Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
processed-ach-remittance-031925 (2).pdf

Overview

General Information

Sample name:processed-ach-remittance-031925 (2).pdf
Analysis ID:1642548
MD5:6ef7005eef078fd12a90f03a7753070a
SHA1:1f46d7868b22652458ef028d09f72baa5e1c3b9d
SHA256:2e45baa2e3bf3ea5da01f8a64e6e16ffca7a3da58ed8b9b295f85df4d1c89685
Infos:

Detection

Score:56
Range:0 - 100
Confidence:100%

Signatures

Found potential malicious PDF (bad image similarity)
AI detected landing page (webpage, office document or email)
Suspicious PDF detected (based on various text indicators)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected non-DNS traffic on DNS port
IP address seen in connection with other malware

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 7700 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\processed-ach-remittance-031925 (2).pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 8048 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7412 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1664 --field-trial-handle=1568,i,4038913409643386264,5492468394634696909,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • chrome.exe (PID: 8956 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://sexa.xftprojects.com/" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 2288 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --subproc-heap-profiling --field-trial-handle=2040,i,6421133465372305949,14597510339509831683,262144 --variations-seed-version --mojo-platform-channel-handle=2072 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • Phishing
  • Compliance
  • Networking
  • System Summary
  • Hooking and other Techniques for Hiding and Protection

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: PDF documentJoe Sandbox AI: Page contains button: 'VIEW COMPLETED DOCUMENT' Source: 'PDF document'
Source: PDF documentJoe Sandbox AI: PDF document contains prominent button: 'view completed document'
Source: Adobe Acrobat PDFOCR Text: docusign You have received an " ACH" Remittance Document VIEW COMPLETED DOCUMENT Completed Document: Payment Notification of ach-receipt#902762 Ref:672862 Final Payout Settlement processed Powered by "docusign About Docusign It's safe, secure, and legally binding. Whether you're in an office, at home, on-the-go -- or even across the globe. Download the Docusign_App This message was sent to you by Docusign Electronic Signature Service.
Source: unknownHTTPS traffic detected: 162.241.114.35:443 -> 192.168.2.6:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.186.36:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.6:62309 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.6:54648 -> 1.1.1.1:53
Source: Joe Sandbox ViewIP Address: 2.19.105.127 2.19.105.127
Source: Joe Sandbox ViewIP Address: 2.19.105.127 2.19.105.127
Source: Joe Sandbox ViewIP Address: 162.241.114.35 162.241.114.35
Source: Joe Sandbox ViewIP Address: 162.241.114.35 162.241.114.35
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 184.86.251.22
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.5
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.5
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 20.191.45.158
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CO6MywE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: sexa.xftprojects.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: beacons.gcp.gvt2.com
Source: global trafficDNS traffic detected: DNS query: beacons.gvt2.com
Source: global trafficDNS traffic detected: DNS query: beacons2.gvt2.com
Source: global trafficDNS traffic detected: DNS query: beacons3.gvt2.com
Source: global trafficDNS traffic detected: DNS query: beacons4.gvt2.com
Source: 77EC63BDA74BD0D0E0426DC8F80085060.6.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.6.drString found in binary or memory: http://x1.i.lencr.org/
Source: processed-ach-remittance-031925 (2).pdfString found in binary or memory: https://sexa.xftprojects.com/)
Source: processed-ach-remittance-031925 (2).pdfString found in binary or memory: https://www.docusign.com/features-and-benefits/mobile?utm_campaign=GBL_XX_DBU_UPS_2211_SignNotificat
Source: unknownNetwork traffic detected: HTTP traffic on port 54667 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49682
Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49680
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54667
Source: unknownNetwork traffic detected: HTTP traffic on port 49686 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49682 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownHTTPS traffic detected: 162.241.114.35:443 -> 192.168.2.6:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.186.36:443 -> 192.168.2.6:49714 version: TLS 1.2

System Summary

barindex
Source: processed-ach-remittance-031925 (2).pdfStatic PDF information: Image stream: 8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir8956_804199945Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir8956_804199945Jump to behavior
Source: classification engineClassification label: mal56.phis.winPDF@66/47@62/4
Source: processed-ach-remittance-031925 (2).pdfInitial sample: https://www.docusign.com/features-and-benefits/mobile?utm_campaign=gbl_xx_dbu_ups_2211_signnotificationemailfooter&utm_medium=product&utm_source=postsend
Source: processed-ach-remittance-031925 (2).pdfInitial sample: https://sexa.xftprojects.com/
Source: processed-ach-remittance-031925 (2).pdfInitial sample: https://www.docusign.com/features-and-benefits/mobile?utm_campaign=GBL_XX_DBU_UPS_2211_SignNotificationEmailFooter&utm_medium=product&utm_source=postsend
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-03-19 01-28-42-020.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\processed-ach-remittance-031925 (2).pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1664 --field-trial-handle=1568,i,4038913409643386264,5492468394634696909,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://sexa.xftprojects.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --subproc-heap-profiling --field-trial-handle=2040,i,6421133465372305949,14597510339509831683,262144 --variations-seed-version --mojo-platform-channel-handle=2072 /prefetch:3
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1664 --field-trial-handle=1568,i,4038913409643386264,5492468394634696909,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --subproc-heap-profiling --field-trial-handle=2040,i,6421133465372305949,14597510339509831683,262144 --variations-seed-version --mojo-platform-channel-handle=2072 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: processed-ach-remittance-031925 (2).pdfInitial sample: PDF keyword /JS count = 0
Source: processed-ach-remittance-031925 (2).pdfInitial sample: PDF keyword /JavaScript count = 0
Source: processed-ach-remittance-031925 (2).pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Spearphishing Link		Windows Management Instrumentation1
Browser Extensions		1
Process Injection		11
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1642548 Sample: processed-ach-remittance-03... Startdate: 19/03/2025 Architecture: WINDOWS Score: 56 20 x1.i.lencr.org 2->20 22 e8652.dscx.akamaiedge.net 2->22 24 8 other IPs or domains 2->24 36 Found potential malicious PDF (bad image similarity) 2->36 38 Suspicious PDF detected (based on various text indicators) 2->38 40 AI detected landing page (webpage, office document or email) 2->40 8 chrome.exe 2 2->8         started        11 Acrobat.exe 20 68 2->11         started        signatures3 process4 dnsIp5 26 192.168.2.6, 138, 443, 49265 unknown unknown 8->26 13 chrome.exe 8->13         started        16 AcroCEF.exe 105 11->16         started        process6 dnsIp7 28 sexa.xftprojects.com 162.241.114.35, 443, 49705 UNIFIEDLAYER-AS-1US United States 13->28 30 www.google.com 142.250.186.36, 443, 49714, 54667 GOOGLEUS United States 13->30 34 6 other IPs or domains 13->34 32 e8652.dscx.akamaiedge.net 2.19.105.127, 49702, 80 AKAMAI-ASUS European Union 16->32 18 AcroCEF.exe 2 16->18         started        process8

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
processed-ach-remittance-031925 (2).pdf0%VirustotalBrowse
processed-ach-remittance-031925 (2).pdf3%ReversingLabsDocument-PDF.Phishing.Generic

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://sexa.xftprojects.com/)0%Avira URL Cloudsafe

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		high
    beacons3.gvt2.com
    		142.250.185.227
    		truefalse
      		high
      sexa.xftprojects.com
      		162.241.114.35
      		truefalse
        		unknown
        e8652.dscx.akamaiedge.net
        		2.19.105.127
        		truefalse
          		high
          beacons-handoff.gcp.gvt2.com
          		142.250.180.99
          		truefalse
            		high
            www.google.com
            		142.250.186.36
            		truefalse
              		high
              beacons2.gvt2.com
              		142.250.194.99
              		truefalse
                		high
                beacons.gvt2.com
                		142.251.143.67
                		truefalse
                  		high
                  beacons4.gvt2.com
                  		216.239.32.116
                  		truefalse
                    		high
                    x1.i.lencr.org
                    		unknown
                    		unknownfalse
                      		high
                      beacons.gcp.gvt2.com
                      		unknown
                      		unknownfalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhEfalse
                          		high
                          NameSourceMaliciousAntivirus DetectionReputation
                          http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.6.drfalse
                            		high
                            https://sexa.xftprojects.com/)processed-ach-remittance-031925 (2).pdffalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.docusign.com/features-and-benefits/mobile?utm_campaign=GBL_XX_DBU_UPS_2211_SignNotificatprocessed-ach-remittance-031925 (2).pdffalse
                              		high

                              World Map of Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public IPs

                              IPDomainCountryFlagASNASN NameMalicious
                              142.250.186.36
                              		www.google.comUnited States
                              		15169GOOGLEUSfalse
                              2.19.105.127
                              		e8652.dscx.akamaiedge.netEuropean Union
                              		16625AKAMAI-ASUSfalse
                              162.241.114.35
                              		sexa.xftprojects.comUnited States
                              		46606UNIFIEDLAYER-AS-1USfalse

                              Private

                              IP
                              192.168.2.6

                              General Information

                              Joe Sandbox version:42.0.0 Malachite
                              Analysis ID:1642548
                              Start date and time:2025-03-19 06:27:38 +01:00
                              Joe Sandbox product:CloudBasic
                              Overall analysis duration:0h 5m 51s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Cookbook file name:defaultwindowspdfcookbook.jbs
                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                              Number of analysed new started processes analysed:21
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Sample name:processed-ach-remittance-031925 (2).pdf
                              Detection:MAL
                              Classification:mal56.phis.winPDF@66/47@62/4
                              EGA Information:Failed
                              HCA Information:
                              • Successful, ratio: 100%
                              • Number of executed functions: 0
                              • Number of non-executed functions: 0
                              Cookbook Comments:
                              • Found application associated with file extension: .pdf
                              • Found PDF document
                              • Close Viewer
                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe, TextInputHost.exe
                              • Excluded IPs from analysis (whitelisted): 2.19.104.203, 3.233.129.217, 52.22.41.97, 3.219.243.226, 52.6.155.20, 172.64.41.3, 162.159.61.3, 2.16.164.112, 2.16.164.121, 2.16.164.59, 2.16.164.113, 2.16.164.33, 2.16.164.35, 23.219.148.205, 2.18.205.236, 23.33.31.106, 142.250.184.195, 142.250.185.142, 172.217.16.142, 74.125.206.84, 142.250.184.206, 142.250.186.46, 172.217.18.14, 142.250.185.106, 172.217.16.202, 142.250.186.106, 142.250.186.42, 142.250.185.234, 142.250.185.74, 142.250.184.234, 142.250.186.74, 216.58.206.74, 142.250.184.202, 142.250.181.234, 172.217.18.10, 142.250.186.170, 172.217.16.138, 216.58.206.42, 142.250.186.138, 142.250.181.238, 142.251.35.174, 63.117.68.20, 199.232.210.172, 142.250.186.131, 216.58.212.163, 142.250.185.174, 23.60.203.209, 4.175.87.197, 172.202.163.200
                              • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, slscr.update.microsoft.com, e4578.dscb.akamaiedge.net, r6.sn-8xgp1vo-ab56.gvt1.com, clientservices.googleapis.com, a767.dspw65.akamai.net, acroipm2.adobe.com, clients2.google.com, redirector.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, wu-b-net.trafficmanager.net, optimizationguide-pa.googleapis.com, clients1.google.com, fs.microsoft.com, accounts.google.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, ssl.adobe.com.edgekey.net, edgedl.me.gvt1.com, armmf.adobe.com, r6---sn-8xgp1vo-ab56.gvt1.com, clients.l.google.com, geo2.adobe.com
                              • Not all processes where analyzed, report is missing behavior information
                              • Report size getting too big, too many NtCreateFile calls found.
                              • Report size getting too big, too many NtOpenFile calls found.

                              Simulations

                              Behavior and APIs

                              TimeTypeDescription
                              01:28:52API Interceptor2x Sleep call for process: AcroCEF.exe modified

                              Joe Sandbox View / Context

                              IPs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              2.19.105.127Emarine System Contact Update.pdfGet hashmaliciousHTMLPhisherBrowse
                              • x1.i.lencr.org/
                              nZsqQiT9Wr.lnkGet hashmaliciousUnknownBrowse
                              • x1.i.lencr.org/
                              Elm City Communities-encrypted.pdfGet hashmaliciousHTMLPhisherBrowse
                              • x1.i.lencr.org/
                              7ZSfxMod_x86.exeGet hashmaliciousGamaredon, UltraVNCBrowse
                              • x1.i.lencr.org/
                              Cbonline Q1 Handbook-0782794.pdfGet hashmaliciousHTMLPhisher, Invisible JSBrowse
                              • x1.i.lencr.org/
                              ZWOLANIE-_1 (1) (2) (2).pdfGet hashmaliciousUnknownBrowse
                              • x1.i.lencr.org/
                              aaaaaaaa.docx.docGet hashmaliciousUnknownBrowse
                              • x1.i.lencr.org/
                              Acuerdo_de_Orden_de_Compra001.pdf.lnkGet hashmaliciousRemcosBrowse
                              • x1.i.lencr.org/
                              Attach_Project_27022025.pdfGet hashmaliciousHTMLPhisher, Invisible JSBrowse
                              • x1.i.lencr.org/
                              osnova.ps1Get hashmaliciousUnknownBrowse
                              • x1.i.lencr.org/
                              162.241.114.35Enquiry-Dubai.jsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                              • jilas.net/files/222.txt
                              Ferc Q1 2025 401(k) Statement-5997707969.pdfGet hashmaliciousHTMLPhisherBrowse
                              • r56eqpki1r3pdt55n3rm.wearedhaka.com/favicon.ico
                              https://google.com.mx//url?ob=pglnk4shsljbM2dWBuuV7ic1KFgH&aw=f_rand_string_lowercase(8)n9QXkBk0w4OyBDvUpuk&sa=t&whi=f_rand_string_lowercase(8)zOPGXNRztppHiTbPIt5f&url=amp%2Fbraverygray.com/.dd/Kcxz0m1anE-SUREDANN-Y3NoYW5ub25Ac2tvcmJ1cmdjb21wYW55LmNvbQ==Get hashmaliciousFake Captcha, HTMLPhisherBrowse
                              • braverygray.com/favicon.ico
                              88a4dd8-Contract Agreement-Final378208743.pdfGet hashmaliciousUnknownBrowse
                              • cofnbpbnp.edwardrochford.com/favicon.ico
                              754619b-Contract Agreement-Final727916073.pdfGet hashmaliciousUnknownBrowse
                              • repubrepub.edwardrochford.com/favicon.ico
                              http://zerpcon.comGet hashmaliciousUnknownBrowse
                              • zerpcon.com/nxgtnrtn/

                              Domains

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              beacons3.gvt2.comhttp://overtimeforus.com/polsGet hashmaliciousUnknownBrowse
                              • 142.250.186.99
                              947060507.svgGet hashmaliciousHTMLPhisherBrowse
                              • 172.217.16.131
                              http://politicallyartisticsocks.comGet hashmaliciousUnknownBrowse
                              • 172.217.16.131
                              https://www.central1.internationalpayments.com/geo/Get hashmaliciousUnknownBrowse
                              • 142.250.186.163
                              http://grantus.orgGet hashmaliciousUnknownBrowse
                              • 142.250.185.195
                              doc Pg 2A gmt_5057363908.pdfGet hashmaliciousHTMLPhisherBrowse
                              • 172.217.18.99
                              https://upbring.org/foster-training-calendarGet hashmaliciousUnknownBrowse
                              • 142.250.185.99
                              http://gamma.appGet hashmaliciousUnknownBrowse
                              • 216.58.206.67
                              Emarine System Contact Update.pdfGet hashmaliciousHTMLPhisherBrowse
                              • 142.250.185.163
                              e8652.dscx.akamaiedge.netDTG.pdfGet hashmaliciousUnknownBrowse
                              • 72.246.169.163
                              Munsch-Employee-Handbook.pdfGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                              • 23.209.209.135
                              doc Pg 2A gmt_5057363908.pdfGet hashmaliciousHTMLPhisherBrowse
                              • 23.192.153.142
                              Yasmine Hilal W2, 401(k).pdfGet hashmaliciousUnknownBrowse
                              • 23.192.153.142
                              virus.pdfGet hashmaliciousHTMLPhisherBrowse
                              • 92.123.21.129
                              Emarine System Contact Update.pdfGet hashmaliciousHTMLPhisherBrowse
                              • 2.19.105.127
                              1099-NEC.pdfGet hashmaliciousRHADAMANTHYSBrowse
                              • 23.209.213.129
                              1099-NEC.pdfGet hashmaliciousUnknownBrowse
                              • 23.209.209.135
                              resume.pdfGet hashmaliciousUnknownBrowse
                              • 23.209.213.129
                              f64da42c-e9a8-a0ac-437d-d14377da4643.emlGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                              • 23.209.213.129
                              beacons-handoff.gcp.gvt2.comhttps://official-site-coinbase-pro-digital-asse.webflow.io/Get hashmaliciousHTMLPhisherBrowse
                              • 142.250.180.67
                              https://trezor-io-start-r---starting-auth.webflow.io/Get hashmaliciousHTMLPhisherBrowse
                              • 142.251.143.35
                              https://0942774-Mailscanner.000-0x2auixx-7yhx.cc/NARMdP/$verify.background@sterlingcheck.comGet hashmaliciousUnknownBrowse
                              • 142.251.143.67
                              https://trezor-i-start-org.webflow.io/Get hashmaliciousHTMLPhisherBrowse
                              • 142.250.180.67
                              https://trezor-io-start-r-powering.webflow.io/Get hashmaliciousHTMLPhisherBrowse
                              • 142.250.180.67
                              https://messagerieorange5.godaddysites.com/identifiez-vousGet hashmaliciousUnknownBrowse
                              • 142.251.143.67
                              https://bmchaturvedi.in/wp-content/uploads/admin.phpGet hashmaliciousUnknownBrowse
                              • 142.251.143.67
                              http://communaute-protestante-berlin.de/dinGet hashmaliciousUnknownBrowse
                              • 142.250.180.99
                              https://1158f3d.wcomhost.com/lo/index.phpGet hashmaliciousUnknownBrowse
                              • 142.250.185.163
                              http://ajrdn.qqmasonry.com/Get hashmaliciousUnknownBrowse
                              • 142.250.185.67
                              bg.microsoft.map.fastly.net1.exeGet hashmaliciousVIP KeyloggerBrowse
                              • 199.232.214.172
                              2SXBuho.exeGet hashmaliciousUnknownBrowse
                              • 199.232.210.172
                              http://steampowered.doomthedarkages-invite.com/app/DOOM_THE_DARK_AGES/2246340/Get hashmaliciousUnknownBrowse
                              • 199.232.214.172
                              FluxusV7.exeGet hashmaliciousLummaC StealerBrowse
                              • 199.232.210.172
                              DEVM28.exeGet hashmaliciousLummaC StealerBrowse
                              • 199.232.210.172
                              ORDER-984486-895432.jsGet hashmaliciousWSHRat, AsyncRATBrowse
                              • 199.232.214.172
                              Message.emlGet hashmaliciousUnknownBrowse
                              • 199.232.214.172
                              The Powder Shop Inc.emlGet hashmaliciousunknownBrowse
                              • 199.232.210.172
                              lMAZvNDY8G.exeGet hashmaliciousRHADAMANTHYSBrowse
                              • 199.232.210.172
                              DTG.pdfGet hashmaliciousUnknownBrowse
                              • 199.232.210.172

                              ASNs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              UNIFIEDLAYER-AS-1UShttp://ajrdn.qqmasonry.com/Get hashmaliciousUnknownBrowse
                              • 192.185.198.213
                              https://host09318.com/#gia@gds-industries.comGet hashmaliciousHTMLPhisherBrowse
                              • 162.241.225.33
                              DTG.pdfGet hashmaliciousUnknownBrowse
                              • 162.214.69.41
                              https://gqp37f3i3u.us-east-1.awsapprunner.com/#nik@karash.bizGet hashmaliciousHTMLPhisherBrowse
                              • 173.254.28.213
                              http://ajrdn.qqmasonry.com/Get hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                              • 192.185.198.213
                              hgfs.mpsl.elfGet hashmaliciousUnknownBrowse
                              • 198.1.102.65
                              virus.pdfGet hashmaliciousHTMLPhisherBrowse
                              • 192.185.25.215
                              https://docs.faxcloudstorage.de/uTN1QGet hashmaliciousHTMLPhisherBrowse
                              • 69.49.230.198
                              https://docs.faxcloudstorage.de/uTN1QGet hashmaliciousHTMLPhisherBrowse
                              • 69.49.230.198
                              Sat#U0131nalma Sipari#U015fi Q4-2025-V5560001.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • 192.254.225.136
                              AKAMAI-ASUShoho.m68k.elfGet hashmaliciousUnknownBrowse
                              • 184.31.203.169
                              https://sceanmcommnunmnlty.com/siute/apxpw/zpqGet hashmaliciousUnknownBrowse
                              • 2.16.202.91
                              random.exeGet hashmaliciousUnknownBrowse
                              • 104.73.234.102
                              https://messagerieorange5.godaddysites.com/identifiez-vousGet hashmaliciousUnknownBrowse
                              • 23.199.222.88
                              http://steampowered.doomthedarkages-invite.com/app/DOOM_THE_DARK_AGES/2246340/Get hashmaliciousUnknownBrowse
                              • 95.101.177.190
                              https://tureforma.us13.list-manage.com/track/click?u=bac98affc3a72272e373cbb77&id=fb4a543799&e=daa59f7dafGet hashmaliciousUnknownBrowse
                              • 95.100.65.46
                              http://www.islandclipper.com/Get hashmaliciousUnknownBrowse
                              • 92.123.12.5
                              http://overtimeforus.com/polsGet hashmaliciousUnknownBrowse
                              • 23.199.214.10
                              DTG.pdfGet hashmaliciousUnknownBrowse
                              • 72.246.169.163
                              https://crazy-moments.com/Get hashmaliciousUnknownBrowse
                              • 2.19.244.157

                              JA3 Fingerprints

                              No context

                              Dropped Files

                              No context

                              Created / dropped Files

                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):298
                              Entropy (8bit):5.185361747749887
                              Encrypted:false
                              SSDEEP:6:iOG5g8N+q2PN72nKuAl9OmbnIFUto5goDCWZmwC5goDBVkwON72nKuAl9OmbjLJ:7G5gA+vVaHAahFUto5goDCW/C5goDBV8
                              MD5:3D6D0E1AF02933632CB3D0B060A1B031
                              SHA1:286EAA7A09932119491D0A84F39F52B4CDC33495
                              SHA-256:3D401CF131F5850C813CCEE6FAFCFF3C9E3DF470CF7AAE28A88E71A7C4BDACB5
                              SHA-512:4420895CB1AF61FD29023E849580EAB6D06EC0564FAB8EC880A3A5FA4A8BD5ED073B7025A07104B6E879739A0E57D1D45129E5AFB37ECE9686B07C4591363890
                              Malicious:false
                              Reputation:low
                              Preview:2025/03/19-01:28:40.598 1fcc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/03/19-01:28:40.600 1fcc Recovering log #3.2025/03/19-01:28:40.600 1fcc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):298
                              Entropy (8bit):5.185361747749887
                              Encrypted:false
                              SSDEEP:6:iOG5g8N+q2PN72nKuAl9OmbnIFUto5goDCWZmwC5goDBVkwON72nKuAl9OmbjLJ:7G5gA+vVaHAahFUto5goDCW/C5goDBV8
                              MD5:3D6D0E1AF02933632CB3D0B060A1B031
                              SHA1:286EAA7A09932119491D0A84F39F52B4CDC33495
                              SHA-256:3D401CF131F5850C813CCEE6FAFCFF3C9E3DF470CF7AAE28A88E71A7C4BDACB5
                              SHA-512:4420895CB1AF61FD29023E849580EAB6D06EC0564FAB8EC880A3A5FA4A8BD5ED073B7025A07104B6E879739A0E57D1D45129E5AFB37ECE9686B07C4591363890
                              Malicious:false
                              Reputation:low
                              Preview:2025/03/19-01:28:40.598 1fcc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/03/19-01:28:40.600 1fcc Recovering log #3.2025/03/19-01:28:40.600 1fcc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):342
                              Entropy (8bit):5.165894725061508
                              Encrypted:false
                              SSDEEP:6:iOG5gGDM+q2PN72nKuAl9Ombzo2jMGIFUto5gsgZmwC5gsDMVkwON72nKuAl9OmT:7G5g2M+vVaHAa8uFUto5g1/C5gQMV5Ox
                              MD5:79DF41752FB3EA1B056AEE34ACF346E4
                              SHA1:C1E5BBFF5627005EF2912358C6760AD56AB09A9E
                              SHA-256:D078DB300AC9F423EEF256306D5A12084FAA04C8A4859CB6323B7C2201FB300A
                              SHA-512:912DDC0E8775C3A1426E334129182352FD1AAEA3582033AF56E302FAF5D8D4075075AAA70C4B09FAED180FD5C08C4F60AA3290F073FF3D3E7F5FAE8E023E016A
                              Malicious:false
                              Reputation:low
                              Preview:2025/03/19-01:28:40.351 1cfc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/03/19-01:28:40.418 1cfc Recovering log #3.2025/03/19-01:28:40.418 1cfc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):342
                              Entropy (8bit):5.165894725061508
                              Encrypted:false
                              SSDEEP:6:iOG5gGDM+q2PN72nKuAl9Ombzo2jMGIFUto5gsgZmwC5gsDMVkwON72nKuAl9OmT:7G5g2M+vVaHAa8uFUto5g1/C5gQMV5Ox
                              MD5:79DF41752FB3EA1B056AEE34ACF346E4
                              SHA1:C1E5BBFF5627005EF2912358C6760AD56AB09A9E
                              SHA-256:D078DB300AC9F423EEF256306D5A12084FAA04C8A4859CB6323B7C2201FB300A
                              SHA-512:912DDC0E8775C3A1426E334129182352FD1AAEA3582033AF56E302FAF5D8D4075075AAA70C4B09FAED180FD5C08C4F60AA3290F073FF3D3E7F5FAE8E023E016A
                              Malicious:false
                              Reputation:low
                              Preview:2025/03/19-01:28:40.351 1cfc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/03/19-01:28:40.418 1cfc Recovering log #3.2025/03/19-01:28:40.418 1cfc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):475
                              Entropy (8bit):4.97119389801196
                              Encrypted:false
                              SSDEEP:12:YH/um3RA8sqnnu6EsBdOg2Hlcaq3QYiubcP7E4T3y:Y2sRdsadMHE3QYhbA7nby
                              MD5:5913C862DE2D80F3C4F588A697611A6F
                              SHA1:15195F5A2030F08287605B469FB3A3EB1F6F26F6
                              SHA-256:45F777E7BCCB087DA16AE638DC4FE71B522884F98F2EEF5F182AE1219ACA107A
                              SHA-512:3F73D69968CFD0FF1185E94BA343FC58963EFD5F2EAACE78B824A8E0C0E5CB41135A65AB735C465F2310B3C1708E1251C59116A956E65C5A60EA645DF50A940E
                              Malicious:false
                              Reputation:low
                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13386922126186055","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":379259},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\c069825f-57e8-461d-95b7-7806e3978d61.tmp

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:JSON data
                              Category:modified
                              Size (bytes):475
                              Entropy (8bit):4.97119389801196
                              Encrypted:false
                              SSDEEP:12:YH/um3RA8sqnnu6EsBdOg2Hlcaq3QYiubcP7E4T3y:Y2sRdsadMHE3QYhbA7nby
                              MD5:5913C862DE2D80F3C4F588A697611A6F
                              SHA1:15195F5A2030F08287605B469FB3A3EB1F6F26F6
                              SHA-256:45F777E7BCCB087DA16AE638DC4FE71B522884F98F2EEF5F182AE1219ACA107A
                              SHA-512:3F73D69968CFD0FF1185E94BA343FC58963EFD5F2EAACE78B824A8E0C0E5CB41135A65AB735C465F2310B3C1708E1251C59116A956E65C5A60EA645DF50A940E
                              Malicious:false
                              Reputation:low
                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13386922126186055","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":379259},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):5859
                              Entropy (8bit):5.250146903899174
                              Encrypted:false
                              SSDEEP:96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE7jaZ/w:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzhj
                              MD5:C11D150A2AF2EFBB4461974FDC900335
                              SHA1:AA653171AD30D611F85C9FF9DCEA6AB546AC95A1
                              SHA-256:7643897007642E0FFB4A1B9317A0E97DE418A21265EB14A2F2E7FF4C44FBA271
                              SHA-512:876E63C1BC1AAD0C10FFA0381195AD14D24B012ABB06629B9ED3315CE4858B30452E3D217BF8BF3AC031018C8AEBE3CE16AA60445F1EAC9959799C5F5F0FEB02
                              Malicious:false
                              Preview:*...#................version.1..namespace-.X.Bo................next-map-id.1.Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/.0.>j.r................next-map-id.2.Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/.1.J.4r................next-map-id.3.Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/.2..J.o................next-map-id.4.Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.3..M.^...............Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/..d.^...............Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.u..a...............Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/..`aa...............Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/`v.Yo................next-map-id.5.Pnamespace-30587558_ed88_4bd8_adc0_

                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):330
                              Entropy (8bit):5.208927609191091
                              Encrypted:false
                              SSDEEP:6:iOG5g/ftDM+q2PN72nKuAl9OmbzNMxIFUto5g6gZmwC5g0DMVkwON72nKuAl9Omk:7G5g/9M+vVaHAa8jFUto5g//C5g4MV5z
                              MD5:1375BB5D3DA9BE4B74B9D9F46049DBF0
                              SHA1:491B0916131E1EEADD79B8D50045E60957BF76C5
                              SHA-256:E56ABED4A457707BF98A0A0B2DEFC0B815C965A5111B0F3026ED419D6ADA23B6
                              SHA-512:0D84EDAF7FE5E7FA3DB6630DBFFBF420AC7DEF8CCDFC9BF5270434BEE876B8BCA213E3A8E6E1F954638B876030BAE38E42484B73E2AA0923F4E43E6C28B431C7
                              Malicious:false
                              Preview:2025/03/19-01:28:40.671 1cfc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/03/19-01:28:40.672 1cfc Recovering log #3.2025/03/19-01:28:40.674 1cfc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):330
                              Entropy (8bit):5.208927609191091
                              Encrypted:false
                              SSDEEP:6:iOG5g/ftDM+q2PN72nKuAl9OmbzNMxIFUto5g6gZmwC5g0DMVkwON72nKuAl9Omk:7G5g/9M+vVaHAa8jFUto5g//C5g4MV5z
                              MD5:1375BB5D3DA9BE4B74B9D9F46049DBF0
                              SHA1:491B0916131E1EEADD79B8D50045E60957BF76C5
                              SHA-256:E56ABED4A457707BF98A0A0B2DEFC0B815C965A5111B0F3026ED419D6ADA23B6
                              SHA-512:0D84EDAF7FE5E7FA3DB6630DBFFBF420AC7DEF8CCDFC9BF5270434BEE876B8BCA213E3A8E6E1F954638B876030BAE38E42484B73E2AA0923F4E43E6C28B431C7
                              Malicious:false
                              Preview:2025/03/19-01:28:40.671 1cfc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/03/19-01:28:40.672 1cfc Recovering log #3.2025/03/19-01:28:40.674 1cfc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250319052844Z-194.bmp

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:PC bitmap, Windows 3.x format, 164 x -96 x 32, cbSize 63030, bits offset 54
                              Category:dropped
                              Size (bytes):63030
                              Entropy (8bit):1.3589707753116254
                              Encrypted:false
                              SSDEEP:192:biC52vH333Yo83/VZrOXR33IlcRao8333333e:TgxH
                              MD5:A4892604ABDA39C23CC1AAB9AC5F5A1E
                              SHA1:5BE34785252645A0BB2D314D633487242D985693
                              SHA-256:CAD6BB7E3E134FD37D69F2D41DEED50001A5939990AE8980F5FD41198F23739A
                              SHA-512:9931ED630D69228962A4600B5C53F4374F3EEE5EF3BBF4832E901A0F9B7B20D0722E1D840219EDD4DC8604C7564E2C60CD6835A2A849467787051310C6F10E47
                              Malicious:false
                              Preview:BM6.......6...(............. .........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................hh................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
                              Category:dropped
                              Size (bytes):86016
                              Entropy (8bit):4.4448347356026865
                              Encrypted:false
                              SSDEEP:384:ye6ci5tZiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:m6s3OazzU89UTTgUL
                              MD5:E332F67E717642721407AFC6D6353895
                              SHA1:E0295FE371D9EA565434C0C424818C7F5AE1DA53
                              SHA-256:C9E100ED06BCAC5EAD74DEE9E4C3D55182ADC92CF84E96E006957A2508866638
                              SHA-512:C37522077D3B0A121FE5A66C871810FE2AFD6A681F5EB3A5B283D42FD761388DB2FBCA07EFCE026CCC528B65FA3F389B65D2A00D7FDD21A6C3AE86D5DE0C163A
                              Malicious:false
                              Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:SQLite Rollback Journal
                              Category:dropped
                              Size (bytes):8720
                              Entropy (8bit):3.768618113845935
                              Encrypted:false
                              SSDEEP:48:7MEJioyVJioyNoy1C7oy16oy1nKOioy1noy1AYoy1Wioy1oioykioyBoy1noy1OX:7zJuJXqXjBiub9IVXEBodRBkn
                              MD5:225584012422DBF458D8F51769221F2D
                              SHA1:852BB1856A7899E8EE3BE693433482FF26C09F43
                              SHA-256:8E46A7BD38D91281965874F262D29446905A594AE452C29AE02BF66FD806D7D2
                              SHA-512:F471A36C1BC8D90BAE4DA76FBDA6BA17298CD6835060B641C01157A97838C4D14526DC8F159FDEA7AF696C04E209BCFDC38F7912877F48798C238484206E4755
                              Malicious:false
                              Preview:.... .c.....K..%...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:Certificate, Version=3
                              Category:dropped
                              Size (bytes):1391
                              Entropy (8bit):7.705940075877404
                              Encrypted:false
                              SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                              MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                              SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                              SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                              SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                              Malicious:false
                              Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 73305 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                              Category:dropped
                              Size (bytes):73305
                              Entropy (8bit):7.996028107841645
                              Encrypted:true
                              SSDEEP:1536:krha8mqJ7v3CeFMz/akys7nSTK7QMuK+C/Oh5:kAOFq+Mba9Ok7C/O/
                              MD5:83142242E97B8953C386F988AA694E4A
                              SHA1:833ED12FC15B356136DCDD27C61A50F59C5C7D50
                              SHA-256:D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755
                              SHA-512:BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10
                              Malicious:false
                              Preview:MSCF....Y.......,...................I.................;Za. .authroot.stl.98.?.6..CK..<Tk......4..c... .Ec...U.d.d.E&I.DH*..M.KB."..rK.RQ*..}f..f...}..1....9...........$.8q..fa...7.o.1.0...bfsM4.........u..l..0..4.a.t....0.....6#....n. :... ....%.,CQ5uU..(.3.<7#.0..JN.$...=j|w..*.#.oU..Eq[..P..^..~.V...;..m...I|...l..@-W..=.QQ.._./.M.nZ..(.........`.$Z.9wW:W.]..8*E.......I.D{..n...K:.m..^.(.S.......c..s.y..<...2.%o.o.....H.B.R.....11.|!.(...........h.SZ........<...^....Z>.Pp?... .pT@p.#.&..........#VEV=.....p........y..."T=l.n..egf.w..X.Y..-G...........KQ.]...pM..[m..-6.wd:........T...:.P5Zs....c.oT`..F1#......EuD.......7....V ..-....!.N..%S...k...S. ...@.J..../..b!B.(=\../.l......`.\...q9..>4!b..8EH.....zdy.....#...X>%0w...i.,>c.z.g"p.S..2W.+mMs.....5Def.....#._D.4....>}...i...\.&`D.......z;..ZY.3.+t.`....z_.q'w.z.)..j3.+.co.s..:.........qK...{...E....uPO...#vs.XxH.B!..(t. 8k+.....G\..?..GF8....'..w.>.ms..\ve.nFN..W)....xi..u..5.f.l....

                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):192
                              Entropy (8bit):2.7673182398396405
                              Encrypted:false
                              SSDEEP:3:kkFklQeopkNllXfllXlE/HT8kB/h/tNNX8RolJuRdxLlGB9lQRYwpDdt:kKJeskVIT8O/RNMa8RdWBwRd
                              MD5:B043C62061A885692185B0DDF6902845
                              SHA1:27B3BB154001252D801EBEC9A285718224240294
                              SHA-256:F21FAF57267DAF7A2E7ECDD1B5F34C837E577D732E109C6A5210EE5E5A08257A
                              SHA-512:2885774590AB6A59AE2080BBC8B0AF336A6713F1A0CF801BCA463DABA69E1ADEA319C8063E70062ABC2EDC58502A2116D5B7E0F482D947E42953CC43E3EFB32A
                              Malicious:false
                              Preview:p...... .........I.....(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:data
                              Category:modified
                              Size (bytes):330
                              Entropy (8bit):3.183651560957911
                              Encrypted:false
                              SSDEEP:6:kKcVemcvSN+SkQlPlEGYRMY9z+4KlDA3RUeqpGVuys1:0emCkPlE99SNxAhUeq8S
                              MD5:1A51D0CC4EDC7B3A2FB78543409B9B33
                              SHA1:8EBBA734043F0B077731D4528F56EEFAC6A5000E
                              SHA-256:D608BD7A146A939AA8392BE85267F6C72462EC7784D5A2F5FDDBAC2F1E9B2CEB
                              SHA-512:9E901B5EA13768835473919BCDE409696348F8DF4F7C3F5BE8BEC85789590725B31DC6C8A7245DBB5EB765A51CF8988AF4D2F12F0F299D482EB4083039F471A6
                              Malicious:false
                              Preview:p...... ..........v....(....................................................... ..................(...........Y...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.4.2.7.f.6.c.2.b.7.8.7.d.b.1.:.0."...

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):228346
                              Entropy (8bit):3.3890581331110528
                              Encrypted:false
                              SSDEEP:1536:qKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgf/rRoL+sn:XPCaJ/3AYvYwgXFoL+sn
                              MD5:74B83081847678F84F398797D96C7D1B
                              SHA1:F506F7451F9BC68E793B61DE0CC050A1F76CA456
                              SHA-256:C4DE96F2EC8DEC70804ABB97D20409E0429935A974012F7BA8DCB7AABCC90ED3
                              SHA-512:DA3D2CC9303E713DDC2EB5E4C47060CC028A903443E2AC99491B04982296E39DB517B807D76DD5C97DF15000C360D9CD7FD382A19E5E98E5D930B8354B91A01A
                              Malicious:false
                              Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):295
                              Entropy (8bit):5.3524351064874285
                              Encrypted:false
                              SSDEEP:6:YEQXJ2HXKGT5QIvn10nZiQ0YWQdoAvJM3g98kUwPeUkwRe9:YvXKXR10cNGMbLUkee9
                              MD5:F00301F7F95F2AE22DA676390F22736F
                              SHA1:0143389780A9D7DF514A22A29A6FA9498428F8CA
                              SHA-256:E4D35CCDDFFECF7FB6AF5FE062578FE5746C3CBE5E6754A0DB8B5BACCF90F931
                              SHA-512:9A280FDBC8D6C0E1EE88EA4005F62BEDF4CEE5D9A3DEB8EB7AB2FBA48BFD62DBF4CB3C410E6715BEEEE55F2FC1C90F37D20934A9B5A6B7919842BAE0B578F14E
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"c35bdcca-a74c-4033-b923-48082810848d","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1742541632223,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):294
                              Entropy (8bit):5.3081363291620045
                              Encrypted:false
                              SSDEEP:6:YEQXJ2HXKGT5QIvn10nZiQ0YWQdoAvJfBoTfXpnrPeUkwRe9:YvXKXR10cNGWTfXcUkee9
                              MD5:FAEA18ED4C5981F353111632D5B71FBF
                              SHA1:A1ACDACB8DCE41406A20CDF4AE0CECF381E1D541
                              SHA-256:48874B0A81DECFCCA0BF4882F5E1937D4F893B91976C8FAE53D2A2CF887B4ECB
                              SHA-512:294D9DF36CF98EFF0DAE0C4B84EA5478A7CAC2139A0CE6AF5E76B24F797B948314B0F58DA26E6DDD1F83DF06798E585F6A65B3E000B4D1DD153931764383308F
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"c35bdcca-a74c-4033-b923-48082810848d","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1742541632223,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):294
                              Entropy (8bit):5.2853016830071855
                              Encrypted:false
                              SSDEEP:6:YEQXJ2HXKGT5QIvn10nZiQ0YWQdoAvJfBD2G6UpnrPeUkwRe9:YvXKXR10cNGR22cUkee9
                              MD5:913E93D7D8016D56E1A3F77375F73FA2
                              SHA1:4FA9B3B83F1C2E137014D16295C48C44FCA804CD
                              SHA-256:54F7AC85F4523798A1C8E086710837982DBAAA97679480738778E419F45D8183
                              SHA-512:42815DE9800F54ECC5554D5B33BB2D73C336D538BAFEA5247A4CD6E2CD51FFE194DCAC64972651F473D4685EB3A81FD12B8BE222CD00DCCF968428966182144F
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"c35bdcca-a74c-4033-b923-48082810848d","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1742541632223,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):285
                              Entropy (8bit):5.332074233736288
                              Encrypted:false
                              SSDEEP:6:YEQXJ2HXKGT5QIvn10nZiQ0YWQdoAvJfPmwrPeUkwRe9:YvXKXR10cNGH56Ukee9
                              MD5:5F146E9844BC14C61D56DD2A176DCD1F
                              SHA1:D21B2373762B2D6604AA4DA5734250A7A0D614AB
                              SHA-256:536E772569A12620AAEC1652803F75019C41285AEB13BFD421984E6F36F1F87D
                              SHA-512:379D5EE8995FC11F4CFB26D5A823DD0AD6C1DB35BF1A8B29E1292E6B56B5AAAEC4BCCF7DD7B9365B0B8932BC5A2E7E8113316ACFF0B343A17B5D86B384308FED
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"c35bdcca-a74c-4033-b923-48082810848d","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1742541632223,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):2113
                              Entropy (8bit):5.842237098771527
                              Encrypted:false
                              SSDEEP:24:Yv6XRbypLgEGycjycR84bNerISIedJGWQxiE5iODneLKnlYMfNcQbpEsrAr3bQro:Yveuhgly48Y/TWCjiOumNcvKOrkUN
                              MD5:2FE3C426C7F5AD43F0B271E85D6F407E
                              SHA1:626E59DFD492D2FE33D80333049BF5B5C9B9AD34
                              SHA-256:F535F8ED18B484BB9A17080370058D03DFCD88A99FDCB9BBADBC60D387B8491D
                              SHA-512:CB59A45D5D296E3DDE90857427B57D46C92BFE6D9ECDDCC5F1DE1A90283FEA515A6C2E3B2F24A1B25BC93ABA995DD0D5837435729E02F0D8B89A6D6A1F5FDE9E
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"c35bdcca-a74c-4033-b923-48082810848d","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1742541632223,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_1","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"5a9d1955-ab74-4b89-837a-074b702313c0","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2NvbnZlcnQiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRXhwb3J0IFBERnMgdG8gTWljcm9zb2Z0IFdvcmQgYW5kIEV4Y2VsLiIsImN0YUxhYmVsIjpudWxsLCJjdGFCZWhhdmlvciI6bnVsbCwiY3RhVXJsIjpudWxsLCJjdGFVcmxUeXBlIjpudWxsLC

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):289
                              Entropy (8bit):5.282433491286047
                              Encrypted:false
                              SSDEEP:6:YEQXJ2HXKGT5QIvn10nZiQ0YWQdoAvJf8dPeUkwRe9:YvXKXR10cNGU8Ukee9
                              MD5:277874C49D08321FB4545785738AFD87
                              SHA1:C6D3EE65432770C68C3D20A4A30F5B8A301679A6
                              SHA-256:FBC96C83E51A81E3F6676D67CE8544C4F059863003B83C5B08FB9E5FE6CB9033
                              SHA-512:B4C3CA5523EE00151E6FAB6B93EFD02BB6B5E4575C087BFB1AA5B86BBAAD4918ADD98FAC68A9887541B104EEC2BC4F334D633D2F0CEB89B73EF24931D6BA0399
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"c35bdcca-a74c-4033-b923-48082810848d","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1742541632223,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):292
                              Entropy (8bit):5.285866018034955
                              Encrypted:false
                              SSDEEP:6:YEQXJ2HXKGT5QIvn10nZiQ0YWQdoAvJfQ1rPeUkwRe9:YvXKXR10cNGY16Ukee9
                              MD5:87C78282241685B224DC8F0D6C60ECF0
                              SHA1:960933F3B6804EB4E588320B3E85AE1BB80F5208
                              SHA-256:49E3FA60A0DE9F686D44E884636B1439D24C64BFD0BF62512D354579C8997C46
                              SHA-512:DC0BCAA93EC3FF8FA81974A9E049950E359B2295152C80F5F88A5ADD0CFFDF55E1EA4FB4AB92FD238C39B7B32563BD3709E02953849F4AE7C418877F522F9414
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"c35bdcca-a74c-4033-b923-48082810848d","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1742541632223,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):2064
                              Entropy (8bit):5.82441728502555
                              Encrypted:false
                              SSDEEP:48:Yve9ogbN48l/GiyLVzyODRHKOkQDcSmjWAN:Geeg54Y/IVO4QOkQoSmF
                              MD5:54FDD2F0B54BA7571A754CC79A017BAA
                              SHA1:3CA6FEF0082C7D1A077DE4271680CB298134CE4E
                              SHA-256:8073D7F2DF0DDDFD7F91D1BBEB54EF7ADBD4FECBC8D11857475F4098104F67BD
                              SHA-512:E0D611D2EA2553DBD836A1C57F917BDD77EF6FA32367055C898CC1729149CAA29DFBA178FFA015BAAC2B81957E9F3D711F3F20B6B7707A7D5E071F42A4C780CF
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"c35bdcca-a74c-4033-b923-48082810848d","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1742541632223,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_2","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"164bf29d-ee04-491c-adf2-c0bfeedb2d1b","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2VkaXQiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjpudWxsLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJhY2tpbmdJZCI6bnVsbCwiX21ldGFkYXRhIjp7InN0cmluZ01ldGFkYXRhIjp

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):295
                              Entropy (8bit):5.310914258773915
                              Encrypted:false
                              SSDEEP:6:YEQXJ2HXKGT5QIvn10nZiQ0YWQdoAvJfzdPeUkwRe9:YvXKXR10cNGb8Ukee9
                              MD5:705DA9775CE8B1EF15ECA47855A33C0D
                              SHA1:1A15007AD03E7539325C87C7EE431E4CB1F34271
                              SHA-256:ECDD5CF6CCF2EC0BBDA506F87F82FAF701D8626E0B3B0FB3B2D8A77FB6F145AA
                              SHA-512:1F3D5230B06CD712F1958D5EB1608403F91AE882E2D4E912593A88BEB2BD76B009F02C0970D3A18B804A5D837FC3A44C4AC1908FBC11E3C2B4D3875F4B8B8932
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"c35bdcca-a74c-4033-b923-48082810848d","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1742541632223,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):289
                              Entropy (8bit):5.291382582264322
                              Encrypted:false
                              SSDEEP:6:YEQXJ2HXKGT5QIvn10nZiQ0YWQdoAvJfYdPeUkwRe9:YvXKXR10cNGg8Ukee9
                              MD5:9562F196EC1F52AFCED53C09597D9001
                              SHA1:21178D363A9DC9F1B076BE4593394149A3CC0B7D
                              SHA-256:30013288D4EA7840667D8E81137605C9C92752180FF389FD7015B9D39A3DC73D
                              SHA-512:F304DFD10DD1E2AEA139A64C7E2350A6B98F1D25ED9F70829BAD1699568CD63EDE8093CACC45975A6C54861D5032739167654A6F41F0CF446DBCEF70B58B592E
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"c35bdcca-a74c-4033-b923-48082810848d","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1742541632223,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):284
                              Entropy (8bit):5.276963538453175
                              Encrypted:false
                              SSDEEP:6:YEQXJ2HXKGT5QIvn10nZiQ0YWQdoAvJf+dPeUkwRe9:YvXKXR10cNG28Ukee9
                              MD5:6E38F36FAD7855EF6D8CA95327792DA1
                              SHA1:9C1561E4F1A0F1AA24845ABAC23BAEAD7CE04624
                              SHA-256:CCD62727D8087C4847E42DD8D61296B6A5698ADE19AE3610C142E27321F49099
                              SHA-512:495F8D0075219F7E21508878DCAA5F3072608C965D6B218F1151103489737F2C5784FE29537002FEAA19E0DBE742F653AB15E8B68E36D0647A76B8B2AB18806F
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"c35bdcca-a74c-4033-b923-48082810848d","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1742541632223,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):291
                              Entropy (8bit):5.274988906176918
                              Encrypted:false
                              SSDEEP:6:YEQXJ2HXKGT5QIvn10nZiQ0YWQdoAvJfbPtdPeUkwRe9:YvXKXR10cNGDV8Ukee9
                              MD5:F2BB82B35CD65618307263D0F51A8B3F
                              SHA1:C6936EA27DB0E99F677787C2C9C5AA4BBDC37FA7
                              SHA-256:E2CCBA5F7782F615174D980333BE2542C477C7C1CF0F7CA15B1E8EC85F9F7E8A
                              SHA-512:779D14AECA81CEB1129D0E0A5A71495242B6B038A48417AE90F497DFBAE04E9ECCDD157F0C3AA5BEB42482E00580FC6569A40212829ED15222F2FFC49217C8CF
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"c35bdcca-a74c-4033-b923-48082810848d","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1742541632223,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):287
                              Entropy (8bit):5.278250948560224
                              Encrypted:false
                              SSDEEP:6:YEQXJ2HXKGT5QIvn10nZiQ0YWQdoAvJf21rPeUkwRe9:YvXKXR10cNG+16Ukee9
                              MD5:98A6DFCCFFD163A7AECDA9B6296B0CC3
                              SHA1:4B230E6961A539AE87C8E52E4E3EEE0841D8D503
                              SHA-256:17DB0E2402FB3A930DDDB97772A0395B5F86E9D2E7229B0E74A1A928F3E6088C
                              SHA-512:056BAC1574B773A41123ECAD280644C89863566B38E04828726B598C264FBF319CDAFE2BE41D0DAFFB0F078D5CE6BBDD0AA2B04A39A083DF3FC2E9F38A923376
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"c35bdcca-a74c-4033-b923-48082810848d","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1742541632223,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):2012
                              Entropy (8bit):5.838184368690378
                              Encrypted:false
                              SSDEEP:24:Yv6XRbuamXayLgEdycgNaLcR84bqerISIQ1iyLPZYMWD8W3V1LFnU6QHlOBIcfD4:YveMBgBG48j/SiyLVWOAI13kUN
                              MD5:C93D0B8DAFC3A9489D2EED1162F3DD76
                              SHA1:1BCE65CB5BF55C8388A1E26216236727367E9118
                              SHA-256:8268385EA15127876648226C771AD17D9A20F60718A33DD0D456F5C2AD277868
                              SHA-512:7000953A904F06A14334B00A3EDC08013F1BFDDC1AD5B7E5EA344D01FA518FD54081D7DD97D7FBDB46057CA830B6DD1ED348F630E07F6D41AFC7DBB2035D4AB0
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"c35bdcca-a74c-4033-b923-48082810848d","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1742541632223,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_0","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"339c0ba6-2e61-4622-82f6-f07787d206b8","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL3NpZ24iLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRWFzaWx5IGZpbGwgYW5kIHNpZ24gUERGcy4iLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJhY2tpbmdJZCI6bnVsbCwiX21ldGF

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):286
                              Entropy (8bit):5.254519706135214
                              Encrypted:false
                              SSDEEP:6:YEQXJ2HXKGT5QIvn10nZiQ0YWQdoAvJfshHHrPeUkwRe9:YvXKXR10cNGUUUkee9
                              MD5:7DB6BC8784733A47D2A4382F1F651E24
                              SHA1:D9D6EF1F25904D4EF6935117F31DD4CBC7B93FCD
                              SHA-256:4ACC91FC1145B5856E93B37389A656501FEAE21C7A4982D9FB38779FF114A35C
                              SHA-512:FE50BFA618494908F20D1725E890D289F15C9CE9C8BA3A0EA17421581A108992D3A73CC948EDB82B26EA5BA04B3CB54284E5588A0413E66BE736AE22586FDD1A
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"c35bdcca-a74c-4033-b923-48082810848d","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1742541632223,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):282
                              Entropy (8bit):5.252656260445998
                              Encrypted:false
                              SSDEEP:6:YEQXJ2HXKGT5QIvn10nZiQ0YWQdoAvJTqgFCrPeUkwRe9:YvXKXR10cNGTq16Ukee9
                              MD5:72A2ABE073765DC37C730E86FB5B04DF
                              SHA1:A92AF139666C2261C1449A00ED559346BF80F597
                              SHA-256:10C4236691650EA8CDEF91F2FB557AAABAC0900683FA936211B8ABD1ED20F4F6
                              SHA-512:427F53B9602195D7A22AF60212A42259716A294B15CEDA7B0D47A7E4DC51A1EC567806E951A07EDB72070A4EB59F2F18958206B04389AB7F5AEEE4385E317AA5
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"c35bdcca-a74c-4033-b923-48082810848d","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1742541632223,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):4
                              Entropy (8bit):0.8112781244591328
                              Encrypted:false
                              SSDEEP:3:e:e
                              MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                              SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                              SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                              SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                              Malicious:false
                              Preview:....

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):2815
                              Entropy (8bit):5.134391987305751
                              Encrypted:false
                              SSDEEP:24:Y/nazgHayvFnABQgM6rSrKwO8Jj4M8j0SbyACj2jUV2LSlCleS5UBeFLA59J9hLT:YFAtMUSmDi4fhIrV3oeS5UBeW19V
                              MD5:65B1B3212E3086DF85CE94A6002CBF61
                              SHA1:1EFE86F8FC0A72D8FC14008E7C1FE21C8D54C8DE
                              SHA-256:2652692C3AAC0585626F9C308F4F757302873EE786C422DD482DB2C1EBA6C85E
                              SHA-512:D1AE7D9B2AA6E506BDD51E64CD114871F5BC6B2BEC91A01EA7D87DA1B80ADD69F9DEB2AF11D8464C21D6FCBD60B381A410146C3DD737CE3C0E0F27A4E0AAD54C
                              Malicious:false
                              Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"fbbaf66b4ffe1c05aca8c8cc87608ee7","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1742362126000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"0f8c3a0c24d2dcac4c366916f211ffdf","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":2012,"ts":1742362126000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"7d750a8bedf9c8ec161c056d643140d6","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":2113,"ts":1742362126000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"2c780bdb4a3e5c25dd24fef9c5033243","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":2064,"ts":1742362126000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"a67f9f99d77940d2439362e3aa76aae2","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1742362126000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"7ab9dcb5dac00c7050fd5cc1b3c966f8","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file",

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 24, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 24
                              Category:dropped
                              Size (bytes):12288
                              Entropy (8bit):1.1472179228175683
                              Encrypted:false
                              SSDEEP:24:TLhx/XYKQvGJF7ursALRZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcL:TFl2GL7msiXc+XcGNFlRYIX2v3kr
                              MD5:53538E84ED79C4E957D7C2DC2391C690
                              SHA1:E45348D26C5358BEEE94106445C57002BBCAD9A2
                              SHA-256:1E34AF743B90179FD4D8265E796DA4425A95AB1E77FEAFCE2928714B75CC047D
                              SHA-512:AACD0C4D28FD0921FF8408D7A9DFC95814C90FA89F7FCFDC62326FEBAF750396ED20F23E53917C1302242B23757270AB963E581B82D1E2A4258FF07BB1B8769A
                              Malicious:false
                              Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:SQLite Rollback Journal
                              Category:dropped
                              Size (bytes):8720
                              Entropy (8bit):1.550760575770398
                              Encrypted:false
                              SSDEEP:24:7+t6tLUXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHRuLuxzqLxx/XYB:7MHXc+XcGNFlRYIX2vyqVl2GL7msU
                              MD5:2E979AE42D76C3A8CDE685C8D1DBF4CC
                              SHA1:EE695FE6E933C8C86702B690213180F763181991
                              SHA-256:260B472C1F719FD4E26153F98895BEE0CB121562B04538C7A546A98602A0E432
                              SHA-512:3A7D211A4E6E2B60F71C8F101F749DB5004C6813E9C87CF941E84CEF1E45D1DC5687F9C315667CD9E41B9C8DA5E85C68053D60C95852DEB083DC8D895ECC5C2E
                              Malicious:false
                              Preview:.... .c......i............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................b..b.b.b.b.b.b.b.b.b.b.b.b.b..................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Temp\MSI2cb21.LOG

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):246
                              Entropy (8bit):3.5390718303530573
                              Encrypted:false
                              SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8muVl8M:Qw946cPbiOxDlbYnuRKA
                              MD5:5F9DD08A0B31F23FE1C6CC1FF9B4131C
                              SHA1:50DF94BAEF4E580112ADC19639B2B2A9430D8FEE
                              SHA-256:5D3472A71760D42E4BE028AB749F8D6F3D4311F040A825390147340E36ADB980
                              SHA-512:5B1E587D8619078D70F021DBED2EFC26042023C529D2D60956A9979D9BCDCA3F079626504326D45242399F0EDFCC8B7964E7808C79EDB685C9C24BA045FED17D
                              Malicious:false
                              Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.9./.0.3./.2.0.2.5. . .0.1.:.2.8.:.4.7. .=.=.=.....

                              C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-03-19 01-28-42-020.log

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:ASCII text, with very long lines (393)
                              Category:dropped
                              Size (bytes):16525
                              Entropy (8bit):5.338264912747007
                              Encrypted:false
                              SSDEEP:384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb
                              MD5:128A51060103D95314048C2F32A15C66
                              SHA1:EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB
                              SHA-256:601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713
                              SHA-512:55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677
                              Malicious:false
                              Preview:SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig:

                              C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:ASCII text, with very long lines (393), with CRLF line terminators
                              Category:dropped
                              Size (bytes):15114
                              Entropy (8bit):5.336782070711462
                              Encrypted:false
                              SSDEEP:384:PZFo95B+FVCSneSv4AQva1vhhuVWXEsfys5FvHXb5Uo8K7ov1gitdswpIkONBUUq:HhW
                              MD5:48580E3DA1C0A6310942C4DD263B351C
                              SHA1:1B7E163C9C1562A1E045A9355177891AFCF7E116
                              SHA-256:C8D8974A34BFB682A96F63BEC6CD166A1982766EBF8006DFE5CB6FC7BB425B05
                              SHA-512:7EF6009DA804C2180859CA540A9955916E9329425E41A32499D591E6F57E90085B8FF8D7BA864D0C4FF840474AB0C7968DD0A2AA0B8CF61F68AFDFF7A18504B1
                              Malicious:false
                              Preview:SessionID=59e4ce9a-adad-481c-b06a-a1576e535597.1742362122034 Timestamp=2025-03-19T01:28:42:034-0400 ThreadID=2700 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=59e4ce9a-adad-481c-b06a-a1576e535597.1742362122034 Timestamp=2025-03-19T01:28:42:036-0400 ThreadID=2700 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=59e4ce9a-adad-481c-b06a-a1576e535597.1742362122034 Timestamp=2025-03-19T01:28:42:036-0400 ThreadID=2700 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=59e4ce9a-adad-481c-b06a-a1576e535597.1742362122034 Timestamp=2025-03-19T01:28:42:036-0400 ThreadID=2700 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=59e4ce9a-adad-481c-b06a-a1576e535597.1742362122034 Timestamp=2025-03-19T01:28:42:036-0400 ThreadID=2700 Component=ngl-lib_NglAppLib Description="SetConf

                              C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):29752
                              Entropy (8bit):5.403508619011843
                              Encrypted:false
                              SSDEEP:192:acb4I3dcbPcbaIO4cbYcbqnIdjcb6acbaIewcbTo7Vcb1yIYicbLd:V3fOCIdJDerYh
                              MD5:03D2038B83E8573B13C0B37447DB3E68
                              SHA1:4180D0AE154634AE4C9CFC095D5A04E02D2ED4D3
                              SHA-256:5BE7E1DD9F976813C4B28A775154472FD3C661CBB18AF69E6F65CB0248C1F89F
                              SHA-512:44AE2CED56DF23CD471BEF062D852D31D71B3246D5B0AF0862D6C46AFBA9A12EDA5D572FD8C850B05A90B226CA7EA4EFE9320F5C4AF0E8E1908557F2DA116475
                              Malicious:false
                              Preview:05-10-2023 08:20:22:.---2---..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 08:20:22:.Closing File..05-10-

                              C:\Users\user\AppData\Local\Temp\acrocef_low\785f6ed8-2739-4282-883f-9a03f79c2d8f.tmp

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                              Category:dropped
                              Size (bytes):386528
                              Entropy (8bit):7.9736851559892425
                              Encrypted:false
                              SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                              MD5:5C48B0AD2FEF800949466AE872E1F1E2
                              SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                              SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                              SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                              Malicious:false
                              Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                              C:\Users\user\AppData\Local\Temp\acrocef_low\bb960590-076f-4b4b-952d-f14009210df6.tmp

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 647360
                              Category:dropped
                              Size (bytes):1407294
                              Entropy (8bit):7.97605879016224
                              Encrypted:false
                              SSDEEP:24576:/I+wYIGNP4bdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07mWL07oXGZd:LwZG6b3mlind9i4ufFXpAXkrfUs0CWLk
                              MD5:F5279DA3659F1FDF155BE793A409106A
                              SHA1:B389FCDB8832ABD4BC4A06CB7E97107FC5E139EA
                              SHA-256:4926C6879266E3E2301A1823FE1FF8772B1FA7A33163224B1B5C2695A0E372CA
                              SHA-512:07CA1BF523F22967695DF263E7477135C69F5B9F6B612B8037F9434C099F5BE132957DAC9619F13F97FDDD6A543E78D395755F7BB644B34D864C46239F7DDAD6
                              Malicious:false
                              Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                              C:\Users\user\AppData\Local\Temp\acrocef_low\bc5e8207-87b1-4c13-a372-0721c223ca8f.tmp

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                              Category:dropped
                              Size (bytes):758601
                              Entropy (8bit):7.98639316555857
                              Encrypted:false
                              SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                              MD5:3A49135134665364308390AC398006F1
                              SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                              SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                              SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                              Malicious:false
                              Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                              C:\Users\user\AppData\Local\Temp\acrocef_low\d71a9743-fc70-497f-b1d8-ccb9d29649fe.tmp

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                              Category:dropped
                              Size (bytes):1419751
                              Entropy (8bit):7.976496077007677
                              Encrypted:false
                              SSDEEP:24576:/rnOWL07oYGZQeYIGNPZdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:TOWLxYGZQeZGH3mlind9i4ufFXpAXkru
                              MD5:4DF3EB9167FA932079F96742C37F56E2
                              SHA1:DB943B52F019F419A86C637AC94D809DE845144B
                              SHA-256:E3BA7B4D7F5BA4F5DB29A7DFAB356B78020070A4789DB068B9E7D69AAA9380C3
                              SHA-512:4B2180F8DBAAFB65D05F1E354ACE2308ACA23D2F15C47B4141926240B689BCA643491D882E2AD1AE235C044F032B2DDAF140BD8824D67903AE2FC9ABA4F7E8F3
                              Malicious:false
                              Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                              Chrome Cache Entry: 305

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (3298)
                              Category:downloaded
                              Size (bytes):3303
                              Entropy (8bit):5.845280999261656
                              Encrypted:false
                              SSDEEP:96:bdlgH6666Ln5Jn4drLPRLIiZ1DX0W2f9UKfffQfo:ngH6666jf4dfPR0EX49d
                              MD5:DCE91BCB71AEB7FAF524590EF2F5F593
                              SHA1:82E4AF278B91166AC6922690F415663A8D0BCEC0
                              SHA-256:6B1DEB15D074DB37124A88AC233D2B787BB46BB95AEC9F39AEA3C1790A8B1B90
                              SHA-512:3DEF6EA46A41520896BEBFE7FC47D215B780F9F27E762D32987E9839E22729277B1CE767DA268B477955C73334BBFF27014771EB2CF913BC7437BD42F07DCD52
                              Malicious:false
                              URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
                              Preview:)]}'.["",["frozen meals recalled","snow storm weather forecast","samsung galaxy one ui 7","general hospital hospital spoilers","amari cooper","pepsico buys prebiotic soda brand poppi","alexa amazon echo","new mortal kombat movie trailer"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChoIkk4SFQoRVHJlbmRpbmcgc2VhcmNoZXMoCg\u003d\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"CgovbS8wbmd0NHNuEhZGb290YmFsbCB3aWRlIHJlY2VpdmVyMosNZGF0YTppbWFnZS9qcGVnO2Jhc2U2NCwvOWovNEFBUVNrWkpSZ0FCQVFBQUFRQUJBQUQvMndDRUFBa0dCd2dIQmdrSUJ3Z0tDZ2tMRFJZUERRd01EUnNVRlJBV0lCMGlJaUFkSHg4a0tEUXNKQ1l4Sng4ZkxUMHRNVFUzT2pvNkl5cy9SRDg0UXpRNU9qY0JDZ29LRFF3TkdnOFBHamNsSHlVM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOLy9BQUJFSUFFQUFRQU1CSWdBQ0VRRURFUUgveEFBYkFBRUJBQU1BQXdBQUFBQUFBQUFBQUFBSEFBUUZCZ0VDQS8vRUFEQVFBQUVEQWdRRUJRTUVBd0FBQUFBQUFBRUNBd1FBRVFVR0VpRVRNWEdCQnlKQlVXRV

                              Static File Info

                              General

                              File type:PDF document, version 1.4, 1 pages
                              Entropy (8bit):7.896810025788748
                              TrID:
                              • Adobe Portable Document Format (5005/1) 100.00%
                              File name:processed-ach-remittance-031925 (2).pdf
                              File size:60'986 bytes
                              MD5:6ef7005eef078fd12a90f03a7753070a
                              SHA1:1f46d7868b22652458ef028d09f72baa5e1c3b9d
                              SHA256:2e45baa2e3bf3ea5da01f8a64e6e16ffca7a3da58ed8b9b295f85df4d1c89685
                              SHA512:8021b2cd22407ae018adff729ad0fb4c78b948d20f5311a1fb4d83bb0c5491edb0b2fc76dfd316dabf17fa369d3117f513f770b332c249068e77507d7a4cb0dd
                              SSDEEP:1536:1jk744Enpjaoel4qXkTXK4aVXSMnc1QTxN2/ncbQC1:EPM295kG7iMnwQTxN2fHy
                              TLSH:E653D0B4B1660C98E995C34A923435C98D4DF62E5AC518DA10B80EC3BD8CCD5AB73ADE
                              File Content Preview:%PDF-1.4.%.....1 0 obj.<</Title (HTML Editor - Full Version)./Creator (Mozilla/5.0 \(X11; Linux x86_64\) AppleWebKit/537.36 \(KHTML, like Gecko\) HeadlessChrome/134.0.0.0 Safari/537.36)./Producer (Skia/PDF m134)./CreationDate (D:20250318164850+00'00')./Mo

                              File Icon

                              Icon Hash:62cc8caeb29e8ae0

                              Static PDF Info

                              General

                              Header:%PDF-1.4
                              Total Entropy:7.896810
                              Total Bytes:60986
                              Stream Entropy:7.993708
                              Stream Bytes:51353
                              Entropy outside Streams:5.322819
                              Bytes outside Streams:9633
                              Number of EOF found:1
                              Bytes after EOF:
                              NameCount
                              obj46
                              endobj46
                              stream20
                              endstream20
                              xref1
                              trailer1
                              startxref1
                              /Page1
                              /Encrypt0
                              /ObjStm0
                              /URI6
                              /JS0
                              /JavaScript0
                              /AA0
                              /OpenAction0
                              /AcroForm0
                              /JBIG2Decode0
                              /RichMedia0
                              /Launch0
                              /EmbeddedFile0
                              IDDHASHMD5Preview
                              40000000000000000fdda827b0288c9be4e93817da3e71081
                              50404062a6c525e060d3ea7540d369c250d3397855404bb59
                              70000000000000000b757ef81fffb0184381ecdf8d87f3779
                              8cca66d5155599acc258e49f428d437bbebb097b44e84cbd0
                              150000000000000000b59e0552698cb5528e78ea7592e02340

                              Network Behavior

                              Download Network PCAP: filteredfull

                              Network Port Distribution

                              • Total Packets: 122
                              • 443 (HTTPS)
                              • 80 (HTTP)
                              • 53 (DNS)
                              TimestampSource PortDest PortSource IPDest IP
                              Mar 19, 2025 06:28:32.850531101 CET49672443192.168.2.6204.79.197.203
                              Mar 19, 2025 06:28:35.256844997 CET49672443192.168.2.6204.79.197.203
                              Mar 19, 2025 06:28:39.320266962 CET49678443192.168.2.620.42.65.91
                              Mar 19, 2025 06:28:39.631764889 CET49678443192.168.2.620.42.65.91
                              Mar 19, 2025 06:28:40.069298029 CET49672443192.168.2.6204.79.197.203
                              Mar 19, 2025 06:28:40.241184950 CET49678443192.168.2.620.42.65.91
                              Mar 19, 2025 06:28:41.445872068 CET49678443192.168.2.620.42.65.91
                              Mar 19, 2025 06:28:43.854857922 CET49678443192.168.2.620.42.65.91
                              Mar 19, 2025 06:28:48.656131029 CET49678443192.168.2.620.42.65.91
                              Mar 19, 2025 06:28:49.671720028 CET49672443192.168.2.6204.79.197.203
                              Mar 19, 2025 06:28:52.586952925 CET4970280192.168.2.62.19.105.127
                              Mar 19, 2025 06:28:52.592729092 CET80497022.19.105.127192.168.2.6
                              Mar 19, 2025 06:28:52.592849970 CET4970280192.168.2.62.19.105.127
                              Mar 19, 2025 06:28:52.592924118 CET4970280192.168.2.62.19.105.127
                              Mar 19, 2025 06:28:52.597568035 CET80497022.19.105.127192.168.2.6
                              Mar 19, 2025 06:28:53.249305964 CET80497022.19.105.127192.168.2.6
                              Mar 19, 2025 06:28:53.249320984 CET80497022.19.105.127192.168.2.6
                              Mar 19, 2025 06:28:53.249417067 CET4970280192.168.2.62.19.105.127
                              Mar 19, 2025 06:28:53.389328957 CET80497022.19.105.127192.168.2.6
                              Mar 19, 2025 06:28:53.432113886 CET4970280192.168.2.62.19.105.127
                              Mar 19, 2025 06:28:58.257868052 CET49678443192.168.2.620.42.65.91
                              Mar 19, 2025 06:29:06.048429966 CET4970280192.168.2.62.19.105.127
                              Mar 19, 2025 06:29:09.943988085 CET49705443192.168.2.6162.241.114.35
                              Mar 19, 2025 06:29:09.944035053 CET44349705162.241.114.35192.168.2.6
                              Mar 19, 2025 06:29:09.944092989 CET49705443192.168.2.6162.241.114.35
                              Mar 19, 2025 06:29:09.972843885 CET49705443192.168.2.6162.241.114.35
                              Mar 19, 2025 06:29:09.972877026 CET44349705162.241.114.35192.168.2.6
                              Mar 19, 2025 06:29:10.617311954 CET44349705162.241.114.35192.168.2.6
                              Mar 19, 2025 06:29:10.618947983 CET49705443192.168.2.6162.241.114.35
                              Mar 19, 2025 06:29:10.622925997 CET49705443192.168.2.6162.241.114.35
                              Mar 19, 2025 06:29:10.622958899 CET44349705162.241.114.35192.168.2.6
                              Mar 19, 2025 06:29:10.623233080 CET44349705162.241.114.35192.168.2.6
                              Mar 19, 2025 06:29:10.806176901 CET49705443192.168.2.6162.241.114.35
                              Mar 19, 2025 06:29:10.806314945 CET44349705162.241.114.35192.168.2.6
                              Mar 19, 2025 06:29:10.806400061 CET49705443192.168.2.6162.241.114.35
                              Mar 19, 2025 06:29:14.067931890 CET49714443192.168.2.6142.250.186.36
                              Mar 19, 2025 06:29:14.067996979 CET44349714142.250.186.36192.168.2.6
                              Mar 19, 2025 06:29:14.068101883 CET49714443192.168.2.6142.250.186.36
                              Mar 19, 2025 06:29:14.068442106 CET49714443192.168.2.6142.250.186.36
                              Mar 19, 2025 06:29:14.068458080 CET44349714142.250.186.36192.168.2.6
                              Mar 19, 2025 06:29:14.731545925 CET44349714142.250.186.36192.168.2.6
                              Mar 19, 2025 06:29:14.731626034 CET49714443192.168.2.6142.250.186.36
                              Mar 19, 2025 06:29:14.735049963 CET49714443192.168.2.6142.250.186.36
                              Mar 19, 2025 06:29:14.735063076 CET44349714142.250.186.36192.168.2.6
                              Mar 19, 2025 06:29:14.735512018 CET44349714142.250.186.36192.168.2.6
                              Mar 19, 2025 06:29:14.782110929 CET49714443192.168.2.6142.250.186.36
                              Mar 19, 2025 06:29:15.187776089 CET5464853192.168.2.61.1.1.1
                              Mar 19, 2025 06:29:15.192604065 CET53546481.1.1.1192.168.2.6
                              Mar 19, 2025 06:29:15.192703962 CET5464853192.168.2.61.1.1.1
                              Mar 19, 2025 06:29:15.192743063 CET5464853192.168.2.61.1.1.1
                              Mar 19, 2025 06:29:15.197376013 CET53546481.1.1.1192.168.2.6
                              Mar 19, 2025 06:29:15.697237015 CET53546481.1.1.1192.168.2.6
                              Mar 19, 2025 06:29:15.697897911 CET5464853192.168.2.61.1.1.1
                              Mar 19, 2025 06:29:15.702799082 CET53546481.1.1.1192.168.2.6
                              Mar 19, 2025 06:29:15.702877998 CET5464853192.168.2.61.1.1.1
                              Mar 19, 2025 06:29:18.934360027 CET49714443192.168.2.6142.250.186.36
                              Mar 19, 2025 06:29:18.976315975 CET44349714142.250.186.36192.168.2.6
                              Mar 19, 2025 06:29:19.146862030 CET44349714142.250.186.36192.168.2.6
                              Mar 19, 2025 06:29:19.146982908 CET44349714142.250.186.36192.168.2.6
                              Mar 19, 2025 06:29:19.147085905 CET44349714142.250.186.36192.168.2.6
                              Mar 19, 2025 06:29:19.147161961 CET49714443192.168.2.6142.250.186.36
                              Mar 19, 2025 06:29:19.147177935 CET44349714142.250.186.36192.168.2.6
                              Mar 19, 2025 06:29:19.147232056 CET49714443192.168.2.6142.250.186.36
                              Mar 19, 2025 06:29:19.147286892 CET44349714142.250.186.36192.168.2.6
                              Mar 19, 2025 06:29:19.147445917 CET44349714142.250.186.36192.168.2.6
                              Mar 19, 2025 06:29:19.147598982 CET49714443192.168.2.6142.250.186.36
                              Mar 19, 2025 06:29:19.148830891 CET49714443192.168.2.6142.250.186.36
                              Mar 19, 2025 06:29:19.148844957 CET44349714142.250.186.36192.168.2.6
                              Mar 19, 2025 06:29:26.932667017 CET49686443192.168.2.6184.86.251.22
                              Mar 19, 2025 06:29:26.932821035 CET4968980192.168.2.62.23.77.188
                              Mar 19, 2025 06:29:49.999005079 CET443496802.23.227.215192.168.2.6
                              Mar 19, 2025 06:29:49.999102116 CET443496802.23.227.215192.168.2.6
                              Mar 19, 2025 06:29:49.999174118 CET49680443192.168.2.62.23.227.215
                              Mar 19, 2025 06:29:49.999175072 CET49680443192.168.2.62.23.227.215
                              Mar 19, 2025 06:30:11.992221117 CET4968480192.168.2.62.23.77.188
                              Mar 19, 2025 06:30:11.992221117 CET49682443192.168.2.620.190.160.5
                              Mar 19, 2025 06:30:11.997303009 CET80496842.23.77.188192.168.2.6
                              Mar 19, 2025 06:30:11.997417927 CET4968480192.168.2.62.23.77.188
                              Mar 19, 2025 06:30:11.997751951 CET4434968220.190.160.5192.168.2.6
                              Mar 19, 2025 06:30:11.997814894 CET49682443192.168.2.620.190.160.5
                              Mar 19, 2025 06:30:14.118027925 CET54667443192.168.2.6142.250.186.36
                              Mar 19, 2025 06:30:14.118082047 CET44354667142.250.186.36192.168.2.6
                              Mar 19, 2025 06:30:14.118146896 CET54667443192.168.2.6142.250.186.36
                              Mar 19, 2025 06:30:14.118449926 CET54667443192.168.2.6142.250.186.36
                              Mar 19, 2025 06:30:14.118468046 CET44354667142.250.186.36192.168.2.6
                              Mar 19, 2025 06:30:14.789374113 CET44354667142.250.186.36192.168.2.6
                              Mar 19, 2025 06:30:14.789623022 CET54667443192.168.2.6142.250.186.36
                              Mar 19, 2025 06:30:14.789644003 CET44354667142.250.186.36192.168.2.6
                              Mar 19, 2025 06:30:24.682969093 CET44354667142.250.186.36192.168.2.6
                              Mar 19, 2025 06:30:24.683118105 CET44354667142.250.186.36192.168.2.6
                              Mar 19, 2025 06:30:24.683248043 CET54667443192.168.2.6142.250.186.36
                              Mar 19, 2025 06:30:26.337841988 CET54667443192.168.2.6142.250.186.36
                              Mar 19, 2025 06:30:26.337877035 CET44354667142.250.186.36192.168.2.6
                              Mar 19, 2025 06:30:48.936906099 CET6230953192.168.2.61.1.1.1
                              Mar 19, 2025 06:30:48.941569090 CET53623091.1.1.1192.168.2.6
                              Mar 19, 2025 06:30:48.941653013 CET6230953192.168.2.61.1.1.1
                              Mar 19, 2025 06:30:48.941685915 CET6230953192.168.2.61.1.1.1
                              Mar 19, 2025 06:30:48.946408987 CET53623091.1.1.1192.168.2.6
                              Mar 19, 2025 06:30:49.471191883 CET53623091.1.1.1192.168.2.6
                              Mar 19, 2025 06:30:49.471667051 CET6230953192.168.2.61.1.1.1
                              Mar 19, 2025 06:30:49.476586103 CET53623091.1.1.1192.168.2.6
                              Mar 19, 2025 06:30:49.476670027 CET6230953192.168.2.61.1.1.1
                              Mar 19, 2025 06:31:54.141084909 CET49679443192.168.2.620.191.45.158
                              TimestampSource PortDest PortSource IPDest IP
                              Mar 19, 2025 06:28:52.575351000 CET5580153192.168.2.61.1.1.1
                              Mar 19, 2025 06:28:52.583966017 CET53558011.1.1.1192.168.2.6
                              Mar 19, 2025 06:29:09.794711113 CET6191953192.168.2.61.1.1.1
                              Mar 19, 2025 06:29:09.795110941 CET6289253192.168.2.61.1.1.1
                              Mar 19, 2025 06:29:09.802721977 CET53613661.1.1.1192.168.2.6
                              Mar 19, 2025 06:29:09.809566021 CET53628921.1.1.1192.168.2.6
                              Mar 19, 2025 06:29:09.816272020 CET53619191.1.1.1192.168.2.6
                              Mar 19, 2025 06:29:09.980459929 CET53559081.1.1.1192.168.2.6
                              Mar 19, 2025 06:29:11.089633942 CET53647341.1.1.1192.168.2.6
                              Mar 19, 2025 06:29:11.138333082 CET53562391.1.1.1192.168.2.6
                              Mar 19, 2025 06:29:13.171996117 CET53560301.1.1.1192.168.2.6
                              Mar 19, 2025 06:29:14.055361032 CET5402153192.168.2.61.1.1.1
                              Mar 19, 2025 06:29:14.055707932 CET5029353192.168.2.61.1.1.1
                              Mar 19, 2025 06:29:14.063479900 CET53540211.1.1.1192.168.2.6
                              Mar 19, 2025 06:29:14.064038992 CET53502931.1.1.1192.168.2.6
                              Mar 19, 2025 06:29:15.186443090 CET53492651.1.1.1192.168.2.6
                              Mar 19, 2025 06:29:37.388778925 CET138138192.168.2.6192.168.2.255
                              Mar 19, 2025 06:30:09.380414009 CET53631081.1.1.1192.168.2.6
                              Mar 19, 2025 06:30:12.968151093 CET53543831.1.1.1192.168.2.6
                              Mar 19, 2025 06:30:20.339946032 CET5440553192.168.2.61.1.1.1
                              Mar 19, 2025 06:30:20.340229034 CET6509153192.168.2.61.1.1.1
                              Mar 19, 2025 06:30:20.346721888 CET53544051.1.1.1192.168.2.6
                              Mar 19, 2025 06:30:20.346968889 CET53650911.1.1.1192.168.2.6
                              Mar 19, 2025 06:30:21.366355896 CET5222853192.168.2.61.1.1.1
                              Mar 19, 2025 06:30:21.366549969 CET6220553192.168.2.61.1.1.1
                              Mar 19, 2025 06:30:21.373542070 CET53522281.1.1.1192.168.2.6
                              Mar 19, 2025 06:30:21.373754978 CET53622051.1.1.1192.168.2.6
                              Mar 19, 2025 06:30:23.397732019 CET5666653192.168.2.61.1.1.1
                              Mar 19, 2025 06:30:23.404578924 CET53566661.1.1.1192.168.2.6
                              Mar 19, 2025 06:30:24.413672924 CET5666653192.168.2.61.1.1.1
                              Mar 19, 2025 06:30:24.421623945 CET53566661.1.1.1192.168.2.6
                              Mar 19, 2025 06:30:25.428664923 CET5666653192.168.2.61.1.1.1
                              Mar 19, 2025 06:30:25.435291052 CET53566661.1.1.1192.168.2.6
                              Mar 19, 2025 06:30:27.428987026 CET5666653192.168.2.61.1.1.1
                              Mar 19, 2025 06:30:27.435579062 CET53566661.1.1.1192.168.2.6
                              Mar 19, 2025 06:30:31.459461927 CET5666653192.168.2.61.1.1.1
                              Mar 19, 2025 06:30:31.466103077 CET53566661.1.1.1192.168.2.6
                              Mar 19, 2025 06:30:36.340176105 CET4974553192.168.2.61.1.1.1
                              Mar 19, 2025 06:30:36.340279102 CET4993853192.168.2.61.1.1.1
                              Mar 19, 2025 06:30:36.346860886 CET53497451.1.1.1192.168.2.6
                              Mar 19, 2025 06:30:36.347791910 CET53499381.1.1.1192.168.2.6
                              Mar 19, 2025 06:30:37.366838932 CET5909153192.168.2.61.1.1.1
                              Mar 19, 2025 06:30:37.373869896 CET53590911.1.1.1192.168.2.6
                              Mar 19, 2025 06:30:39.399251938 CET6516653192.168.2.61.1.1.1
                              Mar 19, 2025 06:30:39.407368898 CET53651661.1.1.1192.168.2.6
                              Mar 19, 2025 06:30:40.413794041 CET6516653192.168.2.61.1.1.1
                              Mar 19, 2025 06:30:40.420823097 CET53651661.1.1.1192.168.2.6
                              Mar 19, 2025 06:30:41.414314985 CET6516653192.168.2.61.1.1.1
                              Mar 19, 2025 06:30:41.421144962 CET53651661.1.1.1192.168.2.6
                              Mar 19, 2025 06:30:43.429482937 CET6516653192.168.2.61.1.1.1
                              Mar 19, 2025 06:30:43.436476946 CET53651661.1.1.1192.168.2.6
                              Mar 19, 2025 06:30:47.444370031 CET6516653192.168.2.61.1.1.1
                              Mar 19, 2025 06:30:47.451404095 CET53651661.1.1.1192.168.2.6
                              Mar 19, 2025 06:30:48.936248064 CET53591441.1.1.1192.168.2.6
                              Mar 19, 2025 06:30:52.339299917 CET5319753192.168.2.61.1.1.1
                              Mar 19, 2025 06:30:52.339660883 CET5140253192.168.2.61.1.1.1
                              Mar 19, 2025 06:30:52.346232891 CET53531971.1.1.1192.168.2.6
                              Mar 19, 2025 06:30:52.346740961 CET53514021.1.1.1192.168.2.6
                              Mar 19, 2025 06:30:53.366890907 CET5935253192.168.2.61.1.1.1
                              Mar 19, 2025 06:30:53.373564005 CET53593521.1.1.1192.168.2.6
                              Mar 19, 2025 06:30:55.398116112 CET5308053192.168.2.61.1.1.1
                              Mar 19, 2025 06:30:55.404915094 CET53530801.1.1.1192.168.2.6
                              Mar 19, 2025 06:30:56.398003101 CET5308053192.168.2.61.1.1.1
                              Mar 19, 2025 06:30:56.406218052 CET53530801.1.1.1192.168.2.6
                              Mar 19, 2025 06:30:57.398212910 CET5308053192.168.2.61.1.1.1
                              Mar 19, 2025 06:30:57.405270100 CET53530801.1.1.1192.168.2.6
                              Mar 19, 2025 06:30:59.413395882 CET5308053192.168.2.61.1.1.1
                              Mar 19, 2025 06:30:59.421472073 CET53530801.1.1.1192.168.2.6
                              Mar 19, 2025 06:31:03.413352013 CET5308053192.168.2.61.1.1.1
                              Mar 19, 2025 06:31:03.419858932 CET53530801.1.1.1192.168.2.6
                              Mar 19, 2025 06:31:08.338198900 CET6199153192.168.2.61.1.1.1
                              Mar 19, 2025 06:31:08.338329077 CET5647953192.168.2.61.1.1.1
                              Mar 19, 2025 06:31:08.345325947 CET53619911.1.1.1192.168.2.6
                              Mar 19, 2025 06:31:08.345746994 CET53564791.1.1.1192.168.2.6
                              Mar 19, 2025 06:31:09.353789091 CET5127353192.168.2.61.1.1.1
                              Mar 19, 2025 06:31:09.360670090 CET53512731.1.1.1192.168.2.6
                              Mar 19, 2025 06:31:11.382407904 CET5553853192.168.2.61.1.1.1
                              Mar 19, 2025 06:31:11.389492989 CET53555381.1.1.1192.168.2.6
                              Mar 19, 2025 06:31:12.382380009 CET5553853192.168.2.61.1.1.1
                              Mar 19, 2025 06:31:12.389046907 CET53555381.1.1.1192.168.2.6
                              Mar 19, 2025 06:31:13.398049116 CET5553853192.168.2.61.1.1.1
                              Mar 19, 2025 06:31:13.405006886 CET53555381.1.1.1192.168.2.6
                              Mar 19, 2025 06:31:15.399756908 CET5553853192.168.2.61.1.1.1
                              Mar 19, 2025 06:31:15.406471014 CET53555381.1.1.1192.168.2.6
                              Mar 19, 2025 06:31:19.413208008 CET5553853192.168.2.61.1.1.1
                              Mar 19, 2025 06:31:19.419720888 CET53555381.1.1.1192.168.2.6
                              Mar 19, 2025 06:31:24.341272116 CET5382653192.168.2.61.1.1.1
                              Mar 19, 2025 06:31:24.341415882 CET5737653192.168.2.61.1.1.1
                              Mar 19, 2025 06:31:24.348397970 CET53538261.1.1.1192.168.2.6
                              Mar 19, 2025 06:31:24.348975897 CET53573761.1.1.1192.168.2.6
                              Mar 19, 2025 06:31:25.366173983 CET5789953192.168.2.61.1.1.1
                              Mar 19, 2025 06:31:25.373451948 CET53578991.1.1.1192.168.2.6
                              Mar 19, 2025 06:31:27.397821903 CET5338353192.168.2.61.1.1.1
                              Mar 19, 2025 06:31:27.405148029 CET53533831.1.1.1192.168.2.6
                              Mar 19, 2025 06:31:28.398372889 CET5338353192.168.2.61.1.1.1
                              Mar 19, 2025 06:31:28.405328035 CET53533831.1.1.1192.168.2.6
                              Mar 19, 2025 06:31:29.412903070 CET5338353192.168.2.61.1.1.1
                              Mar 19, 2025 06:31:29.433923960 CET53533831.1.1.1192.168.2.6
                              Mar 19, 2025 06:31:31.413674116 CET5338353192.168.2.61.1.1.1
                              Mar 19, 2025 06:31:31.420876980 CET53533831.1.1.1192.168.2.6
                              Mar 19, 2025 06:31:35.428949118 CET5338353192.168.2.61.1.1.1
                              Mar 19, 2025 06:31:35.436256886 CET53533831.1.1.1192.168.2.6
                              Mar 19, 2025 06:31:36.325819969 CET6089153192.168.2.61.1.1.1
                              Mar 19, 2025 06:31:36.326111078 CET5804853192.168.2.61.1.1.1
                              Mar 19, 2025 06:31:36.332798958 CET53580481.1.1.1192.168.2.6
                              Mar 19, 2025 06:31:36.333242893 CET53608911.1.1.1192.168.2.6
                              Mar 19, 2025 06:31:37.351221085 CET6395953192.168.2.61.1.1.1
                              Mar 19, 2025 06:31:37.351357937 CET6254853192.168.2.61.1.1.1
                              Mar 19, 2025 06:31:37.357846975 CET53639591.1.1.1192.168.2.6
                              Mar 19, 2025 06:31:37.358799934 CET53625481.1.1.1192.168.2.6
                              Mar 19, 2025 06:31:39.383111000 CET5128653192.168.2.61.1.1.1
                              Mar 19, 2025 06:31:39.389981031 CET53512861.1.1.1192.168.2.6
                              Mar 19, 2025 06:31:40.397691965 CET5128653192.168.2.61.1.1.1
                              Mar 19, 2025 06:31:40.406289101 CET53512861.1.1.1192.168.2.6
                              Mar 19, 2025 06:31:41.411660910 CET5128653192.168.2.61.1.1.1
                              Mar 19, 2025 06:31:41.419151068 CET53512861.1.1.1192.168.2.6
                              Mar 19, 2025 06:31:43.413343906 CET5128653192.168.2.61.1.1.1
                              Mar 19, 2025 06:31:43.420348883 CET53512861.1.1.1192.168.2.6
                              Mar 19, 2025 06:31:47.428469896 CET5128653192.168.2.61.1.1.1
                              Mar 19, 2025 06:31:47.435333014 CET53512861.1.1.1192.168.2.6
                              Mar 19, 2025 06:31:52.339654922 CET5627253192.168.2.61.1.1.1
                              Mar 19, 2025 06:31:52.339787960 CET5009253192.168.2.61.1.1.1
                              Mar 19, 2025 06:31:52.340152025 CET6025453192.168.2.61.1.1.1
                              Mar 19, 2025 06:31:52.340297937 CET6189353192.168.2.61.1.1.1
                              Mar 19, 2025 06:31:52.346765995 CET53602541.1.1.1192.168.2.6
                              Mar 19, 2025 06:31:52.346791983 CET53618931.1.1.1192.168.2.6
                              Mar 19, 2025 06:31:52.347059011 CET53562721.1.1.1192.168.2.6
                              Mar 19, 2025 06:31:52.347444057 CET53500921.1.1.1192.168.2.6
                              Mar 19, 2025 06:31:53.351605892 CET5144653192.168.2.61.1.1.1
                              Mar 19, 2025 06:31:53.351605892 CET5567053192.168.2.61.1.1.1
                              Mar 19, 2025 06:31:53.351736069 CET5083153192.168.2.61.1.1.1
                              Mar 19, 2025 06:31:53.358748913 CET53514461.1.1.1192.168.2.6
                              Mar 19, 2025 06:31:53.358803034 CET53508311.1.1.1192.168.2.6
                              Mar 19, 2025 06:31:53.358833075 CET53556701.1.1.1192.168.2.6
                              TimestampSource IPDest IPChecksumCodeType
                              Mar 19, 2025 06:29:11.131160975 CET192.168.2.61.1.1.1c1fb(Port unreachable)Destination Unreachable

                              DNS Queries

                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                              Mar 19, 2025 06:28:52.575351000 CET192.168.2.61.1.1.10x567eStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:29:09.794711113 CET192.168.2.61.1.1.10x9680Standard query (0)sexa.xftprojects.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:29:09.795110941 CET192.168.2.61.1.1.10x398dStandard query (0)sexa.xftprojects.com65IN (0x0001)false
                              Mar 19, 2025 06:29:14.055361032 CET192.168.2.61.1.1.10x2b49Standard query (0)www.google.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:29:14.055707932 CET192.168.2.61.1.1.10x6803Standard query (0)www.google.com65IN (0x0001)false
                              Mar 19, 2025 06:30:20.339946032 CET192.168.2.61.1.1.10xf6d1Standard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:20.340229034 CET192.168.2.61.1.1.10x8eb3Standard query (0)beacons.gcp.gvt2.com65IN (0x0001)false
                              Mar 19, 2025 06:30:21.366355896 CET192.168.2.61.1.1.10xb3Standard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:21.366549969 CET192.168.2.61.1.1.10xa57bStandard query (0)beacons.gcp.gvt2.com65IN (0x0001)false
                              Mar 19, 2025 06:30:23.397732019 CET192.168.2.61.1.1.10xb937Standard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:24.413672924 CET192.168.2.61.1.1.10xb937Standard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:25.428664923 CET192.168.2.61.1.1.10xb937Standard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:27.428987026 CET192.168.2.61.1.1.10xb937Standard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:31.459461927 CET192.168.2.61.1.1.10xb937Standard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:36.340176105 CET192.168.2.61.1.1.10x1effStandard query (0)beacons.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:36.340279102 CET192.168.2.61.1.1.10xad2aStandard query (0)beacons.gvt2.com65IN (0x0001)false
                              Mar 19, 2025 06:30:37.366838932 CET192.168.2.61.1.1.10x5eaaStandard query (0)beacons.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:39.399251938 CET192.168.2.61.1.1.10x5e72Standard query (0)beacons.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:40.413794041 CET192.168.2.61.1.1.10x5e72Standard query (0)beacons.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:41.414314985 CET192.168.2.61.1.1.10x5e72Standard query (0)beacons.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:43.429482937 CET192.168.2.61.1.1.10x5e72Standard query (0)beacons.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:47.444370031 CET192.168.2.61.1.1.10x5e72Standard query (0)beacons.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:52.339299917 CET192.168.2.61.1.1.10x6f74Standard query (0)beacons2.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:52.339660883 CET192.168.2.61.1.1.10xcfb0Standard query (0)beacons2.gvt2.com65IN (0x0001)false
                              Mar 19, 2025 06:30:53.366890907 CET192.168.2.61.1.1.10x8700Standard query (0)beacons2.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:55.398116112 CET192.168.2.61.1.1.10x4afaStandard query (0)beacons2.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:56.398003101 CET192.168.2.61.1.1.10x4afaStandard query (0)beacons2.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:57.398212910 CET192.168.2.61.1.1.10x4afaStandard query (0)beacons2.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:59.413395882 CET192.168.2.61.1.1.10x4afaStandard query (0)beacons2.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:03.413352013 CET192.168.2.61.1.1.10x4afaStandard query (0)beacons2.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:08.338198900 CET192.168.2.61.1.1.10x3acStandard query (0)beacons3.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:08.338329077 CET192.168.2.61.1.1.10x9b0bStandard query (0)beacons3.gvt2.com65IN (0x0001)false
                              Mar 19, 2025 06:31:09.353789091 CET192.168.2.61.1.1.10x5265Standard query (0)beacons3.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:11.382407904 CET192.168.2.61.1.1.10xdf80Standard query (0)beacons3.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:12.382380009 CET192.168.2.61.1.1.10xdf80Standard query (0)beacons3.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:13.398049116 CET192.168.2.61.1.1.10xdf80Standard query (0)beacons3.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:15.399756908 CET192.168.2.61.1.1.10xdf80Standard query (0)beacons3.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:19.413208008 CET192.168.2.61.1.1.10xdf80Standard query (0)beacons3.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:24.341272116 CET192.168.2.61.1.1.10xd5f6Standard query (0)beacons4.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:24.341415882 CET192.168.2.61.1.1.10xa685Standard query (0)beacons4.gvt2.com65IN (0x0001)false
                              Mar 19, 2025 06:31:25.366173983 CET192.168.2.61.1.1.10xd38bStandard query (0)beacons4.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:27.397821903 CET192.168.2.61.1.1.10xa581Standard query (0)beacons4.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:28.398372889 CET192.168.2.61.1.1.10xa581Standard query (0)beacons4.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:29.412903070 CET192.168.2.61.1.1.10xa581Standard query (0)beacons4.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:31.413674116 CET192.168.2.61.1.1.10xa581Standard query (0)beacons4.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:35.428949118 CET192.168.2.61.1.1.10xa581Standard query (0)beacons4.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:36.325819969 CET192.168.2.61.1.1.10x9eStandard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:36.326111078 CET192.168.2.61.1.1.10xa3d5Standard query (0)beacons.gcp.gvt2.com65IN (0x0001)false
                              Mar 19, 2025 06:31:37.351221085 CET192.168.2.61.1.1.10x56d3Standard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:37.351357937 CET192.168.2.61.1.1.10xdac7Standard query (0)beacons.gcp.gvt2.com65IN (0x0001)false
                              Mar 19, 2025 06:31:39.383111000 CET192.168.2.61.1.1.10x3aefStandard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:40.397691965 CET192.168.2.61.1.1.10x3aefStandard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:41.411660910 CET192.168.2.61.1.1.10x3aefStandard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:43.413343906 CET192.168.2.61.1.1.10x3aefStandard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:47.428469896 CET192.168.2.61.1.1.10x3aefStandard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:52.339654922 CET192.168.2.61.1.1.10x4569Standard query (0)beacons.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:52.339787960 CET192.168.2.61.1.1.10x4409Standard query (0)beacons.gvt2.com65IN (0x0001)false
                              Mar 19, 2025 06:31:52.340152025 CET192.168.2.61.1.1.10xd84fStandard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:52.340297937 CET192.168.2.61.1.1.10x2552Standard query (0)beacons.gcp.gvt2.com65IN (0x0001)false
                              Mar 19, 2025 06:31:53.351605892 CET192.168.2.61.1.1.10x42b6Standard query (0)beacons.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:53.351605892 CET192.168.2.61.1.1.10x9958Standard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:53.351736069 CET192.168.2.61.1.1.10xcf74Standard query (0)beacons.gcp.gvt2.com65IN (0x0001)false

                              DNS Answers

                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                              Mar 19, 2025 06:28:52.583966017 CET1.1.1.1192.168.2.60x567eNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                              Mar 19, 2025 06:28:52.583966017 CET1.1.1.1192.168.2.60x567eNo error (0)crl.root-x1.letsencrypt.org.edgekey.nete8652.dscx.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                              Mar 19, 2025 06:28:52.583966017 CET1.1.1.1192.168.2.60x567eNo error (0)e8652.dscx.akamaiedge.net2.19.105.127A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:29:06.364280939 CET1.1.1.1192.168.2.60x1850No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:29:06.364280939 CET1.1.1.1192.168.2.60x1850No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:29:09.816272020 CET1.1.1.1192.168.2.60x9680No error (0)sexa.xftprojects.com162.241.114.35A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:29:14.063479900 CET1.1.1.1192.168.2.60x2b49No error (0)www.google.com142.250.186.36A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:29:14.064038992 CET1.1.1.1192.168.2.60x6803No error (0)www.google.com65IN (0x0001)false
                              Mar 19, 2025 06:29:27.143421888 CET1.1.1.1192.168.2.60x22ccNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:29:27.143421888 CET1.1.1.1192.168.2.60x22ccNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:20.346721888 CET1.1.1.1192.168.2.60xf6d1No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                              Mar 19, 2025 06:30:20.346721888 CET1.1.1.1192.168.2.60xf6d1No error (0)beacons-handoff.gcp.gvt2.com142.250.180.99A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:20.346968889 CET1.1.1.1192.168.2.60x8eb3No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                              Mar 19, 2025 06:30:21.373542070 CET1.1.1.1192.168.2.60xb3No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                              Mar 19, 2025 06:30:21.373542070 CET1.1.1.1192.168.2.60xb3No error (0)beacons-handoff.gcp.gvt2.com142.251.143.67A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:21.373754978 CET1.1.1.1192.168.2.60xa57bNo error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                              Mar 19, 2025 06:30:23.404578924 CET1.1.1.1192.168.2.60xb937No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                              Mar 19, 2025 06:30:23.404578924 CET1.1.1.1192.168.2.60xb937No error (0)beacons-handoff.gcp.gvt2.com142.250.180.67A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:24.421623945 CET1.1.1.1192.168.2.60xb937No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                              Mar 19, 2025 06:30:24.421623945 CET1.1.1.1192.168.2.60xb937No error (0)beacons-handoff.gcp.gvt2.com142.250.180.67A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:25.435291052 CET1.1.1.1192.168.2.60xb937No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                              Mar 19, 2025 06:30:25.435291052 CET1.1.1.1192.168.2.60xb937No error (0)beacons-handoff.gcp.gvt2.com142.250.180.67A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:27.435579062 CET1.1.1.1192.168.2.60xb937No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                              Mar 19, 2025 06:30:27.435579062 CET1.1.1.1192.168.2.60xb937No error (0)beacons-handoff.gcp.gvt2.com142.250.180.67A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:31.466103077 CET1.1.1.1192.168.2.60xb937No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                              Mar 19, 2025 06:30:31.466103077 CET1.1.1.1192.168.2.60xb937No error (0)beacons-handoff.gcp.gvt2.com142.250.180.67A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:36.346860886 CET1.1.1.1192.168.2.60x1effNo error (0)beacons.gvt2.com142.251.143.67A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:37.373869896 CET1.1.1.1192.168.2.60x5eaaNo error (0)beacons.gvt2.com142.250.185.99A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:39.407368898 CET1.1.1.1192.168.2.60x5e72No error (0)beacons.gvt2.com142.250.180.99A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:40.420823097 CET1.1.1.1192.168.2.60x5e72No error (0)beacons.gvt2.com142.250.180.99A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:41.421144962 CET1.1.1.1192.168.2.60x5e72No error (0)beacons.gvt2.com142.250.180.99A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:43.436476946 CET1.1.1.1192.168.2.60x5e72No error (0)beacons.gvt2.com142.250.180.99A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:47.451404095 CET1.1.1.1192.168.2.60x5e72No error (0)beacons.gvt2.com142.250.180.99A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:52.346232891 CET1.1.1.1192.168.2.60x6f74No error (0)beacons2.gvt2.com142.250.194.99A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:53.373564005 CET1.1.1.1192.168.2.60x8700No error (0)beacons2.gvt2.com192.178.52.195A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:55.404915094 CET1.1.1.1192.168.2.60x4afaNo error (0)beacons2.gvt2.com192.178.52.195A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:56.406218052 CET1.1.1.1192.168.2.60x4afaNo error (0)beacons2.gvt2.com192.178.52.195A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:57.405270100 CET1.1.1.1192.168.2.60x4afaNo error (0)beacons2.gvt2.com192.178.52.195A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:30:59.421472073 CET1.1.1.1192.168.2.60x4afaNo error (0)beacons2.gvt2.com192.178.52.195A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:03.419858932 CET1.1.1.1192.168.2.60x4afaNo error (0)beacons2.gvt2.com192.178.52.195A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:08.345325947 CET1.1.1.1192.168.2.60x3acNo error (0)beacons3.gvt2.com142.250.185.227A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:09.360670090 CET1.1.1.1192.168.2.60x5265No error (0)beacons3.gvt2.com142.250.185.195A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:11.389492989 CET1.1.1.1192.168.2.60xdf80No error (0)beacons3.gvt2.com142.250.184.195A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:12.389046907 CET1.1.1.1192.168.2.60xdf80No error (0)beacons3.gvt2.com142.250.184.195A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:13.405006886 CET1.1.1.1192.168.2.60xdf80No error (0)beacons3.gvt2.com142.250.184.195A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:15.406471014 CET1.1.1.1192.168.2.60xdf80No error (0)beacons3.gvt2.com142.250.184.195A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:19.419720888 CET1.1.1.1192.168.2.60xdf80No error (0)beacons3.gvt2.com142.250.184.195A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:24.348397970 CET1.1.1.1192.168.2.60xd5f6No error (0)beacons4.gvt2.com216.239.32.116A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:25.373451948 CET1.1.1.1192.168.2.60xd38bNo error (0)beacons4.gvt2.com216.239.32.116A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:27.405148029 CET1.1.1.1192.168.2.60xa581No error (0)beacons4.gvt2.com216.239.32.116A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:28.405328035 CET1.1.1.1192.168.2.60xa581No error (0)beacons4.gvt2.com216.239.32.116A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:29.433923960 CET1.1.1.1192.168.2.60xa581No error (0)beacons4.gvt2.com216.239.32.116A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:31.420876980 CET1.1.1.1192.168.2.60xa581No error (0)beacons4.gvt2.com216.239.32.116A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:35.436256886 CET1.1.1.1192.168.2.60xa581No error (0)beacons4.gvt2.com216.239.32.116A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:36.332798958 CET1.1.1.1192.168.2.60xa3d5No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                              Mar 19, 2025 06:31:36.333242893 CET1.1.1.1192.168.2.60x9eNo error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                              Mar 19, 2025 06:31:36.333242893 CET1.1.1.1192.168.2.60x9eNo error (0)beacons-handoff.gcp.gvt2.com172.217.18.3A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:37.357846975 CET1.1.1.1192.168.2.60x56d3No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                              Mar 19, 2025 06:31:37.357846975 CET1.1.1.1192.168.2.60x56d3No error (0)beacons-handoff.gcp.gvt2.com142.251.143.35A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:37.358799934 CET1.1.1.1192.168.2.60xdac7No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                              Mar 19, 2025 06:31:39.389981031 CET1.1.1.1192.168.2.60x3aefNo error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                              Mar 19, 2025 06:31:39.389981031 CET1.1.1.1192.168.2.60x3aefNo error (0)beacons-handoff.gcp.gvt2.com142.250.180.99A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:40.406289101 CET1.1.1.1192.168.2.60x3aefNo error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                              Mar 19, 2025 06:31:40.406289101 CET1.1.1.1192.168.2.60x3aefNo error (0)beacons-handoff.gcp.gvt2.com142.250.180.99A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:41.419151068 CET1.1.1.1192.168.2.60x3aefNo error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                              Mar 19, 2025 06:31:41.419151068 CET1.1.1.1192.168.2.60x3aefNo error (0)beacons-handoff.gcp.gvt2.com142.250.180.99A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:43.420348883 CET1.1.1.1192.168.2.60x3aefNo error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                              Mar 19, 2025 06:31:43.420348883 CET1.1.1.1192.168.2.60x3aefNo error (0)beacons-handoff.gcp.gvt2.com142.250.180.99A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:47.435333014 CET1.1.1.1192.168.2.60x3aefNo error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                              Mar 19, 2025 06:31:47.435333014 CET1.1.1.1192.168.2.60x3aefNo error (0)beacons-handoff.gcp.gvt2.com142.250.180.99A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:52.346765995 CET1.1.1.1192.168.2.60xd84fNo error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                              Mar 19, 2025 06:31:52.346765995 CET1.1.1.1192.168.2.60xd84fNo error (0)beacons-handoff.gcp.gvt2.com142.250.180.99A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:52.346791983 CET1.1.1.1192.168.2.60x2552No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                              Mar 19, 2025 06:31:52.347059011 CET1.1.1.1192.168.2.60x4569No error (0)beacons.gvt2.com142.250.180.67A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:53.358748913 CET1.1.1.1192.168.2.60x42b6No error (0)beacons.gvt2.com142.250.185.99A (IP address)IN (0x0001)false
                              Mar 19, 2025 06:31:53.358803034 CET1.1.1.1192.168.2.60xcf74No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                              Mar 19, 2025 06:31:53.358833075 CET1.1.1.1192.168.2.60x9958No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                              Mar 19, 2025 06:31:53.358833075 CET1.1.1.1192.168.2.60x9958No error (0)beacons-handoff.gcp.gvt2.com142.250.186.67A (IP address)IN (0x0001)false

                              HTTP Request Dependency Graph

                              • www.google.com
                              • x1.i.lencr.org

                              HTTP Packets

                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              0192.168.2.6497022.19.105.127808048C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              TimestampBytes transferredDirectionData
                              Mar 19, 2025 06:28:52.592924118 CET115OUTGET / HTTP/1.1
                              Connection: Keep-Alive
                              Accept: */*
                              User-Agent: Microsoft-CryptoAPI/10.0
                              Host: x1.i.lencr.org
                              Mar 19, 2025 06:28:53.249305964 CET1236INHTTP/1.1 200 OK
                              Server: nginx
                              Content-Type: application/pkix-cert
                              Last-Modified: Fri, 04 Aug 2023 20:57:56 GMT
                              ETag: "64cd6654-56f"
                              Content-Disposition: attachment; filename="ISRG Root X1.der"
                              Cache-Control: max-age=62642
                              Expires: Wed, 19 Mar 2025 22:52:55 GMT
                              Date: Wed, 19 Mar 2025 05:28:53 GMT
                              Content-Length: 1391
                              Connection: keep-alive
                              Data Raw: 30 82 05 6b 30 82 03 53 a0 03 02 01 02 02 11 00 82 10 cf b0 d2 40 e3 59 44 63 e0 bb 63 82 8b 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 1e 17 0d 31 35 30 36 30 34 31 31 30 34 33 38 5a 17 0d 33 35 30 36 30 34 31 31 30 34 33 38 5a 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 ad e8 24 73 f4 14 37 f3 9b 9e 2b 57 28 1c 87 be dc b7 df 38 90 8c 6e 3c e6 57 a0 78 f7 75 c2 a2 fe f5 6a 6e f6 00 4f 28 db de 68 86 6c 44 93 b6 b1 63 fd 14 12 6b bf 1f d2 ea 31 9b 21 7e d1 33 [TRUNCATED]
                              Data Ascii: 0k0S@YDcc0*H0O10UUS1)0'U Internet Security Research Group10UISRG Root X10150604110438Z350604110438Z0O10UUS1)0'U Internet Security Research Group10UISRG Root X10"0*H0$s7+W(8n<WxujnO(hlDck1!~3<Hy!KqiJffl~<p)"K~G|H#S8Oo.IWt/8{p!u0<cOK~w.{JL%p)S$J?aQcq.o[\4ylv;by/&676urI*Av5/(ldwnG7Y^hrA)>Y>&$ZL@F:Qn;}rxY>Qx/>{JKsP|Ctt0[q600\H;}`)A|;FH*vvj=8d+(B"']ypN:'Qnd3COB0@0U0U00UyY{sXn0*HUX
                              Mar 19, 2025 06:28:53.249320984 CET224INData Raw: a9 bc b2 a8 50 d0 0c b1 d8 1a 69 20 27 29 08 ac 61 75 5c 8a 6e f8 82 e5 69 2f d5 f6 56 4b b9 b8 73 10 59 d3 21 97 7e e7 4c 71 fb b2 d2 60 ad 39 a8 0b ea 17 21 56 85 f1 50 0e 59 eb ce e0 59 e9 ba c9 15 ef 86 9d 8f 84 80 f6 e4 e9 91 90 dc 17 9b 62
                              Data Ascii: Pi ')au\ni/VKsY!~Lq`9!VPYYbEf|o;'}~"+"4[XT&3L-<W,N;1"ss993#L<U)"k;W:pMMl]+NE
                              Mar 19, 2025 06:28:53.389328957 CET285INData Raw: d6 4a d0 26 cc e5 72 ca 08 6a a5 95 e3 15 a1 f7 a4 ed c9 2c 5f a5 fb ff ac 28 02 2e be d7 7b bb e3 71 7b 90 16 d3 07 5e 46 53 7c 37 07 42 8c d3 c4 96 9c d5 99 b5 2a e0 95 1a 80 48 ae 4c 39 07 ce cc 47 a4 52 95 2b ba b8 fb ad d2 33 53 7d e5 1d 4d
                              Data Ascii: J&rj,_(.{q{^FS|7B*HL9GR+3S}MmBo@'5\(3#PylFn~:R-?[$j*Ca[;v-u3l=S{A_a8]7u3AruAB_g$H'?OtQz#(<1zl


                              HTTPS Proxied Packets

                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              0192.168.2.649714142.250.186.364432288C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2025-03-19 05:29:18 UTC487OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1
                              Host: www.google.com
                              Connection: keep-alive
                              X-Client-Data: CO6MywE=
                              Sec-Fetch-Site: none
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: empty
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                              Accept-Encoding: gzip, deflate, br, zstd
                              Accept-Language: en-US,en;q=0.9
                              2025-03-19 05:29:19 UTC1303INHTTP/1.1 200 OK
                              Date: Wed, 19 Mar 2025 05:29:19 GMT
                              Pragma: no-cache
                              Expires: -1
                              Cache-Control: no-cache, must-revalidate
                              Content-Type: text/javascript; charset=UTF-8
                              Strict-Transport-Security: max-age=31536000
                              Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-47vJZPa-tJO_zkioUUoUNQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                              Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                              Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                              Accept-CH: Sec-CH-Prefers-Color-Scheme
                              Accept-CH: Downlink
                              Accept-CH: RTT
                              Accept-CH: Sec-CH-UA-Form-Factors
                              Accept-CH: Sec-CH-UA-Platform
                              Accept-CH: Sec-CH-UA-Platform-Version
                              Accept-CH: Sec-CH-UA-Full-Version
                              Accept-CH: Sec-CH-UA-Arch
                              Accept-CH: Sec-CH-UA-Model
                              Accept-CH: Sec-CH-UA-Bitness
                              Accept-CH: Sec-CH-UA-Full-Version-List
                              Accept-CH: Sec-CH-UA-WoW64
                              Permissions-Policy: unload=()
                              Content-Disposition: attachment; filename="f.txt"
                              Server: gws
                              X-XSS-Protection: 0
                              X-Frame-Options: SAMEORIGIN
                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                              Accept-Ranges: none
                              Vary: Accept-Encoding
                              Connection: close
                              Transfer-Encoding: chunked
                              2025-03-19 05:29:19 UTC87INData Raw: 63 65 37 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 66 72 6f 7a 65 6e 20 6d 65 61 6c 73 20 72 65 63 61 6c 6c 65 64 22 2c 22 73 6e 6f 77 20 73 74 6f 72 6d 20 77 65 61 74 68 65 72 20 66 6f 72 65 63 61 73 74 22 2c 22 73 61 6d 73 75 6e 67 20 67 61 6c 61 78 79 20 6f 6e
                              Data Ascii: ce7)]}'["",["frozen meals recalled","snow storm weather forecast","samsung galaxy on
                              2025-03-19 05:29:19 UTC1390INData Raw: 65 20 75 69 20 37 22 2c 22 67 65 6e 65 72 61 6c 20 68 6f 73 70 69 74 61 6c 20 68 6f 73 70 69 74 61 6c 20 73 70 6f 69 6c 65 72 73 22 2c 22 61 6d 61 72 69 20 63 6f 6f 70 65 72 22 2c 22 70 65 70 73 69 63 6f 20 62 75 79 73 20 70 72 65 62 69 6f 74 69 63 20 73 6f 64 61 20 62 72 61 6e 64 20 70 6f 70 70 69 22 2c 22 61 6c 65 78 61 20 61 6d 61 7a 6f 6e 20 65 63 68 6f 22 2c 22 6e 65 77 20 6d 6f 72 74 61 6c 20 6b 6f 6d 62 61 74 20 6d 6f 76 69 65 20 74 72 61 69 6c 65 72 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43
                              Data Ascii: e ui 7","general hospital hospital spoilers","amari cooper","pepsico buys prebiotic soda brand poppi","alexa amazon echo","new mortal kombat movie trailer"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"C
                              2025-03-19 05:29:19 UTC1390INData Raw: 49 34 57 57 4e 74 54 33 68 34 56 6c 41 7a 53 33 4a 46 53 55 4e 79 5a 32 52 31 55 58 46 51 55 45 70 4f 4e 6d 59 77 56 7a 45 30 64 45 78 61 61 44 51 33 51 31 70 6f 4e 6c 5a 43 56 32 35 57 65 58 56 69 57 44 6b 32 56 69 39 42 65 56 4e 59 63 32 39 35 56 30 77 7a 59 6d 70 55 62 6b 56 30 4e 7a 64 68 56 6b 70 54 64 6d 4a 31 63 7a 42 61 63 57 70 55 53 6c 4d 7a 62 57 74 31 53 56 56 30 53 58 5a 78 55 58 4a 5a 4e 32 4e 79 4f 48 49 77 5a 79 74 43 61 6d 70 70 57 56 64 4e 65 46 5a 49 65 58 52 35 52 55 77 77 4d 6b 64 35 62 45 70 4a 53 6e 59 34 51 58 52 49 4e 47 39 79 64 47 4a 49 57 6d 6f 33 5a 47 6c 6f 56 6c 5a 57 56 6d 68 44 56 6c 5a 57 57 55 64 4e 4e 44 46 6f 64 55 4a 34 52 6c 4e 7a 56 6d 31 4e 65 47 31 6e 51 31 4a 34 52 6d 64 47 57 6b 46 32 57 6b 6b 31 63 56 42 33 54
                              Data Ascii: I4WWNtT3h4VlAzS3JFSUNyZ2R1UXFQUEpONmYwVzE0dExaaDQ3Q1poNlZCV25WeXViWDk2Vi9BeVNYc295V0wzYmpUbkV0NzdhVkpTdmJ1czBacWpUSlMzbWt1SVV0SXZxUXJZN2NyOHIwZytCamppWVdNeFZIeXR5RUwwMkd5bEpJSnY4QXRING9ydGJIWmo3ZGloVlZWVmhDVlZWWUdNNDFodUJ4RlNzVm1NeG1nQ1J4RmdGWkF2Wkk1cVB3T
                              2025-03-19 05:29:19 UTC443INData Raw: 54 44 42 6e 64 45 46 6e 51 6e 56 53 64 32 6c 75 63 41 5a 77 42 77 5c 75 30 30 33 64 5c 75 30 30 33 64 22 2c 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 65 76 65 6e 74 69 64 22 3a 22 2d 33 33 39 36 39 34 30 31 35 38 30 38 31 33 35 32 30 34 35 22 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 72 65 6c 65 76 61 6e 63 65 22 3a 5b 31 32 35 31 2c 31 32 35 30 2c 37 30 35 2c 37 30 34 2c 37 30 33 2c 37 30 32 2c 37 30 31 2c 37 30 30 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 73 75 62 74 79 70 65 73 22 3a 5b 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c
                              Data Ascii: TDBndEFnQnVSd2lucAZwBw\u003d\u003d","zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggesteventid":"-3396940158081352045","google:suggestrelevance":[1251,1250,705,704,703,702,701,700],"google:suggestsubtypes":[[3,143,362,308],[3,143,362,308],
                              2025-03-19 05:29:19 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Statistics

                              CPU Usage

                              Click to jump to process

                              Memory Usage

                              Click to jump to process

                              High Level Behavior Distribution

                              • File
                              • Registry

                              Click to dive into process behavior distribution

                              Behavior

                              Click to jump to process

                              System Behavior

                              General

                              Target ID:0
                              Start time:01:28:37
                              Start date:19/03/2025
                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\processed-ach-remittance-031925 (2).pdf"
                              Imagebase:0x7ff767a00000
                              File size:5'641'176 bytes
                              MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true
                              Show Windows behavior

                              File Activities

                              Show Windows behavior

                              Section Activities

                              Show Windows behavior

                              Registry Activities

                              Show Windows behavior

                              COM Activities

                              Show Windows behavior

                              Mutex Activities

                              Show Windows behavior

                              Process Activities

                              Show Windows behavior

                              Thread Activities

                              Show Windows behavior

                              Memory Activities

                              Show Windows behavior

                              System Activities

                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                              Show Windows behavior

                              Windows UI Activities

                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                              General

                              Target ID:6
                              Start time:01:28:39
                              Start date:19/03/2025
                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                              Imagebase:0x7ff6fe940000
                              File size:3'581'912 bytes
                              MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true
                              Show Windows behavior

                              File Activities

                              Show Windows behavior

                              Section Activities

                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                              Show Windows behavior

                              Mutex Activities

                              Show Windows behavior

                              Process Activities

                              Show Windows behavior

                              Thread Activities

                              Show Windows behavior

                              Memory Activities

                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                              Show Windows behavior

                              Process Token Activities

                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                              General

                              Target ID:8
                              Start time:01:28:40
                              Start date:19/03/2025
                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1664 --field-trial-handle=1568,i,4038913409643386264,5492468394634696909,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                              Imagebase:0x7ff6fe940000
                              File size:3'581'912 bytes
                              MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true
                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                              Show Windows behavior

                              Section Activities

                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                              Show Windows behavior

                              Process Activities

                              Show Windows behavior

                              Thread Activities

                              Show Windows behavior

                              Memory Activities

                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                              General

                              Target ID:13
                              Start time:01:29:03
                              Start date:19/03/2025
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://sexa.xftprojects.com/"
                              Imagebase:0x7ff63b000000
                              File size:3'388'000 bytes
                              MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:false
                              Show Windows behavior

                              File Activities

                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                              Show Windows behavior

                              COM Activities

                              Show Windows behavior

                              Process Activities

                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                              Show Windows behavior

                              Memory Activities

                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                              Show Windows behavior

                              Process Token Activities


                              General

                              Target ID:14
                              Start time:01:29:08
                              Start date:19/03/2025
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --subproc-heap-profiling --field-trial-handle=2040,i,6421133465372305949,14597510339509831683,262144 --variations-seed-version --mojo-platform-channel-handle=2072 /prefetch:3
                              Imagebase:0x7ff63b000000
                              File size:3'388'000 bytes
                              MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:false
                              Show Windows behavior

                              File Activities

                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                              Show Windows behavior

                              Memory Activities

                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                              Disassembly

                              No disassembly