047 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.518238068 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.518291950 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.518300056 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.518351078 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.518515110 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.518534899 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.518568993 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.518579006 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.518591881 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.518626928 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.518824100 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.518838882 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.518879890 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.518887997 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.518923044 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.519103050 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.519117117 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.519154072 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.519160986 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.519208908 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.519458055 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.519473076 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.519504070 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.519510984 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.519531965 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.519561052 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.520278931 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.605253935 CEST	443	49732	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.605454922 CEST	443	49732	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.605515957 CEST	49732	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.606262922 CEST	49732	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.606286049 CEST	443	49732	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.803210020 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.803221941 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.803268909 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.803287983 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.803303957 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.803335905 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.803369999 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.803431034 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.803451061 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.803522110 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.803522110 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.803529978 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.803587914 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.803824902 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.803842068 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.803884983 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.803891897 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.803900957 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.803946972 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.804244995 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.804265976 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.804307938 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.804313898 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.804347992 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.804347992 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.804373026 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.804389954 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.804446936 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.804450035 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.804460049 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.804517031 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.804523945 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.804533958 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.804586887 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.804644108 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.804663897 CEST	443	49728	212.57.32.77	192.168.2.4
Apr 23, 2025 16:31:49.804670095 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:49.804718971 CEST	49728	443	192.168.2.4	212.57.32.77
Apr 23, 2025 16:31:50.359190941 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 23, 2025 16:31:52.292445898 CEST	49708	443	192.168.2.4	52.113.196.254
Apr 23, 2025 16:31:52.432365894 CEST	443	49708	52.113.196.254	192.168.2.4
Apr 23, 2025 16:31:52.489178896 CEST	49737	443	192.168.2.4	131.253.33.254
Apr 23, 2025 16:31:52.489217997 CEST	443	49737	131.253.33.254	192.168.2.4
Apr 23, 2025 16:31:52.489362955 CEST	49737	443	192.168.2.4	131.253.33.254
Apr 23, 2025 16:31:52.491791010 CEST	49737	443	192.168.2.4	131.253.33.254
Apr 23, 2025 16:31:52.491803885 CEST	443	49737	131.253.33.254	192.168.2.4
Apr 23, 2025 16:31:52.782093048 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 23, 2025 16:31:52.979378939 CEST	443	49737	131.253.33.254	192.168.2.4
Apr 23, 2025 16:31:52.979449987 CEST	49737	443	192.168.2.4	131.253.33.254
Apr 23, 2025 16:31:54.519258022 CEST	443	49725	192.178.49.196	192.168.2.4
Apr 23, 2025 16:31:54.519304037 CEST	443	49725	192.178.49.196	192.168.2.4
Apr 23, 2025 16:31:54.519510031 CEST	49725	443	192.168.2.4	192.178.49.196
Apr 23, 2025 16:31:55.054194927 CEST	49725	443	192.168.2.4	192.178.49.196
Apr 23, 2025 16:31:55.054214954 CEST	443	49725	192.178.49.196	192.168.2.4
Apr 23, 2025 16:31:57.592798948 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 23, 2025 16:31:58.702220917 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 23, 2025 16:32:07.199215889 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 23, 2025 16:32:44.140737057 CEST	49743	443	192.168.2.4	192.178.49.196
Apr 23, 2025 16:32:44.140779972 CEST	443	49743	192.178.49.196	192.168.2.4
Apr 23, 2025 16:32:44.140877008 CEST	49743	443	192.168.2.4	192.178.49.196
Apr 23, 2025 16:32:44.141030073 CEST	49743	443	192.168.2.4	192.178.49.196
Apr 23, 2025 16:32:44.141051054 CEST	443	49743	192.178.49.196	192.168.2.4
Apr 23, 2025 16:32:44.456017017 CEST	443	49743	192.178.49.196	192.168.2.4
Apr 23, 2025 16:32:44.456337929 CEST	49743	443	192.168.2.4	192.178.49.196
Apr 23, 2025 16:32:44.456367970 CEST	443	49743	192.178.49.196	192.168.2.4
Apr 23, 2025 16:32:54.452292919 CEST	443	49743	192.178.49.196	192.168.2.4
Apr 23, 2025 16:32:54.452349901 CEST	443	49743	192.178.49.196	192.168.2.4
Apr 23, 2025 16:32:54.452418089 CEST	49743	443	192.168.2.4	192.178.49.196
Apr 23, 2025 16:32:55.048058033 CEST	49743	443	192.168.2.4	192.178.49.196
Apr 23, 2025 16:32:55.048098087 CEST	443	49743	192.178.49.196	192.168.2.4
Apr 23, 2025 16:33:11.929464102 CEST	49755	80	192.168.2.4	23.202.57.36
Apr 23, 2025 16:33:12.069271088 CEST	80	49755	23.202.57.36	192.168.2.4
Apr 23, 2025 16:33:12.070460081 CEST	49755	80	192.168.2.4	23.202.57.36
Apr 23, 2025 16:33:12.089247942 CEST	49755	80	192.168.2.4	23.202.57.36
Apr 23, 2025 16:33:12.229233980 CEST	80	49755	23.202.57.36	192.168.2.4
Apr 23, 2025 16:33:12.230087042 CEST	80	49755	23.202.57.36	192.168.2.4
Apr 23, 2025 16:33:12.230106115 CEST	80	49755	23.202.57.36	192.168.2.4
Apr 23, 2025 16:33:12.230185032 CEST	49755	80	192.168.2.4	23.202.57.36
Apr 23, 2025 16:33:25.250312090 CEST	49755	80	192.168.2.4	23.202.57.36

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 23, 2025 16:31:40.151643991 CEST	53	56985	1.1.1.1	192.168.2.4
Apr 23, 2025 16:31:40.156940937 CEST	53	55040	1.1.1.1	192.168.2.4
Apr 23, 2025 16:31:41.045962095 CEST	53	50097	1.1.1.1	192.168.2.4
Apr 23, 2025 16:31:41.355439901 CEST	53	49229	1.1.1.1	192.168.2.4
Apr 23, 2025 16:31:44.079591036 CEST	65243	53	192.168.2.4	1.1.1.1
Apr 23, 2025 16:31:44.079751968 CEST	60742	53	192.168.2.4	1.1.1.1
Apr 23, 2025 16:31:44.221940041 CEST	53	60742	1.1.1.1	192.168.2.4
Apr 23, 2025 16:31:44.222246885 CEST	53	65243	1.1.1.1	192.168.2.4
Apr 23, 2025 16:31:45.529158115 CEST	63685	53	192.168.2.4	1.1.1.1
Apr 23, 2025 16:31:45.529330969 CEST	51618	53	192.168.2.4	1.1.1.1
Apr 23, 2025 16:31:45.996278048 CEST	53	51618	1.1.1.1	192.168.2.4
Apr 23, 2025 16:31:45.997994900 CEST	53	63685	1.1.1.1	192.168.2.4
Apr 23, 2025 16:31:48.106116056 CEST	56171	53	192.168.2.4	1.1.1.1
Apr 23, 2025 16:31:48.106298923 CEST	63397	53	192.168.2.4	1.1.1.1
Apr 23, 2025 16:31:48.396593094 CEST	53	63397	1.1.1.1	192.168.2.4
Apr 23, 2025 16:31:48.403666019 CEST	53	56171	1.1.1.1	192.168.2.4
Apr 23, 2025 16:31:58.343921900 CEST	53	49298	1.1.1.1	192.168.2.4
Apr 23, 2025 16:32:17.272866964 CEST	53	62716	1.1.1.1	192.168.2.4
Apr 23, 2025 16:32:39.495064020 CEST	53	52706	1.1.1.1	192.168.2.4
Apr 23, 2025 16:32:39.813884974 CEST	53	52647	1.1.1.1	192.168.2.4
Apr 23, 2025 16:32:42.843767881 CEST	53	49562	1.1.1.1	192.168.2.4
Apr 23, 2025 16:32:47.833997965 CEST	138	138	192.168.2.4	192.168.2.255
Apr 23, 2025 16:33:11.765811920 CEST	50999	53	192.168.2.4	1.1.1.1
Apr 23, 2025 16:33:11.925451040 CEST	53	50999	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 23, 2025 16:31:44.079591036 CEST	192.168.2.4	1.1.1.1	0xad18	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 23, 2025 16:31:44.079751968 CEST	192.168.2.4	1.1.1.1	0x78c6	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 23, 2025 16:31:45.529158115 CEST	192.168.2.4	1.1.1.1	0xa729	Standard query (0)	download.symartech.sk	A (IP address)	IN (0x0001)	false
Apr 23, 2025 16:31:45.529330969 CEST	192.168.2.4	1.1.1.1	0xd180	Standard query (0)	download.symartech.sk	65	IN (0x0001)	false
Apr 23, 2025 16:31:48.106116056 CEST	192.168.2.4	1.1.1.1	0xe413	Standard query (0)	download.symartech.sk	A (IP address)	IN (0x0001)	false
Apr 23, 2025 16:31:48.106298923 CEST	192.168.2.4	1.1.1.1	0x8369	Standard query (0)	download.symartech.sk	65	IN (0x0001)	false
Apr 23, 2025 16:33:11.765811920 CEST	192.168.2.4	1.1.1.1	0x4e72	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 23, 2025 16:31:44.221940041 CEST	1.1.1.1	192.168.2.4	0x78c6	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 23, 2025 16:31:44.222246885 CEST	1.1.1.1	192.168.2.4	0xad18	No error (0)	www.google.com		192.178.49.196	A (IP address)	IN (0x0001)	false
Apr 23, 2025 16:31:45.997994900 CEST	1.1.1.1	192.168.2.4	0xa729	No error (0)	download.symartech.sk		212.57.32.77	A (IP address)	IN (0x0001)	false
Apr 23, 2025 16:31:48.403666019 CEST	1.1.1.1	192.168.2.4	0xe413	No error (0)	download.symartech.sk		212.57.32.77	A (IP address)	IN (0x0001)	false
Apr 23, 2025 16:33:11.925451040 CEST	1.1.1.1	192.168.2.4	0x4e72	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 23, 2025 16:33:11.925451040 CEST	1.1.1.1	192.168.2.4	0x4e72	No error (0)	crl.root-x1.letsencrypt.org.edgekey.net	e8652.dscx.akamaiedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 23, 2025 16:33:11.925451040 CEST	1.1.1.1	192.168.2.4	0x4e72	No error (0)	e8652.dscx.akamaiedge.net		23.202.57.36	A (IP address)	IN (0x0001)	false
Apr 23, 2025 16:33:28.614617109 CEST	1.1.1.1	192.168.2.4	0x5b36	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Apr 23, 2025 16:33:28.614617109 CEST	1.1.1.1	192.168.2.4	0x5b36	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

download.symartech.sk

x1.i.lencr.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49755	23.202.57.36	80	4208	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Timestamp	Bytes transferred	Direction	Data
Apr 23, 2025 16:33:12.089247942 CEST	115	OUT	GET / HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/10.0 Host: x1.i.lencr.org
Apr 23, 2025 16:33:12.230087042 CEST	1358	IN	HTTP/1.1 200 OK Server: nginx Content-Type: application/pkix-cert Last-Modified: Fri, 04 Aug 2023 20:57:56 GMT ETag: "64cd6654-56f" Content-Disposition: attachment; filename="ISRG Root X1.der" Cache-Control: max-age=70148 Expires: Thu, 24 Apr 2025 10:02:20 GMT Date: Wed, 23 Apr 2025 14:33:12 GMT Content-Length: 1391 Connection: keep-alive Data Raw: 30 82 05 6b 30 82 03 53 a0 03 02 01 02 02 11 00 82 10 cf b0 d2 40 e3 59 44 63 e0 bb 63 82 8b 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 1e 17 0d 31 35 30 36 30 34 31 31 30 34 33 38 5a 17 0d 33 35 30 36 30 34 31 31 30 34 33 38 5a 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 ad e8 24 73 f4 14 37 f3 9b 9e 2b 57 28 1c 87 be dc b7 df 38 90 8c 6e 3c e6 57 a0 78 f7 75 c2 a2 fe f5 6a 6e f6 00 4f 28 db de 68 86 6c 44 93 b6 b1 63 fd 14 12 6b bf 1f d2 ea 31 9b 21 7e d1 33 [TRUNCATED] Data Ascii: 0k0S@YDcc0H0O10UUS1)0'U Internet Security Research Group10UISRG Root X10150604110438Z350604110438Z0O10UUS1)0'U Internet Security Research Group10UISRG Root X10"0H0$s7+W(8n<WxujnO(hlDck1!~3<Hy!KqiJffl~<p)"K~G\|H#S8Oo.IWt/8{p!u0<cOK~w.{JL%p)S$J?aQcq.o[\4ylv;by/&676urIAv5/(ldwnG7Y^hrA)>Y>&$ZL@F:Qn;}rxY>Qx/>{JKsP\|Ctt0[q600\H;}`)A\|;FHvvj=8d+(B"']ypN:'Qnd3COB0@0U0U00UyY{sXn0*HUXPi ')au\ni/VKsY!~Lq`9!VPYYbEf\|o;'}~"+"
Apr 23, 2025 16:33:12.230106115 CEST	387	IN	Data Raw: 0e 8f f2 8a 34 5b 58 d8 fc 01 c9 54 b9 b8 26 cc 8a 88 33 89 4c 2d 84 3c 82 df ee 96 57 05 ba 2c bb f7 c4 b7 c7 4e 3b 82 be 31 c8 22 73 73 92 d1 c2 80 a4 39 39 10 33 23 82 4c 3c 9f 86 b2 55 98 1d be 29 86 8c 22 9b 9e e2 6b 3b 57 3a 82 70 4d dc 09 Data Ascii: 4[XT&3L-<W,N;1"ss993#L<U)"k;W:pMMl]+NEJ&rj,_(.{q{^FS\|7B*HL9GR+3S}MmBo@'5\(3#PylFn~:R-?[$

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49727	212.57.32.77	443	2752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-23 14:31:46 UTC	707	OUT	GET /19v3_5n9ec_0sedb_5045S9Y3M_7c1o_.pdf HTTP/1.1 Host: download.symartech.sk Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-23 14:31:47 UTC	276	IN	HTTP/1.1 200 OK Content-Type: application/pdf Last-Modified: Thu, 16 Aug 2018 04:04:09 GMT Accept-Ranges: bytes ETag: "80c2b82e1635d41:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET Date: Wed, 23 Apr 2025 14:31:04 GMT Connection: close Content-Length: 299070
2025-04-23 14:31:47 UTC	16108	IN	Data Raw: 25 50 44 46 2d 31 2e 34 0d 0a 25 e2 e3 cf d3 0d 0a 25 0d 0a 25 77 50 44 46 20 62 79 20 57 50 43 75 62 65 64 20 47 6d 62 48 20 56 33 2e 35 34 5b 34 30 5d 0d 0a 25 0d 0a 25 0d 0a 31 20 30 20 6f 62 6a 0d 3c 3c 2f 54 79 70 65 2f 4d 65 74 61 64 61 74 61 2f 53 75 62 74 79 70 65 2f 58 4d 4c 2f 4c 65 6e 67 74 68 20 31 36 32 30 20 3e 3e 0d 0a 73 74 72 65 61 6d 0a 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 0a 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 33 2e 31 2d 37 30 31 22 3e 0a 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f Data Ascii: %PDF-1.4%%%wPDF by WPCubed GmbH V3.54[40]%%1 0 obj<</Type/Metadata/Subtype/XML/Length 1620 >>stream<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?><x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="3.1-701"><rdf:RDF xmlns:rdf="http://
2025-04-23 14:31:47 UTC	16384	IN	Data Raw: b2 17 d9 82 41 39 ce 0f a5 6f 57 9b 6b 8d b7 46 bf e3 ef 6a d1 8f fc 86 d4 d6 e2 96 88 ea 6d bc 48 f3 f8 56 e3 5a 36 8a ad 0b 32 f9 3e 6e 41 c3 01 f7 b1 ef e9 4d d1 bc 4e fa ad 86 a3 72 d6 42 13 66 9b b6 99 77 6f f9 4b 75 c7 1d 3f 5a c2 d3 d8 7f c2 ac d4 fa e0 4a e3 d3 f8 d6 a0 f0 9b 67 43 f1 38 51 80 20 e3 bf fc b2 6a ab 22 2e f4 3a 1f 0d 78 ad bc 43 7b 3d b9 b1 fb 38 8a 2f 33 7f 9b bb 77 20 63 a0 f5 ad db db d8 6c 2d cc f3 b6 d4 1c 57 9d 7c 32 91 9b 5b be 52 38 36 80 e7 1f ed 0a eb 7c 61 ff 00 20 43 fe f8 fe 75 2f 72 a3 b6 a6 e2 48 64 ce 00 00 52 ef c4 81 0f 7a a7 6f 2f ca fc f7 a7 89 37 5d a0 cd 55 84 99 66 59 16 18 9a 47 38 55 19 26 b2 1f c4 b6 91 ca 51 a3 94 8c 06 04 01 c8 23 20 f5 a7 78 9e 46 8f c3 d7 65 4e 0e dc 57 03 67 7f 7b aa f8 ce 6d 10 59 a4 Data Ascii: A9oWkFjmHVZ62>nAMNrBfwoKu?ZJgC8Q j".:xC{=8/3w cl-W\|2[R86\|a Cu/rHdRzo/7]UfYG8U&Q# xFeNWg{mY
2025-04-23 14:31:47 UTC	16384	IN	Data Raw: a5 49 0e 9b 79 72 09 08 40 1d 49 ae 89 21 b0 b2 56 dc 57 77 6c 54 6d ad c5 6d 1b 24 2a 06 7a d1 61 68 8a 90 78 69 cc 4b 2c a7 20 f5 1d 2b 6e d2 cf 4b d3 e1 dd 26 d3 27 a1 ed 5c f4 ba d4 f2 2e d5 66 c7 60 2a 38 ed f5 0b d3 f2 c6 e4 1e f4 58 7c c7 4f 37 88 ad ad d7 6c 11 0e 3b d6 35 d7 88 e5 98 92 bc 1e 80 0a 9a d3 c1 f7 b7 00 34 ad b4 7a 56 dd b7 84 ec 6d 46 e9 dd 4e 3d 68 1f bc ce 34 dc de 5d 36 15 5c 9a b7 07 87 b5 2b a6 19 52 a0 fa d7 66 d7 3a 36 98 a1 50 2b 37 b0 15 9f 77 e2 e4 55 c4 09 83 d0 e7 b5 02 e5 4b 76 56 b4 f0 42 85 dd 71 21 27 f2 15 ab 0e 9b a3 e9 ab 87 d9 9a e6 2e 7c 49 79 72 70 ac d8 ec 05 56 5b 3d 4e f9 b8 8d f0 7b b5 03 e6 5d 11 d5 cd e2 0b 0b 5c 88 10 1a c9 bc f1 5c b2 16 11 e1 46 78 a6 5a 78 46 e6 6f 9a 79 0a fb 0a d8 83 c3 1a 7d ab a9 Data Ascii: Iyr@I!VWwlTmm$zahxiK, +nK&'\.f`8X\|O7l;54zVmFN=h4]6\+Rf:6P+7wUKvVBq!'.\|IyrpV[=N{]\\FxZxFoy}
2025-04-23 14:31:47 UTC	16384	IN	Data Raw: c3 73 d8 50 1a 23 7e 6d 6a d7 4d 8c c7 6a 8b c0 c6 45 60 dd ea d7 ba 9c bb 13 71 07 a0 15 7b 4f f0 b5 c5 d1 59 ae 9b 62 f5 20 f5 35 bb 9d 33 46 4f 90 2e e1 df bd 03 b3 7b 98 3a 7f 85 6e 2e 00 96 e9 fc b4 eb 8e f5 ba ab a5 68 d1 61 76 b4 80 67 24 56 36 a5 e2 97 91 4a 42 70 b5 cf 97 bb be 97 08 1d c9 3d a8 15 d2 d8 df d4 3c 50 cd 95 83 e5 5f 6a e7 e4 b9 b9 bb 7c 0d cc 4f 6e b5 b9 a7 f8 4a 69 71 2d e3 79 69 dc 77 ad c5 4d 27 48 8b 72 aa b3 8e fd 4d 03 b3 7a b3 99 b0 f0 bd f5 e6 1e 45 31 46 7b b5 74 36 fa 2e 97 a5 a8 69 59 64 71 ce 5a a8 df f8 a1 d8 79 70 8c 0c 76 ac 94 4d 47 52 7f 90 3b 67 b9 a2 c2 ba e8 6e de 78 92 08 94 c7 6e 80 0c 70 40 ac 19 f5 4b bb d3 b5 4b 37 b0 ad 7b 5f 0b 11 86 bb 94 0f 6a be 1b 4d d3 93 e5 db 91 f8 d0 0d 37 b9 cf db 68 57 97 58 69 Data Ascii: sP#~mjMjE`q{OYb 53FO.{:n.havg$V6JBp=<P_j\|OnJiq-yiwM'HrMzE1F{t6.iYdqZypvMGR;gnxnp@KK7{_jM7hWXi
2025-04-23 14:31:47 UTC	16384	IN	Data Raw: 54 63 ab 39 ff 00 81 9a 2f 01 91 1b c9 df 26 10 ae a0 e3 b8 39 f4 c6 29 4c f2 39 20 79 8b 93 80 58 a8 1f 96 73 8e 94 ff 00 dc 8c 65 41 c7 af 34 e4 9a 25 61 b4 28 e7 b0 a3 99 76 03 c0 7c 44 c5 b5 db e6 27 24 dc 49 93 eb f3 1a a1 7c 73 37 be d1 56 35 c9 37 eb 17 24 1e 4c f2 67 f3 6a a5 72 fb e5 27 d8 56 9d 04 31 7a 8a f5 ff 00 86 56 a2 4d 22 f0 98 e3 7c 4c 06 58 72 3e 5a f2 05 ea 2b da 7e 14 fc de 1d b9 7e b9 9d 79 ff 00 80 0a 96 ec ae 86 8e cc 5b bf 1f 32 0c 0c 60 2d 3c 5b 9c f3 23 7e 18 15 3d 00 56 7c f2 ee 16 20 36 91 13 b9 81 63 ea 4d 3c 5b c4 3f 80 1f af 35 30 14 e0 29 73 31 91 08 94 74 50 3e 82 ab de 5f db 58 aa f9 d2 61 9b ee a2 8c b1 fc 29 ba 86 a0 b6 6a 01 20 16 38 1f 5a e0 b5 1d 4c dc dc ca f0 be e9 b3 80 4f 6f 7a a8 c6 e2 b9 e8 76 52 fd b0 19 1a Data Ascii: Tc9/&9)L9 yXseA4%a(v\|D'$I\|s7V57$Lgjr'V1zVM"\|LXr>Z+~~y[2`-<[#~=V\| 6cM<[?50)s1tP>_Xa)j 8ZLOozvR
2025-04-23 14:31:47 UTC	16384	IN	Data Raw: 7f 4c d2 32 86 c6 e1 bb cc 04 05 8d 4f 6c 00 46 0f 04 8c 76 ee 71 cd 00 24 65 81 09 14 52 30 61 b3 0c 99 25 b1 eb dc f7 f7 eb 43 fc 91 2b ba 31 75 21 93 90 41 3c 10 bd 38 fa 77 a7 c6 23 60 52 47 43 21 6d a0 ee de c4 64 e0 e0 80 79 38 f4 ea 3b 52 43 23 96 c2 48 a3 8f 31 86 7a 74 e0 67 a7 5e bf 5f c0 02 36 77 f3 10 a9 65 18 dc 72 47 ca d8 18 ce 3b 7a f7 fc f9 e9 7c 19 7e 63 b9 b8 b1 77 52 b2 13 24 61 71 c1 ee 38 fc 2b 9a ce d3 2b 0c 12 03 7c d9 27 00 f2 31 8f 4c 7a f5 a7 59 ce da 7c b6 f7 19 7c 46 40 52 46 39 ee 7a f4 39 1f 5a 99 2b a0 3d 32 75 a8 61 7f 2e 50 7b 74 a9 a3 99 2e ed 23 9e 33 94 91 43 03 f5 aa ee 30 6b 02 8d 1f 7a 46 19 a6 db 3f 99 08 f5 1c 1a 90 8a 82 8e 6f c4 e3 fd 1e df fd f6 fe 42 96 d7 fe 3c e1 ff 00 70 7f 2a 3c 50 3f 75 6f fe f1 a2 db fe Data Ascii: L2OlFvq$eR0a%C+1u!A<8w#`RGC!mdy8;RC#H1ztg^_6werG;z\|~cwR$aq8++\|'1LzY\|\|F@RF9z9Z+=2ua.P{t.#3C0kzF?oB<p*<P?uo
2025-04-23 14:31:48 UTC	16384	IN	Data Raw: 2b d3 b8 f4 a1 1b 1d 7e ed 3c 70 7a d3 5a 3c e4 a8 fa 8a 00 47 4c 0d c3 91 4c a7 ab 6d fa 52 ba 7f 12 f4 ef 40 13 c1 31 6c 23 7d ee c7 d6 ac 83 55 6c 0e db d8 58 9e 04 8b 52 b4 c4 dd 4a bb 78 de 71 81 ef 48 64 8e 49 51 5d b7 81 47 fc 4b ee 8f fd 35 03 f4 ae 25 81 50 01 1c d7 75 e0 75 c6 95 70 7d 67 ff 00 d9 45 50 8e 9e 96 81 45 03 2a 79 87 ed 57 d3 aa ab cd 67 02 34 48 c3 8c b1 6d cd f9 28 1f 81 f5 a8 6e f5 1b cd 47 4b d5 bf b4 e1 8b cb 36 ec 91 88 a3 da ac e7 21 36 8c 75 27 f5 ab 32 da 19 2e 63 b9 86 e2 5b 79 d0 15 f3 23 c1 dc a7 f8 58 1e 08 a9 85 bc 40 a3 bc b3 5c ca 87 28 d2 6d 54 43 ea a8 a0 00 7a f2 49 f6 c5 34 f4 15 82 14 78 a0 8e 39 1b 32 2a 00 c7 d4 81 cf eb 4f a2 96 90 c4 a5 a2 8a 00 4a 29 68 a0 04 a5 a2 8a 00 29 29 68 a0 04 a2 8a 28 00 a2 8a 28 Data Ascii: +~<pzZ<GLLmR@1l#}UlXRJxqHdIQ]GK5%Puup}gEPEyWg4Hm(nGK6!6u'2.c[y#X@\(mTCzI4x92OJ)h))h((
2025-04-23 14:31:48 UTC	16384	IN	Data Raw: 09 fe 55 7e 1f 0f 6a f3 ff 00 ab d3 e6 c7 ab 80 bf cf 14 01 9b 45 74 50 f8 27 57 97 1b fc 88 87 fb 52 64 fe 80 d6 8c 3e 00 90 f3 3e a0 a3 d9 23 cf ea 4f f4 a0 0e 32 8a f4 28 7c 0b a6 27 32 4d 73 29 ee 0b 00 3f 41 5a 10 f8 5b 45 87 05 6c 11 88 ff 00 9e 8c 5f f9 9a 40 79 6f 1e b4 f4 d3 75 19 a6 59 ac ed 24 95 b6 34 6c ad 13 15 74 6c 64 12 3a 72 01 cf b5 7b 04 36 56 96 d8 f2 2d 61 8b 1f dc 8c 2f f2 a9 e8 b8 8f 25 b4 f0 66 b3 20 4c d8 24 31 a9 04 20 60 06 79 c1 62 4e 58 8c 9e c3 af 4a d8 83 c0 9a 8b ff 00 ad b8 b7 88 7b 12 c7 f9 57 a1 51 45 c0 e3 61 f0 0c 43 fd 7d fb b7 b2 46 07 f3 26 b4 21 f0 56 8f 1f df 59 a5 3f ed c9 8f e5 8a e8 a8 a0 0c d8 7c 3d a4 41 f7 34 f8 09 f5 75 dc 7f 5a bf 1c 31 42 a1 62 89 10 0e 81 54 0a 7d 14 00 52 32 ab a9 56 50 ca 46 08 23 20 Data Ascii: U~jEtP'WRd>>#O2(\|'2Ms)?AZ[El_@youY$4ltld:r{6V-a/%f L$1 `ybNXJ{WQEaC}F&!VY?\|=A4uZ1BbT}R2VPF#
2025-04-23 14:31:48 UTC	276	IN	Data Raw: 74 2f 4f 64 69 65 72 65 73 69 73 2f 6d 75 6c 74 69 70 6c 79 2f 52 63 61 72 6f 6e 0a 2f 55 72 69 6e 67 2f 55 61 63 75 74 65 2f 55 68 75 6e 67 61 72 75 6d 6c 61 75 74 2f 55 64 69 65 72 65 73 69 73 2f 59 61 63 75 74 65 2f 54 63 6f 6d 6d 61 61 63 63 65 6e 74 2f 67 65 72 6d 61 6e 64 62 6c 73 2f 72 61 63 75 74 65 0a 2f 61 61 63 75 74 65 2f 61 63 69 72 63 75 6d 66 6c 65 78 2f 61 62 72 65 76 65 2f 61 64 69 65 72 65 73 69 73 2f 6c 61 63 75 74 65 2f 63 61 63 75 74 65 2f 63 63 65 64 69 6c 6c 61 2f 63 63 61 72 6f 6e 0a 2f 65 61 63 75 74 65 2f 65 6f 67 6f 6e 65 6b 2f 65 64 69 65 72 65 73 69 73 2f 65 63 61 72 6f 6e 2f 69 61 63 75 74 65 2f 69 63 69 72 63 75 6d 66 6c 65 78 2f 64 63 61 72 6f 6e 2f 64 63 72 6f 61 74 0a 2f 6e 61 63 75 74 65 2f 6e 63 61 72 6f 6e 2f 6f 61 63 Data Ascii: t/Odieresis/multiply/Rcaron/Uring/Uacute/Uhungarumlaut/Udieresis/Yacute/Tcommaaccent/germandbls/racute/aacute/acircumflex/abreve/adieresis/lacute/cacute/ccedilla/ccaron/eacute/eogonek/edieresis/ecaron/iacute/icircumflex/dcaron/dcroat/nacute/ncaron/oac
2025-04-23 14:31:48 UTC	16384	IN	Data Raw: 61 72 75 6d 6c 61 75 74 2f 6f 64 69 65 72 65 73 69 73 2f 64 69 76 69 64 65 2f 72 63 61 72 6f 6e 0a 2f 75 72 69 6e 67 2f 75 61 63 75 74 65 2f 75 68 75 6e 67 61 72 75 6d 6c 61 75 74 2f 75 64 69 65 72 65 73 69 73 2f 79 61 63 75 74 65 2f 74 63 6f 6d 6d 61 61 63 63 65 6e 74 2f 64 6f 74 61 63 63 65 6e 74 5d 0a 2f 42 61 73 65 45 6e 63 6f 64 69 6e 67 2f 57 69 6e 41 6e 73 69 45 6e 63 6f 64 69 6e 67 0d 0a 3e 3e 20 0d 65 6e 64 6f 62 6a 0d 0a 37 20 30 20 6f 62 6a 0d 3c 3c 0d 0a 2f 54 79 70 65 2f 45 6e 63 6f 64 69 6e 67 2f 44 69 66 66 65 72 65 6e 63 65 73 0a 5b 31 32 38 20 2f 45 75 72 6f 5d 2f 42 61 73 65 45 6e 63 6f 64 69 6e 67 2f 57 69 6e 41 6e 73 69 45 6e 63 6f 64 69 6e 67 0d 0a 3e 3e 20 0d 65 6e 64 6f 62 6a 0d 0a 31 32 20 30 20 6f 62 6a 0d 0a 5b 20 37 35 30 20 37 Data Ascii: arumlaut/odieresis/divide/rcaron/uring/uacute/uhungarumlaut/udieresis/yacute/tcommaaccent/dotaccent]/BaseEncoding/WinAnsiEncoding>> endobj7 0 obj<</Type/Encoding/Differences[128 /Euro]/BaseEncoding/WinAnsiEncoding>> endobj12 0 obj[ 750 7

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49729	212.57.32.77	443	2752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-23 14:31:47 UTC	641	OUT	GET /favicon.ico HTTP/1.1 Host: download.symartech.sk Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://download.symartech.sk/19v3_5n9ec_0sedb_5045S9Y3M_7c1o_.pdf Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-23 14:31:48 UTC	267	IN	HTTP/1.1 200 OK Content-Type: image/x-icon Last-Modified: Thu, 18 Jul 2019 17:08:56 GMT Accept-Ranges: bytes ETag: "0c48e7b8b3dd51:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET Date: Wed, 23 Apr 2025 14:31:04 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49728	212.57.32.77	443	2752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-23 14:31:48 UTC	378	OUT	GET /19v3_5n9ec_0sedb_5045S9Y3M_7c1o_.pdf HTTP/1.1 Host: download.symartech.sk Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-23 14:31:48 UTC	276	IN	HTTP/1.1 200 OK Content-Type: application/pdf Last-Modified: Thu, 16 Aug 2018 04:04:09 GMT Accept-Ranges: bytes ETag: "80c2b82e1635d41:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET Date: Wed, 23 Apr 2025 14:31:05 GMT Connection: close Content-Length: 299070
2025-04-23 14:31:48 UTC	16108	IN	Data Raw: 25 50 44 46 2d 31 2e 34 0d 0a 25 e2 e3 cf d3 0d 0a 25 0d 0a 25 77 50 44 46 20 62 79 20 57 50 43 75 62 65 64 20 47 6d 62 48 20 56 33 2e 35 34 5b 34 30 5d 0d 0a 25 0d 0a 25 0d 0a 31 20 30 20 6f 62 6a 0d 3c 3c 2f 54 79 70 65 2f 4d 65 74 61 64 61 74 61 2f 53 75 62 74 79 70 65 2f 58 4d 4c 2f 4c 65 6e 67 74 68 20 31 36 32 30 20 3e 3e 0d 0a 73 74 72 65 61 6d 0a 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 0a 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 33 2e 31 2d 37 30 31 22 3e 0a 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f Data Ascii: %PDF-1.4%%%wPDF by WPCubed GmbH V3.54[40]%%1 0 obj<</Type/Metadata/Subtype/XML/Length 1620 >>stream<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?><x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="3.1-701"><rdf:RDF xmlns:rdf="http://
2025-04-23 14:31:48 UTC	16384	IN	Data Raw: b2 17 d9 82 41 39 ce 0f a5 6f 57 9b 6b 8d b7 46 bf e3 ef 6a d1 8f fc 86 d4 d6 e2 96 88 ea 6d bc 48 f3 f8 56 e3 5a 36 8a ad 0b 32 f9 3e 6e 41 c3 01 f7 b1 ef e9 4d d1 bc 4e fa ad 86 a3 72 d6 42 13 66 9b b6 99 77 6f f9 4b 75 c7 1d 3f 5a c2 d3 d8 7f c2 ac d4 fa e0 4a e3 d3 f8 d6 a0 f0 9b 67 43 f1 38 51 80 20 e3 bf fc b2 6a ab 22 2e f4 3a 1f 0d 78 ad bc 43 7b 3d b9 b1 fb 38 8a 2f 33 7f 9b bb 77 20 63 a0 f5 ad db db d8 6c 2d cc f3 b6 d4 1c 57 9d 7c 32 91 9b 5b be 52 38 36 80 e7 1f ed 0a eb 7c 61 ff 00 20 43 fe f8 fe 75 2f 72 a3 b6 a6 e2 48 64 ce 00 00 52 ef c4 81 0f 7a a7 6f 2f ca fc f7 a7 89 37 5d a0 cd 55 84 99 66 59 16 18 9a 47 38 55 19 26 b2 1f c4 b6 91 ca 51 a3 94 8c 06 04 01 c8 23 20 f5 a7 78 9e 46 8f c3 d7 65 4e 0e dc 57 03 67 7f 7b aa f8 ce 6d 10 59 a4 Data Ascii: A9oWkFjmHVZ62>nAMNrBfwoKu?ZJgC8Q j".:xC{=8/3w cl-W\|2[R86\|a Cu/rHdRzo/7]UfYG8U&Q# xFeNWg{mY
2025-04-23 14:31:49 UTC	16384	IN	Data Raw: a5 49 0e 9b 79 72 09 08 40 1d 49 ae 89 21 b0 b2 56 dc 57 77 6c 54 6d ad c5 6d 1b 24 2a 06 7a d1 61 68 8a 90 78 69 cc 4b 2c a7 20 f5 1d 2b 6e d2 cf 4b d3 e1 dd 26 d3 27 a1 ed 5c f4 ba d4 f2 2e d5 66 c7 60 2a 38 ed f5 0b d3 f2 c6 e4 1e f4 58 7c c7 4f 37 88 ad ad d7 6c 11 0e 3b d6 35 d7 88 e5 98 92 bc 1e 80 0a 9a d3 c1 f7 b7 00 34 ad b4 7a 56 dd b7 84 ec 6d 46 e9 dd 4e 3d 68 1f bc ce 34 dc de 5d 36 15 5c 9a b7 07 87 b5 2b a6 19 52 a0 fa d7 66 d7 3a 36 98 a1 50 2b 37 b0 15 9f 77 e2 e4 55 c4 09 83 d0 e7 b5 02 e5 4b 76 56 b4 f0 42 85 dd 71 21 27 f2 15 ab 0e 9b a3 e9 ab 87 d9 9a e6 2e 7c 49 79 72 70 ac d8 ec 05 56 5b 3d 4e f9 b8 8d f0 7b b5 03 e6 5d 11 d5 cd e2 0b 0b 5c 88 10 1a c9 bc f1 5c b2 16 11 e1 46 78 a6 5a 78 46 e6 6f 9a 79 0a fb 0a d8 83 c3 1a 7d ab a9 Data Ascii: Iyr@I!VWwlTmm$zahxiK, +nK&'\.f`8X\|O7l;54zVmFN=h4]6\+Rf:6P+7wUKvVBq!'.\|IyrpV[=N{]\\FxZxFoy}
2025-04-23 14:31:49 UTC	16384	IN	Data Raw: c3 73 d8 50 1a 23 7e 6d 6a d7 4d 8c c7 6a 8b c0 c6 45 60 dd ea d7 ba 9c bb 13 71 07 a0 15 7b 4f f0 b5 c5 d1 59 ae 9b 62 f5 20 f5 35 bb 9d 33 46 4f 90 2e e1 df bd 03 b3 7b 98 3a 7f 85 6e 2e 00 96 e9 fc b4 eb 8e f5 ba ab a5 68 d1 61 76 b4 80 67 24 56 36 a5 e2 97 91 4a 42 70 b5 cf 97 bb be 97 08 1d c9 3d a8 15 d2 d8 df d4 3c 50 cd 95 83 e5 5f 6a e7 e4 b9 b9 bb 7c 0d cc 4f 6e b5 b9 a7 f8 4a 69 71 2d e3 79 69 dc 77 ad c5 4d 27 48 8b 72 aa b3 8e fd 4d 03 b3 7a b3 99 b0 f0 bd f5 e6 1e 45 31 46 7b b5 74 36 fa 2e 97 a5 a8 69 59 64 71 ce 5a a8 df f8 a1 d8 79 70 8c 0c 76 ac 94 4d 47 52 7f 90 3b 67 b9 a2 c2 ba e8 6e de 78 92 08 94 c7 6e 80 0c 70 40 ac 19 f5 4b bb d3 b5 4b 37 b0 ad 7b 5f 0b 11 86 bb 94 0f 6a be 1b 4d d3 93 e5 db 91 f8 d0 0d 37 b9 cf db 68 57 97 58 69 Data Ascii: sP#~mjMjE`q{OYb 53FO.{:n.havg$V6JBp=<P_j\|OnJiq-yiwM'HrMzE1F{t6.iYdqZypvMGR;gnxnp@KK7{_jM7hWXi
2025-04-23 14:31:49 UTC	16384	IN	Data Raw: 54 63 ab 39 ff 00 81 9a 2f 01 91 1b c9 df 26 10 ae a0 e3 b8 39 f4 c6 29 4c f2 39 20 79 8b 93 80 58 a8 1f 96 73 8e 94 ff 00 dc 8c 65 41 c7 af 34 e4 9a 25 61 b4 28 e7 b0 a3 99 76 03 c0 7c 44 c5 b5 db e6 27 24 dc 49 93 eb f3 1a a1 7c 73 37 be d1 56 35 c9 37 eb 17 24 1e 4c f2 67 f3 6a a5 72 fb e5 27 d8 56 9d 04 31 7a 8a f5 ff 00 86 56 a2 4d 22 f0 98 e3 7c 4c 06 58 72 3e 5a f2 05 ea 2b da 7e 14 fc de 1d b9 7e b9 9d 79 ff 00 80 0a 96 ec ae 86 8e cc 5b bf 1f 32 0c 0c 60 2d 3c 5b 9c f3 23 7e 18 15 3d 00 56 7c f2 ee 16 20 36 91 13 b9 81 63 ea 4d 3c 5b c4 3f 80 1f af 35 30 14 e0 29 73 31 91 08 94 74 50 3e 82 ab de 5f db 58 aa f9 d2 61 9b ee a2 8c b1 fc 29 ba 86 a0 b6 6a 01 20 16 38 1f 5a e0 b5 1d 4c dc dc ca f0 be e9 b3 80 4f 6f 7a a8 c6 e2 b9 e8 76 52 fd b0 19 1a Data Ascii: Tc9/&9)L9 yXseA4%a(v\|D'$I\|s7V57$Lgjr'V1zVM"\|LXr>Z+~~y[2`-<[#~=V\| 6cM<[?50)s1tP>_Xa)j 8ZLOozvR
2025-04-23 14:31:49 UTC	16384	IN	Data Raw: 7f 4c d2 32 86 c6 e1 bb cc 04 05 8d 4f 6c 00 46 0f 04 8c 76 ee 71 cd 00 24 65 81 09 14 52 30 61 b3 0c 99 25 b1 eb dc f7 f7 eb 43 fc 91 2b ba 31 75 21 93 90 41 3c 10 bd 38 fa 77 a7 c6 23 60 52 47 43 21 6d a0 ee de c4 64 e0 e0 80 79 38 f4 ea 3b 52 43 23 96 c2 48 a3 8f 31 86 7a 74 e0 67 a7 5e bf 5f c0 02 36 77 f3 10 a9 65 18 dc 72 47 ca d8 18 ce 3b 7a f7 fc f9 e9 7c 19 7e 63 b9 b8 b1 77 52 b2 13 24 61 71 c1 ee 38 fc 2b 9a ce d3 2b 0c 12 03 7c d9 27 00 f2 31 8f 4c 7a f5 a7 59 ce da 7c b6 f7 19 7c 46 40 52 46 39 ee 7a f4 39 1f 5a 99 2b a0 3d 32 75 a8 61 7f 2e 50 7b 74 a9 a3 99 2e ed 23 9e 33 94 91 43 03 f5 aa ee 30 6b 02 8d 1f 7a 46 19 a6 db 3f 99 08 f5 1c 1a 90 8a 82 8e 6f c4 e3 fd 1e df fd f6 fe 42 96 d7 fe 3c e1 ff 00 70 7f 2a 3c 50 3f 75 6f fe f1 a2 db fe Data Ascii: L2OlFvq$eR0a%C+1u!A<8w#`RGC!mdy8;RC#H1ztg^_6werG;z\|~cwR$aq8++\|'1LzY\|\|F@RF9z9Z+=2ua.P{t.#3C0kzF?oB<p*<P?uo
2025-04-23 14:31:49 UTC	16384	IN	Data Raw: 2b d3 b8 f4 a1 1b 1d 7e ed 3c 70 7a d3 5a 3c e4 a8 fa 8a 00 47 4c 0d c3 91 4c a7 ab 6d fa 52 ba 7f 12 f4 ef 40 13 c1 31 6c 23 7d ee c7 d6 ac 83 55 6c 0e db d8 58 9e 04 8b 52 b4 c4 dd 4a bb 78 de 71 81 ef 48 64 8e 49 51 5d b7 81 47 fc 4b ee 8f fd 35 03 f4 ae 25 81 50 01 1c d7 75 e0 75 c6 95 70 7d 67 ff 00 d9 45 50 8e 9e 96 81 45 03 2a 79 87 ed 57 d3 aa ab cd 67 02 34 48 c3 8c b1 6d cd f9 28 1f 81 f5 a8 6e f5 1b cd 47 4b d5 bf b4 e1 8b cb 36 ec 91 88 a3 da ac e7 21 36 8c 75 27 f5 ab 32 da 19 2e 63 b9 86 e2 5b 79 d0 15 f3 23 c1 dc a7 f8 58 1e 08 a9 85 bc 40 a3 bc b3 5c ca 87 28 d2 6d 54 43 ea a8 a0 00 7a f2 49 f6 c5 34 f4 15 82 14 78 a0 8e 39 1b 32 2a 00 c7 d4 81 cf eb 4f a2 96 90 c4 a5 a2 8a 00 4a 29 68 a0 04 a5 a2 8a 00 29 29 68 a0 04 a2 8a 28 00 a2 8a 28 Data Ascii: +~<pzZ<GLLmR@1l#}UlXRJxqHdIQ]GK5%Puup}gEPEyWg4Hm(nGK6!6u'2.c[y#X@\(mTCzI4x92OJ)h))h((
2025-04-23 14:31:49 UTC	16384	IN	Data Raw: 09 fe 55 7e 1f 0f 6a f3 ff 00 ab d3 e6 c7 ab 80 bf cf 14 01 9b 45 74 50 f8 27 57 97 1b fc 88 87 fb 52 64 fe 80 d6 8c 3e 00 90 f3 3e a0 a3 d9 23 cf ea 4f f4 a0 0e 32 8a f4 28 7c 0b a6 27 32 4d 73 29 ee 0b 00 3f 41 5a 10 f8 5b 45 87 05 6c 11 88 ff 00 9e 8c 5f f9 9a 40 79 6f 1e b4 f4 d3 75 19 a6 59 ac ed 24 95 b6 34 6c ad 13 15 74 6c 64 12 3a 72 01 cf b5 7b 04 36 56 96 d8 f2 2d 61 8b 1f dc 8c 2f f2 a9 e8 b8 8f 25 b4 f0 66 b3 20 4c d8 24 31 a9 04 20 60 06 79 c1 62 4e 58 8c 9e c3 af 4a d8 83 c0 9a 8b ff 00 ad b8 b7 88 7b 12 c7 f9 57 a1 51 45 c0 e3 61 f0 0c 43 fd 7d fb b7 b2 46 07 f3 26 b4 21 f0 56 8f 1f df 59 a5 3f ed c9 8f e5 8a e8 a8 a0 0c d8 7c 3d a4 41 f7 34 f8 09 f5 75 dc 7f 5a bf 1c 31 42 a1 62 89 10 0e 81 54 0a 7d 14 00 52 32 ab a9 56 50 ca 46 08 23 20 Data Ascii: U~jEtP'WRd>>#O2(\|'2Ms)?AZ[El_@youY$4ltld:r{6V-a/%f L$1 `ybNXJ{WQEaC}F&!VY?\|=A4uZ1BbT}R2VPF#
2025-04-23 14:31:49 UTC	16384	IN	Data Raw: 74 2f 4f 64 69 65 72 65 73 69 73 2f 6d 75 6c 74 69 70 6c 79 2f 52 63 61 72 6f 6e 0a 2f 55 72 69 6e 67 2f 55 61 63 75 74 65 2f 55 68 75 6e 67 61 72 75 6d 6c 61 75 74 2f 55 64 69 65 72 65 73 69 73 2f 59 61 63 75 74 65 2f 54 63 6f 6d 6d 61 61 63 63 65 6e 74 2f 67 65 72 6d 61 6e 64 62 6c 73 2f 72 61 63 75 74 65 0a 2f 61 61 63 75 74 65 2f 61 63 69 72 63 75 6d 66 6c 65 78 2f 61 62 72 65 76 65 2f 61 64 69 65 72 65 73 69 73 2f 6c 61 63 75 74 65 2f 63 61 63 75 74 65 2f 63 63 65 64 69 6c 6c 61 2f 63 63 61 72 6f 6e 0a 2f 65 61 63 75 74 65 2f 65 6f 67 6f 6e 65 6b 2f 65 64 69 65 72 65 73 69 73 2f 65 63 61 72 6f 6e 2f 69 61 63 75 74 65 2f 69 63 69 72 63 75 6d 66 6c 65 78 2f 64 63 61 72 6f 6e 2f 64 63 72 6f 61 74 0a 2f 6e 61 63 75 74 65 2f 6e 63 61 72 6f 6e 2f 6f 61 63 Data Ascii: t/Odieresis/multiply/Rcaron/Uring/Uacute/Uhungarumlaut/Udieresis/Yacute/Tcommaaccent/germandbls/racute/aacute/acircumflex/abreve/adieresis/lacute/cacute/ccedilla/ccaron/eacute/eogonek/edieresis/ecaron/iacute/icircumflex/dcaron/dcroat/nacute/ncaron/oac
2025-04-23 14:31:49 UTC	16384	IN	Data Raw: 34 ec 51 7c d8 c0 50 af 6a 6d 79 bd 26 f4 f8 ea cb 05 49 bc 89 97 40 c9 8c ff aa d0 b2 62 bf 8a 8a 35 83 2a 81 0c e0 52 88 31 07 85 02 f3 66 3b 07 cc 7c 15 f7 24 6d 78 45 14 2f ee 32 a9 a1 39 36 36 50 24 48 0b b2 43 eb a1 02 9b 2e 4c 38 24 65 07 bc 6d e6 4b a0 5b 98 17 c0 91 f1 2e 49 26 a1 16 c6 63 e1 a1 82 53 60 4d db 3a 58 1f 20 0f 90 57 e1 79 6f 1f 6f 9f 00 1c a0 a8 a4 a8 84 c3 b0 37 c6 01 a1 01 a1 1a 2f 48 c2 58 bf c8 b4 48 8c bb 24 b9 24 61 8d 41 5e c5 47 e3 e6 66 83 7d 82 70 d9 e1 28 fc 73 74 c4 ff bd 03 5e 08 82 c3 51 78 51 2f a6 04 62 ac 11 4a 0a d4 88 25 42 8b a0 71 42 93 14 95 34 6d e1 14 1b 51 c7 2c 9e 61 2e 8f 70 bc 03 0e 0b 08 85 97 bc 84 96 62 bd 8b 46 c8 20 9c e3 57 cf 2d 08 f3 f6 c1 58 e1 6b 1e bf 5a 38 e7 16 40 05 c2 08 2a 84 9a bc b1 9d Data Ascii: 4Q\|Pjmy&I@b5R1f;\|$mxE/2966P$HC.L8$emK[.I&cS`M:X Wyoo7/HXH$$aA^Gf}p(st^QxQ/bJ%BqB4mQ,a.pbF W-XkZ8@

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49732	212.57.32.77	443	2752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-23 14:31:49 UTC	396	OUT	GET /favicon.ico HTTP/1.1 Host: download.symartech.sk Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-23 14:31:49 UTC	267	IN	HTTP/1.1 200 OK Content-Type: image/x-icon Last-Modified: Thu, 18 Jul 2019 17:08:56 GMT Accept-Ranges: bytes ETag: "0c48e7b8b3dd51:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET Date: Wed, 23 Apr 2025 14:31:06 GMT Connection: close Content-Length: 0

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe
• Acrobat.exe
• AcroCEF.exe
• AcroCEF.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe
• Acrobat.exe
• AcroCEF.exe
• AcroCEF.exe

Click to jump to process

High Level Behavior Distribution

• File
• Registry

Click to dive into process behavior distribution

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 4480, Parent PID: 3516

Function Logs

General

Target ID:	1
Start time:	10:31:34
Start date:	23/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

COM Activities

WMI Operations

Show Windows behavior

Process Activities

Process Created

Process Terminated

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Token Activities

Token Adjusted

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2752, Parent PID: 4480

Function Logs

General

Target ID:	2
Start time:	10:31:37
Start date:	23/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2276,i,3354336885574799863,12937995516537574573,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2304 /prefetch:3
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6800, Parent PID: 3516

Function Logs

General

Target ID:	4
Start time:	10:31:44
Start date:	23/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://download.symartech.sk/19v3_5n9ec_0sedb_5045S9Y3M_7c1o_.pdf"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Analysis Process: Acrobat.exePID: 2228, Parent PID: 3964

Function Logs

General

Target ID:	21
Start time:	10:32:56
Start date:	23/04/2025
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\downloaded.pdf"
Imagebase:	0x7ff7371d0000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

File Activities

File Opened

File Created

File Moved

File Read

Other File Operations

Volume Information Queried

Show Windows behavior

Section Activities

Sections loaded by Windows

Sections loaded by Program

Show Windows behavior

Registry Activities

Key Opened

Key Created

Key Deleted

Key Value Created

Key Value Deleted

Show Windows behavior

COM Activities

WMI Operations

Show Windows behavior

Mutex Activities

Mutex Created

Show Windows behavior

Process Activities

Process Created

Process Information Set

Show Windows behavior

Thread Activities

Thread Created

Thread Execution Resumed

Thread Terminated

Thread Information Set

Show Windows behavior

Memory Activities

Memory Read

Memory Written

Memory Usage Statistics

Show Windows behavior

System Activities

System Information Queried

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

Window Created

Window UI Found

Window UI Enumerated

Show Windows behavior

Process Token Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Object Security Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

LPC Port Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 4208, Parent PID: 2228

Function Logs

General

Target ID:	22
Start time:	10:32:58
Start date:	23/04/2025
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff698b00000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

File Activities

File Opened

File Read

Other File Operations

Show Windows behavior

Section Activities

Sections loaded by Windows

Sections loaded by Program

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Mutex Activities

Mutex Created

Show Windows behavior

Process Activities

Process Created

Process Information Set

Process Terminated

Show Windows behavior

Thread Activities

Thread Created

Thread Terminated

Thread Information Set

Show Windows behavior

Memory Activities

Memory Read

Memory Written

Memory Usage Statistics

Show Windows behavior

System Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Token Activities

Token Adjusted

Show Windows behavior

Object Security Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 5000, Parent PID: 4208

Function Logs

General

Target ID:	23
Start time:	10:32:59
Start date:	23/04/2025
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2140 --field-trial-handle=1592,i,8577638526050460801,9605109857572831664,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff698b00000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Section Activities

Sections loaded by Windows

Sections loaded by Program

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Mutex Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

Process Information Set

Show Windows behavior

Thread Activities

Thread Created

Thread Information Set

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

System Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Object Security Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://download.symartech.sk/19v3_5n9ec_0sedb_5045S9Y3M_7c1o_.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\90ffe435-68e4-4516-b35b-677d850131f8.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250423143303Z-194.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.3892

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Windows Analysis Report
https://download.symartech.sk/19v3_5n9ec_0sedb_5045S9Y3M_7c1o_.pdf