Windows Analysis Report
https://t3.service.hl.co.uk/r/?id=h33eb5959,aa246a3,aa298ce&e=dXRtX2NhbXBhaWduPUVPTDk2LUlHQ19tZW1iZXImdXRtX3NvdXJjZT1BZG9iZUNhbXBhaWduJnV0bV9tZWRpdW09ZW1haWwmdGhlU291cmNlPUVPTDk2JmVfY3RpPTUzNzYzNjcmZV9jdD1GJk92ZXJyaWRlPTE&s=NPQQQRi8c2SD9bjCqszMpXIxLAfmiAPvXAKV1zC8fWc

Overview

General Information

Sample URL:	https://t3.service.hl.co.uk/r/?id=h33eb5959,aa246a3,aa298ce&e=dXRtX2NhbXBhaWduPUVPTDk2LUlHQ19tZW1iZXImdXRtX3NvdXJjZT1BZG9iZUNhbXBhaWduJnV0bV9tZWRpdW09ZW1haWwmdGhlU291cmNlPUVPTDk2JmVfY3RpPTUzNzYzNjcmZV
Analysis ID:	1523244
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Drops files with a non-matching file extension (content does not match file extension)

Classification

Signatures

Source: file:///C:/Users/user/Downloads/igc-report-2024.pdf	HTTP Parser: No favicon
Source: file:///C:/Users/user/Downloads/igc-report-2024.pdf	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.7:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.7:49721 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50

Source: global traffic	HTTP traffic detected: GET /r/?id=h33eb5959,aa246a3,aa298ce&e=dXRtX2NhbXBhaWduPUVPTDk2LUlHQ19tZW1iZXImdXRtX3NvdXJjZT1BZG9iZUNhbXBhaWduJnV0bV9tZWRpdW09ZW1haWwmdGhlU291cmNlPUVPTDk2JmVfY3RpPTUzNzYzNjcmZV9jdD1GJk92ZXJyaWRlPTE&s=NPQQQRi8c2SD9bjCqszMpXIxLAfmiAPvXAKV1zC8fWc HTTP/1.1Host: t3.service.hl.co.ukConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /__data/assets/pdf_file/0007/20167261/igc-report-2024.pdf?utm_campaign=EOL96-IGC_member&utm_source=AdobeCampaign&utm_medium=email&theSource=EOL96&e_cti=5376367&e_ct=F&Override=1&deliveryName=DM196562 HTTP/1.1Host: www.hl.co.ukConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AMCV_1B4022CE52783F160A490D4D%40AdobeOrg=MCMID%7C59341901470409687033098476543630901247; nlid=33eb5959\|aa246a3
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=dK9U128hp3sDKWh&MD=Frf6m2vx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=dK9U128hp3sDKWh&MD=Frf6m2vx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT

Source: global traffic	DNS traffic detected: DNS query: t3.service.hl.co.uk
Source: global traffic	DNS traffic detected: DNS query: www.hl.co.uk
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: x1.i.lencr.org

Source: unknown

HTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message

Source: 77EC63BDA74BD0D0E0426DC8F80085060.17.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: http://www.hl.co.uk/__data/assets/pdf_file/0011/7907348/Corporate-Terms-and-Conditions.pdf)
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: http://www.hl.co.uk/igc)
Source: 2D85F72862B55C4EADD9E66E06947F3D0.17.dr	String found in binary or memory: http://x1.i.lencr.org/
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: https://protect-eu.mimecast.com/s/qEGZCx1vNs932GCvn6FN?domain=hl.co.uk)
Source: ReaderMessages.16.dr	String found in binary or memory: https://www.adobe.co
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: https://www.fca.org.uk/publications/policy-statements/ps22-9-new-consumer-duty
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: https://www.fscs.org.uk/)
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: https://www.hl.co.uk/__data/assets/pdf_file/0003/20047503/2024-wpcc-illustrations-42.pdf)
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: https://www.hl.co.uk/__data/assets/pdf_file/0004/20047504/2024-wpcc-illustrations-42-smb.pdf)
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: https://www.hl.co.uk/__data/assets/pdf_file/0004/20047522/2024-wpcc-illustrations-20.pdf)
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: https://www.hl.co.uk/__data/assets/pdf_file/0005/20047505/2024-wpcc-illustrations-35.pdf)
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: https://www.hl.co.uk/__data/assets/pdf_file/0006/20047506/2024-wpcc-illustrations-30.pdf)
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: https://www.hl.co.uk/__data/assets/pdf_file/0008/20047508/2024-wpcc-illustrations-17.pdf)
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: https://www.hl.co.uk/__data/assets/pdf_file/0010/20047519/2024-wpcc-illustrations-40.pdf)
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: https://www.hl.co.uk/__data/assets/pdf_file/0019/20047510/2024-wpcc-illustrations-15.pdf)
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: https://www.hl.co.uk/__data/assets/pdf_file/0020/20047502/2024-wpcc-illustrations-45.pdf)
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: https://www.hl.co.uk/__data/assets/pdf_file/0020/20047520/2024-wpcc-illustrations-25.pdf)
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: https://www.hl.co.uk/charges-and-interest-rates)
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: https://www.hl.co.uk/funds)
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: https://www.hl.co.uk/security-centre/how-safe-is-your-investment)
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: https://www.moneyhelper.org.uk/en/pensions-and-retirement/pension-wise?source=pw)
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: https://www.retirementlivingstandards.org.uk/)

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.7:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.7:49721 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@37/54@8/7

Source: chromecache_211.2.dr	Initial sample: https://www.hl.co.uk/__data/assets/pdf_file/0019/20047510/2024-wpcc-illustrations-15.pdf
Source: chromecache_211.2.dr	Initial sample: https://www.hl.co.uk/__data/assets/pdf_file/0010/20047519/2024-wpcc-illustrations-40.pdf
Source: chromecache_211.2.dr	Initial sample: https://protect-eu.mimecast.com/s/qegzcx1vns932gcvn6fn?domain=hl.co.uk
Source: chromecache_211.2.dr	Initial sample: https://www.hl.co.uk/__data/assets/pdf_file/0004/20047504/2024-wpcc-illustrations-42-smb.pdf
Source: chromecache_211.2.dr	Initial sample: https://www.hl.co.uk/__data/assets/pdf_file/0020/20047502/2024-wpcc-illustrations-45.pdf
Source: chromecache_211.2.dr	Initial sample: https://www.fca.org.uk/publications/policy-statements/ps22-9-new-consumer-duty \r
Source: chromecache_211.2.dr	Initial sample: http://www.hl.co.uk/__data/assets/pdf_file/0011/7907348/corporate-terms-and-conditions.pdf
Source: chromecache_211.2.dr	Initial sample: https://www.hl.co.uk/__data/assets/pdf_file/0020/20047520/2024-wpcc-illustrations-25.pdf
Source: chromecache_211.2.dr	Initial sample: https://www.hl.co.uk/funds
Source: chromecache_211.2.dr	Initial sample: https://www.hl.co.uk/charges-and-interest-rates
Source: chromecache_211.2.dr	Initial sample: https://protect-eu.mimecast.com/s/qEGZCx1vNs932GCvn6FN?domain=hl.co.uk
Source: chromecache_211.2.dr	Initial sample: https://www.hl.co.uk/security-centre/how-safe-is-your-investment
Source: chromecache_211.2.dr	Initial sample: http://www.hl.co.uk/__data/assets/pdf_file/0011/7907348/Corporate-Terms-and-Conditions.pdf
Source: chromecache_211.2.dr	Initial sample: https://www.fscs.org.uk/
Source: chromecache_211.2.dr	Initial sample: https://www.retirementlivingstandards.org.uk/
Source: chromecache_211.2.dr	Initial sample: https://www.hl.co.uk/__data/assets/pdf_file/0005/20047505/2024-wpcc-illustrations-35.pdf
Source: chromecache_211.2.dr	Initial sample: https://www.hl.co.uk/__data/assets/pdf_file/0008/20047508/2024-wpcc-illustrations-17.pdf
Source: chromecache_211.2.dr	Initial sample: https://www.hl.co.uk/__data/assets/pdf_file/0003/20047503/2024-wpcc-illustrations-42.pdf
Source: chromecache_211.2.dr	Initial sample: https://www.hl.co.uk/__data/assets/pdf_file/0006/20047506/2024-wpcc-illustrations-30.pdf
Source: chromecache_211.2.dr	Initial sample: http://www.hl.co.uk/igc
Source: chromecache_211.2.dr	Initial sample: https://www.hl.co.uk/__data/assets/pdf_file/0004/20047522/2024-wpcc-illustrations-20.pdf
Source: chromecache_211.2.dr	Initial sample: https://www.moneyhelper.org.uk/en/pensions-and-retirement/pension-wise?source=pw

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\Downloads\d736c48d-d5f0-4e3b-a895-1108d53ac4fb.tmp

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-01 06-47-30-313.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2024,i,11346600625722737073,16332623496641183597,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://t3.service.hl.co.uk/r/?id=h33eb5959,aa246a3,aa298ce&e=dXRtX2NhbXBhaWduPUVPTDk2LUlHQ19tZW1iZXImdXRtX3NvdXJjZT1BZG9iZUNhbXBhaWduJnV0bV9tZWRpdW09ZW1haWwmdGhlU291cmNlPUVPTDk2JmVfY3RpPTUzNzYzNjcmZV9jdD1GJk92ZXJyaWRlPTE&s=NPQQQRi8c2SD9bjCqszMpXIxLAfmiAPvXAKV1zC8fWc"
Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\igc-report-2024.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1628,i,12773371779395078299,5747927069721577490,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2024,i,11346600625722737073,16332623496641183597,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1628,i,12773371779395078299,5747927069721577490,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\crash_reporter.cfg

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 211
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 211			Jump to dropped file

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.184.196	www.google.com	United States	15169	GOOGLEUS	false
54.220.97.66	hargreaveslansdo-mkt-prod3-fhw4x-526190265.eu-west-1.elb.amazonaws.com	United States	16509	AMAZON-02US	false
143.204.98.90	d3c6vck7qm2wt.cloudfront.net	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
23.46.224.162	unknown	United States	16625	AKAMAI-ASUS	false
172.64.41.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.7

Contacted Domains

Name	IP	Active
chrome.cloudflare-dns.com	172.64.41.3	true
d3c6vck7qm2wt.cloudfront.net	143.204.98.90	true
hargreaveslansdo-mkt-prod3-fhw4x-526190265.eu-west-1.elb.amazonaws.com	54.220.97.66	true
www.google.com	142.250.184.196	true
x1.i.lencr.org	unknown	unknown
www.hl.co.uk	unknown	unknown
t3.service.hl.co.uk	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.hl.co.uk/__data/assets/pdf_file/0007/20167261/igc-report-2024.pdf?utm_campaign=EOL96-IGC_member&utm_source=AdobeCampaign&utm_medium=email&theSource=EOL96&e_cti=5376367&e_ct=F&Override=1&deliveryName=DM196562	false		unknown
file:///C:/Users/user/Downloads/igc-report-2024.pdf	false		unknown
https://chrome.cloudflare-dns.com/dns-query	false	URL Reputation: safe	unknown
https://t3.service.hl.co.uk/r/?id=h33eb5959,aa246a3,aa298ce&e=dXRtX2NhbXBhaWduPUVPTDk2LUlHQ19tZW1iZXImdXRtX3NvdXJjZT1BZG9iZUNhbXBhaWduJnV0bV9tZWRpdW09ZW1haWwmdGhlU291cmNlPUVPTDk2JmVfY3RpPTUzNzYzNjcmZV9jdD1GJk92ZXJyaWRlPTE&s=NPQQQRi8c2SD9bjCqszMpXIxLAfmiAPvXAKV1zC8fWc	false		unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG	ASCII text	3FBB7D81D9CECC61B8EE88A96C92D819	088FAFDE844BB6F1585CCE65FF05578562855847	E3A5961F72D6841E328F224A46E5D3081CED4739FE9EF387F24C1DDD7ED88918
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)	ASCII text	3FBB7D81D9CECC61B8EE88A96C92D819	088FAFDE844BB6F1585CCE65FF05578562855847	E3A5961F72D6841E328F224A46E5D3081CED4739FE9EF387F24C1DDD7ED88918
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG	ASCII text	FD692B52E71761A5245E48152B97AEEB	DF41F9953125BB73DB99DFCB58AA6E36A764273E	5D3CA26A2A89D60434C627911AD57C8C2066584B2424812A83FEC3CC48974770
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)	ASCII text	FD692B52E71761A5245E48152B97AEEB	DF41F9953125BB73DB99DFCB58AA6E36A764273E	5D3CA26A2A89D60434C627911AD57C8C2066584B2424812A83FEC3CC48974770
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\00f427a6-5d07-4a14-b163-6cc568940191.tmp	JSON data	7BE9C8316EB1B7252CB363207744A145	57861355BE6541501AED40F896891579DCF473BF	B8F7FC35C094B26B18BB46BB695F1D520904FF063398D86C5B06FD3E20F1881D
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)	JSON data	7BE9C8316EB1B7252CB363207744A145	57861355BE6541501AED40F896891579DCF473BF	B8F7FC35C094B26B18BB46BB695F1D520904FF063398D86C5B06FD3E20F1881D
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF6beac5.TMP (copy)	JSON data	7BE9C8316EB1B7252CB363207744A145	57861355BE6541501AED40F896891579DCF473BF	B8F7FC35C094B26B18BB46BB695F1D520904FF063398D86C5B06FD3E20F1881D
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\d25e33b0-cb58-49c9-9429-b0a3d43f275d.tmp	JSON data	5155F37C0D1ACF9A9A9F1E38A79E2CBB	FA2D9873CB06DFDDEDF238AFA6630DFAFB461DFD	F0F6A2618720C52CEDF674FC07160C88F650D54F518EDADB2F6E94B136AA7DBC
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log	data	F178217226C71435D7B15E4DE19BA132	D46EFB91EA3261887E24142062111F89FFD9A515	2993A4FDE0044E50D93707FF09D727E5AFF7A7EF8C874F561AEFA04A5E2BA710
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG	ASCII text	2F4242D5DC0685FBD878C4A22D24D3D4	18EF390DF1FC335D0B1BC2A6EBA9A1E68039F492	7BFE67466DAF31C689C81B645A36543B6257CF31A13807CBC46783B4A3344F9D
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)	ASCII text	2F4242D5DC0685FBD878C4A22D24D3D4	18EF390DF1FC335D0B1BC2A6EBA9A1E68039F492	7BFE67466DAF31C689C81B645A36543B6257CF31A13807CBC46783B4A3344F9D
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241001104734Z-221.bmp	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54	647C5856D1871A11A18CEA7710420225	2B8D2A63BDAD3944DDCAEB6994F7B5A6A3FEAC74	F86BBDD6F4A68CDB821209C1B74E23F1E1BE0688A3CF3F896271B16171DB7E7C
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages	SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15	B8E352E13E0732E1B99463E66E597EFF	9BFC708A25A7BE606325C9EF6B631EA657A04654	842537C37938B1ACBF0BBBB36F49E050E9C62F711B4D07AE939109A13D71D6B4
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal	SQLite Rollback Journal	B33444E0E627B23E5FA934FC0AFBA6C4	7016DAA8F707EB2A8C5C78D73F7D536CF1EA0683	D80F21D861560A62206229E0BADFC010DD9FDB59E2806191CB8F905F132E4D58
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D	Certificate, Version=3	0CD2F9E0DA1773E9ED864DA5E370E74E	CABD2A79A1076A31F21D253635CB039D4329A5E8	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression	49AEBF8CBD62D92AC215B2923FB1B9F5	1723BE06719828DDA65AD804298D0431F6AFF976	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D	data	4A4CC58FDAF3722419B1DA002FAD103D	64524B6A6E94C3766FF752EE2AF0116ACA8BACF6	142D17F8D37BE9CFE69EB14E2DE3527BB2B501D3678510843F1CEE924102A318
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	data	E98E92DC023209E6BEC4CEBE30454F29	5C94BA01818FA5F628DE73349843062F32D6CF4B	93F877AEFB796FFC05CA8FAF2010E4504230BACE479B11125B352AA1976270F0
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6776	PostScript document text	94185C5850C26B3C6FC24ABC385CDA58	42F042285037B0C35BC4226D387F88C770AB5CAA	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)	PostScript document text	94185C5850C26B3C6FC24ABC385CDA58	42F042285037B0C35BC4226D387F88C770AB5CAA	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID	JSON data	716B586E4156833324C70D023CC48D67	D93697A10AAC8A0328B8769B28A8B709BD70E619	AEE36AB748A2F9CA43BA01B49A8850325F0A2B866C761D67EAEAD231A337ED13
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface	JSON data	7C9B6B04FA042A5634776A569E353268	68BE96D68B02CA2CF07728C6B28D5EFE624907CC	B32395D648AE0F4E38E20AEA2B6537BCD8EDB29CE2288B51EAADACE49A2079A1
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface	JSON data	B82ED267467DE3AF18FD3D3BA3870790	B22ABC6C2996C5E8592DF16C2067FAA2A31C0D40	C0B30610A983DCFA3ABB2D05474168B8B16BE709D90AD48DE6FD14932369C014
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD	JSON data	7EC01420835188CA9A62B5558912C106	BC5113CD25E75FF50951901D6948B18DE69808CB	18574EEE79B60F53B606FBF9DF27807959203C945580174C420F6BF23C86308B
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner	JSON data	8494FBCD483112CF0D65F5A5C9E8A793	C4EA9411B169F1CD821E49F943CFF9A3AF62C366	3616395B6B5A5C64426F7941A231D4254FDA43C4AEE12496D00247B23D154227
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner	JSON data	384689799D0DCC2E3453CB113E7A2C40	65AA229DF9477B4A2BA45EC9CCDEF275535045CB	8A97B44A1C98F9559CDE76DE906FD23EB1F1258E84D9D528F308251CFB60C627
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention	JSON data	9B7E66B6C74BC3E6ADBA3C06AD6E9452	9BE62F206CF1838993F992B8EA1FC91048C4311D	30786291A5621A379D73C0F44D9BBA7418DFE356A8EB46449C4B8B7113143E6D
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner	JSON data	6713879F540FB4BB4A759A8117257E84	E11A0AE082403D7B633D98A52F1A8C91DEC0E00C	177F17057D3747D5405222AAD9E682B450DE414CA92BF858311F9D5FE03EC74D
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner	JSON data	50A1F450AA780461AC9D585999C3B707	C9FEEB9498B3E58DA3A53080E34171B1294CE8F8	9AF72B3B2E739879BF9E05191372689C1F766A9EFA3DF90FC55BBFFAB9C5BBB8
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner	JSON data	0C2A2E1CB6F96DAB8731BAB157E73ACA	C9BB8E2E834DC5D59E0A8A6817EB1596930ACC3B	59970C5E374A842837D43D343B894A9E69A85621DB87F4E6FC4161D31903F2C6
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner	JSON data	BC27F170B10C6313EB8D17CABA4FEE4E	20F199511F21CFB3E8F12873DE2718ECD645F322	B3FD7D342AD0F24665D1155C85E93F081B61AB8F5D9EB7011EBC1C4D7554B86B
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner	JSON data	DE0CA0EF58F6D2D45E5C677E089276A1	0EFF69812560EF87DCA2B079DD4BC09C8995B001	41B0D3E204D8EF4366E22546CB20ABB205B3EAA9752EAF620E8AF80097C85109
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention	JSON data	C555F1D25C5E696B9CCCC2FB5F5793CF	AFBF510616172E196C527AF81866D1B4EB983F48	079B0C213D02B73DE0362055340E289CBD3C8B771D23ECDE7E40B4C4647359E5
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner	JSON data	306EB9472953EF6A670DA5EE91AA1312	398A739E27A2C509D401943F84D4491A02DBBAA8	B2ABA4ED5EB77752253D338885FD80983598799A4CDBDD27B4BFBF40F6DB21E8
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards	JSON data	F5E0D68BB776F2758CBC0B92B1A5246C	36468C306D368FD7B6356784DDBE2F017597BACB	2A59AC72EE54B176DCC217E4B3205E4AC13B09CFE38E844A390B4D8627A2700A
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020	JSON data	1FD974ECC614914D433439A44B74E76D	FF44F520FA2D3E502678C35FF1E4C69BBF6EFACA	0F828996B9794B26BA899F9B1BD807627E5D439FE810C5DCE3C5E35D29EC3117
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING	data	DC84B0D741E5BEAE8070013ADDCC8C28	802F4A6A20CBF157AAF6C4E07E4301578D5936A2	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json	JSON data	ED46DCB76D363923B78AB1E0CC510659	030020CBDB0E7A330D0364FA5C8974954C78D78B	FDF389A32A2A31069567B3F0D7396A6E22111DEA977EFBFAD62410E058DE55B0
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents	SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25	F69C3D12E8F43F0AF9EF3FB7D4CBA9EC	AC2359E77C030898692F0BDEC29277BA1CA2E6FE	3DFCADFD1ED013CDC8D51F406D09D3FDECAF7E7E681070178761333BDA7A5C2C
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal	SQLite Rollback Journal	C033680AC1A57847BA246694292E4014	309D4059C9749961FE1C460D721FB9C672A2EB29	CFE4DC486684BFE10CDDE0A649F4013D06EDBE17A9729DCB85BAB43404B37138
C:\Users\user\AppData\Local\Temp\MSIbaba8.LOG	Unicode text, UTF-16, little-endian text, with CRLF line terminators	FC0A265FB375F0D5C49E4F3E5C9CCAF9	A3B96A267C10124721989668393C8E6F2D846C39	2CB5914F5CDC44193EA5D80BD5BFD5A88FE1EF47A09531756A8F5CFDD40352DA
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-01 06-47-30-313.log	ASCII text, with very long lines (393)	F49CA270724D610D1589E217EA78D6D1	22D43D4BB9BDC1D1DEA734399D2D71E264AA3DD3	D2FFBB2EF8FCE09991C2EFAA91B6784497E8C55845807468A3385CF6029A2F8D
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log	ASCII text, with very long lines (393), with CRLF line terminators	EB777735DDE983800F67EC520F332312	A2CBFD10F19B88D05DE79B12E441A3703A69FFE5	E2C192D858A5AB0775DBB982CFC2676FCBD1CBEBDAD5FE5BBAAE1937F6CF7882
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt	ASCII text, with CRLF line terminators	27A7F1A001A8E883239A110F5A412A01	75CF597897F206D26096FB2FEB16FF6149C3EF48	6962F118CC61997AD1362E8451A3A27EFC1A0F37ED3EFCF172BA25B102D90AE8
C:\Users\user\AppData\Local\Temp\acrocef_low\6da9e978-b1b2-4b5f-8952-f300470517ad.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142	59456AEBFE40D51DCD738AF1B2D65A03	953094EDE30485AB6E071F8A0BF64D9BC1C34227	1C21F3042C5972DE59996ED10C08D9072E9F2643F65ED69355CD5B2E7735067D
C:\Users\user\AppData\Local\Temp\acrocef_low\7f362f8e-aca2-4ede-b2c0-976e1a936356.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022	5C48B0AD2FEF800949466AE872E1F1E2	337D617AE142815EDDACB48484628C1F16692A2F	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
C:\Users\user\AppData\Local\Temp\acrocef_low\9ccb8405-55f5-4682-b942-58c12deffb3a.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538	3A49135134665364308390AC398006F1	28EF4CE5690BF8A9E048AF7D30688120DAC6F126	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
C:\Users\user\AppData\Local\Temp\acrocef_low\ad9ef446-0a25-4f7a-b2e3-ee1a0f899395.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081	A0CFC77914D9BFBDD8BC1B1154A7B364	54962BFDF3797C95DC2A4C8B29E873743811AD30	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
C:\Users\user\Downloads\4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp	PDF document, version 1.7	7FF5DB07C29171EE9F76FC2525B19226	9256A5D897C505DF8DF2F3F3E13B52ECB778A885	CAE8D3A33643D8B800900723FFCF830F21225D993A81FDBECAC08B0EA70E384B
C:\Users\user\Downloads\d736c48d-d5f0-4e3b-a895-1108d53ac4fb.tmp	PDF document, version 1.7	D8664668F624DBC4260116DB15AF3213	11DDBE3CFE4DE567A9EE494022F681C8CF1CB640	CA5E3147779C013F3A0F5567982EC985CBA7E9D7AC63235C5FBFBAD001FBB54D
C:\Users\user\Downloads\igc-report-2024.pdf (copy)	PDF document, version 1.7	7FF5DB07C29171EE9F76FC2525B19226	9256A5D897C505DF8DF2F3F3E13B52ECB778A885	CAE8D3A33643D8B800900723FFCF830F21225D993A81FDBECAC08B0EA70E384B
C:\Users\user\Downloads\igc-report-2024.pdf.crdownload	PDF document, version 1.7	7FF5DB07C29171EE9F76FC2525B19226	9256A5D897C505DF8DF2F3F3E13B52ECB778A885	CAE8D3A33643D8B800900723FFCF830F21225D993A81FDBECAC08B0EA70E384B
Chrome Cache Entry: 211	PDF document, version 1.7	7FF5DB07C29171EE9F76FC2525B19226	9256A5D897C505DF8DF2F3F3E13B52ECB778A885	CAE8D3A33643D8B800900723FFCF830F21225D993A81FDBECAC08B0EA70E384B

Source: file:///C:/Users/user/Downloads/igc-report-2024.pdf	HTTP Parser: No favicon
Source: file:///C:/Users/user/Downloads/igc-report-2024.pdf	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.7:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.7:49721 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50

Source: global traffic	HTTP traffic detected: GET /r/?id=h33eb5959,aa246a3,aa298ce&e=dXRtX2NhbXBhaWduPUVPTDk2LUlHQ19tZW1iZXImdXRtX3NvdXJjZT1BZG9iZUNhbXBhaWduJnV0bV9tZWRpdW09ZW1haWwmdGhlU291cmNlPUVPTDk2JmVfY3RpPTUzNzYzNjcmZV9jdD1GJk92ZXJyaWRlPTE&s=NPQQQRi8c2SD9bjCqszMpXIxLAfmiAPvXAKV1zC8fWc HTTP/1.1Host: t3.service.hl.co.ukConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /__data/assets/pdf_file/0007/20167261/igc-report-2024.pdf?utm_campaign=EOL96-IGC_member&utm_source=AdobeCampaign&utm_medium=email&theSource=EOL96&e_cti=5376367&e_ct=F&Override=1&deliveryName=DM196562 HTTP/1.1Host: www.hl.co.ukConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AMCV_1B4022CE52783F160A490D4D%40AdobeOrg=MCMID%7C59341901470409687033098476543630901247; nlid=33eb5959\|aa246a3
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=dK9U128hp3sDKWh&MD=Frf6m2vx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=dK9U128hp3sDKWh&MD=Frf6m2vx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT

Source: global traffic	DNS traffic detected: DNS query: t3.service.hl.co.uk
Source: global traffic	DNS traffic detected: DNS query: www.hl.co.uk
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: x1.i.lencr.org

Source: unknown

Source: 77EC63BDA74BD0D0E0426DC8F80085060.17.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: http://www.hl.co.uk/__data/assets/pdf_file/0011/7907348/Corporate-Terms-and-Conditions.pdf)
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: http://www.hl.co.uk/igc)
Source: 2D85F72862B55C4EADD9E66E06947F3D0.17.dr	String found in binary or memory: http://x1.i.lencr.org/
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: https://protect-eu.mimecast.com/s/qEGZCx1vNs932GCvn6FN?domain=hl.co.uk)
Source: ReaderMessages.16.dr	String found in binary or memory: https://www.adobe.co
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: https://www.fca.org.uk/publications/policy-statements/ps22-9-new-consumer-duty
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: https://www.fscs.org.uk/)
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: https://www.hl.co.uk/__data/assets/pdf_file/0003/20047503/2024-wpcc-illustrations-42.pdf)
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: https://www.hl.co.uk/__data/assets/pdf_file/0004/20047504/2024-wpcc-illustrations-42-smb.pdf)
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: https://www.hl.co.uk/__data/assets/pdf_file/0004/20047522/2024-wpcc-illustrations-20.pdf)
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: https://www.hl.co.uk/__data/assets/pdf_file/0005/20047505/2024-wpcc-illustrations-35.pdf)
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: https://www.hl.co.uk/__data/assets/pdf_file/0006/20047506/2024-wpcc-illustrations-30.pdf)
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: https://www.hl.co.uk/__data/assets/pdf_file/0008/20047508/2024-wpcc-illustrations-17.pdf)
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: https://www.hl.co.uk/__data/assets/pdf_file/0010/20047519/2024-wpcc-illustrations-40.pdf)
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: https://www.hl.co.uk/__data/assets/pdf_file/0019/20047510/2024-wpcc-illustrations-15.pdf)
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: https://www.hl.co.uk/__data/assets/pdf_file/0020/20047502/2024-wpcc-illustrations-45.pdf)
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: https://www.hl.co.uk/__data/assets/pdf_file/0020/20047520/2024-wpcc-illustrations-25.pdf)
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: https://www.hl.co.uk/charges-and-interest-rates)
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: https://www.hl.co.uk/funds)
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: https://www.hl.co.uk/security-centre/how-safe-is-your-investment)
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: https://www.moneyhelper.org.uk/en/pensions-and-retirement/pension-wise?source=pw)
Source: 4c750c03-cedb-4545-ac8e-d2414eee8c21.tmp.0.dr, chromecache_211.2.dr, igc-report-2024.pdf.crdownload.0.dr	String found in binary or memory: https://www.retirementlivingstandards.org.uk/)

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.7:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.7:49721 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@37/54@8/7

Source: chromecache_211.2.dr	Initial sample: https://www.hl.co.uk/__data/assets/pdf_file/0019/20047510/2024-wpcc-illustrations-15.pdf
Source: chromecache_211.2.dr	Initial sample: https://www.hl.co.uk/__data/assets/pdf_file/0010/20047519/2024-wpcc-illustrations-40.pdf
Source: chromecache_211.2.dr	Initial sample: https://protect-eu.mimecast.com/s/qegzcx1vns932gcvn6fn?domain=hl.co.uk
Source: chromecache_211.2.dr	Initial sample: https://www.hl.co.uk/__data/assets/pdf_file/0004/20047504/2024-wpcc-illustrations-42-smb.pdf
Source: chromecache_211.2.dr	Initial sample: https://www.hl.co.uk/__data/assets/pdf_file/0020/20047502/2024-wpcc-illustrations-45.pdf
Source: chromecache_211.2.dr	Initial sample: https://www.fca.org.uk/publications/policy-statements/ps22-9-new-consumer-duty \r
Source: chromecache_211.2.dr	Initial sample: http://www.hl.co.uk/__data/assets/pdf_file/0011/7907348/corporate-terms-and-conditions.pdf
Source: chromecache_211.2.dr	Initial sample: https://www.hl.co.uk/__data/assets/pdf_file/0020/20047520/2024-wpcc-illustrations-25.pdf
Source: chromecache_211.2.dr	Initial sample: https://www.hl.co.uk/funds
Source: chromecache_211.2.dr	Initial sample: https://www.hl.co.uk/charges-and-interest-rates
Source: chromecache_211.2.dr	Initial sample: https://protect-eu.mimecast.com/s/qEGZCx1vNs932GCvn6FN?domain=hl.co.uk
Source: chromecache_211.2.dr	Initial sample: https://www.hl.co.uk/security-centre/how-safe-is-your-investment
Source: chromecache_211.2.dr	Initial sample: http://www.hl.co.uk/__data/assets/pdf_file/0011/7907348/Corporate-Terms-and-Conditions.pdf
Source: chromecache_211.2.dr	Initial sample: https://www.fscs.org.uk/
Source: chromecache_211.2.dr	Initial sample: https://www.retirementlivingstandards.org.uk/
Source: chromecache_211.2.dr	Initial sample: https://www.hl.co.uk/__data/assets/pdf_file/0005/20047505/2024-wpcc-illustrations-35.pdf
Source: chromecache_211.2.dr	Initial sample: https://www.hl.co.uk/__data/assets/pdf_file/0008/20047508/2024-wpcc-illustrations-17.pdf
Source: chromecache_211.2.dr	Initial sample: https://www.hl.co.uk/__data/assets/pdf_file/0003/20047503/2024-wpcc-illustrations-42.pdf
Source: chromecache_211.2.dr	Initial sample: https://www.hl.co.uk/__data/assets/pdf_file/0006/20047506/2024-wpcc-illustrations-30.pdf
Source: chromecache_211.2.dr	Initial sample: http://www.hl.co.uk/igc
Source: chromecache_211.2.dr	Initial sample: https://www.hl.co.uk/__data/assets/pdf_file/0004/20047522/2024-wpcc-illustrations-20.pdf
Source: chromecache_211.2.dr	Initial sample: https://www.moneyhelper.org.uk/en/pensions-and-retirement/pension-wise?source=pw

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\Downloads\d736c48d-d5f0-4e3b-a895-1108d53ac4fb.tmp

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-01 06-47-30-313.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2024,i,11346600625722737073,16332623496641183597,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://t3.service.hl.co.uk/r/?id=h33eb5959,aa246a3,aa298ce&e=dXRtX2NhbXBhaWduPUVPTDk2LUlHQ19tZW1iZXImdXRtX3NvdXJjZT1BZG9iZUNhbXBhaWduJnV0bV9tZWRpdW09ZW1haWwmdGhlU291cmNlPUVPTDk2JmVfY3RpPTUzNzYzNjcmZV9jdD1GJk92ZXJyaWRlPTE&s=NPQQQRi8c2SD9bjCqszMpXIxLAfmiAPvXAKV1zC8fWc"
Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\igc-report-2024.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1628,i,12773371779395078299,5747927069721577490,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2024,i,11346600625722737073,16332623496641183597,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1628,i,12773371779395078299,5747927069721577490,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\crash_reporter.cfg

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 211
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 211			Jump to dropped file

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

ID:	1523244
Product:	CloudBasic
Start time:	10:51:11
Start date:	01.10.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://t3.service.hl.co.uk/r/?id=h33eb5959,aa246a3,aa298ce&e=dXRtX2NhbXBhaWduPUVPTDk2LUlHQ19tZW1iZXImdXRtX3NvdXJjZT1BZG9iZUNhbXBhaWduJnV0bV9tZWRpdW09ZW1haWwmdGhlU291cmNlPUVPTDk2JmVfY3RpPTUzNzYzNjcmZV9jdD1GJk92ZXJyaWRlPTE&s=NPQQQRi8c2SD9bjCqszMpXIxLAfmiAPvXAKV1zC8fWc

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://t3.service.hl.co.uk/r/?id=h33eb5959,aa246a3,aa298ce&e=dXRtX2NhbXBhaWduPUVPTDk2LUlHQ19tZW1iZXImdXRtX3NvdXJjZT1BZG9iZUNhbXBhaWduJnV0bV9tZWRpdW09ZW1haWwmdGhlU291cmNlPUVPTDk2JmVfY3RpPTUzNzYzNjcmZV9jdD1GJk92ZXJyaWRlPTE&s=NPQQQRi8c2SD9bjCqszMpXIxLAfmiAPvXAKV1zC8fWc

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://t3.service.hl.co.uk/r/?id=h33eb5959,aa246a3,aa298ce&e=dXRtX2NhbXBhaWduPUVPTDk2LUlHQ19tZW1iZXImdXRtX3NvdXJjZT1BZG9iZUNhbXBhaWduJnV0bV9tZWRpdW09ZW1haWwmdGhlU291cmNlPUVPTDk2JmVfY3RpPTUzNzYzNjcmZV9jdD1GJk92ZXJyaWRlPTE&s=NPQQQRi8c2SD9bjCqszMpXIxLAfmiAPvXAKV1zC8fWc