Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Law Clerk to Michael Nanne and Brian DeLorenzi.pdf

Overview

General Information

Sample name:Law Clerk to Michael Nanne and Brian DeLorenzi.pdf
Analysis ID:1467858
MD5:a167796a70b1fb4a64ad4af83b1719eb
SHA1:681d7cea541073d6cd676243b0d90c436b42420f
SHA256:0109ea120cf30bd5a14ecde672ff9414f2f70c7af69f96b8a4cf96f4dad5b2d1
Infos:

Detection

Score:21
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

AI detected suspicious PDF
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 6860 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Law Clerk to Michael Nanne and Brian DeLorenzi.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 7176 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7364 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1652,i,10075469960472662905,2557708157109484843,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • chrome.exe (PID: 2104 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://saepe.cfd/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJXRjVkWHA0YmtkM1pXeGpWRU01U21WalFqYz0mdWlkPVVTRVIwMTA3MjAyNFVOSVFVRTAyMzIwNzAxNTYyMDI0MjAyNDA3MDEzMjAyNTY=N0123N%5bEMail%5d" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 7872 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2080,i,5781679661677650540,11246564449664468304,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: https://saepe.cfd/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJXRjVkWHA0YmtkM1pXeGpWRU01U21WalFqYz0mdWlkPVVTRVIwMTA3MjAyNFVOSVFVRTAyMzIwNzAxNTYyMDI0MjAyNDA3MDEzMjAyNTY=N0123N%5bEMail%5dHTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknownTCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknownTCP traffic detected without corresponding DNS query: 93.184.221.240
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=O3a7EFx9FVTyvKf&MD=l1h6Zfmk HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJXRjVkWHA0YmtkM1pXeGpWRU01U21WalFqYz0mdWlkPVVTRVIwMTA3MjAyNFVOSVFVRTAyMzIwNzAxNTYyMDI0MjAyNDA3MDEzMjAyNTY=N0123N%5bEMail%5d HTTP/1.1Host: saepe.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=O3a7EFx9FVTyvKf&MD=l1h6Zfmk HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: saepe.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://saepe.cfd/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJXRjVkWHA0YmtkM1pXeGpWRU01U21WalFqYz0mdWlkPVVTRVIwMTA3MjAyNFVOSVFVRTAyMzIwNzAxNTYyMDI0MjAyNDA3MDEzMjAyNTY=N0123N%5bEMail%5dAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: saepe.cfd
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
Source: unknownHTTP traffic detected: POST /report/v4?s=3jKHQugiKchX5NSWaTSgxhj%2FZPe5XSinU9qBTOcijOUmifK6w%2BOebWOVTnsu4aUNepZcZmlO1dLd7FND2w9Iz2mj4DnZaIN2spUnFMnMjnToVm8R3jsSN754PG0%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 533Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jul 2024 21:14:45 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: STALEAge: 29677Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kWGlpoksAPacqwrDeVNk7FUywuIvXkXy9%2Fl4Kpc7UsUI65fmkODq%2FbVxZi9Ema98%2FC%2BQO%2BZOpOySraEfIwEo7ghj5zK%2B1BY6iqL48zJjE2BaX5ZVbedd%2FtI4qBw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 89e21ff9987717b1-EWRalt-svc: h3=":443"; ma=86400
Source: E0F5C59F9FA661F6F4C50B87FEF3A15A0.1.drString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: Law Clerk to Michael Nanne and Brian DeLorenzi.pdfString found in binary or memory: https://lwdxc.ventgreh.com/41Y8pBq3/)
Source: Law Clerk to Michael Nanne and Brian DeLorenzi.pdfString found in binary or memory: https://saepe.cfd/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJXRjVkWHA0YmtkM1pXeGpWRU01U21WalFqYz0mdWlkPVVTRVIwMTA
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: classification engineClassification label: sus21.winPDF@40/50@6/5
Source: Law Clerk to Michael Nanne and Brian DeLorenzi.pdfInitial sample: https://saepe.cfd/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJXRjVkWHA0YmtkM1pXeGpWRU01U21WalFqYz0mdWlkPVVTRVIwMTA3MjAyNFVOSVFVRTAyMzIwNzAxNTYyMDI0MjAyNDA3MDEzMjAyNTY=N0123N%5bEMail%5d
Source: Law Clerk to Michael Nanne and Brian DeLorenzi.pdfInitial sample: https://lwdxc.ventgreh.com/41Y8pBq3/
Source: Law Clerk to Michael Nanne and Brian DeLorenzi.pdfInitial sample: https://saepe.cfd/m/?c3y9bzm2nv8xx25vbszyyw5kpvjxrjvkwha0ymtkm1pxegpwru01u21walfqyz0mdwlkpvvtrviwmta3mjaynfvosvfvrtaymziwnzaxntyymdi0mjaynda3mdezmjaynty=n0123n%5bemail%5d
Source: Law Clerk to Michael Nanne and Brian DeLorenzi.pdfInitial sample: https://lwdxc.ventgreh.com/41y8pbq3/
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-07-04 17-13-21-899.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Law Clerk to Michael Nanne and Brian DeLorenzi.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1652,i,10075469960472662905,2557708157109484843,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://saepe.cfd/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJXRjVkWHA0YmtkM1pXeGpWRU01U21WalFqYz0mdWlkPVVTRVIwMTA3MjAyNFVOSVFVRTAyMzIwNzAxNTYyMDI0MjAyNDA3MDEzMjAyNTY=N0123N%5bEMail%5d"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2080,i,5781679661677650540,11246564449664468304,262144 /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1652,i,10075469960472662905,2557708157109484843,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2080,i,5781679661677650540,11246564449664468304,262144 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Law Clerk to Michael Nanne and Brian DeLorenzi.pdfInitial sample: PDF keyword /JS count = 0
Source: Law Clerk to Michael Nanne and Brian DeLorenzi.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: A98bdu8r_1hw31f4_1jo.tmp.0.drInitial sample: PDF keyword /JS count = 0
Source: A98bdu8r_1hw31f4_1jo.tmp.0.drInitial sample: PDF keyword /JavaScript count = 0
Source: Law Clerk to Michael Nanne and Brian DeLorenzi.pdfInitial sample: PDF keyword stream count = 26
Source: Law Clerk to Michael Nanne and Brian DeLorenzi.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: Law Clerk to Michael Nanne and Brian DeLorenzi.pdfInitial sample: PDF keyword obj count = 71

Persistence and Installation Behavior

barindex
AI detected suspicious PDF
Source: PDF shotLLM: Score: 8 Reasons: The PDF document contains a visually prominent 'Open' button which could mislead the user into clicking on a potentially harmful link. The text 'This link is protected for your view only. Download to open the file' creates a sense of urgency and interest, encouraging the user to click the button. The document impersonates a well-known brand, Microsoft OneDrive, which adds to its credibility and potential to deceive. The sense of urgency in the text is directly connected to the prominent 'Open' button, increasing the risk of phishing or malware download.
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Spearphishing Link		Windows Management Instrumentation1
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://saepe.cfd/favicon.ico0%Avira URL Cloudsafe
https://saepe.cfd/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJXRjVkWHA0YmtkM1pXeGpWRU01U21WalFqYz0mdWlkPVVTRVIwMTA0%Avira URL Cloudsafe
https://lwdxc.ventgreh.com/41Y8pBq3/)0%Avira URL Cloudsafe
https://a.nel.cloudflare.com/report/v4?s=3jKHQugiKchX5NSWaTSgxhj%2FZPe5XSinU9qBTOcijOUmifK6w%2BOebWOVTnsu4aUNepZcZmlO1dLd7FND2w9Iz2mj4DnZaIN2spUnFMnMjnToVm8R3jsSN754PG0%3D0%Avira URL Cloudsafe
https://a.nel.cloudflare.com/report/v4?s=kWGlpoksAPacqwrDeVNk7FUywuIvXkXy9%2Fl4Kpc7UsUI65fmkODq%2FbVxZi9Ema98%2FC%2BQO%2BZOpOySraEfIwEo7ghj5zK%2B1BY6iqL48zJjE2BaX5ZVbedd%2FtI4qBw%3D0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		unknown
    a.nel.cloudflare.com
    		35.190.80.1
    		truefalse
      		unknown
      saepe.cfd
      		172.67.221.31
      		truefalse
        		unknown
        www.google.com
        		142.250.185.196
        		truefalse
          		unknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://saepe.cfd/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJXRjVkWHA0YmtkM1pXeGpWRU01U21WalFqYz0mdWlkPVVTRVIwMTA3MjAyNFVOSVFVRTAyMzIwNzAxNTYyMDI0MjAyNDA3MDEzMjAyNTY=N0123N%5bEMail%5dfalse
            		unknown
            https://a.nel.cloudflare.com/report/v4?s=3jKHQugiKchX5NSWaTSgxhj%2FZPe5XSinU9qBTOcijOUmifK6w%2BOebWOVTnsu4aUNepZcZmlO1dLd7FND2w9Iz2mj4DnZaIN2spUnFMnMjnToVm8R3jsSN754PG0%3Dfalse
            • Avira URL Cloud: safe
            		unknown
            https://saepe.cfd/favicon.icofalse
            • Avira URL Cloud: safe
            		unknown
            https://a.nel.cloudflare.com/report/v4?s=kWGlpoksAPacqwrDeVNk7FUywuIvXkXy9%2Fl4Kpc7UsUI65fmkODq%2FbVxZi9Ema98%2FC%2BQO%2BZOpOySraEfIwEo7ghj5zK%2B1BY6iqL48zJjE2BaX5ZVbedd%2FtI4qBw%3Dfalse
            • Avira URL Cloud: safe
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://lwdxc.ventgreh.com/41Y8pBq3/)Law Clerk to Michael Nanne and Brian DeLorenzi.pdffalse
            • Avira URL Cloud: safe
            		unknown
            https://saepe.cfd/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJXRjVkWHA0YmtkM1pXeGpWRU01U21WalFqYz0mdWlkPVVTRVIwMTALaw Clerk to Michael Nanne and Brian DeLorenzi.pdffalse
            • Avira URL Cloud: safe
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            172.67.221.31
            		saepe.cfdUnited States
            		13335CLOUDFLARENETUSfalse
            239.255.255.250
            		unknownReserved
            		unknownunknownfalse
            142.250.185.196
            		www.google.comUnited States
            		15169GOOGLEUSfalse
            35.190.80.1
            		a.nel.cloudflare.comUnited States
            		15169GOOGLEUSfalse

            Private

            IP
            192.168.2.4

            General Information

            Joe Sandbox version:40.0.0 Tourmaline
            Analysis ID:1467858
            Start date and time:2024-07-04 23:12:31 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 5m 19s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:defaultwindowspdfcookbook.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:13
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:Law Clerk to Michael Nanne and Brian DeLorenzi.pdf
            Detection:SUS
            Classification:sus21.winPDF@40/50@6/5
            Cookbook Comments:
            • Found application associated with file extension: .pdf
            • Found PDF document
            • Close Viewer

            Warnings

            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
            • Excluded IPs from analysis (whitelisted): 184.28.88.176, 52.22.41.97, 3.219.243.226, 52.6.155.20, 3.233.129.217, 2.19.126.149, 2.19.126.143, 162.159.61.3, 172.64.41.3, 2.16.241.15, 2.16.241.13, 2.18.96.131, 199.232.210.172, 192.229.221.95, 142.250.186.131, 172.217.18.14, 142.250.110.84, 34.104.35.123, 142.250.185.74, 216.58.212.170, 142.250.185.202, 216.58.212.138, 216.58.206.42, 142.250.186.170, 142.250.185.106, 142.250.181.234, 142.250.185.234, 142.250.184.234, 172.217.23.106, 142.250.186.42, 142.250.185.138, 142.250.185.170, 216.58.206.74, 142.250.186.74, 172.217.18.3, 142.250.186.35, 142.250.185.238
            • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, slscr.update.microsoft.com, e4578.dscb.akamaiedge.net, clientservices.googleapis.com, acroipm2.adobe.com, a1952.dscq.akamai.net, clients2.google.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, www.gstatic.com, apps.identrust.com, wu-b-net.trafficmanager.net, optimizationguide-pa.googleapis.com, clients1.google.com, fs.microsoft.com, identrust.edgesuite.net, accounts.google.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, armmf.adobe.com, edgedl.me.gvt1.com, clients.l.google.com, geo2.adobe.com
            • Not all processes where analyzed, report is missing behavior information
            • Report size getting too big, too many NtSetInformationFile calls found.
            • VT rate limit hit for: Law Clerk to Michael Nanne and Brian DeLorenzi.pdf

            Simulations

            Behavior and APIs

            TimeTypeDescription
            17:13:32API Interceptor2x Sleep call for process: AcroCEF.exe modified

            LLM Input / Output

            InputOutput
            URL: PDF Model: gpt-4o
            ```json{  "riskscore": 8,  "reasons": "The PDF document contains a visually prominent 'Open' button which could mislead the user into clicking on a potentially harmful link. The text 'This link is protected for your view only. Download to open the file' creates a sense of urgency and interest, encouraging the user to click the button. The document impersonates a well-known brand, Microsoft OneDrive, which adds to its credibility and potential to deceive. The sense of urgency in the text is directly connected to the prominent 'Open' button, increasing the risk of phishing or malware download."}

            Joe Sandbox View / Context

            IPs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            172.67.221.31https://www.bing.com/ck/a?!&&p=850bd6cd427a19cdJmltdHM9MTY4NjA5NjAwMCZpZ3VpZD0xNTQ1NWMwOS1iMjE5LTYwZTEtM2RhMi00ZWNiYjNkOTYxOTEmaW5zaWQ9NTI2MQ&ptn=3&hsh=3&fclid=15455c09-b219-60e1-3da2-4ecbb3d96191&u=a1aHR0cHM6Ly9wbmNjLm9yZy5ucC9pbnRlcm5hdGlvbmFsLXBhcnRuZXJzLw#YWRvbGZvLm1vbGVyb0BqdW50YWRlYW5kYWx1Y2lhLmVzGet hashmaliciousHTMLPhisherBrowse
              https://www.bing.com/ck/a?!&&p=850bd6cd427a19cdJmltdHM9MTY4NjA5NjAwMCZpZ3VpZD0xNTQ1NWMwOS1iMjE5LTYwZTEtM2RhMi00ZWNiYjNkOTYxOTEmaW5zaWQ9NTI2MQ&ptn=3&hsh=3&fclid=15455c09-b219-60e1-3da2-4ecbb3d96191&u=a1aHR0cHM6Ly9wbmNjLm9yZy5ucC9pbnRlcm5hdGlvbmFsLXBhcnRuZXJzLw#amx1aXMudG9ycmVzQGp1bnRhZGVhbmRhbHVjaWEuZXM=Get hashmaliciousHTMLPhisherBrowse
                239.255.255.250http://ygi235na1ffvmwkacq8ua9qd046vulia.oastify.comGet hashmaliciousUnknownBrowse
                  file.exeGet hashmaliciousAmadey, Mars Stealer, Stealc, VidarBrowse
                    file.exeGet hashmaliciousUnknownBrowse
                      https://www.google.com/url?q=https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.html&sa=D&source=editors&ust=1720118061448441&usg=AOvVaw1WUHTIwDQHQCe4Um2Fp0tGGet hashmaliciousHTMLPhisherBrowse
                        https://1drv.ms/b/c/76a2f2769a0f2d92/EVBBlcPr69hPlwB4teIJkR8BhOEwtE3haDg1sSdukRfZrw?e=geYoLrGet hashmaliciousHTMLPhisherBrowse
                          https://1drv.ms/b/c/76a2f2769a0f2d92/EVBBlcPr69hPlwB4teIJkR8BhOEwtE3haDg1sSdukRfZrw?e=geYoLrGet hashmaliciousHTMLPhisherBrowse
                            xJwSq336bs.pdfGet hashmaliciousUnknownBrowse
                              file.exeGet hashmaliciousAmadey, Mars Stealer, Stealc, VidarBrowse
                                file.exeGet hashmaliciousUnknownBrowse
                                  https://chorbie.com/services/Get hashmaliciousUnknownBrowse

                                    Domains

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    bg.microsoft.map.fastly.nethttp://ygi235na1ffvmwkacq8ua9qd046vulia.oastify.comGet hashmaliciousUnknownBrowse
                                    • 199.232.210.172
                                    http://79.141.36.131Get hashmaliciousUnknownBrowse
                                    • 199.232.214.172
                                    SOA-Al Daleel.exeGet hashmaliciousAgentTeslaBrowse
                                    • 199.232.214.172
                                    file.exeGet hashmaliciousClipboard Hijacker, PureLog Stealer, RisePro Stealer, zgRATBrowse
                                    • 199.232.210.172
                                    Leaked.exeGet hashmaliciousXWormBrowse
                                    • 199.232.210.172
                                    http://circulaires.infoGet hashmaliciousUnknownBrowse
                                    • 199.232.214.172
                                    SecuriteInfo.com.Win32.MalwareX-gen.20684.5190.exeGet hashmaliciousAgentTeslaBrowse
                                    • 199.232.210.172
                                    https://vi-822.pages.dev/robots.txtGet hashmaliciousHTMLPhisherBrowse
                                    • 199.232.210.172
                                    https://truecommerceedi-my.sharepoint.com/:o:/g/personal/doug_linek_truecommerce_com/EiyWH-QHx4BNkzCWTtkFfUIB_LOEdcSk9TIJqvvJ9XzR1g?e=5*3afRyHim&at=9__;JQ!!OKzgfr8!eRInWK3-pMetXEotUTlHeRL-kpHfDqqm_UrakLHbmUfqMhfbmxWKXtEdjpydW76gr1OuCloOoBK5CAxEBpCwr50Heacl$Get hashmaliciousHTMLPhisherBrowse
                                    • 199.232.214.172
                                    13334c17-0dbd-4b95-8089-8c7deb9440fa.emlGet hashmaliciousUnknownBrowse
                                    • 199.232.210.172

                                    ASNs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    CLOUDFLARENETUShttps://www.google.com/url?q=https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.html&sa=D&source=editors&ust=1720118061448441&usg=AOvVaw1WUHTIwDQHQCe4Um2Fp0tGGet hashmaliciousHTMLPhisherBrowse
                                    • 104.17.25.14
                                    am.exeGet hashmaliciousAmadeyBrowse
                                    • 172.67.208.139
                                    qeUaxJCA3FO.exeGet hashmaliciousLummaCBrowse
                                    • 104.21.27.50
                                    OVER DUE INVOICE PAYMENT.docx.docGet hashmaliciousSnake KeyloggerBrowse
                                    • 188.114.96.3
                                    https://1drv.ms/b/c/76a2f2769a0f2d92/EVBBlcPr69hPlwB4teIJkR8BhOEwtE3haDg1sSdukRfZrw?e=geYoLrGet hashmaliciousHTMLPhisherBrowse
                                    • 1.1.1.1
                                    https://1drv.ms/b/c/76a2f2769a0f2d92/EVBBlcPr69hPlwB4teIJkR8BhOEwtE3haDg1sSdukRfZrw?e=geYoLrGet hashmaliciousHTMLPhisherBrowse
                                    • 1.1.1.1
                                    file.exeGet hashmaliciousLummaC, SmokeLoaderBrowse
                                    • 104.21.45.251
                                    xJwSq336bs.pdfGet hashmaliciousUnknownBrowse
                                    • 104.17.25.14
                                    https://chorbie.com/services/Get hashmaliciousUnknownBrowse
                                    • 188.114.96.3
                                    https://share.mindmanager.com/#publish/mnPTcUqLfLnU6HRHMb6xC3qXYGZYU6tmBtOy3sS6Get hashmaliciousHTMLPhisherBrowse
                                    • 104.17.25.14

                                    JA3 Fingerprints

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    28a2c9bd18a11de089ef85a160da29e4http://ygi235na1ffvmwkacq8ua9qd046vulia.oastify.comGet hashmaliciousUnknownBrowse
                                    • 13.85.23.86
                                    • 184.28.90.27
                                    file.exeGet hashmaliciousAmadey, Mars Stealer, Stealc, VidarBrowse
                                    • 13.85.23.86
                                    • 184.28.90.27
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 13.85.23.86
                                    • 184.28.90.27
                                    xJwSq336bs.pdfGet hashmaliciousUnknownBrowse
                                    • 13.85.23.86
                                    • 184.28.90.27
                                    file.exeGet hashmaliciousAmadey, Mars Stealer, Stealc, VidarBrowse
                                    • 13.85.23.86
                                    • 184.28.90.27
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 13.85.23.86
                                    • 184.28.90.27
                                    https://chorbie.com/services/Get hashmaliciousUnknownBrowse
                                    • 13.85.23.86
                                    • 184.28.90.27
                                    http://79.141.36.131Get hashmaliciousUnknownBrowse
                                    • 13.85.23.86
                                    • 184.28.90.27
                                    hANEXOPDF.PDF40 234057.msiGet hashmaliciousUnknownBrowse
                                    • 13.85.23.86
                                    • 184.28.90.27
                                    Invoice - 06736833774062515586349558087774116555577037575401 - Daiichi-sankyo.pdfGet hashmaliciousHTMLPhisherBrowse
                                    • 13.85.23.86
                                    • 184.28.90.27

                                    Dropped Files

                                    No context

                                    Created / dropped Files

                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                    File Type:ASCII text
                                    Category:dropped
                                    Size (bytes):292
                                    Entropy (8bit):5.212788404363134
                                    Encrypted:false
                                    SSDEEP:6:BOX/cq2Pwkn2nKuAl9OmbnIFUt84OXQ8ZZmw+4OXQ8zkwOwkn2nKuAl9OmbjLJ:EPcvYfHAahFUt81x/+1r5JfHAaSJ
                                    MD5:A05F06575E30782E097D7970999A545E
                                    SHA1:49E72ED9824596F467E6528BE6312DF68A4BC798
                                    SHA-256:8D3B39B082EF99FB4969567B8D694A61968DE43990108B98A7EA84C37C9DD0D3
                                    SHA-512:70018A911DCE8E13EA23F71B338675E6F9E6F4189FC9E58B10ACFFE80603603D189F6AE3457744157FB640CCFEE609A8411107118C92F16E9DD795A2F1EF86CD
                                    Malicious:false
                                    Reputation:low
                                    Preview:2024/07/04-17:13:19.623 1c24 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/07/04-17:13:19.627 1c24 Recovering log #3.2024/07/04-17:13:19.627 1c24 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                    File Type:ASCII text
                                    Category:dropped
                                    Size (bytes):292
                                    Entropy (8bit):5.212788404363134
                                    Encrypted:false
                                    SSDEEP:6:BOX/cq2Pwkn2nKuAl9OmbnIFUt84OXQ8ZZmw+4OXQ8zkwOwkn2nKuAl9OmbjLJ:EPcvYfHAahFUt81x/+1r5JfHAaSJ
                                    MD5:A05F06575E30782E097D7970999A545E
                                    SHA1:49E72ED9824596F467E6528BE6312DF68A4BC798
                                    SHA-256:8D3B39B082EF99FB4969567B8D694A61968DE43990108B98A7EA84C37C9DD0D3
                                    SHA-512:70018A911DCE8E13EA23F71B338675E6F9E6F4189FC9E58B10ACFFE80603603D189F6AE3457744157FB640CCFEE609A8411107118C92F16E9DD795A2F1EF86CD
                                    Malicious:false
                                    Reputation:low
                                    Preview:2024/07/04-17:13:19.623 1c24 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/07/04-17:13:19.627 1c24 Recovering log #3.2024/07/04-17:13:19.627 1c24 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                    File Type:ASCII text
                                    Category:dropped
                                    Size (bytes):336
                                    Entropy (8bit):5.174455503059571
                                    Encrypted:false
                                    SSDEEP:6:BOXfDM+q2Pwkn2nKuAl9Ombzo2jMGIFUt84OXKVgZmw+4OX/pDMVkwOwkn2nKuAv:ErM+vYfHAa8uFUt81X/+1vpMV5JfHAaU
                                    MD5:92C203D49206C8CD28C2E90370F2D1F5
                                    SHA1:40A104FF4BCAAABA7F51F791A61DE8A8F0606FFD
                                    SHA-256:FA85B87B5DB1989CEE5FE21CDD1827958F9F3165388ACDF385AC9FB74872DD94
                                    SHA-512:9807ECD3B25F5C1AEF80BFBF538F781A57F5441BF38D7EFFA59845F88DD6D4AD0567250957458B8B2CE4677B5F41E7B2E13D13DC22CA87A86AAC469538EE643C
                                    Malicious:false
                                    Reputation:low
                                    Preview:2024/07/04-17:13:19.742 1cfc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/07/04-17:13:19.743 1cfc Recovering log #3.2024/07/04-17:13:19.744 1cfc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                    File Type:ASCII text
                                    Category:dropped
                                    Size (bytes):336
                                    Entropy (8bit):5.174455503059571
                                    Encrypted:false
                                    SSDEEP:6:BOXfDM+q2Pwkn2nKuAl9Ombzo2jMGIFUt84OXKVgZmw+4OX/pDMVkwOwkn2nKuAv:ErM+vYfHAa8uFUt81X/+1vpMV5JfHAaU
                                    MD5:92C203D49206C8CD28C2E90370F2D1F5
                                    SHA1:40A104FF4BCAAABA7F51F791A61DE8A8F0606FFD
                                    SHA-256:FA85B87B5DB1989CEE5FE21CDD1827958F9F3165388ACDF385AC9FB74872DD94
                                    SHA-512:9807ECD3B25F5C1AEF80BFBF538F781A57F5441BF38D7EFFA59845F88DD6D4AD0567250957458B8B2CE4677B5F41E7B2E13D13DC22CA87A86AAC469538EE643C
                                    Malicious:false
                                    Reputation:low
                                    Preview:2024/07/04-17:13:19.742 1cfc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/07/04-17:13:19.743 1cfc Recovering log #3.2024/07/04-17:13:19.744 1cfc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\78f6864a-9214-470d-9b3d-dd0c9e773f60.tmp

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                    File Type:JSON data
                                    Category:modified
                                    Size (bytes):475
                                    Entropy (8bit):4.972695042269216
                                    Encrypted:false
                                    SSDEEP:12:YH/um3RA8sqwVShsBdOg2HZOWZcaq3QYiubInP7E4T3y:Y2sRds3UydMHZ5g3QYhbG7nby
                                    MD5:C53F302898238806C322104AB2AFE651
                                    SHA1:7BA6543520696E6D649936FDEC708229A65CCB71
                                    SHA-256:5B8C0E1965DBE64422F2EF279867D5EC7C19AE838DD8BB38080F5C8460AFABA6
                                    SHA-512:F3334B5AB0B689294188FA36C1DC0C2237EC6622ACCE578F30ABAEFBD956AC362D3867AC9D8C1D2FE8237092176094281510853E85C9EF1BB572C3789428D22A
                                    Malicious:false
                                    Reputation:low
                                    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13364687605494906","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":159512},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):475
                                    Entropy (8bit):4.972695042269216
                                    Encrypted:false
                                    SSDEEP:12:YH/um3RA8sqwVShsBdOg2HZOWZcaq3QYiubInP7E4T3y:Y2sRds3UydMHZ5g3QYhbG7nby
                                    MD5:C53F302898238806C322104AB2AFE651
                                    SHA1:7BA6543520696E6D649936FDEC708229A65CCB71
                                    SHA-256:5B8C0E1965DBE64422F2EF279867D5EC7C19AE838DD8BB38080F5C8460AFABA6
                                    SHA-512:F3334B5AB0B689294188FA36C1DC0C2237EC6622ACCE578F30ABAEFBD956AC362D3867AC9D8C1D2FE8237092176094281510853E85C9EF1BB572C3789428D22A
                                    Malicious:false
                                    Reputation:low
                                    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13364687605494906","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":159512},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):4730
                                    Entropy (8bit):5.256492612553144
                                    Encrypted:false
                                    SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7LSvzuQlEplcz/Z:etJCV4FiN/jTN/2r8Mta02fEhgO73go+
                                    MD5:D70794712D5EB0EA46E85EB74DDD0260
                                    SHA1:513E47F7D8F0C9EBFAE1F5E398C0409524058D9A
                                    SHA-256:0050355B49CC4B8645935E052E9F36973279BA0A2E056B9448602D96942E4DA2
                                    SHA-512:35A39C4B96CDB777BD46AAB14A6B43C61A88738BCFB0429DE8BC2B7C44A919D38F3B64A5B2E0240934D7CB8F3E8394E8B13007C7218126B3523FF657CDE750AF
                                    Malicious:false
                                    Reputation:low
                                    Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                    File Type:ASCII text
                                    Category:dropped
                                    Size (bytes):324
                                    Entropy (8bit):5.231351940621203
                                    Encrypted:false
                                    SSDEEP:6:BOXvVDM+q2Pwkn2nKuAl9OmbzNMxIFUt84OXUJtgZmw+4OXUJtDMVkwOwkn2nKuP:Ef9M+vYfHAa8jFUt81sq/+1s1MV5JfHP
                                    MD5:F9567C7279009774E6AA957662F5EF2A
                                    SHA1:44C686CF7C46C5E6BDB2E19DB3695CA0457CC4A7
                                    SHA-256:74C4211612038DD7ABF0A7BD5A142A5EC4AD753C59BFEB4C7C78C52B74CA71ED
                                    SHA-512:03F79B31357A9AA6CB32D2FCBA994A8443E2226855A06F7FD8E02561782EA56361F7C7A96C2C4D53F03D0C93A52E1D2D70A4CBD2649B9427B9684AFDFE7FDD79
                                    Malicious:false
                                    Reputation:low
                                    Preview:2024/07/04-17:13:19.894 1cfc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/07/04-17:13:19.895 1cfc Recovering log #3.2024/07/04-17:13:19.895 1cfc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                    File Type:ASCII text
                                    Category:dropped
                                    Size (bytes):324
                                    Entropy (8bit):5.231351940621203
                                    Encrypted:false
                                    SSDEEP:6:BOXvVDM+q2Pwkn2nKuAl9OmbzNMxIFUt84OXUJtgZmw+4OXUJtDMVkwOwkn2nKuP:Ef9M+vYfHAa8jFUt81sq/+1s1MV5JfHP
                                    MD5:F9567C7279009774E6AA957662F5EF2A
                                    SHA1:44C686CF7C46C5E6BDB2E19DB3695CA0457CC4A7
                                    SHA-256:74C4211612038DD7ABF0A7BD5A142A5EC4AD753C59BFEB4C7C78C52B74CA71ED
                                    SHA-512:03F79B31357A9AA6CB32D2FCBA994A8443E2226855A06F7FD8E02561782EA56361F7C7A96C2C4D53F03D0C93A52E1D2D70A4CBD2649B9427B9684AFDFE7FDD79
                                    Malicious:false
                                    Reputation:low
                                    Preview:2024/07/04-17:13:19.894 1cfc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/07/04-17:13:19.895 1cfc Recovering log #3.2024/07/04-17:13:19.895 1cfc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240704211323Z-153.bmp

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
                                    Category:dropped
                                    Size (bytes):71190
                                    Entropy (8bit):1.4723945346608638
                                    Encrypted:false
                                    SSDEEP:96:e2rzhRRRtRt2bXqg+On0LfLoLYL9P7N4iU0GVEwkXZcCpbT2QbXZMjsfVzB7/8DQ:e2rdRRRtRt2bXq7DcM9PeiUhKBXtGvyV
                                    MD5:727861E3077CBB9985A236B121AEA9ED
                                    SHA1:D6B3A2EF6EB06B17DD6A78D032F327926A9DAAA9
                                    SHA-256:5E38F028504811A6130965136FA5E0610B0B6B37F7139ABDD0D2976B5C86F2D5
                                    SHA-512:6F612ABBBB8C2569265A5475EC39AE81DD1ADA22613ACB9D090519EF9FEF9C74F1458F13947C422A05074F452A63F694F995A6C2A404E2FDF275E882301EF6F6
                                    Malicious:false
                                    Reputation:low
                                    Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                                    Category:dropped
                                    Size (bytes):86016
                                    Entropy (8bit):4.444964264481681
                                    Encrypted:false
                                    SSDEEP:384:yezci5t+iBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rRs3OazzU89UTTgUL
                                    MD5:994164FAC225E38E4E269FE1715F9FB0
                                    SHA1:C7A5659A2BD1DB07B8AF391C7F078F3EFDC1C87E
                                    SHA-256:4A167A25FECD041A0E739C0A73EE384C0AB25D191A137A61C4D2ADD6EFB6B121
                                    SHA-512:F06D48BAE7F386237E05070D647AC40BDDC852B28CC9E6D643B85FF7B5E5F8D82551EC5A3A8CFE1507FF77B10206E0B8EA5861BDA5B14456778129DE2425D244
                                    Malicious:false
                                    Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:SQLite Rollback Journal
                                    Category:dropped
                                    Size (bytes):8720
                                    Entropy (8bit):3.7730417174245665
                                    Encrypted:false
                                    SSDEEP:48:7MIp/E2ioyVrioy9oWoy1Cwoy1nKOioy1noy1AYoy1Wioy1hioybioyLoy1noy1K:7npjurF6XKQCyb9IVXEBodRBkh
                                    MD5:EA810FDACA87C13BD0766C26C5D11CF1
                                    SHA1:237C9953B5E6C31403BA92758F6ADF45E9758CD1
                                    SHA-256:592C01946A639D0A42380EFDCE2EBD529506538EC1D0ABADA9619944A81C06D9
                                    SHA-512:51A03AD393EF63CC148DAEE2E0E0DC98567E99C3F6025DFD8CDFD854AD59B8507C8939B5CB6EA7E888677D7D7CE8F1A8279668D03D283E51AFC3E26BC9BABFD3
                                    Malicious:false
                                    Preview:.... .c......V.M...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                    File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                    Category:dropped
                                    Size (bytes):71954
                                    Entropy (8bit):7.996617769952133
                                    Encrypted:true
                                    SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                    MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                    SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                    SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                    SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                    Malicious:false
                                    Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):893
                                    Entropy (8bit):7.366016576663508
                                    Encrypted:false
                                    SSDEEP:24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
                                    MD5:D4AE187B4574036C2D76B6DF8A8C1A30
                                    SHA1:B06F409FA14BAB33CBAF4A37811B8740B624D9E5
                                    SHA-256:A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
                                    SHA-512:1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C
                                    Malicious:false
                                    Preview:0..y..*.H.........j0..f...1.0...*.H.........N0..J0..2.......D....'..09...@k0...*.H........0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30...000930211219Z..210930140115Z0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30.."0...*.H.............0..........P..W..be......,k0.[...}.@......3vI*.?!I..N..>H.e...!.e.*.2....w..{........s.z..2..~..0....*8.y.1.P..e.Qc...a.Ka..Rk...K.(.H......>.... .[.*....p....%.tr.{j.4.0...h.{T....Z...=d.....Ap..r.&.8U9C....\@........%.......:..n.>..\..<.i....*.)W..=....]......B0@0...U.......0....0...U...........0...U.........{,q...K.u...`...0...*.H...............,...\...(f7:...?K.... ]..YD.>.>..K.t.....t..~.....K. D....}..j.....N..:.pI...........:^H...X._..Z.....Y..n......f3.Y[...sG.+..7H..VK....r2...D.SrmC.&H.Rg.X..gvqx...V..9$1....Z0G..P.......dc`........}...=2.e..|.Wv..(9..e...w.j..w.......)...55.1.

                                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                    File Type:data
                                    Category:modified
                                    Size (bytes):328
                                    Entropy (8bit):3.2478978672539016
                                    Encrypted:false
                                    SSDEEP:6:kK3D9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:SDImsLNkPlE99SNxAhUe/3
                                    MD5:E179A715DDF59610BDABA06D2EF3F1BC
                                    SHA1:81B2C4DB601FFC69DA650382CC4201E9366CDA8D
                                    SHA-256:E982A880FF2A1E77C48030D55F86FD6CFB7712527B05E03D55D577B9D91AECBC
                                    SHA-512:0F094A438E17B9D5381C019CF7962F26F30F96BEE538AEFC8B6BEF6F9F73B9D0EA39C67EAE3C1E7DA1FA9BC47DF0B693C4F128943C985CAD270C752C49BDFE4A
                                    Malicious:false
                                    Preview:p...... ........g...W...(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):252
                                    Entropy (8bit):3.0264678871426307
                                    Encrypted:false
                                    SSDEEP:3:kkFklrVfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7lnklG3:kKUxliBAIdQZV7I7kc3
                                    MD5:FABDE71E1F3CE5584D1ED866BD8D2DA1
                                    SHA1:0CA0F7C46CF62C28399D3350CC4A3CBABA6F2CF3
                                    SHA-256:50A8267DB5F33681F95283436D041B3272BD051E9D4E22415A7D0A827CF59359
                                    SHA-512:AF6FBF7CB87F6D948D4C994283EF99C45212FB882088831483BFAED6E3AD7927CAB411BFA43654677128727ABF3856701E1342C7863E0487475E542EF9D6FE6B
                                    Malicious:false
                                    Preview:p...... ....`...#.W.W...(....................................................... ........!.M........(...........}...h.t.t.p.:././.a.p.p.s...i.d.e.n.t.r.u.s.t...c.o.m./.r.o.o.t.s./.d.s.t.r.o.o.t.c.a.x.3...p.7.c...".3.7.d.-.6.0.7.9.b.8.c.0.9.2.9.c.0."...

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.2004

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:PostScript document text
                                    Category:dropped
                                    Size (bytes):185099
                                    Entropy (8bit):5.182478651346149
                                    Encrypted:false
                                    SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                                    MD5:94185C5850C26B3C6FC24ABC385CDA58
                                    SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                                    SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                                    SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                                    Malicious:false
                                    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:PostScript document text
                                    Category:dropped
                                    Size (bytes):185099
                                    Entropy (8bit):5.182478651346149
                                    Encrypted:false
                                    SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                                    MD5:94185C5850C26B3C6FC24ABC385CDA58
                                    SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                                    SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                                    SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                                    Malicious:false
                                    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):243196
                                    Entropy (8bit):3.3450692389394283
                                    Encrypted:false
                                    SSDEEP:1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
                                    MD5:F5567C4FF4AB049B696D3BE0DD72A793
                                    SHA1:EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
                                    SHA-256:D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
                                    SHA-512:E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
                                    Malicious:false
                                    Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):295
                                    Entropy (8bit):5.365871332849474
                                    Encrypted:false
                                    SSDEEP:6:YEQXJ2HXk4UVoZcg1vRcR0YOGT/eoAvJM3g98kUwPeUkwRe9:YvXKXk2Zc0vgNGMbLUkee9
                                    MD5:AA837EC8FA6E804895B4643D60F7AF53
                                    SHA1:F1D03F03DE71192B102DE0A911C3657A24A7466B
                                    SHA-256:58A4E62E913AB05A6B208CF2ADF61AD929B07748E6B1CCB622187AB9C8A9077F
                                    SHA-512:02520C4D6C6D9390BEF5A4E2B66E6E6784101EDD1497FAA7D2CA3BD4EE2DFA692905C9108969FF422904CF8BCAF0A6D5952096F9AA2C6DEA0F468671B118784A
                                    Malicious:false
                                    Preview:{"analyticsData":{"responseGUID":"dc75a027-67c5-4f3b-825c-fa697e8319e0","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1720303405628,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):294
                                    Entropy (8bit):5.314113202598185
                                    Encrypted:false
                                    SSDEEP:6:YEQXJ2HXk4UVoZcg1vRcR0YOGT/eoAvJfBoTfXpnrPeUkwRe9:YvXKXk2Zc0vgNGWTfXcUkee9
                                    MD5:B813AD3337867F2CE2C6AAF07906C76B
                                    SHA1:944AB591F7AB3C2766EAC56EEE400ADF4EA39F85
                                    SHA-256:A25D464B2C72E97A3DBC1F2368D2779E95A9DE2A00BBC45914894126D683E7E1
                                    SHA-512:EE91B2EAA562031DBD55E9A66016056C5764AFD29830666256A833171230B4140B2B399BBEAAF15DC17CE4FFF844A2953CE4ACFF2EDDA22C5DEDD27CFFBC4297
                                    Malicious:false
                                    Preview:{"analyticsData":{"responseGUID":"dc75a027-67c5-4f3b-825c-fa697e8319e0","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1720303405628,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):294
                                    Entropy (8bit):5.292252117343453
                                    Encrypted:false
                                    SSDEEP:6:YEQXJ2HXk4UVoZcg1vRcR0YOGT/eoAvJfBD2G6UpnrPeUkwRe9:YvXKXk2Zc0vgNGR22cUkee9
                                    MD5:6AE6780D9097393031F2DA92D4B60129
                                    SHA1:50FB7003D89357400F5DDB009BEE2714D57661A6
                                    SHA-256:5A688A8E62CDC36B655EA882A11CBD9372A2CA91E64DCC2C4513B3EE464AB7F0
                                    SHA-512:E69D8B94814F95A4599ED8FF125E7F60A73B5A699DC1860CCAE9567A750411001C1C30315AC10BE8E7DD01A8CA311A760E30BFA7CE2F6E0E208577B7856F89E9
                                    Malicious:false
                                    Preview:{"analyticsData":{"responseGUID":"dc75a027-67c5-4f3b-825c-fa697e8319e0","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1720303405628,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):285
                                    Entropy (8bit):5.352969837168573
                                    Encrypted:false
                                    SSDEEP:6:YEQXJ2HXk4UVoZcg1vRcR0YOGT/eoAvJfPmwrPeUkwRe9:YvXKXk2Zc0vgNGH56Ukee9
                                    MD5:1A9C42EFAEE3536AB0F3A3C0608648FA
                                    SHA1:BC40E45A85213FD69CD20CB763933D4DD4C75853
                                    SHA-256:A14748D481E53CBE7A1CEE9DF92EBE4D286E6B7841367A277A1EB50D7EE5D51E
                                    SHA-512:C03526A6749875811AC53E4EE2A26733E8A25C9D0266EA145A6F0E919B5BF78CEBE5BC60A0D701DACCF3AC9995A9863764B6D06B19F24FA2C8DF666B1FF3214C
                                    Malicious:false
                                    Preview:{"analyticsData":{"responseGUID":"dc75a027-67c5-4f3b-825c-fa697e8319e0","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1720303405628,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):292
                                    Entropy (8bit):5.31302479993102
                                    Encrypted:false
                                    SSDEEP:6:YEQXJ2HXk4UVoZcg1vRcR0YOGT/eoAvJfJWCtMdPeUkwRe9:YvXKXk2Zc0vgNGBS8Ukee9
                                    MD5:9CC18B8C83E3C65BD5A9B70B18B5DBA8
                                    SHA1:655156A6369FB44C434F546087716B76865BCBA4
                                    SHA-256:4C2A1E3BFD34A0441FF8E342BA868C767D039E4175EC16909F76707C3FEED099
                                    SHA-512:5CCB33073402644FC99F4822F7D0A558540D9B43F99E95606A9AE64C3C163C49A6806C4457DAE79BD162E8D8FC8BF60408A1E15C97097DE31344CDC6D764AA64
                                    Malicious:false
                                    Preview:{"analyticsData":{"responseGUID":"dc75a027-67c5-4f3b-825c-fa697e8319e0","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1720303405628,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):289
                                    Entropy (8bit):5.299488175962244
                                    Encrypted:false
                                    SSDEEP:6:YEQXJ2HXk4UVoZcg1vRcR0YOGT/eoAvJf8dPeUkwRe9:YvXKXk2Zc0vgNGU8Ukee9
                                    MD5:E5B5F7048FB2232E9F8AC25B68D5FE5C
                                    SHA1:38B676362F412867FFA11A8B1CBCC035CD0B0F87
                                    SHA-256:409A87952C0749298819EF9EC3EC5550200810B0D0BF86AAFADA9001615C7BC3
                                    SHA-512:D87F6BA66043647BA51E810BF03B4B842009EE4247B23A37E1921D21252BCF409E569FC0C7DD6992EDC71ABAD6335906B333880AB7167A5CC4DA6AE1BF3BFEC7
                                    Malicious:false
                                    Preview:{"analyticsData":{"responseGUID":"dc75a027-67c5-4f3b-825c-fa697e8319e0","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1720303405628,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):292
                                    Entropy (8bit):5.30339407005272
                                    Encrypted:false
                                    SSDEEP:6:YEQXJ2HXk4UVoZcg1vRcR0YOGT/eoAvJfQ1rPeUkwRe9:YvXKXk2Zc0vgNGY16Ukee9
                                    MD5:FC3C54C01C30EEA57CAB9D4A5F8ED30B
                                    SHA1:2EFA23BB4C6AB86AF9FF4EFA9F8CEA673E90CFED
                                    SHA-256:D75984B832480F88A2CD839160ABE405EAA07BBCDAD202408C4A1A25EB6E0409
                                    SHA-512:C9514DA2CEB87AEC94E6A00EFFFB82C659D7502923111858E0DAB4D6528BC9DC4BADD192CDC38A5DCD6D9F6972F18A5BB6FCEAEED131EC954F8E8C093855CAC3
                                    Malicious:false
                                    Preview:{"analyticsData":{"responseGUID":"dc75a027-67c5-4f3b-825c-fa697e8319e0","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1720303405628,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):289
                                    Entropy (8bit):5.310250877330935
                                    Encrypted:false
                                    SSDEEP:6:YEQXJ2HXk4UVoZcg1vRcR0YOGT/eoAvJfFldPeUkwRe9:YvXKXk2Zc0vgNGz8Ukee9
                                    MD5:EFC9554F05B5930357DE8C6D7E04D9C4
                                    SHA1:37A305ED31604FA2C38BD6A6378D5E58CDE9A76F
                                    SHA-256:26BAB0A7F98DB7D8D3C6F0807C2E9ECA9BF91BDC813A95DAFF2D9F796332AE98
                                    SHA-512:9A4971D367577F2FF4790409AAF18FAEA587CC8060B9D764C9B34DF2CBC8EC5808DACCD6C725D3BF9E04D3903A393F4FD2F38C15F5C0D2A9F32FC02227B5F325
                                    Malicious:false
                                    Preview:{"analyticsData":{"responseGUID":"dc75a027-67c5-4f3b-825c-fa697e8319e0","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1720303405628,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):1372
                                    Entropy (8bit):5.737722955516789
                                    Encrypted:false
                                    SSDEEP:24:Yv6Xk2zvgpKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNqg:YvsIpEgigrNt0wSJn+ns8cvFJUg
                                    MD5:FCC12C712E8534C6D7ACEF529065C6D6
                                    SHA1:B54A8BD2883E06EF5340E2AC3687752A1ECDBE34
                                    SHA-256:6A2E7E76FC4C676E993C96386A4747C67FB70B5C2F10352E1E7D5BDF74EEE619
                                    SHA-512:C8ACCACF5649F7DEA2BC5D3C50072C7CBD99AF3CD154626C4D73C6F40CF4F13C5FCEE55A6273965C47374DC88B3E47ABC64D722ADB635C33AF36035FCF910049
                                    Malicious:false
                                    Preview:{"analyticsData":{"responseGUID":"dc75a027-67c5-4f3b-825c-fa697e8319e0","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1720303405628,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):289
                                    Entropy (8bit):5.306233304405341
                                    Encrypted:false
                                    SSDEEP:6:YEQXJ2HXk4UVoZcg1vRcR0YOGT/eoAvJfYdPeUkwRe9:YvXKXk2Zc0vgNGg8Ukee9
                                    MD5:CD9E78EC2DBEFF6873C960589F7745FB
                                    SHA1:02C1665CA0A3E01DFF86E4557DBDA9C1784CCBCA
                                    SHA-256:929E3673D42982CE3CAD4D4AA3D6D3C8BD38AB3A2B127708D7B7BF8853D8782C
                                    SHA-512:3D7294A62F2915957E8DFA1131D6580D248A693B14F34BC602A53FBF6758D76E8B85910586A7A54EFE91C41ED3814C70D138E60DA19F4F2C9B67B52BAC90D5E0
                                    Malicious:false
                                    Preview:{"analyticsData":{"responseGUID":"dc75a027-67c5-4f3b-825c-fa697e8319e0","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1720303405628,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):1395
                                    Entropy (8bit):5.77533808086163
                                    Encrypted:false
                                    SSDEEP:24:Yv6Xk2zvgErLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNin:YvsIEHgDv3W2aYQfgB5OUupHrQ9FJgn
                                    MD5:DAC254EAFE3C2B5FD806116FD6FE9F36
                                    SHA1:E17792F6B9DBD73F3AEBC72AF6DBCFAB905E405F
                                    SHA-256:110BBC57DE52251188D00911C3EAC3DB8C1A1129444FEAF8D1B26E46CE5C3FC8
                                    SHA-512:8C82C7072436F1E9833A0837DAD830A11B2CF1F6CA3459726ED61C5CF07BC557A7CCC847CE58D60BA803AAEA1687D784F8DB9611C32B1C85FEEFE5C170511597
                                    Malicious:false
                                    Preview:{"analyticsData":{"responseGUID":"dc75a027-67c5-4f3b-825c-fa697e8319e0","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1720303405628,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):291
                                    Entropy (8bit):5.289737561499099
                                    Encrypted:false
                                    SSDEEP:6:YEQXJ2HXk4UVoZcg1vRcR0YOGT/eoAvJfbPtdPeUkwRe9:YvXKXk2Zc0vgNGDV8Ukee9
                                    MD5:139620A855ECCB522E195246B9C11C2B
                                    SHA1:DB5ACD029474D522D35F0A2D7EB28A1C17FF599E
                                    SHA-256:8465454009C8EB850448276ADFA7D68E3E5EFE4F038600F82AA1848858BA4C07
                                    SHA-512:486F32E3B8F945F65D0124B740344686F098BB13DEE434532E8F90DEB0E6FCAA1F3889A3BB85CF5FDD9B4300E6B9BAF761CBAB11BE1D1B9C8B49ACA29E614523
                                    Malicious:false
                                    Preview:{"analyticsData":{"responseGUID":"dc75a027-67c5-4f3b-825c-fa697e8319e0","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1720303405628,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):287
                                    Entropy (8bit):5.29447529237679
                                    Encrypted:false
                                    SSDEEP:6:YEQXJ2HXk4UVoZcg1vRcR0YOGT/eoAvJf21rPeUkwRe9:YvXKXk2Zc0vgNG+16Ukee9
                                    MD5:D7B71001A59D5340F360EF43578C8D73
                                    SHA1:3C94EE0E80CFF7DD69DC77F035ABABCEFB5825CB
                                    SHA-256:B045DE7A2A88F873F73680F159EDC8C2FB3429123CAE31145E1E466B1A75EC2F
                                    SHA-512:324422D63439812F7A1E427DD3B3A9B992C03D3F8B5175DD667D7765348C65EE479FA71A98920314FCE6F3E4CBF35E958CF8D87C6C7446C9DC7BD292EEB29B2E
                                    Malicious:false
                                    Preview:{"analyticsData":{"responseGUID":"dc75a027-67c5-4f3b-825c-fa697e8319e0","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1720303405628,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):289
                                    Entropy (8bit):5.313068433163489
                                    Encrypted:false
                                    SSDEEP:6:YEQXJ2HXk4UVoZcg1vRcR0YOGT/eoAvJfbpatdPeUkwRe9:YvXKXk2Zc0vgNGVat8Ukee9
                                    MD5:3FF99EF9CDBAE4ADD489E19792C1FB52
                                    SHA1:35E1F993A6494749061C4EF95C720BBA04C25BDC
                                    SHA-256:CCEB149FDF09C3F501457AE306FF9455BCC3F14216071A7C22BCDB0087B97441
                                    SHA-512:711FD99AB964D027DD9BB8111B6C5D21FAB696A8D94B36349A48E571800D8F1D927040F545F02AFDC876F26DD8C7BDAF6AEB78EE14930A048DF10CFA7413712F
                                    Malicious:false
                                    Preview:{"analyticsData":{"responseGUID":"dc75a027-67c5-4f3b-825c-fa697e8319e0","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1720303405628,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):286
                                    Entropy (8bit):5.271154298488504
                                    Encrypted:false
                                    SSDEEP:6:YEQXJ2HXk4UVoZcg1vRcR0YOGT/eoAvJfshHHrPeUkwRe9:YvXKXk2Zc0vgNGUUUkee9
                                    MD5:D516BD6DD234456615CA6FEB5D75739C
                                    SHA1:359098105D893A830D95630B60C937D111ADF003
                                    SHA-256:FAE26141F7D89BB4F5C60B3A83267E213A9F1A4A5FB7D3242791D0001AC60CAC
                                    SHA-512:8CDAD9AB6D48BC72971ED207255EA45E076CDAB57FD27C1DB2732AB7C255C6498774E440E59662B2433AA3B19467C1719A6201F8DE5B6F5472A59B564BA05EEA
                                    Malicious:false
                                    Preview:{"analyticsData":{"responseGUID":"dc75a027-67c5-4f3b-825c-fa697e8319e0","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1720303405628,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):782
                                    Entropy (8bit):5.363585278566013
                                    Encrypted:false
                                    SSDEEP:12:YvXKXk2Zc0vgNGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWGg:Yv6Xk2zvg5168CgEXX5kcIfANh1g
                                    MD5:3F29B06BD4EFCEB9F47F4B5107466619
                                    SHA1:950C781D057581095F4BE20518238367981B6380
                                    SHA-256:6443009772C8E74E63F11CF126BE080F00F365649CC822F7426988EA631BBD3A
                                    SHA-512:8DD86645FD96F2FAFF1DE58D62B0415F49BECCF7FB2C2D2137F521B88088BB75661DE302CE877F820055718A0BA17751402F2F46D49DD68071DFC9A8C2BAEF09
                                    Malicious:false
                                    Preview:{"analyticsData":{"responseGUID":"dc75a027-67c5-4f3b-825c-fa697e8319e0","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1720303405628,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1720127605658}}}}

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):4
                                    Entropy (8bit):0.8112781244591328
                                    Encrypted:false
                                    SSDEEP:3:e:e
                                    MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                    SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                    SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                    SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                    Malicious:false
                                    Preview:....

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):2814
                                    Entropy (8bit):5.11574595024413
                                    Encrypted:false
                                    SSDEEP:48:Y7XNbhXPoa/D5MJCQizEJBTqR10FDaF9ty:8XNlH/D5MJCQizEJBT2uDyty
                                    MD5:4C16C2F53E5D3C87E191D1F1578C8031
                                    SHA1:0FDF20579C3F204CB498D934263219209810AC39
                                    SHA-256:9778CB223CF2C51D5D0725DC0D10DEFCA4D3B5AC88991F5945754ED4644FE57C
                                    SHA-512:5A27D938A8C1163FA99A63DFBF1B26C7D5FA9F4B47C779044C7264D7C784C89EAE8F675679804A3725C19ED5D2C088CC7D8BEBDE7F2B0EAF6EA598C7E475EE5C
                                    Malicious:false
                                    Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"3887c18a7efb8b21dccb5f62f3bbefc3","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1720127605000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"03dce2a527219de708c74c63572cf553","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1720127605000},{"id":"Edit_InApp_Aug2020","info":{"dg":"33c1eb50076aefefdf4ce74376739e3f","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1720127605000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"210cd078b7f7cc52255fdac071dcb129","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1720127605000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"f073e240349a0f57ae354a99998beeaa","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1720127605000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"f1a1cf728b4d75fbe2df22b5fa3820f1","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1720127604000},

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                                    Category:dropped
                                    Size (bytes):12288
                                    Entropy (8bit):1.1879332897434551
                                    Encrypted:false
                                    SSDEEP:48:TGufl2GL7msEHUUUUUUUUWZRSvR9H9vxFGiDIAEkGVvp6ZV:lNVmswUUUUUUUUWn+FGSItWH
                                    MD5:4BB0554C1F194712D840F368994860EA
                                    SHA1:4BBA2F22D6763493C5167E0AE0C182277B344DCD
                                    SHA-256:CFA5391A157B61845A8913483A515596862500E417480ECD0B34FC6CCD81F032
                                    SHA-512:C5F455BC508DC81B8280B77656A1FF1F15CC7B0498DC8F43479E8122A9FAFF897B3EB1C7378C7EBA0BB1F1DEB20BDEC247FB415C4DF16CBE668954A6C267777A
                                    Malicious:false
                                    Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:SQLite Rollback Journal
                                    Category:dropped
                                    Size (bytes):8720
                                    Entropy (8bit):1.6078214434542752
                                    Encrypted:false
                                    SSDEEP:48:7M4KUUUUUUUUUUWZ5vR9H9vxFGiDIAEkGVvTRqFl2GL7msc:70UUUUUUUUUUWLFGSItzKVmsc
                                    MD5:7289C11BA461FBA9E57AAFC907CB1C00
                                    SHA1:44260E3CE8F0DB5F4F2AD522CE4C5FF83F2CEBF1
                                    SHA-256:C2DD001676D247D4EE71B8B013DEF44E1864F6A257B0EB07C8A74EE6DBFD842C
                                    SHA-512:5721D963545AFDCE27E79112C67A671AD78CDDF13AD8CA07DE91598520595790E72F7815ACB0973F111031F69BD24C976D3ADE51E9C17BB31E6BFF827D17730A
                                    Malicious:false
                                    Preview:.... .c.....[Q........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Local\Temp\MSI7413.LOG

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):246
                                    Entropy (8bit):3.5065515051498046
                                    Encrypted:false
                                    SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K82/aYA9:Qw946cPbiOxDlbYnuRK//F+
                                    MD5:38AC4FDFE5F6E2A7F4047E6E3D1C249C
                                    SHA1:CB914248CB129C5F4CE64E246DEAC2663FCEB0E6
                                    SHA-256:898BBD09F7B428DF15F3A6D01414A9990C189AF64EFCC9217BED4EFF936F1576
                                    SHA-512:3F4BCD3A0915FF7E9C78FA60DFEF82516ACEDC0C50BCBDC208B7DA6316995ED7E0EB39B446318863B16746FEE52C565BB2448F8EA8AA4464580A357C7E66AA8F
                                    Malicious:false
                                    Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.4./.0.7./.2.0.2.4. . .1.7.:.1.3.:.2.7. .=.=.=.....

                                    C:\Users\user\AppData\Local\Temp\acrobat_sbx\A98bdu8r_1hw31f4_1jo.tmp

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:PDF document, version 1.6, 0 pages
                                    Category:dropped
                                    Size (bytes):358
                                    Entropy (8bit):5.023113942774525
                                    Encrypted:false
                                    SSDEEP:6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOkQ2SNzzQ2SNzTCSyAAO:IngVMre9T0HQIDmy9g06JXU5Q5ulX
                                    MD5:2BEA9277B1778B41BDFADA4BFE132109
                                    SHA1:C9721BF1DC68B723D60DACCAA7206D1799AC5110
                                    SHA-256:77D12154428815EB4F30399F71AAB8F175F3A12642B0D1FC19C8B796F6B75A1C
                                    SHA-512:563782CF9C5F4FB3275E90DCA9B992C27600BCB2813174D6FB915907D9399780E89ABB742FCBFD7AF6CCE39AEDAD1063038D734288DF124467FDEE41BCD6DAF3
                                    Malicious:false
                                    Preview:%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<195791201F3FED45A15B241FDC555C42><195791201F3FED45A15B241FDC555C42>]>>..startxref..127..%%EOF..

                                    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-07-04 17-13-21-899.log

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:ASCII text, with very long lines (393)
                                    Category:dropped
                                    Size (bytes):16525
                                    Entropy (8bit):5.345946398610936
                                    Encrypted:false
                                    SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
                                    MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
                                    SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
                                    SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
                                    SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
                                    Malicious:false
                                    Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

                                    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):16603
                                    Entropy (8bit):5.357483467596877
                                    Encrypted:false
                                    SSDEEP:384:qy9/H/2/P/x/E/zh/8/5U/a/f/t/F4M464pOWOCO8OYb3bLbSbpb33EhEhE3ELUr:dcyz
                                    MD5:FA807AE374CD7A466EF002FDCCEF8AE7
                                    SHA1:794E4E9403E31A52F3ADC55DFFC33247A335E3BC
                                    SHA-256:D98D521C4D55CDCE20F8D06AB692A2807A2B6A9CC685F1FBAA7C0CB958E46255
                                    SHA-512:D39C758F154F1E8851BB646F02C1F0D777CE269031C9953D22C98A0825002F7357CEFDFAC5F86503F60E0693985F9AFB64777CB96E32E08DCC23221980113343
                                    Malicious:false
                                    Preview:SessionID=70cc4965-385b-4bf6-b6d2-8dfc27f28774.1720127601920 Timestamp=2024-07-04T17:13:21:920-0400 ThreadID=6028 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=70cc4965-385b-4bf6-b6d2-8dfc27f28774.1720127601920 Timestamp=2024-07-04T17:13:21:921-0400 ThreadID=6028 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=70cc4965-385b-4bf6-b6d2-8dfc27f28774.1720127601920 Timestamp=2024-07-04T17:13:21:921-0400 ThreadID=6028 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=70cc4965-385b-4bf6-b6d2-8dfc27f28774.1720127601920 Timestamp=2024-07-04T17:13:21:921-0400 ThreadID=6028 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=70cc4965-385b-4bf6-b6d2-8dfc27f28774.1720127601920 Timestamp=2024-07-04T17:13:21:921-0400 ThreadID=6028 Component=ngl-lib_NglAppLib Description="SetConf

                                    C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):29752
                                    Entropy (8bit):5.385292435587018
                                    Encrypted:false
                                    SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rg:E
                                    MD5:8E0E55FB8002E3E65A0565BCC8DC2A58
                                    SHA1:3E2B7D47EDB12D629D06AF86AE9A9F36B45F66A0
                                    SHA-256:0F9C28EFF95755527CD515AC0376E870819C08CAAAFF0AC06D0FD327C45E071C
                                    SHA-512:9CFA05F02DFA7C546142CB89512E370DD8C0AB437AC49070A469B135B6F5BCFFF7B98B30BD336AF3D2F7851A20A24DE2E19BD9CCBE25722E6B242E41A7B88CD0
                                    Malicious:false
                                    Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

                                    C:\Users\user\AppData\Local\Temp\acrocef_low\9cd31b55-b009-41b9-bcba-bdb23551d487.tmp

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                    Category:dropped
                                    Size (bytes):1419751
                                    Entropy (8bit):7.976496077007677
                                    Encrypted:false
                                    SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
                                    MD5:18E3D04537AF72FDBEB3760B2D10C80E
                                    SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
                                    SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
                                    SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
                                    Malicious:false
                                    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                    C:\Users\user\AppData\Local\Temp\acrocef_low\c7b50b23-fc84-48e6-838e-aae3d625abd4.tmp

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                    Category:dropped
                                    Size (bytes):386528
                                    Entropy (8bit):7.9736851559892425
                                    Encrypted:false
                                    SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                    MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                    SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                    SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                    SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                    Malicious:false
                                    Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                    C:\Users\user\AppData\Local\Temp\acrocef_low\e1efec94-34af-4fc6-acf5-4d8b4b2590e6.tmp

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                    Category:dropped
                                    Size (bytes):758601
                                    Entropy (8bit):7.98639316555857
                                    Encrypted:false
                                    SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                    MD5:3A49135134665364308390AC398006F1
                                    SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                    SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                    SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                    Malicious:false
                                    Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                    C:\Users\user\AppData\Local\Temp\acrocef_low\f2b47b2c-8051-4fe7-bada-c48b1466b240.tmp

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                    Category:dropped
                                    Size (bytes):1407294
                                    Entropy (8bit):7.97605879016224
                                    Encrypted:false
                                    SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw
                                    MD5:8B9FA2EC5118087D19CFDB20DA7C4C26
                                    SHA1:E32D6A1829B18717EF1455B73E88D36E0410EF93
                                    SHA-256:4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
                                    SHA-512:662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
                                    Malicious:false
                                    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                    Chrome Cache Entry: 192

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:HTML document, ASCII text
                                    Category:downloaded
                                    Size (bytes):295
                                    Entropy (8bit):5.288439437332061
                                    Encrypted:false
                                    SSDEEP:6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoIR4fLTRONO2FWVJcXaoD:J0+oxBeRmR9etdzRxGezHxN9FWvma+
                                    MD5:B035CD8333EA6F1C37EEECA8ECD09A22
                                    SHA1:5E2CF602942E949FC68379B4D7052E83287C704E
                                    SHA-256:1E76CA9B66CD0D060F25416D26A334E832FAE23B80A85225E14D0B9CBA356A1D
                                    SHA-512:1399B37794986ECEF4A77B2B004563F9C42CDFA732815144EBCD4174C20A57C7468F9FE294FD6DBFB1DE1F3FC593F87BD99306EA62ACBD0E3263D1CAF8626906
                                    Malicious:false
                                    URL:https://saepe.cfd/favicon.ico
                                    Preview:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<hr>.<address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Server at saepe.cfd Port 80</address>.</body></html>.

                                    Static File Info

                                    General

                                    File type:PDF document, version 1.7, 1 pages
                                    Entropy (8bit):7.913688088029627
                                    TrID:
                                    • Adobe Portable Document Format (5005/1) 100.00%
                                    File name:Law Clerk to Michael Nanne and Brian DeLorenzi.pdf
                                    File size:131'911 bytes
                                    MD5:a167796a70b1fb4a64ad4af83b1719eb
                                    SHA1:681d7cea541073d6cd676243b0d90c436b42420f
                                    SHA256:0109ea120cf30bd5a14ecde672ff9414f2f70c7af69f96b8a4cf96f4dad5b2d1
                                    SHA512:8aed32e2eb8dc504c47af95e6ab1707d9ca11b53d70392267707290356b33c059e1fa4ee0fe0b5844a98e1bc57760c923e0e177c13ae61fd107ea5ab74e3b3da
                                    SSDEEP:3072:pFs0g/rNDQSic3cB53k5zY98Kw6yMdY/IcoiAHty:H1g/rZ9iIcB53kdY98K/SYiANy
                                    TLSH:D8D3F120DD783DECD0969F91AF2F3C1DA85BB092A6C88190356CC3D78308F7699775A6
                                    File Content Preview:%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 51 0 R/MarkInfo<</Marked true>>/Metadata 130 0 R/ViewerPreferences 131 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 1/Kids[ 3 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R

                                    File Icon

                                    Icon Hash:62cc8caeb29e8ae0

                                    Static PDF Info

                                    General

                                    Header:%PDF-1.7
                                    Total Entropy:7.913688
                                    Total Bytes:131911
                                    Stream Entropy:7.972973
                                    Stream Bytes:119012
                                    Entropy outside Streams:5.290366
                                    Bytes outside Streams:12899
                                    Number of EOF found:2
                                    Bytes after EOF:

                                    Keywords Statistics

                                    NameCount
                                    obj71
                                    endobj71
                                    stream26
                                    endstream26
                                    xref2
                                    trailer2
                                    startxref2
                                    /Page1
                                    /Encrypt0
                                    /ObjStm1
                                    /URI4
                                    /JS0
                                    /JavaScript0
                                    /AA0
                                    /OpenAction0
                                    /AcroForm0
                                    /JBIG2Decode0
                                    /RichMedia0
                                    /Launch0
                                    /EmbeddedFile0

                                    Image Streams

                                    IDDHASHMD5Preview
                                    3871cc9696b296cc71138860b1344e98b88c5c13e93e38910a
                                    39f0c0b2c0c0b2c0f0e40d109ea3b33065525462fb0490b5e2
                                    406960f8dcdedaf860506ec06c44dbd41495d92cb68b5493ad
                                    41e860ea80a080e0689afe52864b296d2c8aa384278eefc6ac
                                    42000000000000000070d5351691622e1dd33a50b0c6e42379

                                    Network Behavior

                                    Network Port Distribution

                                    TCP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Jul 4, 2024 23:13:15.386018991 CEST49675443192.168.2.4173.222.162.32
                                    Jul 4, 2024 23:13:24.998996973 CEST49675443192.168.2.4173.222.162.32
                                    Jul 4, 2024 23:13:26.346632957 CEST49738443192.168.2.4184.28.90.27
                                    Jul 4, 2024 23:13:26.346656084 CEST44349738184.28.90.27192.168.2.4
                                    Jul 4, 2024 23:13:26.346730947 CEST49738443192.168.2.4184.28.90.27
                                    Jul 4, 2024 23:13:26.348597050 CEST49738443192.168.2.4184.28.90.27
                                    Jul 4, 2024 23:13:26.348612070 CEST44349738184.28.90.27192.168.2.4
                                    Jul 4, 2024 23:13:27.005502939 CEST44349738184.28.90.27192.168.2.4
                                    Jul 4, 2024 23:13:27.005573988 CEST49738443192.168.2.4184.28.90.27
                                    Jul 4, 2024 23:13:27.029793024 CEST49738443192.168.2.4184.28.90.27
                                    Jul 4, 2024 23:13:27.029809952 CEST44349738184.28.90.27192.168.2.4
                                    Jul 4, 2024 23:13:27.030112982 CEST44349738184.28.90.27192.168.2.4
                                    Jul 4, 2024 23:13:27.077405930 CEST49738443192.168.2.4184.28.90.27
                                    Jul 4, 2024 23:13:27.102416992 CEST49738443192.168.2.4184.28.90.27
                                    Jul 4, 2024 23:13:27.144536018 CEST44349738184.28.90.27192.168.2.4
                                    Jul 4, 2024 23:13:27.291387081 CEST44349738184.28.90.27192.168.2.4
                                    Jul 4, 2024 23:13:27.291444063 CEST44349738184.28.90.27192.168.2.4
                                    Jul 4, 2024 23:13:27.291488886 CEST49738443192.168.2.4184.28.90.27
                                    Jul 4, 2024 23:13:27.293721914 CEST49738443192.168.2.4184.28.90.27
                                    Jul 4, 2024 23:13:27.293730021 CEST44349738184.28.90.27192.168.2.4
                                    Jul 4, 2024 23:13:27.293742895 CEST49738443192.168.2.4184.28.90.27
                                    Jul 4, 2024 23:13:27.293747902 CEST44349738184.28.90.27192.168.2.4
                                    Jul 4, 2024 23:13:27.375869989 CEST49739443192.168.2.4184.28.90.27
                                    Jul 4, 2024 23:13:27.375910044 CEST44349739184.28.90.27192.168.2.4
                                    Jul 4, 2024 23:13:27.375982046 CEST49739443192.168.2.4184.28.90.27
                                    Jul 4, 2024 23:13:27.376458883 CEST49739443192.168.2.4184.28.90.27
                                    Jul 4, 2024 23:13:27.376475096 CEST44349739184.28.90.27192.168.2.4
                                    Jul 4, 2024 23:13:28.027398109 CEST44349739184.28.90.27192.168.2.4
                                    Jul 4, 2024 23:13:28.027621984 CEST49739443192.168.2.4184.28.90.27
                                    Jul 4, 2024 23:13:28.028855085 CEST49739443192.168.2.4184.28.90.27
                                    Jul 4, 2024 23:13:28.028865099 CEST44349739184.28.90.27192.168.2.4
                                    Jul 4, 2024 23:13:28.029095888 CEST44349739184.28.90.27192.168.2.4
                                    Jul 4, 2024 23:13:28.033724070 CEST49739443192.168.2.4184.28.90.27
                                    Jul 4, 2024 23:13:28.080502987 CEST44349739184.28.90.27192.168.2.4
                                    Jul 4, 2024 23:13:28.309933901 CEST44349739184.28.90.27192.168.2.4
                                    Jul 4, 2024 23:13:28.309989929 CEST44349739184.28.90.27192.168.2.4
                                    Jul 4, 2024 23:13:28.310746908 CEST49739443192.168.2.4184.28.90.27
                                    Jul 4, 2024 23:13:28.310746908 CEST49739443192.168.2.4184.28.90.27
                                    Jul 4, 2024 23:13:28.310848951 CEST49739443192.168.2.4184.28.90.27
                                    Jul 4, 2024 23:13:28.310858965 CEST44349739184.28.90.27192.168.2.4
                                    Jul 4, 2024 23:13:37.132776022 CEST49743443192.168.2.413.85.23.86
                                    Jul 4, 2024 23:13:37.132812977 CEST4434974313.85.23.86192.168.2.4
                                    Jul 4, 2024 23:13:37.132872105 CEST49743443192.168.2.413.85.23.86
                                    Jul 4, 2024 23:13:37.134342909 CEST49743443192.168.2.413.85.23.86
                                    Jul 4, 2024 23:13:37.134358883 CEST4434974313.85.23.86192.168.2.4
                                    Jul 4, 2024 23:13:37.864742994 CEST4434974313.85.23.86192.168.2.4
                                    Jul 4, 2024 23:13:37.864845037 CEST49743443192.168.2.413.85.23.86
                                    Jul 4, 2024 23:13:37.868815899 CEST49743443192.168.2.413.85.23.86
                                    Jul 4, 2024 23:13:37.868824959 CEST4434974313.85.23.86192.168.2.4
                                    Jul 4, 2024 23:13:37.869034052 CEST4434974313.85.23.86192.168.2.4
                                    Jul 4, 2024 23:13:37.923046112 CEST49743443192.168.2.413.85.23.86
                                    Jul 4, 2024 23:13:38.660626888 CEST49743443192.168.2.413.85.23.86
                                    Jul 4, 2024 23:13:38.704503059 CEST4434974313.85.23.86192.168.2.4
                                    Jul 4, 2024 23:13:38.898823977 CEST4434974313.85.23.86192.168.2.4
                                    Jul 4, 2024 23:13:38.898842096 CEST4434974313.85.23.86192.168.2.4
                                    Jul 4, 2024 23:13:38.898849010 CEST4434974313.85.23.86192.168.2.4
                                    Jul 4, 2024 23:13:38.898873091 CEST4434974313.85.23.86192.168.2.4
                                    Jul 4, 2024 23:13:38.898890972 CEST4434974313.85.23.86192.168.2.4
                                    Jul 4, 2024 23:13:38.898895025 CEST49743443192.168.2.413.85.23.86
                                    Jul 4, 2024 23:13:38.898900032 CEST4434974313.85.23.86192.168.2.4
                                    Jul 4, 2024 23:13:38.898919106 CEST4434974313.85.23.86192.168.2.4
                                    Jul 4, 2024 23:13:38.898932934 CEST49743443192.168.2.413.85.23.86
                                    Jul 4, 2024 23:13:38.898957968 CEST49743443192.168.2.413.85.23.86
                                    Jul 4, 2024 23:13:38.899456978 CEST4434974313.85.23.86192.168.2.4
                                    Jul 4, 2024 23:13:38.899516106 CEST49743443192.168.2.413.85.23.86
                                    Jul 4, 2024 23:13:38.899523020 CEST4434974313.85.23.86192.168.2.4
                                    Jul 4, 2024 23:13:38.899537086 CEST4434974313.85.23.86192.168.2.4
                                    Jul 4, 2024 23:13:38.899575949 CEST49743443192.168.2.413.85.23.86
                                    Jul 4, 2024 23:13:39.401809931 CEST49743443192.168.2.413.85.23.86
                                    Jul 4, 2024 23:13:39.401828051 CEST4434974313.85.23.86192.168.2.4
                                    Jul 4, 2024 23:13:45.821422100 CEST49749443192.168.2.4172.67.221.31
                                    Jul 4, 2024 23:13:45.821453094 CEST44349749172.67.221.31192.168.2.4
                                    Jul 4, 2024 23:13:45.821515083 CEST49749443192.168.2.4172.67.221.31
                                    Jul 4, 2024 23:13:45.821980000 CEST49749443192.168.2.4172.67.221.31
                                    Jul 4, 2024 23:13:45.821991920 CEST44349749172.67.221.31192.168.2.4
                                    Jul 4, 2024 23:13:46.328334093 CEST44349749172.67.221.31192.168.2.4
                                    Jul 4, 2024 23:13:46.328701019 CEST49749443192.168.2.4172.67.221.31
                                    Jul 4, 2024 23:13:46.328715086 CEST44349749172.67.221.31192.168.2.4
                                    Jul 4, 2024 23:13:46.329760075 CEST44349749172.67.221.31192.168.2.4
                                    Jul 4, 2024 23:13:46.329849005 CEST49749443192.168.2.4172.67.221.31
                                    Jul 4, 2024 23:13:46.331830978 CEST49749443192.168.2.4172.67.221.31
                                    Jul 4, 2024 23:13:46.331887960 CEST44349749172.67.221.31192.168.2.4
                                    Jul 4, 2024 23:13:46.332465887 CEST49749443192.168.2.4172.67.221.31
                                    Jul 4, 2024 23:13:46.332472086 CEST44349749172.67.221.31192.168.2.4
                                    Jul 4, 2024 23:13:46.372854948 CEST49749443192.168.2.4172.67.221.31
                                    Jul 4, 2024 23:13:50.160573959 CEST49754443192.168.2.4142.250.185.196
                                    Jul 4, 2024 23:13:50.160614014 CEST44349754142.250.185.196192.168.2.4
                                    Jul 4, 2024 23:13:50.160676956 CEST49754443192.168.2.4142.250.185.196
                                    Jul 4, 2024 23:13:50.160903931 CEST49754443192.168.2.4142.250.185.196
                                    Jul 4, 2024 23:13:50.160916090 CEST44349754142.250.185.196192.168.2.4
                                    Jul 4, 2024 23:13:50.811317921 CEST44349754142.250.185.196192.168.2.4
                                    Jul 4, 2024 23:13:50.811619997 CEST49754443192.168.2.4142.250.185.196
                                    Jul 4, 2024 23:13:50.811644077 CEST44349754142.250.185.196192.168.2.4
                                    Jul 4, 2024 23:13:50.812510967 CEST44349754142.250.185.196192.168.2.4
                                    Jul 4, 2024 23:13:50.812587976 CEST49754443192.168.2.4142.250.185.196
                                    Jul 4, 2024 23:13:50.813500881 CEST49754443192.168.2.4142.250.185.196
                                    Jul 4, 2024 23:13:50.813554049 CEST44349754142.250.185.196192.168.2.4
                                    Jul 4, 2024 23:13:50.857014894 CEST49754443192.168.2.4142.250.185.196
                                    Jul 4, 2024 23:13:50.857023001 CEST44349754142.250.185.196192.168.2.4
                                    Jul 4, 2024 23:13:50.904856920 CEST49754443192.168.2.4142.250.185.196
                                    Jul 4, 2024 23:14:00.773298979 CEST44349754142.250.185.196192.168.2.4
                                    Jul 4, 2024 23:14:00.773370028 CEST44349754142.250.185.196192.168.2.4
                                    Jul 4, 2024 23:14:00.773423910 CEST49754443192.168.2.4142.250.185.196
                                    Jul 4, 2024 23:14:00.813606024 CEST49754443192.168.2.4142.250.185.196
                                    Jul 4, 2024 23:14:00.813622952 CEST44349754142.250.185.196192.168.2.4
                                    Jul 4, 2024 23:14:15.697729111 CEST49763443192.168.2.413.85.23.86
                                    Jul 4, 2024 23:14:15.697762966 CEST4434976313.85.23.86192.168.2.4
                                    Jul 4, 2024 23:14:15.697833061 CEST49763443192.168.2.413.85.23.86
                                    Jul 4, 2024 23:14:15.698201895 CEST49763443192.168.2.413.85.23.86
                                    Jul 4, 2024 23:14:15.698214054 CEST4434976313.85.23.86192.168.2.4
                                    Jul 4, 2024 23:14:17.233134031 CEST4434976313.85.23.86192.168.2.4
                                    Jul 4, 2024 23:14:17.233452082 CEST49763443192.168.2.413.85.23.86
                                    Jul 4, 2024 23:14:17.237076044 CEST49763443192.168.2.413.85.23.86
                                    Jul 4, 2024 23:14:17.237088919 CEST4434976313.85.23.86192.168.2.4
                                    Jul 4, 2024 23:14:17.237289906 CEST4434976313.85.23.86192.168.2.4
                                    Jul 4, 2024 23:14:17.245104074 CEST49763443192.168.2.413.85.23.86
                                    Jul 4, 2024 23:14:17.288533926 CEST4434976313.85.23.86192.168.2.4
                                    Jul 4, 2024 23:14:17.512487888 CEST4434976313.85.23.86192.168.2.4
                                    Jul 4, 2024 23:14:17.512509108 CEST4434976313.85.23.86192.168.2.4
                                    Jul 4, 2024 23:14:17.512522936 CEST4434976313.85.23.86192.168.2.4
                                    Jul 4, 2024 23:14:17.512696981 CEST49763443192.168.2.413.85.23.86
                                    Jul 4, 2024 23:14:17.512726068 CEST4434976313.85.23.86192.168.2.4
                                    Jul 4, 2024 23:14:17.512789011 CEST49763443192.168.2.413.85.23.86
                                    Jul 4, 2024 23:14:17.513267994 CEST4434976313.85.23.86192.168.2.4
                                    Jul 4, 2024 23:14:17.513303995 CEST4434976313.85.23.86192.168.2.4
                                    Jul 4, 2024 23:14:17.513329029 CEST49763443192.168.2.413.85.23.86
                                    Jul 4, 2024 23:14:17.513336897 CEST4434976313.85.23.86192.168.2.4
                                    Jul 4, 2024 23:14:17.513346910 CEST49763443192.168.2.413.85.23.86
                                    Jul 4, 2024 23:14:17.513349056 CEST4434976313.85.23.86192.168.2.4
                                    Jul 4, 2024 23:14:17.513406038 CEST49763443192.168.2.413.85.23.86
                                    Jul 4, 2024 23:14:17.518069029 CEST49763443192.168.2.413.85.23.86
                                    Jul 4, 2024 23:14:17.518084049 CEST4434976313.85.23.86192.168.2.4
                                    Jul 4, 2024 23:14:17.518104076 CEST49763443192.168.2.413.85.23.86
                                    Jul 4, 2024 23:14:17.518109083 CEST4434976313.85.23.86192.168.2.4
                                    Jul 4, 2024 23:14:25.571024895 CEST44349749172.67.221.31192.168.2.4
                                    Jul 4, 2024 23:14:25.571121931 CEST44349749172.67.221.31192.168.2.4
                                    Jul 4, 2024 23:14:25.571180105 CEST49749443192.168.2.4172.67.221.31
                                    Jul 4, 2024 23:14:25.572084904 CEST49749443192.168.2.4172.67.221.31
                                    Jul 4, 2024 23:14:25.572103024 CEST44349749172.67.221.31192.168.2.4
                                    Jul 4, 2024 23:14:25.589683056 CEST49764443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:14:25.589723110 CEST4434976435.190.80.1192.168.2.4
                                    Jul 4, 2024 23:14:25.589901924 CEST49764443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:14:25.589982986 CEST49764443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:14:25.589993954 CEST4434976435.190.80.1192.168.2.4
                                    Jul 4, 2024 23:14:25.612051964 CEST49765443192.168.2.4172.67.221.31
                                    Jul 4, 2024 23:14:25.612082958 CEST44349765172.67.221.31192.168.2.4
                                    Jul 4, 2024 23:14:25.612175941 CEST49765443192.168.2.4172.67.221.31
                                    Jul 4, 2024 23:14:25.612346888 CEST49765443192.168.2.4172.67.221.31
                                    Jul 4, 2024 23:14:25.612360954 CEST44349765172.67.221.31192.168.2.4
                                    Jul 4, 2024 23:14:26.064237118 CEST4434976435.190.80.1192.168.2.4
                                    Jul 4, 2024 23:14:26.074767113 CEST49764443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:14:26.074780941 CEST4434976435.190.80.1192.168.2.4
                                    Jul 4, 2024 23:14:26.075789928 CEST4434976435.190.80.1192.168.2.4
                                    Jul 4, 2024 23:14:26.075881958 CEST49764443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:14:26.090434074 CEST49764443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:14:26.090519905 CEST4434976435.190.80.1192.168.2.4
                                    Jul 4, 2024 23:14:26.090553045 CEST49764443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:14:26.099625111 CEST44349765172.67.221.31192.168.2.4
                                    Jul 4, 2024 23:14:26.101918936 CEST49765443192.168.2.4172.67.221.31
                                    Jul 4, 2024 23:14:26.101928949 CEST44349765172.67.221.31192.168.2.4
                                    Jul 4, 2024 23:14:26.102210999 CEST44349765172.67.221.31192.168.2.4
                                    Jul 4, 2024 23:14:26.115900993 CEST49765443192.168.2.4172.67.221.31
                                    Jul 4, 2024 23:14:26.115928888 CEST49765443192.168.2.4172.67.221.31
                                    Jul 4, 2024 23:14:26.115933895 CEST44349765172.67.221.31192.168.2.4
                                    Jul 4, 2024 23:14:26.115963936 CEST44349765172.67.221.31192.168.2.4
                                    Jul 4, 2024 23:14:26.135539055 CEST49764443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:14:26.135548115 CEST4434976435.190.80.1192.168.2.4
                                    Jul 4, 2024 23:14:26.159219027 CEST49765443192.168.2.4172.67.221.31
                                    Jul 4, 2024 23:14:26.175658941 CEST49764443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:14:26.219238997 CEST4434976435.190.80.1192.168.2.4
                                    Jul 4, 2024 23:14:26.219317913 CEST4434976435.190.80.1192.168.2.4
                                    Jul 4, 2024 23:14:26.219466925 CEST49764443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:14:26.219516039 CEST49764443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:14:26.219527006 CEST4434976435.190.80.1192.168.2.4
                                    Jul 4, 2024 23:14:26.220031023 CEST49766443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:14:26.220074892 CEST4434976635.190.80.1192.168.2.4
                                    Jul 4, 2024 23:14:26.220133066 CEST49766443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:14:26.220346928 CEST49766443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:14:26.220360994 CEST4434976635.190.80.1192.168.2.4
                                    Jul 4, 2024 23:14:26.701601982 CEST4434976635.190.80.1192.168.2.4
                                    Jul 4, 2024 23:14:26.701942921 CEST49766443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:14:26.701961040 CEST4434976635.190.80.1192.168.2.4
                                    Jul 4, 2024 23:14:26.702434063 CEST4434976635.190.80.1192.168.2.4
                                    Jul 4, 2024 23:14:26.702756882 CEST49766443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:14:26.702816963 CEST4434976635.190.80.1192.168.2.4
                                    Jul 4, 2024 23:14:26.702874899 CEST49766443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:14:26.744117975 CEST49766443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:14:26.744126081 CEST4434976635.190.80.1192.168.2.4
                                    Jul 4, 2024 23:14:26.834671021 CEST4434976635.190.80.1192.168.2.4
                                    Jul 4, 2024 23:14:26.834929943 CEST4434976635.190.80.1192.168.2.4
                                    Jul 4, 2024 23:14:26.834965944 CEST49766443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:14:26.834974051 CEST4434976635.190.80.1192.168.2.4
                                    Jul 4, 2024 23:14:26.835139990 CEST49766443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:14:26.835139990 CEST49766443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:14:32.838268995 CEST4972380192.168.2.493.184.221.240
                                    Jul 4, 2024 23:14:32.838387966 CEST4972480192.168.2.493.184.221.240
                                    Jul 4, 2024 23:14:32.843713999 CEST804972393.184.221.240192.168.2.4
                                    Jul 4, 2024 23:14:32.843826056 CEST4972380192.168.2.493.184.221.240
                                    Jul 4, 2024 23:14:32.844247103 CEST804972493.184.221.240192.168.2.4
                                    Jul 4, 2024 23:14:32.844322920 CEST4972480192.168.2.493.184.221.240
                                    Jul 4, 2024 23:14:45.627698898 CEST44349765172.67.221.31192.168.2.4
                                    Jul 4, 2024 23:14:45.627789021 CEST44349765172.67.221.31192.168.2.4
                                    Jul 4, 2024 23:14:45.627830982 CEST49765443192.168.2.4172.67.221.31
                                    Jul 4, 2024 23:14:45.629076958 CEST49765443192.168.2.4172.67.221.31
                                    Jul 4, 2024 23:14:45.629092932 CEST44349765172.67.221.31192.168.2.4
                                    Jul 4, 2024 23:14:50.214186907 CEST49768443192.168.2.4142.250.185.196
                                    Jul 4, 2024 23:14:50.214226961 CEST44349768142.250.185.196192.168.2.4
                                    Jul 4, 2024 23:14:50.214307070 CEST49768443192.168.2.4142.250.185.196
                                    Jul 4, 2024 23:14:50.214545965 CEST49768443192.168.2.4142.250.185.196
                                    Jul 4, 2024 23:14:50.214560986 CEST44349768142.250.185.196192.168.2.4
                                    Jul 4, 2024 23:14:50.862786055 CEST44349768142.250.185.196192.168.2.4
                                    Jul 4, 2024 23:14:50.863149881 CEST49768443192.168.2.4142.250.185.196
                                    Jul 4, 2024 23:14:50.863162994 CEST44349768142.250.185.196192.168.2.4
                                    Jul 4, 2024 23:14:50.863488913 CEST44349768142.250.185.196192.168.2.4
                                    Jul 4, 2024 23:14:50.863868952 CEST49768443192.168.2.4142.250.185.196
                                    Jul 4, 2024 23:14:50.863933086 CEST44349768142.250.185.196192.168.2.4
                                    Jul 4, 2024 23:14:50.916038990 CEST49768443192.168.2.4142.250.185.196
                                    Jul 4, 2024 23:15:00.776829004 CEST44349768142.250.185.196192.168.2.4
                                    Jul 4, 2024 23:15:00.776896954 CEST44349768142.250.185.196192.168.2.4
                                    Jul 4, 2024 23:15:00.777024031 CEST49768443192.168.2.4142.250.185.196
                                    Jul 4, 2024 23:15:02.169891119 CEST49768443192.168.2.4142.250.185.196
                                    Jul 4, 2024 23:15:02.169910908 CEST44349768142.250.185.196192.168.2.4
                                    Jul 4, 2024 23:15:25.590657949 CEST49770443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:15:25.590691090 CEST4434977035.190.80.1192.168.2.4
                                    Jul 4, 2024 23:15:25.590833902 CEST49770443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:15:25.591387033 CEST49770443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:15:25.591398954 CEST4434977035.190.80.1192.168.2.4
                                    Jul 4, 2024 23:15:26.062813997 CEST4434977035.190.80.1192.168.2.4
                                    Jul 4, 2024 23:15:26.063498974 CEST49770443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:15:26.063514948 CEST4434977035.190.80.1192.168.2.4
                                    Jul 4, 2024 23:15:26.063818932 CEST4434977035.190.80.1192.168.2.4
                                    Jul 4, 2024 23:15:26.064659119 CEST49770443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:15:26.064712048 CEST4434977035.190.80.1192.168.2.4
                                    Jul 4, 2024 23:15:26.065059900 CEST49770443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:15:26.112498999 CEST4434977035.190.80.1192.168.2.4
                                    Jul 4, 2024 23:15:26.193156958 CEST4434977035.190.80.1192.168.2.4
                                    Jul 4, 2024 23:15:26.193209887 CEST4434977035.190.80.1192.168.2.4
                                    Jul 4, 2024 23:15:26.193268061 CEST49770443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:15:26.193727016 CEST49770443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:15:26.193744898 CEST4434977035.190.80.1192.168.2.4
                                    Jul 4, 2024 23:15:26.194509983 CEST49771443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:15:26.194550991 CEST4434977135.190.80.1192.168.2.4
                                    Jul 4, 2024 23:15:26.194626093 CEST49771443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:15:26.194906950 CEST49771443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:15:26.194922924 CEST4434977135.190.80.1192.168.2.4
                                    Jul 4, 2024 23:15:26.684889078 CEST4434977135.190.80.1192.168.2.4
                                    Jul 4, 2024 23:15:26.685203075 CEST49771443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:15:26.685220003 CEST4434977135.190.80.1192.168.2.4
                                    Jul 4, 2024 23:15:26.685530901 CEST4434977135.190.80.1192.168.2.4
                                    Jul 4, 2024 23:15:26.685899973 CEST49771443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:15:26.685960054 CEST4434977135.190.80.1192.168.2.4
                                    Jul 4, 2024 23:15:26.686083078 CEST49771443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:15:26.728502989 CEST4434977135.190.80.1192.168.2.4
                                    Jul 4, 2024 23:15:26.819454908 CEST4434977135.190.80.1192.168.2.4
                                    Jul 4, 2024 23:15:26.819531918 CEST4434977135.190.80.1192.168.2.4
                                    Jul 4, 2024 23:15:26.819633007 CEST49771443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:15:26.820312023 CEST49771443192.168.2.435.190.80.1
                                    Jul 4, 2024 23:15:26.820324898 CEST4434977135.190.80.1192.168.2.4
                                    Jul 4, 2024 23:15:50.276563883 CEST49772443192.168.2.4142.250.185.196
                                    Jul 4, 2024 23:15:50.276597977 CEST44349772142.250.185.196192.168.2.4
                                    Jul 4, 2024 23:15:50.276655912 CEST49772443192.168.2.4142.250.185.196
                                    Jul 4, 2024 23:15:50.276876926 CEST49772443192.168.2.4142.250.185.196
                                    Jul 4, 2024 23:15:50.276887894 CEST44349772142.250.185.196192.168.2.4
                                    Jul 4, 2024 23:15:50.935770988 CEST44349772142.250.185.196192.168.2.4
                                    Jul 4, 2024 23:15:50.936094046 CEST49772443192.168.2.4142.250.185.196
                                    Jul 4, 2024 23:15:50.936120987 CEST44349772142.250.185.196192.168.2.4
                                    Jul 4, 2024 23:15:50.936398029 CEST44349772142.250.185.196192.168.2.4
                                    Jul 4, 2024 23:15:50.936671972 CEST49772443192.168.2.4142.250.185.196
                                    Jul 4, 2024 23:15:50.936728954 CEST44349772142.250.185.196192.168.2.4
                                    Jul 4, 2024 23:15:50.978595018 CEST49772443192.168.2.4142.250.185.196
                                    Jul 4, 2024 23:16:00.895214081 CEST44349772142.250.185.196192.168.2.4
                                    Jul 4, 2024 23:16:00.895287037 CEST44349772142.250.185.196192.168.2.4
                                    Jul 4, 2024 23:16:00.895498037 CEST49772443192.168.2.4142.250.185.196
                                    Jul 4, 2024 23:16:02.169197083 CEST49772443192.168.2.4142.250.185.196
                                    Jul 4, 2024 23:16:02.169218063 CEST44349772142.250.185.196192.168.2.4

                                    UDP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Jul 4, 2024 23:13:44.434915066 CEST138138192.168.2.4192.168.2.255
                                    Jul 4, 2024 23:13:45.787338972 CEST5924653192.168.2.41.1.1.1
                                    Jul 4, 2024 23:13:45.794235945 CEST5964153192.168.2.41.1.1.1
                                    Jul 4, 2024 23:13:45.803904057 CEST53592461.1.1.1192.168.2.4
                                    Jul 4, 2024 23:13:45.810554981 CEST53596411.1.1.1192.168.2.4
                                    Jul 4, 2024 23:13:45.822412014 CEST53541831.1.1.1192.168.2.4
                                    Jul 4, 2024 23:13:45.836922884 CEST53631351.1.1.1192.168.2.4
                                    Jul 4, 2024 23:13:46.842001915 CEST53552821.1.1.1192.168.2.4
                                    Jul 4, 2024 23:13:50.151496887 CEST5313153192.168.2.41.1.1.1
                                    Jul 4, 2024 23:13:50.151642084 CEST4945153192.168.2.41.1.1.1
                                    Jul 4, 2024 23:13:50.158987045 CEST53531311.1.1.1192.168.2.4
                                    Jul 4, 2024 23:13:50.159877062 CEST53494511.1.1.1192.168.2.4
                                    Jul 4, 2024 23:13:57.893404007 CEST53601931.1.1.1192.168.2.4
                                    Jul 4, 2024 23:14:03.881263018 CEST53568491.1.1.1192.168.2.4
                                    Jul 4, 2024 23:14:15.330810070 CEST53616461.1.1.1192.168.2.4
                                    Jul 4, 2024 23:14:22.658792973 CEST53636221.1.1.1192.168.2.4
                                    Jul 4, 2024 23:14:25.573095083 CEST5792753192.168.2.41.1.1.1
                                    Jul 4, 2024 23:14:25.573314905 CEST5381053192.168.2.41.1.1.1
                                    Jul 4, 2024 23:14:25.581053972 CEST53579271.1.1.1192.168.2.4
                                    Jul 4, 2024 23:14:25.581068993 CEST53538101.1.1.1192.168.2.4
                                    Jul 4, 2024 23:14:45.431246042 CEST53598271.1.1.1192.168.2.4
                                    Jul 4, 2024 23:14:45.472307920 CEST53548331.1.1.1192.168.2.4
                                    Jul 4, 2024 23:15:14.066976070 CEST53508361.1.1.1192.168.2.4
                                    Jul 4, 2024 23:15:59.052531004 CEST53632131.1.1.1192.168.2.4

                                    DNS Queries

                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                    Jul 4, 2024 23:13:45.787338972 CEST192.168.2.41.1.1.10x71ffStandard query (0)saepe.cfdA (IP address)IN (0x0001)false
                                    Jul 4, 2024 23:13:45.794235945 CEST192.168.2.41.1.1.10x2594Standard query (0)saepe.cfd65IN (0x0001)false
                                    Jul 4, 2024 23:13:50.151496887 CEST192.168.2.41.1.1.10x238aStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                    Jul 4, 2024 23:13:50.151642084 CEST192.168.2.41.1.1.10x3ea0Standard query (0)www.google.com65IN (0x0001)false
                                    Jul 4, 2024 23:14:25.573095083 CEST192.168.2.41.1.1.10x8562Standard query (0)a.nel.cloudflare.comA (IP address)IN (0x0001)false
                                    Jul 4, 2024 23:14:25.573314905 CEST192.168.2.41.1.1.10xd142Standard query (0)a.nel.cloudflare.com65IN (0x0001)false

                                    DNS Answers

                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                    Jul 4, 2024 23:13:33.346857071 CEST1.1.1.1192.168.2.40xe48cNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                    Jul 4, 2024 23:13:33.346857071 CEST1.1.1.1192.168.2.40xe48cNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                    Jul 4, 2024 23:13:45.803904057 CEST1.1.1.1192.168.2.40x71ffNo error (0)saepe.cfd172.67.221.31A (IP address)IN (0x0001)false
                                    Jul 4, 2024 23:13:45.803904057 CEST1.1.1.1192.168.2.40x71ffNo error (0)saepe.cfd104.21.53.248A (IP address)IN (0x0001)false
                                    Jul 4, 2024 23:13:45.810554981 CEST1.1.1.1192.168.2.40x2594No error (0)saepe.cfd65IN (0x0001)false
                                    Jul 4, 2024 23:13:50.158987045 CEST1.1.1.1192.168.2.40x238aNo error (0)www.google.com142.250.185.196A (IP address)IN (0x0001)false
                                    Jul 4, 2024 23:13:50.159877062 CEST1.1.1.1192.168.2.40x3ea0No error (0)www.google.com65IN (0x0001)false
                                    Jul 4, 2024 23:14:25.581053972 CEST1.1.1.1192.168.2.40x8562No error (0)a.nel.cloudflare.com35.190.80.1A (IP address)IN (0x0001)false

                                    HTTP Request Dependency Graph

                                    • fs.microsoft.com
                                    • slscr.update.microsoft.com
                                    • saepe.cfd
                                    • https:
                                    • a.nel.cloudflare.com

                                    HTTPS Proxied Packets

                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    0192.168.2.449738184.28.90.27443
                                    TimestampBytes transferredDirectionData
                                    2024-07-04 21:13:27 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept: */*
                                    Accept-Encoding: identity
                                    User-Agent: Microsoft BITS/7.8
                                    Host: fs.microsoft.com
                                    2024-07-04 21:13:27 UTC466INHTTP/1.1 200 OK
                                    Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                    Content-Type: application/octet-stream
                                    ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                    Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                    Server: ECAcc (chd/0758)
                                    X-CID: 11
                                    X-Ms-ApiVersion: Distribute 1.2
                                    X-Ms-Region: prod-eus-z1
                                    Cache-Control: public, max-age=35435
                                    Date: Thu, 04 Jul 2024 21:13:27 GMT
                                    Connection: close
                                    X-CID: 2


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    1192.168.2.449739184.28.90.27443
                                    TimestampBytes transferredDirectionData
                                    2024-07-04 21:13:28 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept: */*
                                    Accept-Encoding: identity
                                    If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                    Range: bytes=0-2147483646
                                    User-Agent: Microsoft BITS/7.8
                                    Host: fs.microsoft.com
                                    2024-07-04 21:13:28 UTC514INHTTP/1.1 200 OK
                                    ApiVersion: Distribute 1.1
                                    Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                    Content-Type: application/octet-stream
                                    ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                    Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                    Server: ECAcc (lpl/EF06)
                                    X-CID: 11
                                    X-Ms-ApiVersion: Distribute 1.2
                                    X-Ms-Region: prod-weu-z1
                                    Cache-Control: public, max-age=35455
                                    Date: Thu, 04 Jul 2024 21:13:28 GMT
                                    Content-Length: 55
                                    Connection: close
                                    X-CID: 2
                                    2024-07-04 21:13:28 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                    Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    2192.168.2.44974313.85.23.86443
                                    TimestampBytes transferredDirectionData
                                    2024-07-04 21:13:38 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=O3a7EFx9FVTyvKf&MD=l1h6Zfmk HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept: */*
                                    User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                    Host: slscr.update.microsoft.com
                                    2024-07-04 21:13:38 UTC560INHTTP/1.1 200 OK
                                    Cache-Control: no-cache
                                    Pragma: no-cache
                                    Content-Type: application/octet-stream
                                    Expires: -1
                                    Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                    ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                    MS-CorrelationId: d4b51e55-0b1a-4ab6-a53d-908ca083f943
                                    MS-RequestId: 8987b4d3-4fc1-453e-9dbf-72a711793b7d
                                    MS-CV: 6jk593Ia4kiNqjmA.0
                                    X-Microsoft-SLSClientCache: 2880
                                    Content-Disposition: attachment; filename=environment.cab
                                    X-Content-Type-Options: nosniff
                                    Date: Thu, 04 Jul 2024 21:13:38 GMT
                                    Connection: close
                                    Content-Length: 24490
                                    2024-07-04 21:13:38 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                    Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                    2024-07-04 21:13:38 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                    Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    3192.168.2.449749172.67.221.314437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                    TimestampBytes transferredDirectionData
                                    2024-07-04 21:13:46 UTC804OUTGET /m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJXRjVkWHA0YmtkM1pXeGpWRU01U21WalFqYz0mdWlkPVVTRVIwMTA3MjAyNFVOSVFVRTAyMzIwNzAxNTYyMDI0MjAyNDA3MDEzMjAyNTY=N0123N%5bEMail%5d HTTP/1.1
                                    Host: saepe.cfd
                                    Connection: keep-alive
                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                    sec-ch-ua-mobile: ?0
                                    sec-ch-ua-platform: "Windows"
                                    Upgrade-Insecure-Requests: 1
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                    Sec-Fetch-Site: none
                                    Sec-Fetch-Mode: navigate
                                    Sec-Fetch-User: ?1
                                    Sec-Fetch-Dest: document
                                    Accept-Encoding: gzip, deflate, br
                                    Accept-Language: en-US,en;q=0.9
                                    2024-07-04 21:14:25 UTC727INHTTP/1.1 522
                                    Date: Thu, 04 Jul 2024 21:14:25 GMT
                                    Content-Type: text/plain; charset=UTF-8
                                    Content-Length: 15
                                    Connection: close
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3jKHQugiKchX5NSWaTSgxhj%2FZPe5XSinU9qBTOcijOUmifK6w%2BOebWOVTnsu4aUNepZcZmlO1dLd7FND2w9Iz2mj4DnZaIN2spUnFMnMjnToVm8R3jsSN754PG0%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                    X-Frame-Options: SAMEORIGIN
                                    Referrer-Policy: same-origin
                                    Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                    Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                    Server: cloudflare
                                    CF-RAY: 89e21f00fe1e72b7-EWR
                                    alt-svc: h3=":443"; ma=86400
                                    2024-07-04 21:14:25 UTC15INData Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 35 32 32
                                    Data Ascii: error code: 522


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    4192.168.2.44976313.85.23.86443
                                    TimestampBytes transferredDirectionData
                                    2024-07-04 21:14:17 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=O3a7EFx9FVTyvKf&MD=l1h6Zfmk HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept: */*
                                    User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                    Host: slscr.update.microsoft.com
                                    2024-07-04 21:14:17 UTC560INHTTP/1.1 200 OK
                                    Cache-Control: no-cache
                                    Pragma: no-cache
                                    Content-Type: application/octet-stream
                                    Expires: -1
                                    Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                    ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                    MS-CorrelationId: d27249db-f04c-41d3-9e3f-06755bfc2434
                                    MS-RequestId: 65f87dca-adb2-46fb-ac73-ff018cbfb4c5
                                    MS-CV: r4nKY81EtU6BAul0.0
                                    X-Microsoft-SLSClientCache: 1440
                                    Content-Disposition: attachment; filename=environment.cab
                                    X-Content-Type-Options: nosniff
                                    Date: Thu, 04 Jul 2024 21:14:17 GMT
                                    Connection: close
                                    Content-Length: 30005
                                    2024-07-04 21:14:17 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                    Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                    2024-07-04 21:14:17 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                    Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    5192.168.2.44976435.190.80.14437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                    TimestampBytes transferredDirectionData
                                    2024-07-04 21:14:26 UTC520OUTOPTIONS /report/v4?s=3jKHQugiKchX5NSWaTSgxhj%2FZPe5XSinU9qBTOcijOUmifK6w%2BOebWOVTnsu4aUNepZcZmlO1dLd7FND2w9Iz2mj4DnZaIN2spUnFMnMjnToVm8R3jsSN754PG0%3D HTTP/1.1
                                    Host: a.nel.cloudflare.com
                                    Connection: keep-alive
                                    Origin: https://saepe.cfd
                                    Access-Control-Request-Method: POST
                                    Access-Control-Request-Headers: content-type
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                    Accept-Encoding: gzip, deflate, br
                                    Accept-Language: en-US,en;q=0.9
                                    2024-07-04 21:14:26 UTC336INHTTP/1.1 200 OK
                                    Content-Length: 0
                                    access-control-max-age: 86400
                                    access-control-allow-methods: OPTIONS, POST
                                    access-control-allow-origin: *
                                    access-control-allow-headers: content-length, content-type
                                    date: Thu, 04 Jul 2024 21:14:26 GMT
                                    Via: 1.1 google
                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                    Connection: close


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    6192.168.2.449765172.67.221.314437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                    TimestampBytes transferredDirectionData
                                    2024-07-04 21:14:26 UTC726OUTGET /favicon.ico HTTP/1.1
                                    Host: saepe.cfd
                                    Connection: keep-alive
                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                    sec-ch-ua-mobile: ?0
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                    sec-ch-ua-platform: "Windows"
                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                    Sec-Fetch-Site: same-origin
                                    Sec-Fetch-Mode: no-cors
                                    Sec-Fetch-Dest: image
                                    Referer: https://saepe.cfd/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJXRjVkWHA0YmtkM1pXeGpWRU01U21WalFqYz0mdWlkPVVTRVIwMTA3MjAyNFVOSVFVRTAyMzIwNzAxNTYyMDI0MjAyNDA3MDEzMjAyNTY=N0123N%5bEMail%5d
                                    Accept-Encoding: gzip, deflate, br
                                    Accept-Language: en-US,en;q=0.9
                                    2024-07-04 21:14:45 UTC626INHTTP/1.1 404 Not Found
                                    Date: Thu, 04 Jul 2024 21:14:45 GMT
                                    Content-Type: text/html; charset=iso-8859-1
                                    Transfer-Encoding: chunked
                                    Connection: close
                                    Cache-Control: max-age=14400
                                    CF-Cache-Status: STALE
                                    Age: 29677
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kWGlpoksAPacqwrDeVNk7FUywuIvXkXy9%2Fl4Kpc7UsUI65fmkODq%2FbVxZi9Ema98%2FC%2BQO%2BZOpOySraEfIwEo7ghj5zK%2B1BY6iqL48zJjE2BaX5ZVbedd%2FtI4qBw%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 89e21ff9987717b1-EWR
                                    alt-svc: h3=":443"; ma=86400
                                    2024-07-04 21:14:45 UTC302INData Raw: 31 32 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 30 2e 33 30 20 53 65 72 76 65 72 20 61
                                    Data Ascii: 127<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Server a
                                    2024-07-04 21:14:45 UTC5INData Raw: 30 0d 0a 0d 0a
                                    Data Ascii: 0


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    7192.168.2.44976635.190.80.14437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                    TimestampBytes transferredDirectionData
                                    2024-07-04 21:14:26 UTC468OUTPOST /report/v4?s=3jKHQugiKchX5NSWaTSgxhj%2FZPe5XSinU9qBTOcijOUmifK6w%2BOebWOVTnsu4aUNepZcZmlO1dLd7FND2w9Iz2mj4DnZaIN2spUnFMnMjnToVm8R3jsSN754PG0%3D HTTP/1.1
                                    Host: a.nel.cloudflare.com
                                    Connection: keep-alive
                                    Content-Length: 533
                                    Content-Type: application/reports+json
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                    Accept-Encoding: gzip, deflate, br
                                    Accept-Language: en-US,en;q=0.9
                                    2024-07-04 21:14:26 UTC533OUTData Raw: 5b 7b 22 61 67 65 22 3a 31 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 33 39 37 34 33 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 37 32 2e 36 37 2e 32 32 31 2e 33 31 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 35 32 32 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 73 61 65 70 65 2e 63 66 64 2f 6d 2f 3f 63
                                    Data Ascii: [{"age":1,"body":{"elapsed_time":39743,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"172.67.221.31","status_code":522,"type":"http.error"},"type":"network-error","url":"https://saepe.cfd/m/?c
                                    2024-07-04 21:14:26 UTC168INHTTP/1.1 200 OK
                                    Content-Length: 0
                                    date: Thu, 04 Jul 2024 21:14:26 GMT
                                    Via: 1.1 google
                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                    Connection: close


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    8192.168.2.44977035.190.80.14437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                    TimestampBytes transferredDirectionData
                                    2024-07-04 21:15:26 UTC530OUTOPTIONS /report/v4?s=kWGlpoksAPacqwrDeVNk7FUywuIvXkXy9%2Fl4Kpc7UsUI65fmkODq%2FbVxZi9Ema98%2FC%2BQO%2BZOpOySraEfIwEo7ghj5zK%2B1BY6iqL48zJjE2BaX5ZVbedd%2FtI4qBw%3D HTTP/1.1
                                    Host: a.nel.cloudflare.com
                                    Connection: keep-alive
                                    Origin: https://saepe.cfd
                                    Access-Control-Request-Method: POST
                                    Access-Control-Request-Headers: content-type
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                    Accept-Encoding: gzip, deflate, br
                                    Accept-Language: en-US,en;q=0.9
                                    2024-07-04 21:15:26 UTC336INHTTP/1.1 200 OK
                                    Content-Length: 0
                                    access-control-max-age: 86400
                                    access-control-allow-methods: OPTIONS, POST
                                    access-control-allow-origin: *
                                    access-control-allow-headers: content-length, content-type
                                    date: Thu, 04 Jul 2024 21:15:25 GMT
                                    Via: 1.1 google
                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                    Connection: close


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    9192.168.2.44977135.190.80.14437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                    TimestampBytes transferredDirectionData
                                    2024-07-04 21:15:26 UTC478OUTPOST /report/v4?s=kWGlpoksAPacqwrDeVNk7FUywuIvXkXy9%2Fl4Kpc7UsUI65fmkODq%2FbVxZi9Ema98%2FC%2BQO%2BZOpOySraEfIwEo7ghj5zK%2B1BY6iqL48zJjE2BaX5ZVbedd%2FtI4qBw%3D HTTP/1.1
                                    Host: a.nel.cloudflare.com
                                    Connection: keep-alive
                                    Content-Length: 566
                                    Content-Type: application/reports+json
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                    Accept-Encoding: gzip, deflate, br
                                    Accept-Language: en-US,en;q=0.9
                                    2024-07-04 21:15:26 UTC566OUTData Raw: 5b 7b 22 61 67 65 22 3a 33 39 39 36 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 32 30 30 31 36 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 73 61 65 70 65 2e 63 66 64 2f 6d 2f 3f 63 33 59 39 62 7a 4d 32 4e 56 38 78 58 32 35 76 62 53 5a 79 59 57 35 6b 50 56 4a 58 52 6a 56 6b 57 48 41 30 59 6d 74 6b 4d 31 70 58 65 47 70 57 52 55 30 31 55 32 31 57 61 6c 46 71 59 7a 30 6d 64 57 6c 6b 50 56 56 54 52 56 49 77 4d 54 41 33 4d 6a 41 79 4e 46 56 4f 53 56 46 56 52 54 41 79 4d 7a 49 77 4e 7a 41 78 4e 54 59 79 4d 44 49 30 4d 6a 41 79 4e 44 41 33
                                    Data Ascii: [{"age":39960,"body":{"elapsed_time":20016,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://saepe.cfd/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJXRjVkWHA0YmtkM1pXeGpWRU01U21WalFqYz0mdWlkPVVTRVIwMTA3MjAyNFVOSVFVRTAyMzIwNzAxNTYyMDI0MjAyNDA3
                                    2024-07-04 21:15:26 UTC168INHTTP/1.1 200 OK
                                    Content-Length: 0
                                    date: Thu, 04 Jul 2024 21:15:26 GMT
                                    Via: 1.1 google
                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                    Connection: close


                                    Statistics

                                    CPU Usage

                                    Click to jump to process

                                    Memory Usage

                                    Click to jump to process

                                    High Level Behavior Distribution

                                    Click to dive into process behavior distribution

                                    Behavior

                                    Click to jump to process

                                    System Behavior

                                    General

                                    Target ID:0
                                    Start time:17:13:18
                                    Start date:04/07/2024
                                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Law Clerk to Michael Nanne and Brian DeLorenzi.pdf"
                                    Imagebase:0x7ff6bc1b0000
                                    File size:5'641'176 bytes
                                    MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:moderate
                                    Has exited:true

                                    General

                                    Target ID:1
                                    Start time:17:13:19
                                    Start date:04/07/2024
                                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                    Imagebase:0x7ff74bb60000
                                    File size:3'581'912 bytes
                                    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:moderate
                                    Has exited:true

                                    General

                                    Target ID:3
                                    Start time:17:13:19
                                    Start date:04/07/2024
                                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1652,i,10075469960472662905,2557708157109484843,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                    Imagebase:0x7ff74bb60000
                                    File size:3'581'912 bytes
                                    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:moderate
                                    Has exited:true

                                    General

                                    Target ID:7
                                    Start time:17:13:43
                                    Start date:04/07/2024
                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://saepe.cfd/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJXRjVkWHA0YmtkM1pXeGpWRU01U21WalFqYz0mdWlkPVVTRVIwMTA3MjAyNFVOSVFVRTAyMzIwNzAxNTYyMDI0MjAyNDA3MDEzMjAyNTY=N0123N%5bEMail%5d"
                                    Imagebase:0x7ff76e190000
                                    File size:3'242'272 bytes
                                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:false

                                    General

                                    Target ID:8
                                    Start time:17:13:44
                                    Start date:04/07/2024
                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2080,i,5781679661677650540,11246564449664468304,262144 /prefetch:8
                                    Imagebase:0x7ff76e190000
                                    File size:3'242'272 bytes
                                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:false

                                    Disassembly

                                    No disassembly