Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
Invoice Number INV132146-1.pdf

Overview

General Information

Sample name:Invoice Number INV132146-1.pdf
Analysis ID:1646479
MD5:786bb21da0bc0a7a90278e99818d59a9
SHA1:1b63a43223fa7a5d275d0b3631bee54fe8ca181c
SHA256:3f193b89c9274026c94b4da74272c7160f1c6f76d5a64594ebb66b103d1e38d2
Infos:
Errors
  • Corrupt sample or wrongly selected analyzer.

Detection

Score:52
Range:0 - 100
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected landing page (webpage, office document or email)
Creates files inside the system directory
Deletes files inside the Windows folder

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 7944 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Invoice Number INV132146-1.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 8140 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7544 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1716 --field-trial-handle=1548,i,18107874229461260976,17683304734608795874,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • chrome.exe (PID: 5684 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 9064 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1968,i,8931877288581135740,1436735525690537163,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2040 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 7972 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://therapyforhappiness.co.uk/ra3.pdf" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • AV Detection
  • Phishing
  • Compliance
  • Networking
  • System Summary
  • Hooking and other Techniques for Hiding and Protection

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: Invoice Number INV132146-1.pdfVirustotal: Detection: 10%Perma Link
Source: Invoice Number INV132146-1.pdfReversingLabs: Detection: 18%

Phishing

barindex
Source: PDF documentJoe Sandbox AI: Page contains button: 'Open' Source: 'PDF document'
Source: PDF documentJoe Sandbox AI: PDF document contains prominent button: 'open'
Source: unknownHTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJahywEInP7MAQiFoM0BCL7VzgEIgdbOAQjI3M4BCKvezgEIiuDOAQiu5M4BCIvlzgE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: therapyforhappiness.co.uk
Source: global trafficDNS traffic detected: DNS query: google.com
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.drString found in binary or memory: http://x1.i.lencr.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownHTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5684_378175694Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir5684_378175694Jump to behavior
Source: classification engineClassification label: mal52.winPDF@43/48@46/4
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-03-23 22-36-38-279.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: Invoice Number INV132146-1.pdfVirustotal: Detection: 10%
Source: Invoice Number INV132146-1.pdfReversingLabs: Detection: 18%
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Invoice Number INV132146-1.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1716 --field-trial-handle=1548,i,18107874229461260976,17683304734608795874,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1968,i,8931877288581135740,1436735525690537163,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2040 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://therapyforhappiness.co.uk/ra3.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1716 --field-trial-handle=1548,i,18107874229461260976,17683304734608795874,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1968,i,8931877288581135740,1436735525690537163,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2040 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Invoice Number INV132146-1.pdfInitial sample: PDF keyword /JS count = 0
Source: Invoice Number INV132146-1.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: Invoice Number INV132146-1.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions		1
Process Injection		11
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1646479 Sample: Invoice Number INV132146-1.pdf Startdate: 24/03/2025 Architecture: WINDOWS Score: 52 22 x1.i.lencr.org 2->22 24 therapyforhappiness.co.uk 2->24 26 4 other IPs or domains 2->26 40 Multi AV Scanner detection for submitted file 2->40 42 AI detected landing page (webpage, office document or email) 2->42 8 chrome.exe 2 2->8         started        11 Acrobat.exe 20 73 2->11         started        13 chrome.exe 2->13         started        signatures3 process4 dnsIp5 28 192.168.2.23 unknown unknown 8->28 30 192.168.2.4, 138, 443, 49295 unknown unknown 8->30 15 chrome.exe 8->15         started        18 AcroCEF.exe 107 11->18         started        process6 dnsIp7 32 www.google.com 142.251.40.228, 443, 49739, 49749 GOOGLEUS United States 15->32 34 therapyforhappiness.co.uk 15->34 36 google.com 15->36 38 e8652.dscx.akamaiedge.net 23.48.144.248, 49727, 80 AKAMAI-ASN1EU United States 18->38 20 AcroCEF.exe 2 18->20         started        process8

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Invoice Number INV132146-1.pdf11%VirustotalBrowse
Invoice Number INV132146-1.pdf18%ReversingLabsDocument-PDF.Trojan.ScamX

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalse
    		high
    google.com
    		142.251.40.142
    		truefalse
      		high
      e8652.dscx.akamaiedge.net
      		23.48.144.248
      		truefalse
        		high
        edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
        		208.89.73.17
        		truefalse
          		high
          www.google.com
          		142.251.40.228
          		truefalse
            		high
            x1.i.lencr.org
            		unknown
            		unknownfalse
              		high
              therapyforhappiness.co.uk
              		unknown
              		unknownfalse
                		high

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhEfalse
                  		high
                  NameSourceMaliciousAntivirus DetectionReputation
                  http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.2.drfalse
                    		high

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    142.251.40.228
                    		www.google.comUnited States
                    		15169GOOGLEUSfalse
                    23.48.144.248
                    		e8652.dscx.akamaiedge.netUnited States
                    		20940AKAMAI-ASN1EUfalse

                    Private

                    IP
                    192.168.2.4
                    192.168.2.23

                    General Information

                    Joe Sandbox version:42.0.0 Malachite
                    Analysis ID:1646479
                    Start date and time:2025-03-24 03:35:33 +01:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 4m 36s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:defaultwindowspdfcookbook.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:25
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:Invoice Number INV132146-1.pdf
                    Detection:MAL
                    Classification:mal52.winPDF@43/48@46/4
                    Cookbook Comments:
                    • Found application associated with file extension: .pdf
                    • Found PDF document
                    • URL browsing timeout or error
                    • Close Viewer
                    • Corrupt sample or wrongly selected analyzer.
                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                    • Excluded IPs from analysis (whitelisted): 23.51.56.185, 23.200.0.173, 23.200.0.196, 34.237.241.83, 18.213.11.84, 50.16.47.176, 54.224.241.105, 162.159.61.3, 172.64.41.3, 208.89.73.17, 142.251.32.99, 142.250.80.46, 142.251.40.206, 172.253.122.84, 142.250.80.99, 142.251.32.110, 142.250.65.174, 142.250.64.110, 142.250.80.78, 142.250.176.206, 142.250.65.206, 142.251.35.163, 142.251.40.110, 142.250.80.110, 184.31.69.3, 204.79.197.222, 20.109.210.53, 23.56.162.204
                    • Excluded domains from analysis (whitelisted): clients1.google.com, fp.msedge.net, e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, clients.l.google.com, geo2.adobe.com, wu-b-net.trafficmanager.net
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size exceeded maximum capacity and may have missing behavior information.
                    • Report size getting too big, too many NtOpenFile calls found.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    22:36:47API Interceptor2x Sleep call for process: AcroCEF.exe modified

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    23.48.144.2483bSDIpSIdF.msiGet hashmaliciousUnknownBrowse
                    • x1.c.lencr.org/

                    Domains

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comx2ojTWdCAK.exeGet hashmaliciousPureCrypter, AsyncRATBrowse
                    • 217.20.51.18
                    noKdGjmCji.exeGet hashmaliciousSheetRatBrowse
                    • 208.89.73.17
                    weDo11E3Lr.exeGet hashmaliciousLummaC StealerBrowse
                    • 217.20.51.34
                    allah.exeGet hashmaliciousSheetRat, XWormBrowse
                    • 208.89.73.27
                    Amadey_build.exeGet hashmaliciousAmadeyBrowse
                    • 208.89.73.29
                    Set-up_patched.exeGet hashmaliciousDarkTortilla, LummaC StealerBrowse
                    • 208.89.73.19
                    KMSAuto++.exeGet hashmaliciousUnknownBrowse
                    • 208.89.73.25
                    Nw-Inst64.exe.bin.exeGet hashmaliciousDCRat, LummaC Stealer, PureLog Stealer, zgRATBrowse
                    • 208.89.73.31
                    https://www.transfernow.net/en/bld?utm_source=20250321oYBy7zgbGet hashmaliciousHTMLPhisherBrowse
                    • 208.89.73.23
                    Optimum Nationwide - development 2025.pdfGet hashmaliciousHTMLPhisherBrowse
                    • 208.89.73.27
                    google.comemployee performance report.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                    • 142.251.111.132
                    https://steigerwaldt.com/Get hashmaliciousUnknownBrowse
                    • 142.250.65.238
                    http://paulsss.comGet hashmaliciousUnknownBrowse
                    • 142.250.65.164
                    http://paulsss.comGet hashmaliciousUnknownBrowse
                    • 142.250.65.164
                    https://traveltechs.net/submitGet hashmaliciousUnknownBrowse
                    • 142.250.64.100
                    https://github.com/abunaj3/abjjd/releases/download/2/2.mp3Get hashmaliciousUnknownBrowse
                    • 142.250.80.100
                    DA6B.batGet hashmaliciousXRed, XWormBrowse
                    • 64.233.180.132
                    oddj60.1EqD3.exeGet hashmaliciousXRed, XWormBrowse
                    • 142.251.40.129
                    DA6B.batGet hashmaliciousXRed, XWormBrowse
                    • 142.250.176.193
                    e8652.dscx.akamaiedge.netmp3.batGet hashmaliciousUnknownBrowse
                    • 23.46.224.249
                    new.batGet hashmaliciousUnknownBrowse
                    • 23.39.37.95
                    CLAIM3456709.lnk.bin.lnkGet hashmaliciousDanaBotBrowse
                    • 104.76.101.49
                    Microsoft Security Slate - March 20, 2025.pdfGet hashmaliciousUnknownBrowse
                    • 23.39.37.95
                    https://www.transfernow.net/en/bld?utm_source=20250321oYBy7zgbGet hashmaliciousHTMLPhisherBrowse
                    • 23.216.136.238
                    Optimum Nationwide - development 2025.pdfGet hashmaliciousHTMLPhisherBrowse
                    • 184.50.205.65
                    Contract Invoice Approval.pdfGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                    • 23.39.37.95
                    Contract Invoice Approval.pdfGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                    • 104.76.101.49
                    Contract Invoice Approval.pdfGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                    • 23.46.224.249
                    bg.microsoft.map.fastly.netEnquiry-Dubai.jsGet hashmaliciousAgentTeslaBrowse
                    • 199.232.214.172
                    reverseshell bash64.batGet hashmaliciousQuasarBrowse
                    • 199.232.210.172
                    1200000.MSBuild.exeGet hashmaliciousUnknownBrowse
                    • 199.232.214.172
                    MasonRootkit.exeGet hashmaliciousXWormBrowse
                    • 199.232.214.172
                    PD4OaBeAiY.exeGet hashmaliciousDanaBotBrowse
                    • 199.232.214.172
                    RPuo9hLUBb.exeGet hashmaliciousLummaC StealerBrowse
                    • 199.232.210.172
                    x2ojTWdCAK.exeGet hashmaliciousPureCrypter, AsyncRATBrowse
                    • 199.232.210.172
                    noKdGjmCji.exeGet hashmaliciousSheetRatBrowse
                    • 199.232.210.172
                    weDo11E3Lr.exeGet hashmaliciousLummaC StealerBrowse
                    • 199.232.210.172

                    ASNs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    AKAMAI-ASN1EUhttps://steigerwaldt.com/Get hashmaliciousUnknownBrowse
                    • 23.221.236.166
                    owari.i686.elfGet hashmaliciousUnknownBrowse
                    • 172.227.134.164
                    phish_alert_sp2_2.0.0.0.emlGet hashmaliciousUnknownBrowse
                    • 184.31.69.3
                    3417774.exeGet hashmaliciousUnknownBrowse
                    • 23.221.236.167
                    https://urlzs.com/KxwhQDGet hashmaliciousHTMLPhisherBrowse
                    • 23.55.235.168
                    https://urlzs.com/KxwhQDGet hashmaliciousHTMLPhisherBrowse
                    • 23.55.243.74
                    random.exe1.exeGet hashmaliciousCredential FlusherBrowse
                    • 184.24.107.56
                    http://4wdsupacentre.com.auGet hashmaliciousUnknownBrowse
                    • 23.48.224.104
                    https://paintingwithatwist.acemlnb.com/lt.php?x=3DZy~GE5UFbL65B~yg1JgRJr3KFSvgTykMsvXKHMJXmiD8F--ky.1eRw3XMmmNLwlegvbHLIIYGe5pV-yd1Get hashmaliciousHTMLPhisherBrowse
                    • 23.219.161.142

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    No context

                    Created / dropped Files

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:ASCII text
                    Category:dropped
                    Size (bytes):292
                    Entropy (8bit):5.217087845694844
                    Encrypted:false
                    SSDEEP:6:iOsI/RWMR+q2Pwkn2nKuAl9OmbnIFUtCI/ROOZmwgI/RKMRVkwOwkn2nKuAl9Omt:7pMrvYfHAahFUtLUO/NQM/5JfHAaSJ
                    MD5:BCF306EC86715340B19172889997B786
                    SHA1:EFB3B4E68A612C109DD26409D0F50E7DD9494F30
                    SHA-256:56BBFEA8B4847735F18739262070CD8DFB6BDF4835A41DBE79EEA578760FD01E
                    SHA-512:1513E6B7972FF6DE204706927F5E7112AD7567EAB903AB65B74BD39B1B5943652FF2C2E02BC1A1527B604A9DC56EFE6F4A19697EE35B670065354FD60D2D4382
                    Malicious:false
                    Reputation:low
                    Preview:2025/03/23-22:36:36.713 1ff8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/03/23-22:36:36.731 1ff8 Recovering log #3.2025/03/23-22:36:36.735 1ff8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:ASCII text
                    Category:dropped
                    Size (bytes):292
                    Entropy (8bit):5.217087845694844
                    Encrypted:false
                    SSDEEP:6:iOsI/RWMR+q2Pwkn2nKuAl9OmbnIFUtCI/ROOZmwgI/RKMRVkwOwkn2nKuAl9Omt:7pMrvYfHAahFUtLUO/NQM/5JfHAaSJ
                    MD5:BCF306EC86715340B19172889997B786
                    SHA1:EFB3B4E68A612C109DD26409D0F50E7DD9494F30
                    SHA-256:56BBFEA8B4847735F18739262070CD8DFB6BDF4835A41DBE79EEA578760FD01E
                    SHA-512:1513E6B7972FF6DE204706927F5E7112AD7567EAB903AB65B74BD39B1B5943652FF2C2E02BC1A1527B604A9DC56EFE6F4A19697EE35B670065354FD60D2D4382
                    Malicious:false
                    Reputation:low
                    Preview:2025/03/23-22:36:36.713 1ff8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/03/23-22:36:36.731 1ff8 Recovering log #3.2025/03/23-22:36:36.735 1ff8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:ASCII text
                    Category:dropped
                    Size (bytes):336
                    Entropy (8bit):5.1643022056632315
                    Encrypted:false
                    SSDEEP:6:iOsI/RWjyq2Pwkn2nKuAl9Ombzo2jMGIFUtCI/RVG1ZmwgI/RVQRkwOwkn2nKuAv:7pMyvYfHAa8uFUtLfg/NfQR5JfHAa8RJ
                    MD5:596CC9A34B8913678D090A2697F2B207
                    SHA1:A5B2180D14BAC056576918CC92633580AB2807A8
                    SHA-256:3367A9005F37584EB2CA1F8064F35704F8925F47AEEFE891115217529EB1B117
                    SHA-512:3E04D2B8E7C4FE33598F26E7D2CF3B581FB0782D811914DFC44E90DBDA79F72AE87ED59E7C4E2FA54A4C44D1E105E5DD6FE51AF53F4F676317DE3C0917DAE4A2
                    Malicious:false
                    Reputation:low
                    Preview:2025/03/23-22:36:36.551 1d90 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/03/23-22:36:36.555 1d90 Recovering log #3.2025/03/23-22:36:36.555 1d90 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:ASCII text
                    Category:dropped
                    Size (bytes):336
                    Entropy (8bit):5.1643022056632315
                    Encrypted:false
                    SSDEEP:6:iOsI/RWjyq2Pwkn2nKuAl9Ombzo2jMGIFUtCI/RVG1ZmwgI/RVQRkwOwkn2nKuAv:7pMyvYfHAa8uFUtLfg/NfQR5JfHAa8RJ
                    MD5:596CC9A34B8913678D090A2697F2B207
                    SHA1:A5B2180D14BAC056576918CC92633580AB2807A8
                    SHA-256:3367A9005F37584EB2CA1F8064F35704F8925F47AEEFE891115217529EB1B117
                    SHA-512:3E04D2B8E7C4FE33598F26E7D2CF3B581FB0782D811914DFC44E90DBDA79F72AE87ED59E7C4E2FA54A4C44D1E105E5DD6FE51AF53F4F676317DE3C0917DAE4A2
                    Malicious:false
                    Reputation:low
                    Preview:2025/03/23-22:36:36.551 1d90 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/03/23-22:36:36.555 1d90 Recovering log #3.2025/03/23-22:36:36.555 1d90 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\90dcc7be-9483-44a1-939c-b52fe5aed423.tmp

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:JSON data
                    Category:modified
                    Size (bytes):475
                    Entropy (8bit):4.961305759039287
                    Encrypted:false
                    SSDEEP:12:YH/um3RA8sqFX0tsBdOg2HP3fcaq3QYiubInP7E4T3y:Y2sRdsIpdMHvu3QYhbG7nby
                    MD5:607D90F39127CBB9ACD5FDA349632DF5
                    SHA1:3FE20FE3C76CE0E54B27175086AD0B54B452D200
                    SHA-256:06CEFD5F8843B98B8FB66F4C328C965DDAB1EEF9669017B03A1598711A8139C7
                    SHA-512:2E89CB4F8895DA93968E727CB1B459FD504E855091234DE205140B280646CF166A177003798D1A87CBF62C65432AE732ED5B3516F865489BB2DA5B24FC242A73
                    Malicious:false
                    Reputation:low
                    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13387343808119485","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":100008},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):475
                    Entropy (8bit):4.961305759039287
                    Encrypted:false
                    SSDEEP:12:YH/um3RA8sqFX0tsBdOg2HP3fcaq3QYiubInP7E4T3y:Y2sRdsIpdMHvu3QYhbG7nby
                    MD5:607D90F39127CBB9ACD5FDA349632DF5
                    SHA1:3FE20FE3C76CE0E54B27175086AD0B54B452D200
                    SHA-256:06CEFD5F8843B98B8FB66F4C328C965DDAB1EEF9669017B03A1598711A8139C7
                    SHA-512:2E89CB4F8895DA93968E727CB1B459FD504E855091234DE205140B280646CF166A177003798D1A87CBF62C65432AE732ED5B3516F865489BB2DA5B24FC242A73
                    Malicious:false
                    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13387343808119485","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":100008},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):4730
                    Entropy (8bit):5.2626451702734975
                    Encrypted:false
                    SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7A7bi5cnbiZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goP
                    MD5:0AA697CFE4DD9B9D87B7EA24D05649DF
                    SHA1:E4F7D85BD736CC83AC93E1991F92F6A168393C52
                    SHA-256:E9EED52272D7117B7A463C774CBB5A25A9E57D92FB7C86208E89B80D2AC04541
                    SHA-512:E2C9B10F0C22823A014D861C8BF4FBC8607C2C43FECC4BCFA8DEE07140082B7C6C4229B8C00F5A6B6DBE893702CC63D34B8FFC140887E3AC4FB60F251291D9C6
                    Malicious:false
                    Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:ASCII text
                    Category:dropped
                    Size (bytes):324
                    Entropy (8bit):5.175954076925481
                    Encrypted:false
                    SSDEEP:6:iOsI/RgHyq2Pwkn2nKuAl9OmbzNMxIFUtCI/RgR1ZmwgI/RgXBcVjRkwOwkn2nKA:7piHyvYfHAa8jFUtLib/NiXBc9R5JfHP
                    MD5:AF91F0D644A485AE542D5B2287915C58
                    SHA1:E5EE2871BA2EB42114F9E72AA3B4CFD5E0AFD0E6
                    SHA-256:2C306AB48CA41174788EB00418692D9B5D3C11EB0E2F9DFCE90ABAF731C86CF2
                    SHA-512:CF67F2AE0D484A10FFD228829BFD75A5939406157A8D2E5E90B2F67E26E0C6AF3F29711214CA2069E0B52E48725071E5C88A7040312D6F9D9DC3F40B6FF8B048
                    Malicious:false
                    Preview:2025/03/23-22:36:36.760 1d90 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/03/23-22:36:36.760 1d90 Recovering log #3.2025/03/23-22:36:36.763 1d90 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:ASCII text
                    Category:dropped
                    Size (bytes):324
                    Entropy (8bit):5.175954076925481
                    Encrypted:false
                    SSDEEP:6:iOsI/RgHyq2Pwkn2nKuAl9OmbzNMxIFUtCI/RgR1ZmwgI/RgXBcVjRkwOwkn2nKA:7piHyvYfHAa8jFUtLib/NiXBc9R5JfHP
                    MD5:AF91F0D644A485AE542D5B2287915C58
                    SHA1:E5EE2871BA2EB42114F9E72AA3B4CFD5E0AFD0E6
                    SHA-256:2C306AB48CA41174788EB00418692D9B5D3C11EB0E2F9DFCE90ABAF731C86CF2
                    SHA-512:CF67F2AE0D484A10FFD228829BFD75A5939406157A8D2E5E90B2F67E26E0C6AF3F29711214CA2069E0B52E48725071E5C88A7040312D6F9D9DC3F40B6FF8B048
                    Malicious:false
                    Preview:2025/03/23-22:36:36.760 1d90 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/03/23-22:36:36.760 1d90 Recovering log #3.2025/03/23-22:36:36.763 1d90 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250324023641Z-203.bmp

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:PC bitmap, Windows 3.x format, 164 x -126 x 32, cbSize 82710, bits offset 54
                    Category:dropped
                    Size (bytes):82710
                    Entropy (8bit):1.2272662388702138
                    Encrypted:false
                    SSDEEP:96:dxWKmN/c/uSE/M/zYzWKOG75+MPBofgv1vucmgeYymqAiGkkg:dxw1SuupHITGfW1vgge8+
                    MD5:98F06D06F95BE5918A05315393F18BDF
                    SHA1:37E3683B0A201DB8E67E2341002E04152E145A9C
                    SHA-256:DEBA64094F095542C8C7D2FD63C311A724D644802201B8CF3660B531CFCAE3F2
                    SHA-512:80A45505F1B613B6172A32F52BC8C8AFE3DF8412499AD08116B356B8E081AA70F41A39144F4B91C10A5CD14F26943C34DF48E22A19AE1D0A6FEC63B42B255C01
                    Malicious:false
                    Preview:BM.C......6...(............. ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                    Category:dropped
                    Size (bytes):86016
                    Entropy (8bit):4.445289152750366
                    Encrypted:false
                    SSDEEP:384:yezci5tOiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rhs3OazzU89UTTgUL
                    MD5:82C65B3FEAA10C0328396585825D4AB2
                    SHA1:2458A4E27BCB216FB2DFBD11F93CDAC592F7A01E
                    SHA-256:7E636C680E2047F654B7871E45F62D8AA3042A8B6DCBEBD7A1FCD782DAB7CB73
                    SHA-512:A85D89D821BA33EA18088F8F049CCA8A3C96FA3691CDA033F2C23F9659850DCB9C01F23147855F417B72F0A7161B21E5FF281AF03B7B3E058C0F8202B8E30462
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:SQLite Rollback Journal
                    Category:dropped
                    Size (bytes):8720
                    Entropy (8bit):3.774975781344303
                    Encrypted:false
                    SSDEEP:48:7Mxp/E2ioyVt5Fioy9oWoy1Cwoy1k5uKOioy1noy1AYoy1Wioy1hioybioye5qo0:72pjuJFAXKQwKb9IVXEBodRBk4
                    MD5:5BCBE8B894BB28D1EEB42BC551458068
                    SHA1:10D831169FA3973021FB3E70B85706BC4EB65762
                    SHA-256:26C198CAEC3BD24E137B1F2EE6BF018D686DE94B8E6FD35D4B9AF49BB4147966
                    SHA-512:60333D92BCFECD5208E8AEBE5805769A94FE7DCF298B669EABEF24D3D58EE3A8DB00A1D9D18A2EE152E73624CCF601E527C61B793DF9A74D644D9F0E6753AB6E
                    Malicious:false
                    Preview:.... .c.....r..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:Certificate, Version=3
                    Category:dropped
                    Size (bytes):1391
                    Entropy (8bit):7.705940075877404
                    Encrypted:false
                    SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                    MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                    SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                    SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                    SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                    Malicious:false
                    Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 73305 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                    Category:dropped
                    Size (bytes):73305
                    Entropy (8bit):7.996028107841645
                    Encrypted:true
                    SSDEEP:1536:krha8mqJ7v3CeFMz/akys7nSTK7QMuK+C/Oh5:kAOFq+Mba9Ok7C/O/
                    MD5:83142242E97B8953C386F988AA694E4A
                    SHA1:833ED12FC15B356136DCDD27C61A50F59C5C7D50
                    SHA-256:D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755
                    SHA-512:BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10
                    Malicious:false
                    Preview:MSCF....Y.......,...................I.................;Za. .authroot.stl.98.?.6..CK..<Tk......4..c... .Ec...U.d.d.E&I.DH*..M.KB."..rK.RQ*..}f..f...}..1....9...........$.8q..fa...7.o.1.0...bfsM4.........u..l..0..4.a.t....0.....6#....n. :... ....%.,CQ5uU..(.3.<7#.0..JN.$...=j|w..*.#.oU..Eq[..P..^..~.V...;..m...I|...l..@-W..=.QQ.._./.M.nZ..(.........`.$Z.9wW:W.]..8*E.......I.D{..n...K:.m..^.(.S.......c..s.y..<...2.%o.o.....H.B.R.....11.|!.(...........h.SZ........<...^....Z>.Pp?... .pT@p.#.&..........#VEV=.....p........y..."T=l.n..egf.w..X.Y..-G...........KQ.]...pM..[m..-6.wd:........T...:.P5Zs....c.oT`..F1#......EuD.......7....V ..-....!.N..%S...k...S. ...@.J..../..b!B.(=\../.l......`.\...q9..>4!b..8EH.....zdy.....#...X>%0w...i.,>c.z.g"p.S..2W.+mMs.....5Def.....#._D.4....>}...i...\.&`D.......z;..ZY.3.+t.`....z_.q'w.z.)..j3.+.co.s..:.........qK...{...E....uPO...#vs.XxH.B!..(t. 8k+.....G\..?..GF8....'..w.>.ms..\ve.nFN..W)....xi..u..5.f.l....

                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):192
                    Entropy (8bit):2.7464849065063075
                    Encrypted:false
                    SSDEEP:3:kkFkl92B1fllXlE/HT8k33XNNX8RolJuRdxLlGB9lQRYwpDdt:kKVMT8+NNMa8RdWBwRd
                    MD5:023430F4DCEDAB3FCF91ADC4E4476686
                    SHA1:5E953DF79509AB48FDACD7E7151655F654F20CBC
                    SHA-256:4FFE9CEA7CC1B72B0FD03D7551B7AC7708B6B79E15ECFDC4D7EEB419661FE9A7
                    SHA-512:58D3FE44C8FE79ED999B935BE47A0E63E7E9F7B4E984454A886AE6F28E232EB9426ACDBE4FBF9EB40FC7EE89694A35B618CD7C3F9CCC7C1D06C280484EE051FB
                    Malicious:false
                    Preview:p...... ........NS..e...(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):330
                    Entropy (8bit):3.167835558082537
                    Encrypted:false
                    SSDEEP:6:kK0rmcvSN+SkQlPlEGYRMY9z+4KlDA3RUeqpGVuys1:srmCkPlE99SNxAhUeq8S
                    MD5:8568FC2ACD1711B68882935CD1BDE58A
                    SHA1:358514124B04E985BAAB33DEEBD34246AA0637CB
                    SHA-256:774E4517E692014AA2D2F234C6E7E588A95343D417EB1423A33C084266D45144
                    SHA-512:DCB55F99EDC964FBAF3556CCB6D6EFB3CD5AAFA4A68A3AD557783CF64ACF73091759BBDDBA9424CF9C5A67F8ECEC143C6B410E048E00442857D2A54B1CA56D33
                    Malicious:false
                    Preview:p...... .........u%.e...(....................................................... ..................(...........Y...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.4.2.7.f.6.c.2.b.7.8.7.d.b.1.:.0."...

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.8032

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:PostScript document text
                    Category:dropped
                    Size (bytes):185099
                    Entropy (8bit):5.182478651346149
                    Encrypted:false
                    SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                    MD5:94185C5850C26B3C6FC24ABC385CDA58
                    SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                    SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                    SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                    Malicious:false
                    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:PostScript document text
                    Category:dropped
                    Size (bytes):185099
                    Entropy (8bit):5.182478651346149
                    Encrypted:false
                    SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                    MD5:94185C5850C26B3C6FC24ABC385CDA58
                    SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                    SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                    SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                    Malicious:false
                    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):295
                    Entropy (8bit):5.342615574177554
                    Encrypted:false
                    SSDEEP:6:YEQXJ2HX/7lUtNHVoZcg1vRcR0YWasDoAvJM3g98kUwPeUkwRe9:YvXKXTlakZc0v6ssGMbLUkee9
                    MD5:16873879C84BD9D5E276CAFE29B39C15
                    SHA1:46BED835C597139B54CE1D220B8810673864EC8B
                    SHA-256:BBAA0654EFB6E0373628C259AFF8022CE31A0C28544067E913B38EA0EE7D0DBC
                    SHA-512:4A287F1D714F85D78B57F1E3078CFC6C596B45522DE031E0AD3D7364A7E878A51308AECD9ED9919ABA70CE321118A35BCD972FB7E14204F7AA9967AB004E13AB
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"c8397a41-f894-4290-954e-a4e1771736e1","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1742961163067,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):294
                    Entropy (8bit):5.29150881079833
                    Encrypted:false
                    SSDEEP:6:YEQXJ2HX/7lUtNHVoZcg1vRcR0YWasDoAvJfBoTfXpnrPeUkwRe9:YvXKXTlakZc0v6ssGWTfXcUkee9
                    MD5:07027C05DE711663D94F7492487285C2
                    SHA1:95CA9EA8DAA9C0CF82AACDE51AA5FFE412E78934
                    SHA-256:7753C37B5768964F55982D5421FDED4E2A00AD458FFCCEB2AFB9D2E6D73F37EB
                    SHA-512:21BDDD57329F486212BB4B64AC6D009868E2FB845A7C8BDDE4FFD43CD89843253EF33A000E8E825B819664FC6D6F8134BD6A30108E74FB809467826E28148639
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"c8397a41-f894-4290-954e-a4e1771736e1","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1742961163067,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):294
                    Entropy (8bit):5.270776604713
                    Encrypted:false
                    SSDEEP:6:YEQXJ2HX/7lUtNHVoZcg1vRcR0YWasDoAvJfBD2G6UpnrPeUkwRe9:YvXKXTlakZc0v6ssGR22cUkee9
                    MD5:E534014C3D6711F2059C991C92F5BFEE
                    SHA1:9A7D5180D246EDB8A8958831CB13F46602B22ADE
                    SHA-256:3AAC95D99E85C98FCBBBB6111377A634F9C0E25AE8C2C0DB9F6D3F74C64B36CC
                    SHA-512:C4582FAC594F0D64AE073FB3AE64EE6BC832A6894A2F7E7113DEE70083D82CC96455B8C49AE098C982A5682CF6D45C5252BDEEA5F73A48D188FF6C14319247BD
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"c8397a41-f894-4290-954e-a4e1771736e1","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1742961163067,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):285
                    Entropy (8bit):5.328898086964306
                    Encrypted:false
                    SSDEEP:6:YEQXJ2HX/7lUtNHVoZcg1vRcR0YWasDoAvJfPmwrPeUkwRe9:YvXKXTlakZc0v6ssGH56Ukee9
                    MD5:7283FB20CD5F114E125744B2C89405E7
                    SHA1:464E26364BD6AE0E0FAC47B4B6D9A730E1B47FCD
                    SHA-256:D5147C653F10BB8EA552135EF6532068F7768AB1F982A067AD92BF3BE12BD3A9
                    SHA-512:CC19D9DF1AE528AA9621F4B63C367B8EC626FA7C32D4AB3BBC66106BFD7B8BB39C6D5B735D83B8E70CEFEF74EC697D823B3E5EC0571696033AF7AE82181F4B8E
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"c8397a41-f894-4290-954e-a4e1771736e1","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1742961163067,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):2129
                    Entropy (8bit):5.844375918141963
                    Encrypted:false
                    SSDEEP:24:Yv6XVzvNJpLgEGycjycR84bNerISIedJGWQxiE5iODneLKnlYMfNcX5bpEsrAr39:Yv21Jhgly48Y/TWCjiOumNcXwKOpkU5
                    MD5:B975832F38DE751AD18EF590CCB1D2AD
                    SHA1:811E28673692DA3F61569A9F3F3F4DCEB79D3C1D
                    SHA-256:6B2508AFFD66DCE1D8FD25E5E52B2BE256858525D887D2A5AEC9A09CBC19B3A4
                    SHA-512:625A95301C0609E1CAEAAA46E81554545B32D157E1743519537306204D3DCF564667FD204A4B72DF1C575BF058DE51A28E3BD9E17685AEFB6CFDF0BCC1125C2E
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"c8397a41-f894-4290-954e-a4e1771736e1","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1742961163067,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_1","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"5a9d1955-ab74-4b89-837a-074b702313c0","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2NvbnZlcnQiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRXhwb3J0IFBERnMgdG8gTWljcm9zb2Z0IFdvcmQgYW5kIEV4Y2VsLiIsImN0YUxhYmVsIjpudWxsLCJjdGFCZWhhdmlvciI6bnVsbCwiY3RhVXJsIjpudWxsLCJjdGFVcmxUeXBlIjpudWxsLC

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):289
                    Entropy (8bit):5.277461292764398
                    Encrypted:false
                    SSDEEP:6:YEQXJ2HX/7lUtNHVoZcg1vRcR0YWasDoAvJf8dPeUkwRe9:YvXKXTlakZc0v6ssGU8Ukee9
                    MD5:FF2E4C0D2F85551128C854AC9A6966B5
                    SHA1:CA209E3C2CE5325CCE9F4C21B5AA9F16ECA26390
                    SHA-256:363A01C829CC0F242AB1ADDC85BFDC683DA22E88FD25C60A200F5B4ADC8492B3
                    SHA-512:AC6021A43E312412EBAE3B2A626CE75A2234C9CB6DACE9866049D2A5BCBCFC3E974B770BE7D07EB67264E1C9E4FFE4593A489837EC82B584577B2FC527018A9F
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"c8397a41-f894-4290-954e-a4e1771736e1","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1742961163067,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):292
                    Entropy (8bit):5.281318863720742
                    Encrypted:false
                    SSDEEP:6:YEQXJ2HX/7lUtNHVoZcg1vRcR0YWasDoAvJfQ1rPeUkwRe9:YvXKXTlakZc0v6ssGY16Ukee9
                    MD5:9391C28DF3074A41023E1833CAE34875
                    SHA1:8CD21B82ACCBF6BB0F54270D935A77D9FEE4466A
                    SHA-256:3218C99F8CEE66AAD84A09D312FA9A38C1AC6A460F30648B01FF031827446F3E
                    SHA-512:DAA7E64278B1F37729F094CC091389362D31B809903FC11EF83E87F8FBB87318637CDC8980D4B21F2CAC99CC53D3CAE7F1038A2DAA8F09C85AB3E266E36FEDB4
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"c8397a41-f894-4290-954e-a4e1771736e1","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1742961163067,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):2080
                    Entropy (8bit):5.830749446419773
                    Encrypted:false
                    SSDEEP:48:Yv21EogbN48l/GiyLVzyODVHKOkQLcSmjWA5:Gkjg54Y/IVO48OkQASmB
                    MD5:D613D33608947E0737BC516648ECE425
                    SHA1:0766F8F1680508A357D614C70A1377212A8A98F1
                    SHA-256:F818A9EA83CC4BBBB32F0581FA40B0B9EEEC10D3447AEE76CD8A982655658AEA
                    SHA-512:B32B3565D7DDFD4FDBBEBF537EAF09623B316F9D89FECF2A39D32625E469B5C87E797A589515479F723BD900FD1E35D66C44E5EFAAC35C8436AECC2F2A3581A4
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"c8397a41-f894-4290-954e-a4e1771736e1","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1742961163067,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_2","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"164bf29d-ee04-491c-adf2-c0bfeedb2d1b","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2VkaXQiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjpudWxsLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJhY2tpbmdJZCI6bnVsbCwiX21ldGFkYXRhIjp7InN0cmluZ01ldGFkYXRhIjp

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):295
                    Entropy (8bit):5.302677147526681
                    Encrypted:false
                    SSDEEP:6:YEQXJ2HX/7lUtNHVoZcg1vRcR0YWasDoAvJfzdPeUkwRe9:YvXKXTlakZc0v6ssGb8Ukee9
                    MD5:6E02363459FD7CC77A3AFB34619F6201
                    SHA1:C0A8EFD443175C18FCA2871BE117D429D6ABA9A6
                    SHA-256:416013F4E72CC571222A1B9341B91A7DC94843D02D2712545DD91F1690307996
                    SHA-512:D4E6D868C7695A69C08E157D31907DC1F28D4AA3391AC1FFCEC77862CAE942E22FB15D5847B01E0AD9C4C6633F8CEEFA28713802763EFF11BF265FAFE0874BC8
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"c8397a41-f894-4290-954e-a4e1771736e1","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1742961163067,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):289
                    Entropy (8bit):5.282974458326834
                    Encrypted:false
                    SSDEEP:6:YEQXJ2HX/7lUtNHVoZcg1vRcR0YWasDoAvJfYdPeUkwRe9:YvXKXTlakZc0v6ssGg8Ukee9
                    MD5:CCB16302478862981FA5F28193DC56EF
                    SHA1:162B6DE883C7306075F9851FC3217B61C00038ED
                    SHA-256:7915E28EC107B5A37415528B472DF04FE9BFC658A3BD72210F0FFE7841F70598
                    SHA-512:3062C22DFBB852BE9A9E557462539BE3AC92C0897BCC96D5BC59F25D1AF4A8CCB7407F068FC96E6BC9423CF8B51FB410FAE58E2E77A958EA0E388505EEB6F114
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"c8397a41-f894-4290-954e-a4e1771736e1","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1742961163067,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):284
                    Entropy (8bit):5.269306439318176
                    Encrypted:false
                    SSDEEP:6:YEQXJ2HX/7lUtNHVoZcg1vRcR0YWasDoAvJf+dPeUkwRe9:YvXKXTlakZc0v6ssG28Ukee9
                    MD5:D55C04F88202E1AFE932F2115793BFF9
                    SHA1:C631626D61F00051CE5910A4609D6091E8577E6F
                    SHA-256:99C14B5E44A693D17CE2EF758BD89F91C9CB6CE68227EB20B441B741C5BB9646
                    SHA-512:7772178848D28AA23E828679EF2BEF74016893D4BFABA80CDB7837E9AC01D94E2487CBE958A649F060A8E58C47088B07EB38A90835AD30A1763E7A5BD7584FA6
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"c8397a41-f894-4290-954e-a4e1771736e1","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1742961163067,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):291
                    Entropy (8bit):5.266638570032815
                    Encrypted:false
                    SSDEEP:6:YEQXJ2HX/7lUtNHVoZcg1vRcR0YWasDoAvJfbPtdPeUkwRe9:YvXKXTlakZc0v6ssGDV8Ukee9
                    MD5:1AA959161ED7626302FF4DBDBD67AE70
                    SHA1:CA008884504D95BC3F01982E5A7B0327B776F893
                    SHA-256:60AB3DA3D46B5B796957B9499532A977CBA4BB595C240A997D43CD75803786EA
                    SHA-512:E96C4C086BC54CC5FBB1401D4E50C82497913152E6182B92A5CFF6F4714BB27C2CC6F6172F58C188866B4A21D09FC0A6FD06016E07464E81D8749D6F46ECDE89
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"c8397a41-f894-4290-954e-a4e1771736e1","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1742961163067,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):287
                    Entropy (8bit):5.271054363747213
                    Encrypted:false
                    SSDEEP:6:YEQXJ2HX/7lUtNHVoZcg1vRcR0YWasDoAvJf21rPeUkwRe9:YvXKXTlakZc0v6ssG+16Ukee9
                    MD5:11AFFD6B40022B78A58E205AD62D7714
                    SHA1:320C819E12B4D5DE3829DC3A7F3A65D3A7BE7B55
                    SHA-256:47CF52189B42B340FE7C2C585F3EF2DDB513AD87402EEF182E699E711ADBCF55
                    SHA-512:ECD325649F9F97B08B963D73319B7D2D29DF45A706F1CAB96ECD652864D9518AFDC0C9B1CEA364F99B98A194411B51348AD9CCC1BC9C0F573DA501C3F20C2ED1
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"c8397a41-f894-4290-954e-a4e1771736e1","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1742961163067,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):2028
                    Entropy (8bit):5.843945036249289
                    Encrypted:false
                    SSDEEP:24:Yv6XVzvN5amXayLgEdycgNaLcR84bqerISIQ1iyLPZYMWD8W3V1LFnU6QHlOBED+:Yv21FBgBG48j/SiyLVWOAlNkU5
                    MD5:BA52AE78C7C0F69CFF07FD2A023026B3
                    SHA1:2B1F6403BD755C374DB6A40E95DF53B1D150DCC6
                    SHA-256:82462B7AE8E1A455AB545DF382370DB7D7F2F87ED5683079E48306C48452B513
                    SHA-512:376934FBB9A4073D29169A31EF4910C4B26F894E4B81EDD49F586ACB32719E3497E9A189385E6D9D50416D855EBE0D437A7C2DFB241E7DB66702CCC83FB1874F
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"c8397a41-f894-4290-954e-a4e1771736e1","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1742961163067,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_0","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"339c0ba6-2e61-4622-82f6-f07787d206b8","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL3NpZ24iLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRWFzaWx5IGZpbGwgYW5kIHNpZ24gUERGcy4iLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJhY2tpbmdJZCI6bnVsbCwiX21ldGF

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):286
                    Entropy (8bit):5.249206439973372
                    Encrypted:false
                    SSDEEP:6:YEQXJ2HX/7lUtNHVoZcg1vRcR0YWasDoAvJfshHHrPeUkwRe9:YvXKXTlakZc0v6ssGUUUkee9
                    MD5:4AABBEAF7194597407770F5BF5591012
                    SHA1:8548F1B0AB779FDCFBA3B80D2B77900675FF4E47
                    SHA-256:573C28FE4138B2FE38DF572C86E9FABD623B827D029793E46559E56671BD122C
                    SHA-512:740A72DEBF31E24519599DD81CE619ADB4FCE4EDD551740E78772955FD862773E572F9659370A4B911B101BDC3722FFBBCC4805D9CE6034026F5F4A3A16768D3
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"c8397a41-f894-4290-954e-a4e1771736e1","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1742961163067,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):282
                    Entropy (8bit):5.259830329900978
                    Encrypted:false
                    SSDEEP:6:YEQXJ2HX/7lUtNHVoZcg1vRcR0YWasDoAvJTqgFCrPeUkwRe9:YvXKXTlakZc0v6ssGTq16Ukee9
                    MD5:0DCBCA8BF0785782431091BB46D44D39
                    SHA1:E1A869EAC034C83EAD87F65880BB6FB943872A6A
                    SHA-256:C707E5BEC1E20A1F2369DE021E7B6E91C73B785B7A90C6907928EAC9C30A19B0
                    SHA-512:55028148B7BEF921B56692AE7D21FB5E47F2388ED73FF812B42FB4BD09D9F875A2EE503AF5BC053E8358170791FB4530296256E940131BEE0F3F473001B529E8
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"c8397a41-f894-4290-954e-a4e1771736e1","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1742961163067,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):4
                    Entropy (8bit):0.8112781244591328
                    Encrypted:false
                    SSDEEP:3:e:e
                    MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                    SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                    SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                    SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                    Malicious:false
                    Preview:....

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):2815
                    Entropy (8bit):5.123695802477363
                    Encrypted:false
                    SSDEEP:24:Y9OxaaJEaye8CJsAm581fJZQ5mh6k4vj3Lj0SZsFAh26Ap/2LS7CY8CXT4Gy65Rw:Y9iJnDWMRZQkx83uFYSV9ECXsGrY9Jx
                    MD5:87EA7D02C81F9B3ECF12F8B334630810
                    SHA1:5728E052BC9BD91E1618D6657F76DBAAFB547578
                    SHA-256:82954F49BAF8F0886A1359DBCAC731A28B9C88F6DF36CDDDC92E79093785325A
                    SHA-512:57EF3ADE7A790EC0F559A04D65B5BAF91608C0F81E33DEBE9D309AB90DD6D0B44F01D89EF5D819E45E757BA31358C7CD90CAEEA05A9FA3174781B6C7E6B7EC87
                    Malicious:false
                    Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"749f17a6a3f70d22c0f003223d46d0e2","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1742783802000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"67fd087d0e2a66cf1148716475bc9d36","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":2028,"ts":1742783802000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"55851156a929fc1e9df5150c2034de95","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":2129,"ts":1742783802000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"8af4f5ead996089f84165f40f668231f","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":2080,"ts":1742783802000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"1938670702eaed096bc322bf8b10782b","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1742783802000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"ae9efd55804e307a5d5744a17b307cc4","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file",

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                    Category:dropped
                    Size (bytes):12288
                    Entropy (8bit):1.1884302967422076
                    Encrypted:false
                    SSDEEP:48:TGufl2GL7msEHUUUUUUUUqdSvR9H9vxFGiDIAEkGVvpOp:lNVmswUUUUUUUUqd+FGSItqp
                    MD5:E110C0064B0A502870A3428E6029E64A
                    SHA1:5D1EE2CDEE99C8D49DD50D96200507786BD25694
                    SHA-256:C5B2A33F47FF3DF14ED97E401DF931725BB121C79E2731D4A6C672E0C12C438A
                    SHA-512:6E0AE865A7FAFFE4B73CA9FF94A248F52B63B682FDC4BCDDD702E465623027C85F0CD317FE77CB6DE4ED3FE5C65038F039D95AE4E34394C497D390CC57FB9452
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:SQLite Rollback Journal
                    Category:dropped
                    Size (bytes):8720
                    Entropy (8bit):1.6093318053126184
                    Encrypted:false
                    SSDEEP:48:7MvKUUUUUUUUUUqlvR9H9vxFGiDIAEkGVv6qFl2GL7msj:7dUUUUUUUUUUqBFGSIt0KVmsj
                    MD5:ACBBE908E5D3D462CEC5FF45AC5BC66E
                    SHA1:914D7D4002A20EAEDFFD9B8249F72E77009648A7
                    SHA-256:EBD68CF2BDAE0EA649DE5E5AA6BCABD8878C417CBF78F467B6DAC282CC46C3F7
                    SHA-512:FDF6C753F5676F64442432A9F2F9EF99261590332933E6A5356D139AC712216D6FEB1706C04A6B815845C7640FF81F36EE9DD0C6C28FF6A4708C28BE65DF74D9
                    Malicious:false
                    Preview:.... .c........`......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\MSI315c8.LOG

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):246
                    Entropy (8bit):3.5248044522866877
                    Encrypted:false
                    SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8r+lUlpv:Qw946cPbiOxDlbYnuRKqrv
                    MD5:57CAE26696790C61C5BCE8786B3DE291
                    SHA1:DE660FC6C984AAA48AD8AC0504CDEF755D4FAA60
                    SHA-256:71397A796D09AA12ED3422C64837CC723CC534B97398CEDE37D5454450149B48
                    SHA-512:617D20D87B83D35A5705E694EF66A0EADB0935D2A1D71C540B920C482635C986B273C4D2A15D2565DF24FD4BC8C9B1D9181C33AE4080429B9C2F970026B323C5
                    Malicious:false
                    Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.3./.0.3./.2.0.2.5. . .2.2.:.3.6.:.4.4. .=.=.=.....

                    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-03-23 22-36-38-279.log

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:ASCII text, with very long lines (393)
                    Category:dropped
                    Size (bytes):16525
                    Entropy (8bit):5.345946398610936
                    Encrypted:false
                    SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
                    MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
                    SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
                    SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
                    SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
                    Malicious:false
                    Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

                    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:ASCII text, with very long lines (393), with CRLF line terminators
                    Category:dropped
                    Size (bytes):15099
                    Entropy (8bit):5.367809281084369
                    Encrypted:false
                    SSDEEP:384:leEH8S53+hULceS4HAKfbpz2qlIDYxtxdxzMdqUqazRp5cYzK7VS8vCDEUCHPeDJ:B0O7XtYvV
                    MD5:75AD920CA465532E3C49A79AA0661B07
                    SHA1:B9ABACC04144DC7DEE38022FD5A976319E3694BC
                    SHA-256:EB7A57E71521A8A1D1B54AB4121B67D8D6F2A880F80A784D2BB675811D6D5126
                    SHA-512:ED992C01850B8F0A2829A59612A55D88A2D86DE9DF2F717E9FF27202400FA136825AFAB578C5F5F11D9C32548E825E22C04A7B65B00300440C2691CE98417B56
                    Malicious:false
                    Preview:SessionID=bb6538d0-4568-48a8-91ab-47554a0bd1ba.1742783798297 Timestamp=2025-03-23T22:36:38:297-0400 ThreadID=7508 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=bb6538d0-4568-48a8-91ab-47554a0bd1ba.1742783798297 Timestamp=2025-03-23T22:36:38:318-0400 ThreadID=7508 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=bb6538d0-4568-48a8-91ab-47554a0bd1ba.1742783798297 Timestamp=2025-03-23T22:36:38:318-0400 ThreadID=7508 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=bb6538d0-4568-48a8-91ab-47554a0bd1ba.1742783798297 Timestamp=2025-03-23T22:36:38:318-0400 ThreadID=7508 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=bb6538d0-4568-48a8-91ab-47554a0bd1ba.1742783798297 Timestamp=2025-03-23T22:36:38:318-0400 ThreadID=7508 Component=ngl-lib_NglAppLib Description="SetConf

                    C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:ASCII text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):29752
                    Entropy (8bit):5.395190956750472
                    Encrypted:false
                    SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rp:9
                    MD5:7A1BE4D71E7C18C2D8B6166F1F44EF49
                    SHA1:CB4CECE307536D8AD2D5E7F541E5F1C03A65671E
                    SHA-256:54218B9B7CD4B376B8347C2B905E87E5A45FB3970B6D77581D4126B995F3EF4F
                    SHA-512:4A90799C87DAF0E8B2BB1D338B563441209E13C888DBE5832ED8D8429A078D35A8A0553B4BE32B716AADC7CBB3FAE57EA95E5B890847802E4A9E7D9D6D15F9C5
                    Malicious:false
                    Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

                    C:\Users\user\AppData\Local\Temp\acrocef_low\67c24d90-19ff-4c33-a267-24bb55ab811a.tmp

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                    Category:dropped
                    Size (bytes):758601
                    Entropy (8bit):7.98639316555857
                    Encrypted:false
                    SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                    MD5:3A49135134665364308390AC398006F1
                    SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                    SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                    SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                    Malicious:false
                    Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                    C:\Users\user\AppData\Local\Temp\acrocef_low\79123009-5f73-4825-a538-afeca4ff10a7.tmp

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                    Category:dropped
                    Size (bytes):1407294
                    Entropy (8bit):7.97605879016224
                    Encrypted:false
                    SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                    MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                    SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                    SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                    SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                    Malicious:false
                    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                    C:\Users\user\AppData\Local\Temp\acrocef_low\86ece960-1cad-473a-876b-a4561b853d10.tmp

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                    Category:dropped
                    Size (bytes):1419751
                    Entropy (8bit):7.976496077007677
                    Encrypted:false
                    SSDEEP:24576:/W5mOWL07oDGZQYIGNPZdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:u5bWLxDGZQZGH3mlind9i4ufFXpAXkru
                    MD5:BECE717AE3587486D42CB3BBE467D234
                    SHA1:B325B496C80E62F99849F352F6A1A160755FFEF3
                    SHA-256:CF9BF1923A49C62FC67A0F9B9B7ED593D11FD30D4C04D66499454485FA077F36
                    SHA-512:C8692B9256BFEC55407AE88D965D7717983504BA61353041356EF5CD4DEBC4758407CBA1AB08C4883E5571293210C4085BAED9C54DC4E0494AF1DE2CADAEA3A1
                    Malicious:false
                    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                    C:\Users\user\AppData\Local\Temp\acrocef_low\d4f1eef9-ebbf-406e-b88d-ce6d833ab2f5.tmp

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                    Category:dropped
                    Size (bytes):386528
                    Entropy (8bit):7.9736851559892425
                    Encrypted:false
                    SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                    MD5:5C48B0AD2FEF800949466AE872E1F1E2
                    SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                    SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                    SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                    Malicious:false
                    Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                    Chrome Cache Entry: 166

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:ASCII text, with very long lines (3150)
                    Category:downloaded
                    Size (bytes):3155
                    Entropy (8bit):5.863722775877795
                    Encrypted:false
                    SSDEEP:48:K3ABkBGbKlgJXwnF5PqRUJ4wEkIRDgJtiRuylcANuoZh1ppQKxBf2Rb//BX0vA0y:K3Kml7SRsCgF2pN3ZQgf2htddfffffX
                    MD5:F833B5B408EDE5233B964A38A4A9222F
                    SHA1:A926EC85F6DA4844E2C6FF0190B5827D8CA0D224
                    SHA-256:B77C715DB37579EAE47F88D26ACB4C140C27AD99C8BB754C949B5647F742F6DA
                    SHA-512:144ED018143C95B8663771904F0B03D80CF66D8B963B981B8F456A231A25B964862B820A786D714E67D0BAD9E4C6B09ADD10EFB36EFE0C0A547FD56477551580
                    Malicious:false
                    URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
                    Preview:)]}'.["",["sunrise on the reaping movie haymitch","alex eala madison keys miami open","dairy queen blizzards 85 cents","apple iphone 17 pro max","social security identity verification","monster hunter wilds title update","ipl cricket","ripple xrp price prediction"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChoIkk4SFQoRVHJlbmRpbmcgc2VhcmNoZXMoCg\u003d\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"CgovbS8wM2JfbG0xEihJbmRpYW4gUHJlbWllciBMZWFndWUg4oCUIENyaWNrZXQgbGVhZ3VlMvoLZGF0YTppbWFnZS9wbmc7YmFzZTY0LGlWQk9SdzBLR2dvQUFBQU5TVWhFVWdBQUFFQUFBQUFoQ0FNQUFBQmVIMTBUQUFBQW5GQk1WRVgvLy84bVBZZ0FEMzBBQUhyNSt2eXp1ZEVBR0g4QUZYN3c4ZmJCeDlySXpkN3M3Zk1BQUhYMjkvb0FLWURjMytyTzB1SG02UEFBS1lTb3NNc0FKb081djlVQUgzMlduOEI3aDdPZHBjUjBnYThBQjNzQUg0SFYyZWFObDd6QzF1dFphcUpRWXA1dGVhZ2VONFZtZGFnT0xvSXFSWkNYdXQ1M3B0WnBuOU9DcmRta3d1SXZnOGM5aWNyZjZmVFY0L0UvVUpKY2hyNUZXWmxZZGEycC9tb

                    Static File Info

                    General

                    File type:PDF document, version 1.6
                    Entropy (8bit):7.929661539673598
                    TrID:
                    • Adobe Portable Document Format (5005/1) 100.00%
                    File name:Invoice Number INV132146-1.pdf
                    File size:52'893 bytes
                    MD5:786bb21da0bc0a7a90278e99818d59a9
                    SHA1:1b63a43223fa7a5d275d0b3631bee54fe8ca181c
                    SHA256:3f193b89c9274026c94b4da74272c7160f1c6f76d5a64594ebb66b103d1e38d2
                    SHA512:5a2eef7c1a61b777c644b15e38070b3ffe358e69785a235b9cfa440ddc403bd509c786c843eb0d60063d14d2a560badd8df12c9cd9c060891766a444d2a46649
                    SSDEEP:1536:oaZC54j2Aup+lgekiqCAltX3/MCgPnTn9d6:HZCSaAusSi+XvjETn9d6
                    TLSH:DB3302BCA895CC9DDEA459F62440438E42DFAC379FD617312ECBE3419E8930AF584DA4
                    File Content Preview:%PDF-1.6.%.....2 0 obj.<<./Lang <FEFF0045004E002D00550053>./MarkInfo 4 0 R./Metadata 5 0 R./PageLayout /OneColumn./Pages 6 0 R./StructTreeRoot 7 0 R./Type /Catalog./AcroForm 8 0 R.>>.endobj.5 0 obj.<<./Subtype /XML./Type /Metadata./Filter /FlateDecode./Le

                    File Icon

                    Icon Hash:62cc8caeb29e8ae0

                    Static PDF Info

                    General

                    Header:%PDF-1.6
                    Total Entropy:7.929662
                    Total Bytes:52893
                    Stream Entropy:7.929453
                    Stream Bytes:51803
                    Entropy outside Streams:5.201380
                    Bytes outside Streams:1090
                    Number of EOF found:1
                    Bytes after EOF:
                    NameCount
                    obj9
                    endobj9
                    stream7
                    endstream7
                    xref0
                    trailer0
                    startxref1
                    /Page0
                    /Encrypt0
                    /ObjStm1
                    /URI0
                    /JS0
                    /JavaScript0
                    /AA0
                    /OpenAction0
                    /AcroForm1
                    /JBIG2Decode0
                    /RichMedia0
                    /Launch0
                    /EmbeddedFile0
                    IDDHASHMD5Preview
                    3211313038394f373699a66323ff5e1bcbb778db6bfb3b60cf

                    Network Behavior

                    Download Network PCAP: filteredfull

                    Network Port Distribution

                    • Total Packets: 99
                    • 443 (HTTPS)
                    • 80 (HTTP)
                    • 53 (DNS)
                    TimestampSource PortDest PortSource IPDest IP
                    Mar 24, 2025 03:36:32.042768955 CET49671443192.168.2.4204.79.197.203
                    Mar 24, 2025 03:36:32.354337931 CET49671443192.168.2.4204.79.197.203
                    Mar 24, 2025 03:36:32.964032888 CET49671443192.168.2.4204.79.197.203
                    Mar 24, 2025 03:36:34.166856050 CET49671443192.168.2.4204.79.197.203
                    Mar 24, 2025 03:36:36.573153019 CET49671443192.168.2.4204.79.197.203
                    Mar 24, 2025 03:36:37.354334116 CET4968180192.168.2.42.17.190.73
                    Mar 24, 2025 03:36:40.916009903 CET49678443192.168.2.420.189.173.27
                    Mar 24, 2025 03:36:41.231460094 CET49678443192.168.2.420.189.173.27
                    Mar 24, 2025 03:36:41.423492908 CET49671443192.168.2.4204.79.197.203
                    Mar 24, 2025 03:36:41.872241974 CET49678443192.168.2.420.189.173.27
                    Mar 24, 2025 03:36:43.179383993 CET49678443192.168.2.420.189.173.27
                    Mar 24, 2025 03:36:45.679688931 CET49678443192.168.2.420.189.173.27
                    Mar 24, 2025 03:36:45.714788914 CET49712443192.168.2.4131.253.33.254
                    Mar 24, 2025 03:36:45.715109110 CET49712443192.168.2.4131.253.33.254
                    Mar 24, 2025 03:36:45.715141058 CET49712443192.168.2.4131.253.33.254
                    Mar 24, 2025 03:36:45.812911987 CET44349712131.253.33.254192.168.2.4
                    Mar 24, 2025 03:36:45.812961102 CET44349712131.253.33.254192.168.2.4
                    Mar 24, 2025 03:36:45.813916922 CET44349712131.253.33.254192.168.2.4
                    Mar 24, 2025 03:36:45.813955069 CET44349712131.253.33.254192.168.2.4
                    Mar 24, 2025 03:36:45.814007998 CET49712443192.168.2.4131.253.33.254
                    Mar 24, 2025 03:36:45.814008951 CET49712443192.168.2.4131.253.33.254
                    Mar 24, 2025 03:36:45.814497948 CET49712443192.168.2.4131.253.33.254
                    Mar 24, 2025 03:36:45.817015886 CET44349712131.253.33.254192.168.2.4
                    Mar 24, 2025 03:36:45.817050934 CET44349712131.253.33.254192.168.2.4
                    Mar 24, 2025 03:36:45.817086935 CET49712443192.168.2.4131.253.33.254
                    Mar 24, 2025 03:36:45.817142010 CET49712443192.168.2.4131.253.33.254
                    Mar 24, 2025 03:36:45.820010900 CET49712443192.168.2.4131.253.33.254
                    Mar 24, 2025 03:36:45.909887075 CET44349712131.253.33.254192.168.2.4
                    Mar 24, 2025 03:36:45.916081905 CET44349712131.253.33.254192.168.2.4
                    Mar 24, 2025 03:36:45.918323994 CET44349712131.253.33.254192.168.2.4
                    Mar 24, 2025 03:36:45.918366909 CET44349712131.253.33.254192.168.2.4
                    Mar 24, 2025 03:36:45.918525934 CET49712443192.168.2.4131.253.33.254
                    Mar 24, 2025 03:36:45.918525934 CET49712443192.168.2.4131.253.33.254
                    Mar 24, 2025 03:36:48.512708902 CET4972780192.168.2.423.48.144.248
                    Mar 24, 2025 03:36:48.602277994 CET804972723.48.144.248192.168.2.4
                    Mar 24, 2025 03:36:48.602372885 CET4972780192.168.2.423.48.144.248
                    Mar 24, 2025 03:36:48.602482080 CET4972780192.168.2.423.48.144.248
                    Mar 24, 2025 03:36:48.696391106 CET804972723.48.144.248192.168.2.4
                    Mar 24, 2025 03:36:48.698709011 CET804972723.48.144.248192.168.2.4
                    Mar 24, 2025 03:36:48.698746920 CET804972723.48.144.248192.168.2.4
                    Mar 24, 2025 03:36:48.698796988 CET4972780192.168.2.423.48.144.248
                    Mar 24, 2025 03:36:50.481861115 CET49678443192.168.2.420.189.173.27
                    Mar 24, 2025 03:36:51.026913881 CET49671443192.168.2.4204.79.197.203
                    Mar 24, 2025 03:37:00.072356939 CET4972780192.168.2.423.48.144.248
                    Mar 24, 2025 03:37:00.092705011 CET49678443192.168.2.420.189.173.27
                    Mar 24, 2025 03:37:06.470688105 CET49739443192.168.2.4142.251.40.228
                    Mar 24, 2025 03:37:06.470732927 CET44349739142.251.40.228192.168.2.4
                    Mar 24, 2025 03:37:06.470933914 CET49739443192.168.2.4142.251.40.228
                    Mar 24, 2025 03:37:06.471239090 CET49739443192.168.2.4142.251.40.228
                    Mar 24, 2025 03:37:06.471250057 CET44349739142.251.40.228192.168.2.4
                    Mar 24, 2025 03:37:06.670526028 CET44349739142.251.40.228192.168.2.4
                    Mar 24, 2025 03:37:06.670612097 CET49739443192.168.2.4142.251.40.228
                    Mar 24, 2025 03:37:06.672399044 CET49739443192.168.2.4142.251.40.228
                    Mar 24, 2025 03:37:06.672410965 CET44349739142.251.40.228192.168.2.4
                    Mar 24, 2025 03:37:06.672801971 CET44349739142.251.40.228192.168.2.4
                    Mar 24, 2025 03:37:06.713326931 CET49739443192.168.2.4142.251.40.228
                    Mar 24, 2025 03:37:09.309895992 CET49739443192.168.2.4142.251.40.228
                    Mar 24, 2025 03:37:09.352358103 CET44349739142.251.40.228192.168.2.4
                    Mar 24, 2025 03:37:09.457356930 CET44349739142.251.40.228192.168.2.4
                    Mar 24, 2025 03:37:09.457428932 CET44349739142.251.40.228192.168.2.4
                    Mar 24, 2025 03:37:09.457465887 CET44349739142.251.40.228192.168.2.4
                    Mar 24, 2025 03:37:09.457535982 CET49739443192.168.2.4142.251.40.228
                    Mar 24, 2025 03:37:09.457576036 CET44349739142.251.40.228192.168.2.4
                    Mar 24, 2025 03:37:09.457725048 CET49739443192.168.2.4142.251.40.228
                    Mar 24, 2025 03:37:09.464087009 CET44349739142.251.40.228192.168.2.4
                    Mar 24, 2025 03:37:09.464199066 CET44349739142.251.40.228192.168.2.4
                    Mar 24, 2025 03:37:09.464219093 CET49739443192.168.2.4142.251.40.228
                    Mar 24, 2025 03:37:09.464238882 CET44349739142.251.40.228192.168.2.4
                    Mar 24, 2025 03:37:09.464267015 CET49739443192.168.2.4142.251.40.228
                    Mar 24, 2025 03:37:09.464298964 CET49739443192.168.2.4142.251.40.228
                    Mar 24, 2025 03:37:20.573803902 CET4971180192.168.2.4199.232.210.172
                    Mar 24, 2025 03:37:20.573853970 CET4971480192.168.2.4199.232.210.172
                    Mar 24, 2025 03:37:20.662532091 CET8049711199.232.210.172192.168.2.4
                    Mar 24, 2025 03:37:20.662548065 CET8049711199.232.210.172192.168.2.4
                    Mar 24, 2025 03:37:20.662595034 CET4971180192.168.2.4199.232.210.172
                    Mar 24, 2025 03:37:20.662992954 CET8049714199.232.210.172192.168.2.4
                    Mar 24, 2025 03:37:20.663088083 CET8049714199.232.210.172192.168.2.4
                    Mar 24, 2025 03:37:20.663135052 CET4971480192.168.2.4199.232.210.172
                    Mar 24, 2025 03:38:06.434104919 CET49749443192.168.2.4142.251.40.228
                    Mar 24, 2025 03:38:06.434175014 CET44349749142.251.40.228192.168.2.4
                    Mar 24, 2025 03:38:06.434305906 CET49749443192.168.2.4142.251.40.228
                    Mar 24, 2025 03:38:06.434429884 CET49749443192.168.2.4142.251.40.228
                    Mar 24, 2025 03:38:06.434449911 CET44349749142.251.40.228192.168.2.4
                    Mar 24, 2025 03:38:06.631700039 CET44349749142.251.40.228192.168.2.4
                    Mar 24, 2025 03:38:06.632097960 CET49749443192.168.2.4142.251.40.228
                    Mar 24, 2025 03:38:06.632123947 CET44349749142.251.40.228192.168.2.4
                    Mar 24, 2025 03:38:16.631319046 CET44349749142.251.40.228192.168.2.4
                    Mar 24, 2025 03:38:16.631460905 CET44349749142.251.40.228192.168.2.4
                    Mar 24, 2025 03:38:16.631517887 CET49749443192.168.2.4142.251.40.228
                    Mar 24, 2025 03:38:18.028237104 CET49749443192.168.2.4142.251.40.228
                    Mar 24, 2025 03:38:18.028264999 CET44349749142.251.40.228192.168.2.4
                    Mar 24, 2025 03:38:27.031810999 CET4434970852.113.196.254192.168.2.4
                    Mar 24, 2025 03:38:51.966001034 CET44349712131.253.33.254192.168.2.4
                    TimestampSource PortDest PortSource IPDest IP
                    Mar 24, 2025 03:36:48.409181118 CET6463453192.168.2.41.1.1.1
                    Mar 24, 2025 03:36:48.509421110 CET53646341.1.1.1192.168.2.4
                    Mar 24, 2025 03:37:01.908380032 CET53523621.1.1.1192.168.2.4
                    Mar 24, 2025 03:37:02.299776077 CET53515611.1.1.1192.168.2.4
                    Mar 24, 2025 03:37:02.523940086 CET53535821.1.1.1192.168.2.4
                    Mar 24, 2025 03:37:02.998908043 CET53516121.1.1.1192.168.2.4
                    Mar 24, 2025 03:37:06.371094942 CET5092753192.168.2.41.1.1.1
                    Mar 24, 2025 03:37:06.371315002 CET5106953192.168.2.41.1.1.1
                    Mar 24, 2025 03:37:06.468904018 CET53509271.1.1.1192.168.2.4
                    Mar 24, 2025 03:37:06.469681025 CET53510691.1.1.1192.168.2.4
                    Mar 24, 2025 03:37:07.976586103 CET5084953192.168.2.41.1.1.1
                    Mar 24, 2025 03:37:07.976952076 CET6134053192.168.2.41.1.1.1
                    Mar 24, 2025 03:37:08.218839884 CET53508491.1.1.1192.168.2.4
                    Mar 24, 2025 03:37:08.219458103 CET6117253192.168.2.41.1.1.1
                    Mar 24, 2025 03:37:08.223284006 CET53613401.1.1.1192.168.2.4
                    Mar 24, 2025 03:37:08.223721027 CET6536353192.168.2.41.1.1.1
                    Mar 24, 2025 03:37:08.464056015 CET53611721.1.1.1192.168.2.4
                    Mar 24, 2025 03:37:08.465192080 CET6030353192.168.2.41.1.1.1
                    Mar 24, 2025 03:37:08.475398064 CET53653631.1.1.1192.168.2.4
                    Mar 24, 2025 03:37:08.866962910 CET53603031.1.1.1192.168.2.4
                    Mar 24, 2025 03:37:08.904288054 CET6312553192.168.2.48.8.8.8
                    Mar 24, 2025 03:37:08.904536963 CET5334053192.168.2.41.1.1.1
                    Mar 24, 2025 03:37:09.000633001 CET53631258.8.8.8192.168.2.4
                    Mar 24, 2025 03:37:09.008220911 CET53533401.1.1.1192.168.2.4
                    Mar 24, 2025 03:37:09.930723906 CET5499753192.168.2.41.1.1.1
                    Mar 24, 2025 03:37:09.930969000 CET5977153192.168.2.41.1.1.1
                    Mar 24, 2025 03:37:10.183795929 CET53597711.1.1.1192.168.2.4
                    Mar 24, 2025 03:37:10.198205948 CET5754953192.168.2.41.1.1.1
                    Mar 24, 2025 03:37:10.443960905 CET53575491.1.1.1192.168.2.4
                    Mar 24, 2025 03:37:10.470149994 CET53549971.1.1.1192.168.2.4
                    Mar 24, 2025 03:37:10.471649885 CET4951553192.168.2.41.1.1.1
                    Mar 24, 2025 03:37:10.712990046 CET53495151.1.1.1192.168.2.4
                    Mar 24, 2025 03:37:15.748164892 CET5985353192.168.2.41.1.1.1
                    Mar 24, 2025 03:37:15.748342037 CET5638253192.168.2.41.1.1.1
                    Mar 24, 2025 03:37:15.993273973 CET53598531.1.1.1192.168.2.4
                    Mar 24, 2025 03:37:15.993956089 CET5111953192.168.2.41.1.1.1
                    Mar 24, 2025 03:37:16.294528008 CET53563821.1.1.1192.168.2.4
                    Mar 24, 2025 03:37:16.295010090 CET5526853192.168.2.41.1.1.1
                    Mar 24, 2025 03:37:16.371680975 CET53511191.1.1.1192.168.2.4
                    Mar 24, 2025 03:37:16.372700930 CET5140853192.168.2.41.1.1.1
                    Mar 24, 2025 03:37:16.470439911 CET53514081.1.1.1192.168.2.4
                    Mar 24, 2025 03:37:16.544313908 CET53552681.1.1.1192.168.2.4
                    Mar 24, 2025 03:37:20.007955074 CET53579101.1.1.1192.168.2.4
                    Mar 24, 2025 03:37:21.223382950 CET6042353192.168.2.41.1.1.1
                    Mar 24, 2025 03:37:21.223596096 CET4994153192.168.2.41.1.1.1
                    Mar 24, 2025 03:37:21.464824915 CET53604231.1.1.1192.168.2.4
                    Mar 24, 2025 03:37:21.465398073 CET4947853192.168.2.41.1.1.1
                    Mar 24, 2025 03:37:21.468008995 CET53499411.1.1.1192.168.2.4
                    Mar 24, 2025 03:37:21.468334913 CET6382853192.168.2.41.1.1.1
                    Mar 24, 2025 03:37:21.705928087 CET53494781.1.1.1192.168.2.4
                    Mar 24, 2025 03:37:21.706814051 CET6468953192.168.2.41.1.1.1
                    Mar 24, 2025 03:37:21.715599060 CET53638281.1.1.1192.168.2.4
                    Mar 24, 2025 03:37:21.955774069 CET53646891.1.1.1192.168.2.4
                    Mar 24, 2025 03:37:21.970413923 CET5793053192.168.2.41.1.1.1
                    Mar 24, 2025 03:37:21.970674992 CET5385853192.168.2.48.8.8.8
                    Mar 24, 2025 03:37:22.070350885 CET53579301.1.1.1192.168.2.4
                    Mar 24, 2025 03:37:22.072150946 CET53538588.8.8.8192.168.2.4
                    Mar 24, 2025 03:37:33.284197092 CET5652653192.168.2.41.1.1.1
                    Mar 24, 2025 03:37:33.284435987 CET6071353192.168.2.41.1.1.1
                    Mar 24, 2025 03:37:33.529012918 CET53607131.1.1.1192.168.2.4
                    Mar 24, 2025 03:37:33.530169964 CET5057253192.168.2.41.1.1.1
                    Mar 24, 2025 03:37:33.686580896 CET53565261.1.1.1192.168.2.4
                    Mar 24, 2025 03:37:33.687180042 CET5981853192.168.2.41.1.1.1
                    Mar 24, 2025 03:37:33.781601906 CET53505721.1.1.1192.168.2.4
                    Mar 24, 2025 03:37:33.934418917 CET53598181.1.1.1192.168.2.4
                    Mar 24, 2025 03:37:33.937289000 CET5052653192.168.2.41.1.1.1
                    Mar 24, 2025 03:37:34.034291983 CET53505261.1.1.1192.168.2.4
                    Mar 24, 2025 03:37:34.095621109 CET5647353192.168.2.41.1.1.1
                    Mar 24, 2025 03:37:34.095952034 CET5113253192.168.2.48.8.8.8
                    Mar 24, 2025 03:37:34.194122076 CET53511328.8.8.8192.168.2.4
                    Mar 24, 2025 03:37:34.194448948 CET53564731.1.1.1192.168.2.4
                    Mar 24, 2025 03:37:38.821316004 CET53621201.1.1.1192.168.2.4
                    Mar 24, 2025 03:37:40.301038980 CET138138192.168.2.4192.168.2.255
                    Mar 24, 2025 03:37:53.792416096 CET6333353192.168.2.41.1.1.1
                    Mar 24, 2025 03:37:54.043518066 CET53633331.1.1.1192.168.2.4
                    Mar 24, 2025 03:38:01.235635996 CET53507761.1.1.1192.168.2.4
                    Mar 24, 2025 03:38:01.695219994 CET53625841.1.1.1192.168.2.4
                    Mar 24, 2025 03:38:04.096879005 CET6298253192.168.2.41.1.1.1
                    Mar 24, 2025 03:38:04.097754955 CET5470653192.168.2.41.1.1.1
                    Mar 24, 2025 03:38:04.336072922 CET53629821.1.1.1192.168.2.4
                    Mar 24, 2025 03:38:04.336533070 CET6002053192.168.2.41.1.1.1
                    Mar 24, 2025 03:38:04.481085062 CET53547061.1.1.1192.168.2.4
                    Mar 24, 2025 03:38:04.481601000 CET5534353192.168.2.41.1.1.1
                    Mar 24, 2025 03:38:04.576935053 CET53600201.1.1.1192.168.2.4
                    Mar 24, 2025 03:38:04.577848911 CET5076853192.168.2.41.1.1.1
                    Mar 24, 2025 03:38:04.722002983 CET53553431.1.1.1192.168.2.4
                    Mar 24, 2025 03:38:04.812668085 CET53536841.1.1.1192.168.2.4
                    Mar 24, 2025 03:38:04.821302891 CET53507681.1.1.1192.168.2.4
                    Mar 24, 2025 03:38:07.092835903 CET5242453192.168.2.41.1.1.1
                    Mar 24, 2025 03:38:07.092936993 CET6116553192.168.2.41.1.1.1
                    Mar 24, 2025 03:38:07.351900101 CET53611651.1.1.1192.168.2.4
                    Mar 24, 2025 03:38:07.352503061 CET6281353192.168.2.41.1.1.1
                    Mar 24, 2025 03:38:07.491908073 CET53524241.1.1.1192.168.2.4
                    Mar 24, 2025 03:38:07.492432117 CET6254553192.168.2.41.1.1.1
                    Mar 24, 2025 03:38:07.599409103 CET53628131.1.1.1192.168.2.4
                    Mar 24, 2025 03:38:07.739090919 CET53625451.1.1.1192.168.2.4
                    Mar 24, 2025 03:38:07.754935980 CET6409853192.168.2.41.1.1.1
                    Mar 24, 2025 03:38:07.755007982 CET6163553192.168.2.48.8.8.8
                    Mar 24, 2025 03:38:07.854398966 CET53616358.8.8.8192.168.2.4
                    Mar 24, 2025 03:38:07.854964018 CET53640981.1.1.1192.168.2.4
                    Mar 24, 2025 03:38:31.480212927 CET53492951.1.1.1192.168.2.4
                    Mar 24, 2025 03:38:46.480788946 CET5512653192.168.2.41.1.1.1
                    Mar 24, 2025 03:38:46.717839003 CET53551261.1.1.1192.168.2.4
                    TimestampSource IPDest IPChecksumCodeType
                    Mar 24, 2025 03:37:08.475502014 CET192.168.2.41.1.1.1c1ef(Port unreachable)Destination Unreachable
                    Mar 24, 2025 03:37:16.544420958 CET192.168.2.41.1.1.1c1ef(Port unreachable)Destination Unreachable
                    Mar 24, 2025 03:37:21.715665102 CET192.168.2.41.1.1.1c1ef(Port unreachable)Destination Unreachable
                    Mar 24, 2025 03:38:04.722094059 CET192.168.2.41.1.1.1c1ef(Port unreachable)Destination Unreachable

                    DNS Queries

                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                    Mar 24, 2025 03:36:48.409181118 CET192.168.2.41.1.1.10x4d40Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:06.371094942 CET192.168.2.41.1.1.10xebc3Standard query (0)www.google.comA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:06.371315002 CET192.168.2.41.1.1.10xc1cfStandard query (0)www.google.com65IN (0x0001)false
                    Mar 24, 2025 03:37:07.976586103 CET192.168.2.41.1.1.10xd9daStandard query (0)therapyforhappiness.co.ukA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:07.976952076 CET192.168.2.41.1.1.10xa25Standard query (0)therapyforhappiness.co.uk65IN (0x0001)false
                    Mar 24, 2025 03:37:08.219458103 CET192.168.2.41.1.1.10xf319Standard query (0)therapyforhappiness.co.ukA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:08.223721027 CET192.168.2.41.1.1.10x1defStandard query (0)therapyforhappiness.co.uk65IN (0x0001)false
                    Mar 24, 2025 03:37:08.465192080 CET192.168.2.41.1.1.10x587fStandard query (0)therapyforhappiness.co.ukA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:08.904288054 CET192.168.2.48.8.8.80xff2aStandard query (0)google.comA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:08.904536963 CET192.168.2.41.1.1.10x7d3fStandard query (0)google.comA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:09.930723906 CET192.168.2.41.1.1.10x11e5Standard query (0)therapyforhappiness.co.ukA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:09.930969000 CET192.168.2.41.1.1.10xc4c6Standard query (0)therapyforhappiness.co.uk65IN (0x0001)false
                    Mar 24, 2025 03:37:10.198205948 CET192.168.2.41.1.1.10xefb4Standard query (0)therapyforhappiness.co.uk65IN (0x0001)false
                    Mar 24, 2025 03:37:10.471649885 CET192.168.2.41.1.1.10x4f7fStandard query (0)therapyforhappiness.co.ukA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:15.748164892 CET192.168.2.41.1.1.10x99aeStandard query (0)therapyforhappiness.co.ukA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:15.748342037 CET192.168.2.41.1.1.10xd5a0Standard query (0)therapyforhappiness.co.uk65IN (0x0001)false
                    Mar 24, 2025 03:37:15.993956089 CET192.168.2.41.1.1.10x6078Standard query (0)therapyforhappiness.co.ukA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:16.295010090 CET192.168.2.41.1.1.10x5c30Standard query (0)therapyforhappiness.co.uk65IN (0x0001)false
                    Mar 24, 2025 03:37:16.372700930 CET192.168.2.41.1.1.10x13c3Standard query (0)therapyforhappiness.co.ukA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:21.223382950 CET192.168.2.41.1.1.10x3e84Standard query (0)therapyforhappiness.co.ukA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:21.223596096 CET192.168.2.41.1.1.10xe2aaStandard query (0)therapyforhappiness.co.uk65IN (0x0001)false
                    Mar 24, 2025 03:37:21.465398073 CET192.168.2.41.1.1.10x33f2Standard query (0)therapyforhappiness.co.ukA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:21.468334913 CET192.168.2.41.1.1.10x5331Standard query (0)therapyforhappiness.co.uk65IN (0x0001)false
                    Mar 24, 2025 03:37:21.706814051 CET192.168.2.41.1.1.10x12d2Standard query (0)therapyforhappiness.co.ukA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:21.970413923 CET192.168.2.41.1.1.10x274aStandard query (0)google.comA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:21.970674992 CET192.168.2.48.8.8.80xac7Standard query (0)google.comA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:33.284197092 CET192.168.2.41.1.1.10x262eStandard query (0)therapyforhappiness.co.ukA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:33.284435987 CET192.168.2.41.1.1.10x5a8eStandard query (0)therapyforhappiness.co.uk65IN (0x0001)false
                    Mar 24, 2025 03:37:33.530169964 CET192.168.2.41.1.1.10xd74bStandard query (0)therapyforhappiness.co.uk65IN (0x0001)false
                    Mar 24, 2025 03:37:33.687180042 CET192.168.2.41.1.1.10x8eafStandard query (0)therapyforhappiness.co.ukA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:33.937289000 CET192.168.2.41.1.1.10xfdb5Standard query (0)therapyforhappiness.co.ukA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:34.095621109 CET192.168.2.41.1.1.10xbbb6Standard query (0)google.comA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:34.095952034 CET192.168.2.48.8.8.80xe047Standard query (0)google.comA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:53.792416096 CET192.168.2.41.1.1.10xfc55Standard query (0)therapyforhappiness.co.ukA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:38:04.096879005 CET192.168.2.41.1.1.10x744fStandard query (0)therapyforhappiness.co.ukA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:38:04.097754955 CET192.168.2.41.1.1.10xbc5fStandard query (0)therapyforhappiness.co.uk65IN (0x0001)false
                    Mar 24, 2025 03:38:04.336533070 CET192.168.2.41.1.1.10x64eaStandard query (0)therapyforhappiness.co.ukA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:38:04.481601000 CET192.168.2.41.1.1.10xa5b1Standard query (0)therapyforhappiness.co.uk65IN (0x0001)false
                    Mar 24, 2025 03:38:04.577848911 CET192.168.2.41.1.1.10x35edStandard query (0)therapyforhappiness.co.ukA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:38:07.092835903 CET192.168.2.41.1.1.10xefc4Standard query (0)therapyforhappiness.co.ukA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:38:07.092936993 CET192.168.2.41.1.1.10xd594Standard query (0)therapyforhappiness.co.uk65IN (0x0001)false
                    Mar 24, 2025 03:38:07.352503061 CET192.168.2.41.1.1.10x3ce5Standard query (0)therapyforhappiness.co.uk65IN (0x0001)false
                    Mar 24, 2025 03:38:07.492432117 CET192.168.2.41.1.1.10xa809Standard query (0)therapyforhappiness.co.ukA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:38:07.754935980 CET192.168.2.41.1.1.10x8572Standard query (0)google.comA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:38:07.755007982 CET192.168.2.48.8.8.80x6483Standard query (0)google.comA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:38:46.480788946 CET192.168.2.41.1.1.10x2aedStandard query (0)therapyforhappiness.co.ukA (IP address)IN (0x0001)false

                    DNS Answers

                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                    Mar 24, 2025 03:36:48.509421110 CET1.1.1.1192.168.2.40x4d40No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                    Mar 24, 2025 03:36:48.509421110 CET1.1.1.1192.168.2.40x4d40No error (0)crl.root-x1.letsencrypt.org.edgekey.nete8652.dscx.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                    Mar 24, 2025 03:36:48.509421110 CET1.1.1.1192.168.2.40x4d40No error (0)e8652.dscx.akamaiedge.net23.48.144.248A (IP address)IN (0x0001)false
                    Mar 24, 2025 03:36:48.833138943 CET1.1.1.1192.168.2.40x112eNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com208.89.73.17A (IP address)IN (0x0001)false
                    Mar 24, 2025 03:36:48.833138943 CET1.1.1.1192.168.2.40x112eNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com208.89.73.25A (IP address)IN (0x0001)false
                    Mar 24, 2025 03:36:48.833138943 CET1.1.1.1192.168.2.40x112eNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com208.89.73.21A (IP address)IN (0x0001)false
                    Mar 24, 2025 03:36:48.833138943 CET1.1.1.1192.168.2.40x112eNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com208.89.73.29A (IP address)IN (0x0001)false
                    Mar 24, 2025 03:36:48.833138943 CET1.1.1.1192.168.2.40x112eNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com208.89.73.19A (IP address)IN (0x0001)false
                    Mar 24, 2025 03:36:48.833138943 CET1.1.1.1192.168.2.40x112eNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com208.89.73.31A (IP address)IN (0x0001)false
                    Mar 24, 2025 03:36:48.833138943 CET1.1.1.1192.168.2.40x112eNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com208.89.73.23A (IP address)IN (0x0001)false
                    Mar 24, 2025 03:36:48.833138943 CET1.1.1.1192.168.2.40x112eNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com208.89.73.27A (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:01.480660915 CET1.1.1.1192.168.2.40xb603No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:01.480660915 CET1.1.1.1192.168.2.40xb603No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:06.468904018 CET1.1.1.1192.168.2.40xebc3No error (0)www.google.com142.251.40.228A (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:06.469681025 CET1.1.1.1192.168.2.40xc1cfNo error (0)www.google.com65IN (0x0001)false
                    Mar 24, 2025 03:37:08.218839884 CET1.1.1.1192.168.2.40xd9daServer failure (2)therapyforhappiness.co.uknonenoneA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:08.223284006 CET1.1.1.1192.168.2.40xa25Server failure (2)therapyforhappiness.co.uknonenone65IN (0x0001)false
                    Mar 24, 2025 03:37:08.464056015 CET1.1.1.1192.168.2.40xf319Server failure (2)therapyforhappiness.co.uknonenoneA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:08.475398064 CET1.1.1.1192.168.2.40x1defServer failure (2)therapyforhappiness.co.uknonenone65IN (0x0001)false
                    Mar 24, 2025 03:37:08.866962910 CET1.1.1.1192.168.2.40x587fServer failure (2)therapyforhappiness.co.uknonenoneA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:09.000633001 CET8.8.8.8192.168.2.40xff2aNo error (0)google.com142.251.40.142A (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:09.008220911 CET1.1.1.1192.168.2.40x7d3fNo error (0)google.com142.250.176.206A (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:10.183795929 CET1.1.1.1192.168.2.40xc4c6Server failure (2)therapyforhappiness.co.uknonenone65IN (0x0001)false
                    Mar 24, 2025 03:37:10.443960905 CET1.1.1.1192.168.2.40xefb4Server failure (2)therapyforhappiness.co.uknonenone65IN (0x0001)false
                    Mar 24, 2025 03:37:10.470149994 CET1.1.1.1192.168.2.40x11e5Server failure (2)therapyforhappiness.co.uknonenoneA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:10.712990046 CET1.1.1.1192.168.2.40x4f7fServer failure (2)therapyforhappiness.co.uknonenoneA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:15.993273973 CET1.1.1.1192.168.2.40x99aeServer failure (2)therapyforhappiness.co.uknonenoneA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:16.294528008 CET1.1.1.1192.168.2.40xd5a0Server failure (2)therapyforhappiness.co.uknonenone65IN (0x0001)false
                    Mar 24, 2025 03:37:16.371680975 CET1.1.1.1192.168.2.40x6078Server failure (2)therapyforhappiness.co.uknonenoneA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:16.470439911 CET1.1.1.1192.168.2.40x13c3Server failure (2)therapyforhappiness.co.uknonenoneA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:16.544313908 CET1.1.1.1192.168.2.40x5c30Server failure (2)therapyforhappiness.co.uknonenone65IN (0x0001)false
                    Mar 24, 2025 03:37:21.464824915 CET1.1.1.1192.168.2.40x3e84Server failure (2)therapyforhappiness.co.uknonenoneA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:21.468008995 CET1.1.1.1192.168.2.40xe2aaServer failure (2)therapyforhappiness.co.uknonenone65IN (0x0001)false
                    Mar 24, 2025 03:37:21.705928087 CET1.1.1.1192.168.2.40x33f2Server failure (2)therapyforhappiness.co.uknonenoneA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:21.715599060 CET1.1.1.1192.168.2.40x5331Server failure (2)therapyforhappiness.co.uknonenone65IN (0x0001)false
                    Mar 24, 2025 03:37:21.955774069 CET1.1.1.1192.168.2.40x12d2Server failure (2)therapyforhappiness.co.uknonenoneA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:22.070350885 CET1.1.1.1192.168.2.40x274aNo error (0)google.com142.251.40.174A (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:22.072150946 CET8.8.8.8192.168.2.40xac7No error (0)google.com142.251.40.142A (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:33.529012918 CET1.1.1.1192.168.2.40x5a8eServer failure (2)therapyforhappiness.co.uknonenone65IN (0x0001)false
                    Mar 24, 2025 03:37:33.686580896 CET1.1.1.1192.168.2.40x262eServer failure (2)therapyforhappiness.co.uknonenoneA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:33.781601906 CET1.1.1.1192.168.2.40xd74bServer failure (2)therapyforhappiness.co.uknonenone65IN (0x0001)false
                    Mar 24, 2025 03:37:33.934418917 CET1.1.1.1192.168.2.40x8eafServer failure (2)therapyforhappiness.co.uknonenoneA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:34.034291983 CET1.1.1.1192.168.2.40xfdb5Server failure (2)therapyforhappiness.co.uknonenoneA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:34.194122076 CET8.8.8.8192.168.2.40xe047No error (0)google.com142.251.40.142A (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:34.194448948 CET1.1.1.1192.168.2.40xbbb6No error (0)google.com142.250.80.110A (IP address)IN (0x0001)false
                    Mar 24, 2025 03:37:54.043518066 CET1.1.1.1192.168.2.40xfc55Server failure (2)therapyforhappiness.co.uknonenoneA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:38:04.336072922 CET1.1.1.1192.168.2.40x744fServer failure (2)therapyforhappiness.co.uknonenoneA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:38:04.481085062 CET1.1.1.1192.168.2.40xbc5fServer failure (2)therapyforhappiness.co.uknonenone65IN (0x0001)false
                    Mar 24, 2025 03:38:04.576935053 CET1.1.1.1192.168.2.40x64eaServer failure (2)therapyforhappiness.co.uknonenoneA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:38:04.722002983 CET1.1.1.1192.168.2.40xa5b1Server failure (2)therapyforhappiness.co.uknonenone65IN (0x0001)false
                    Mar 24, 2025 03:38:04.821302891 CET1.1.1.1192.168.2.40x35edServer failure (2)therapyforhappiness.co.uknonenoneA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:38:07.351900101 CET1.1.1.1192.168.2.40xd594Server failure (2)therapyforhappiness.co.uknonenone65IN (0x0001)false
                    Mar 24, 2025 03:38:07.491908073 CET1.1.1.1192.168.2.40xefc4Server failure (2)therapyforhappiness.co.uknonenoneA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:38:07.599409103 CET1.1.1.1192.168.2.40x3ce5Server failure (2)therapyforhappiness.co.uknonenone65IN (0x0001)false
                    Mar 24, 2025 03:38:07.739090919 CET1.1.1.1192.168.2.40xa809Server failure (2)therapyforhappiness.co.uknonenoneA (IP address)IN (0x0001)false
                    Mar 24, 2025 03:38:07.854398966 CET8.8.8.8192.168.2.40x6483No error (0)google.com142.251.40.142A (IP address)IN (0x0001)false
                    Mar 24, 2025 03:38:07.854964018 CET1.1.1.1192.168.2.40x8572No error (0)google.com142.250.65.206A (IP address)IN (0x0001)false
                    Mar 24, 2025 03:38:46.717839003 CET1.1.1.1192.168.2.40x2aedServer failure (2)therapyforhappiness.co.uknonenoneA (IP address)IN (0x0001)false

                    HTTP Request Dependency Graph

                    • www.google.com
                    • x1.i.lencr.org

                    HTTP Packets

                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    0192.168.2.44972723.48.144.248808140C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    TimestampBytes transferredDirectionData
                    Mar 24, 2025 03:36:48.602482080 CET115OUTGET / HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Microsoft-CryptoAPI/10.0
                    Host: x1.i.lencr.org
                    Mar 24, 2025 03:36:48.698709011 CET1254INHTTP/1.1 200 OK
                    Server: nginx
                    Content-Type: application/pkix-cert
                    Last-Modified: Fri, 04 Aug 2023 20:57:56 GMT
                    ETag: "64cd6654-56f"
                    Content-Disposition: attachment; filename="ISRG Root X1.der"
                    Cache-Control: max-age=34322
                    Expires: Mon, 24 Mar 2025 12:08:50 GMT
                    Date: Mon, 24 Mar 2025 02:36:48 GMT
                    Content-Length: 1391
                    Connection: keep-alive
                    Data Raw: 30 82 05 6b 30 82 03 53 a0 03 02 01 02 02 11 00 82 10 cf b0 d2 40 e3 59 44 63 e0 bb 63 82 8b 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 1e 17 0d 31 35 30 36 30 34 31 31 30 34 33 38 5a 17 0d 33 35 30 36 30 34 31 31 30 34 33 38 5a 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 ad e8 24 73 f4 14 37 f3 9b 9e 2b 57 28 1c 87 be dc b7 df 38 90 8c 6e 3c e6 57 a0 78 f7 75 c2 a2 fe f5 6a 6e f6 00 4f 28 db de 68 86 6c 44 93 b6 b1 63 fd 14 12 6b bf 1f d2 ea 31 9b 21 7e d1 33 [TRUNCATED]
                    Data Ascii: 0k0S@YDcc0*H0O10UUS1)0'U Internet Security Research Group10UISRG Root X10150604110438Z350604110438Z0O10UUS1)0'U Internet Security Research Group10UISRG Root X10"0*H0$s7+W(8n<WxujnO(hlDck1!~3<Hy!KqiJffl~<p)"K~G|H#S8Oo.IWt/8{p!u0<cOK~w.{JL%p)S$J?aQcq.o[\4ylv;by/&676urI*Av5/(ldwnG7Y^hrA)>Y>&$ZL@F:Qn;}rxY>Qx/>{JKsP|Ctt0[q600\H;}`)A|;FH*vvj=8d+(B"']ypN:'Qnd3COB0@0U0U00UyY{sXn0*HUXPi ')au
                    Mar 24, 2025 03:36:48.698746920 CET491INData Raw: 5c 8a 6e f8 82 e5 69 2f d5 f6 56 4b b9 b8 73 10 59 d3 21 97 7e e7 4c 71 fb b2 d2 60 ad 39 a8 0b ea 17 21 56 85 f1 50 0e 59 eb ce e0 59 e9 ba c9 15 ef 86 9d 8f 84 80 f6 e4 e9 91 90 dc 17 9b 62 1b 45 f0 66 95 d2 7c 6f c2 ea 3b ef 1f cf cb d6 ae 27
                    Data Ascii: \ni/VKsY!~Lq`9!VPYYbEf|o;'}~"+"4[XT&3L-<W,N;1"ss993#L<U)"k;W:pMMl]+NEJ&rj,_(.{q{


                    HTTPS Proxied Packets

                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    0192.168.2.449739142.251.40.2284439064C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2025-03-24 02:37:09 UTC587OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1
                    Host: www.google.com
                    Connection: keep-alive
                    X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJahywEInP7MAQiFoM0BCL7VzgEIgdbOAQjI3M4BCKvezgEIiuDOAQiu5M4BCIvlzgE=
                    Sec-Fetch-Site: none
                    Sec-Fetch-Mode: no-cors
                    Sec-Fetch-Dest: empty
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                    Accept-Encoding: gzip, deflate, br, zstd
                    Accept-Language: en-US,en;q=0.9
                    2025-03-24 02:37:09 UTC1303INHTTP/1.1 200 OK
                    Date: Mon, 24 Mar 2025 02:37:09 GMT
                    Pragma: no-cache
                    Expires: -1
                    Cache-Control: no-cache, must-revalidate
                    Content-Type: text/javascript; charset=UTF-8
                    Strict-Transport-Security: max-age=31536000
                    Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-68AXjJYBeQEEZQUPxvZMrA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                    Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                    Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                    Accept-CH: Sec-CH-Prefers-Color-Scheme
                    Accept-CH: Downlink
                    Accept-CH: RTT
                    Accept-CH: Sec-CH-UA-Form-Factors
                    Accept-CH: Sec-CH-UA-Platform
                    Accept-CH: Sec-CH-UA-Platform-Version
                    Accept-CH: Sec-CH-UA-Full-Version
                    Accept-CH: Sec-CH-UA-Arch
                    Accept-CH: Sec-CH-UA-Model
                    Accept-CH: Sec-CH-UA-Bitness
                    Accept-CH: Sec-CH-UA-Full-Version-List
                    Accept-CH: Sec-CH-UA-WoW64
                    Permissions-Policy: unload=()
                    Content-Disposition: attachment; filename="f.txt"
                    Server: gws
                    X-XSS-Protection: 0
                    X-Frame-Options: SAMEORIGIN
                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                    Accept-Ranges: none
                    Vary: Accept-Encoding
                    Connection: close
                    Transfer-Encoding: chunked
                    2025-03-24 02:37:09 UTC1303INData Raw: 63 35 33 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 73 75 6e 72 69 73 65 20 6f 6e 20 74 68 65 20 72 65 61 70 69 6e 67 20 6d 6f 76 69 65 20 68 61 79 6d 69 74 63 68 22 2c 22 61 6c 65 78 20 65 61 6c 61 20 6d 61 64 69 73 6f 6e 20 6b 65 79 73 20 6d 69 61 6d 69 20 6f 70 65 6e 22 2c 22 64 61 69 72 79 20 71 75 65 65 6e 20 62 6c 69 7a 7a 61 72 64 73 20 38 35 20 63 65 6e 74 73 22 2c 22 61 70 70 6c 65 20 69 70 68 6f 6e 65 20 31 37 20 70 72 6f 20 6d 61 78 22 2c 22 73 6f 63 69 61 6c 20 73 65 63 75 72 69 74 79 20 69 64 65 6e 74 69 74 79 20 76 65 72 69 66 69 63 61 74 69 6f 6e 22 2c 22 6d 6f 6e 73 74 65 72 20 68 75 6e 74 65 72 20 77 69 6c 64 73 20 74 69 74 6c 65 20 75 70 64 61 74 65 22 2c 22 69 70 6c 20 63 72 69 63 6b 65 74 22 2c 22 72 69 70 70 6c 65 20 78 72 70 20 70 72 69
                    Data Ascii: c53)]}'["",["sunrise on the reaping movie haymitch","alex eala madison keys miami open","dairy queen blizzards 85 cents","apple iphone 17 pro max","social security identity verification","monster hunter wilds title update","ipl cricket","ripple xrp pri
                    2025-03-24 02:37:09 UTC1303INData Raw: 30 4f 56 52 44 53 45 5a 61 62 55 51 77 64 31 52 34 59 6b 4e 4e 53 32 51 30 53 30 74 36 55 6d 63 72 61 54 46 47 61 6b 67 78 55 45 59 33 4d 56 46 54 5a 57 46 52 5a 45 38 77 55 30 68 32 4e 46 42 54 51 58 64 68 65 6d 68 52 52 79 74 69 56 31 45 32 63 7a 5a 52 62 33 49 7a 57 44 4e 5a 57 6b 4a 47 63 57 70 4a 63 31 4e 52 5a 45 5a 32 5a 6e 49 78 59 30 35 46 53 48 56 79 62 31 70 55 53 6e 70 30 51 6a 56 35 55 54 6c 46 57 46 49 31 54 56 46 45 57 48 5a 79 61 47 6c 6c 5a 79 74 46 5a 6d 35 58 5a 48 42 70 57 48 45 30 4d 32 39 71 5a 6c 68 47 4d 30 46 31 56 6d 31 6f 55 32 38 7a 5a 33 52 4b 63 30 5a 53 52 32 73 77 5a 6c 56 6e 63 30 64 4a 62 7a 46 51 62 7a 56 74 64 6d 74 35 61 6b 31 50 4f 48 4d 78 4e 30 38 79 51 57 6c 44 51 57 5a 35 57 55 56 52 52 54 6c 50 61 46 46 6e 51 6d
                    Data Ascii: 0OVRDSEZabUQwd1R4YkNNS2Q0S0t6UmcraTFGakgxUEY3MVFTZWFRZE8wU0h2NFBTQXdhemhRRytiV1E2czZRb3IzWDNZWkJGcWpJc1NRZEZ2ZnIxY05FSHVyb1pUSnp0QjV5UTlFWFI1TVFEWHZyaGllZytFZm5XZHBpWHE0M29qZlhGM0F1Vm1oU28zZ3RKc0ZSR2swZlVnc0dJbzFQbzVtdmt5ak1POHMxN08yQWlDQWZ5WUVRRTlPaFFnQm
                    2025-03-24 02:37:09 UTC556INData Raw: 5a 32 4c 33 4a 4f 55 33 56 36 4e 6c 42 31 51 69 38 79 64 6d 52 4c 4e 6e 56 74 55 46 56 32 61 30 46 42 51 55 46 42 55 31 56 57 54 31 4a 4c 4e 55 4e 5a 53 55 6b 39 4f 67 74 4a 55 45 77 67 51 33 4a 70 59 32 74 6c 64 45 6f 48 49 7a 45 34 4d 7a 59 34 4f 46 49 32 5a 33 4e 66 63 33 4e 77 50 57 56 4b 65 6d 6f 30 64 45 78 51 4d 56 52 6a 64 31 52 76 63 6c 42 35 56 46 55 77 57 56 42 55 61 58 70 70 65 6b 6c 56 56 57 64 31 65 57 74 36 54 31 52 70 4d 45 4a 42 52 6a 56 78 51 6a 6b 30 63 41 63 5c 75 30 30 33 64 22 2c 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 65 76 65 6e 74 69 64 22 3a 22 2d 35 33 39 36 35 32 33 33 33 31 39 33 32 37 38 33 38 38 33 22 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65
                    Data Ascii: Z2L3JOU3V6NlB1Qi8ydmRLNnVtUFV2a0FBQUFBU1VWT1JLNUNZSUk9OgtJUEwgQ3JpY2tldEoHIzE4MzY4OFI2Z3Nfc3NwPWVKemo0dExQMVRjd1RvclB5VFUwWVBUaXppeklVVWd1eWt6T1RpMEJBRjVxQjk0cAc\u003d","zl":10002},{"zl":10002}],"google:suggesteventid":"-5396523331932783883","google:sugge
                    2025-03-24 02:37:09 UTC5INData Raw: 30 0d 0a 0d 0a
                    Data Ascii: 0


                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    High Level Behavior Distribution

                    • File
                    • Registry

                    Click to dive into process behavior distribution

                    Behavior

                    Click to jump to process

                    System Behavior

                    General

                    Target ID:1
                    Start time:22:36:34
                    Start date:23/03/2025
                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Invoice Number INV132146-1.pdf"
                    Imagebase:0x7ff762540000
                    File size:5'641'176 bytes
                    MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true
                    Show Windows behavior

                    File Activities

                    Show Windows behavior

                    Section Activities

                    Show Windows behavior

                    Registry Activities

                    Show Windows behavior

                    COM Activities

                    Show Windows behavior

                    Mutex Activities

                    Show Windows behavior

                    Process Activities

                    Show Windows behavior

                    Thread Activities

                    Show Windows behavior

                    Memory Activities

                    Show Windows behavior

                    System Activities

                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                    Show Windows behavior

                    Windows UI Activities

                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                    General

                    Target ID:2
                    Start time:22:36:35
                    Start date:23/03/2025
                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                    Imagebase:0x7ff718ce0000
                    File size:3'581'912 bytes
                    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true
                    Show Windows behavior

                    File Activities

                    Show Windows behavior

                    Section Activities

                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                    Show Windows behavior

                    Mutex Activities

                    Show Windows behavior

                    Process Activities

                    Show Windows behavior

                    Thread Activities

                    Show Windows behavior

                    Memory Activities

                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                    Show Windows behavior

                    Process Token Activities

                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                    General

                    Target ID:3
                    Start time:22:36:36
                    Start date:23/03/2025
                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1716 --field-trial-handle=1548,i,18107874229461260976,17683304734608795874,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                    Imagebase:0x7ff718ce0000
                    File size:3'581'912 bytes
                    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true
                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                    Show Windows behavior

                    Section Activities

                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                    Show Windows behavior

                    Process Activities

                    Show Windows behavior

                    Thread Activities

                    Show Windows behavior

                    Memory Activities

                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                    General

                    Target ID:19
                    Start time:22:36:59
                    Start date:23/03/2025
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                    Imagebase:0x7ff6ac620000
                    File size:3'388'000 bytes
                    MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:false
                    Show Windows behavior

                    File Activities

                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                    Show Windows behavior

                    COM Activities

                    Show Windows behavior

                    Process Activities

                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                    Show Windows behavior

                    Memory Activities

                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                    Show Windows behavior

                    Process Token Activities


                    General

                    Target ID:20
                    Start time:22:37:00
                    Start date:23/03/2025
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1968,i,8931877288581135740,1436735525690537163,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2040 /prefetch:3
                    Imagebase:0x7ff786830000
                    File size:3'388'000 bytes
                    MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:false
                    Show Windows behavior

                    File Activities

                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                    Show Windows behavior

                    Memory Activities

                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                    General

                    Target ID:21
                    Start time:22:37:06
                    Start date:23/03/2025
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://therapyforhappiness.co.uk/ra3.pdf"
                    Imagebase:0x7ff786830000
                    File size:3'388'000 bytes
                    MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true
                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                    Disassembly

                    No disassembly