Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
Legal_Notice _Letter.pdf

Overview

General Information

Sample name:Legal_Notice _Letter.pdf
Analysis ID:1648753
MD5:948fb4a9d9af82ee5345ae76ba345d41
SHA1:c8ad3eacaf2cc9dca02d3940f11305f58071ea81
SHA256:7f28d6bb1855c7f388315a2beee039518c82e512597a908888826db9c73c84be
Infos:

Detection

HTMLPhisher
Score:64
Range:0 - 100
Confidence:100%

Signatures

AI detected phishing page
Yara detected HtmlPhish10
AI detected landing page (webpage, office document or email)
Performs DNS queries to domains with low reputation
Creates files inside the system directory
Deletes files inside the Windows folder
Form action URLs do not match main URL
HTML body contains low number of good links
HTML title does not match URL
Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • Acrobat.exe (PID: 6988 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Legal_Notice _Letter.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6200 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 3728 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2252 --field-trial-handle=1568,i,13348185088713582975,14693787249420378949,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
    • chrome.exe (PID: 6152 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://medpetroenergydmcc.com/zagov/ MD5: E81F54E6C1129887AEA47E7D092680BF)
      • chrome.exe (PID: 7192 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2004,i,1218145802496445552,3600186377913807813,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2196 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
2.2.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    • Phishing
    • Compliance
    • Software Vulnerabilities
    • Networking
    • System Summary
    • Hooking and other Techniques for Hiding and Protection
    • Malware Analysis System Evasion

    Click to jump to signature section

    Show All Signature Results

    Phishing

    barindex
    Source: https://medpetroenergydmcc.com/court/Joe Sandbox AI: Score: 7 Reasons: The brand 'National Prosecuting Authority of South Africa' is a known government entity., The URL 'medpetroenergydmcc.com' does not match the legitimate domain 'npa.gov.za' associated with the National Prosecuting Authority of South Africa., The URL appears unrelated to the brand and does not contain any recognizable elements of the legitimate domain., The presence of input fields for 'Email Address' and 'Password' on a site not associated with the legitimate domain is suspicious., The domain 'medpetroenergydmcc.com' does not have any known association with the National Prosecuting Authority of South Africa. DOM: 2.2.pages.csv
    Source: Yara matchFile source: 2.2.pages.csv, type: HTML
    Source: PDF documentJoe Sandbox AI: Page contains button: 'ACCESS DEMAND SUMMON LETTER HERE' Source: 'PDF document'
    Source: PDF documentJoe Sandbox AI: PDF document contains prominent button: 'access demand summon letter here'
    Source: https://medpetroenergydmcc.com/court/HTTP Parser: Form action: https://api.staticforms.xyz/submit medpetroenergydmcc staticforms
    Source: https://medpetroenergydmcc.com/court/HTTP Parser: Number of links: 0
    Source: https://medpetroenergydmcc.com/court/HTTP Parser: Title: court online - Secure Document Delivery Portal does not match URL
    Source: https://medpetroenergydmcc.com/HTTP Parser: document.getelementbyid('created-date').innertext = 'created date: ' + new date().tolocaledatestring(); function decryptandredirect() { const ciphertext = cryptojs.enc.base64.parse("kommot2au2oyxfkj6jmro97v1hpvdzn57n9124pyun054avr0/jcysqfz4bzvzr+"); const key = cryptojs.enc.base64.parse("gab6y+tqc8/2modusvzcvoejzgqwey7t3wq6f5st834="); const iv = cryptojs.enc.base64.parse("kqyo8yxkz71ufutomnwnfa=="); const decrypted = cryptojs.aes.decrypt({ ciphertext: ciphertext }, key, { iv: iv, mode: cryptojs.mode.cbc, padding: cryptojs.pad.pkcs7 }); const url = decrypted.tostring(cryptojs.enc.utf8); window.location.href = url; } function toggleblur() { const image = document.getelementbyid('secure-image'); const icon = document.getelementbyid('lock-icon'); image.classlist.toggle('unblurred'); icon.src = image.classlist.contains('unblurred') ? "https://cdn-icons-png.flaticon.com/512/3064/3064198.png" ...
    Source: https://medpetroenergydmcc.com/court/HTTP Parser: <input type="password" .../> found
    Source: https://usersharepoint.nicepage.io/HTTP Parser: No favicon
    Source: https://medpetroenergydmcc.com/court/HTTP Parser: No <meta name="author".. found
    Source: https://medpetroenergydmcc.com/court/HTTP Parser: No <meta name="copyright".. found
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries
    Source: unknownHTTPS traffic detected: 192.250.234.26:443 -> 192.168.2.16:49711 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 192.250.234.26:443 -> 192.168.2.16:49716 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 192.250.234.26:443 -> 192.168.2.16:49738 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 142.251.40.132:443 -> 192.168.2.16:49741 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 192.250.234.26:443 -> 192.168.2.16:49744 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 207.174.26.219:443 -> 192.168.2.16:49749 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 207.174.26.219:443 -> 192.168.2.16:49748 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 23.40.179.204:443 -> 192.168.2.16:49750 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.17.24.14:443 -> 192.168.2.16:49745 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 208.80.154.240:443 -> 192.168.2.16:49747 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 23.40.179.204:443 -> 192.168.2.16:49752 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 207.174.26.219:443 -> 192.168.2.16:49756 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 207.174.26.219:443 -> 192.168.2.16:49755 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 192.0.77.48:443 -> 192.168.2.16:49757 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 208.80.154.240:443 -> 192.168.2.16:49759 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 192.0.77.48:443 -> 192.168.2.16:49760 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.21.16.1:443 -> 192.168.2.16:49791 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.21.16.1:443 -> 192.168.2.16:49792 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.2.132:443 -> 192.168.2.16:49793 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 79.127.206.208:443 -> 192.168.2.16:49797 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 79.127.206.234:443 -> 192.168.2.16:49800 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 79.127.206.234:443 -> 192.168.2.16:49798 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 79.127.206.234:443 -> 192.168.2.16:49799 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 79.127.206.208:443 -> 192.168.2.16:49802 version: TLS 1.2
    Source: chrome.exeMemory has grown: Private usage: 1MB later: 37MB

    Networking

    barindex
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: api.staticforms.xyz
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: api.staticforms.xyz
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: unknownTCP traffic detected without corresponding DNS query: 192.250.234.26
    Source: global trafficHTTP traffic detected: GET /zagov/ HTTP/1.1Host: medpetroenergydmcc.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /wp-includes/blocks/navigation/style.min.css?ver=6.7.2 HTTP/1.1Host: medpetroenergydmcc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://medpetroenergydmcc.com/zagov/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /wp-includes/blocks/social-links/style.min.css?ver=6.7.2 HTTP/1.1Host: medpetroenergydmcc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://medpetroenergydmcc.com/zagov/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /wp-content/themes/extendable/style.css?ver=2.0.17 HTTP/1.1Host: medpetroenergydmcc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://medpetroenergydmcc.com/zagov/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /wp-includes/js/dist/script-modules/block-library/navigation/view.min.js?ver=8ff192874fc8910a284c HTTP/1.1Host: medpetroenergydmcc.comConnection: keep-aliveOrigin: https://medpetroenergydmcc.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://medpetroenergydmcc.com/zagov/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /wp-includes/js/dist/script-modules/interactivity/index.min.js?ver=907ea3b2f317a78b7b9b HTTP/1.1Host: medpetroenergydmcc.comConnection: keep-aliveOrigin: https://medpetroenergydmcc.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2025/03/doj_logo-300x102.png HTTP/1.1Host: medpetroenergydmcc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://medpetroenergydmcc.com/zagov/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /wp-content/themes/extendable/assets/fonts/mulish/mulish.woff2 HTTP/1.1Host: medpetroenergydmcc.comConnection: keep-aliveOrigin: https://medpetroenergydmcc.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://medpetroenergydmcc.com/zagov/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /wp-content/themes/extendable/assets/fonts/baloo-tamma-2/baloo-tamma-2_wght.woff2 HTTP/1.1Host: medpetroenergydmcc.comConnection: keep-aliveOrigin: https://medpetroenergydmcc.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://medpetroenergydmcc.com/zagov/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /wp-includes/js/wp-emoji-release.min.js?ver=6.7.2 HTTP/1.1Host: medpetroenergydmcc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://medpetroenergydmcc.com/zagov/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2025/03/doj_logo-300x102.png HTTP/1.1Host: medpetroenergydmcc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2025/03/cropped-judiciary_logo-32x32.jpg HTTP/1.1Host: medpetroenergydmcc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://medpetroenergydmcc.com/zagov/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2025/03/cropped-judiciary_logo-32x32.jpg HTTP/1.1Host: medpetroenergydmcc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: medpetroenergydmcc.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://medpetroenergydmcc.com/zagov/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: medpetroenergydmcc.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://medpetroenergydmcc.com/zagov/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /Lz16CgGJ/judiciary-logo.jpg HTTP/1.1Host: i.ibb.coConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://medpetroenergydmcc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /sdYVzd3X/download-1-22.jpg HTTP/1.1Host: i.ibb.coConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://medpetroenergydmcc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /512/3064/3064197.png HTTP/1.1Host: cdn-icons-png.flaticon.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://medpetroenergydmcc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://medpetroenergydmcc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /wikipedia/commons/8/87/PDF_file_icon.svg HTTP/1.1Host: upload.wikimedia.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://medpetroenergydmcc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /602rr6NL/images-2.png HTTP/1.1Host: i.ibb.coConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://medpetroenergydmcc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /512/3064/3064197.png HTTP/1.1Host: cdn-icons-png.flaticon.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /sdYVzd3X/download-1-22.jpg HTTP/1.1Host: i.ibb.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /Lz16CgGJ/judiciary-logo.jpg HTTP/1.1Host: i.ibb.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /images/core/emoji/15.0.3/svg/1f512.svg HTTP/1.1Host: s.w.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://medpetroenergydmcc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /602rr6NL/images-2.png HTTP/1.1Host: i.ibb.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /wikipedia/commons/8/87/PDF_file_icon.svg HTTP/1.1Host: upload.wikimedia.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /images/core/emoji/15.0.3/svg/1f512.svg HTTP/1.1Host: s.w.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /court/ HTTP/1.1Host: medpetroenergydmcc.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://medpetroenergydmcc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /wp-content/plugins/seedprod-coming-soon-pro-5/public/css/tailwind.min.css?ver=6.18.14 HTTP/1.1Host: medpetroenergydmcc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://medpetroenergydmcc.com/court/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /wp-content/plugins/seedprod-coming-soon-pro-5/public/fontawesome/css/all.min.css?ver=6.18.14 HTTP/1.1Host: medpetroenergydmcc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://medpetroenergydmcc.com/court/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /bjwfL99R/logo-dark-6.png HTTP/1.1Host: i.ibb.coConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://medpetroenergydmcc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /wp-includes/js/jquery/jquery.min.js?ver=3.7.1 HTTP/1.1Host: medpetroenergydmcc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://medpetroenergydmcc.com/court/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 HTTP/1.1Host: medpetroenergydmcc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://medpetroenergydmcc.com/court/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /bjwfL99R/logo-dark-6.png HTTP/1.1Host: i.ibb.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /wp-content/plugins/seedprod-coming-soon-pro-5/public/js/sp-scripts.min.js HTTP/1.1Host: medpetroenergydmcc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://medpetroenergydmcc.com/court/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /wp-content/plugins/seedprod-coming-soon-pro-5/public/js/dynamic-text.js HTTP/1.1Host: medpetroenergydmcc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://medpetroenergydmcc.com/court/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /wp-content/plugins/seedprod-coming-soon-pro-5/public/js/tsparticles.min.js HTTP/1.1Host: medpetroenergydmcc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://medpetroenergydmcc.com/court/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2025/03/download-1.jpeg HTTP/1.1Host: medpetroenergydmcc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://medpetroenergydmcc.com/court/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2025/03/download-1.jpeg HTTP/1.1Host: medpetroenergydmcc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: usersharepoint.nicepage.ioConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://medpetroenergydmcc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /nicepage-site.css HTTP/1.1Host: usersharepoint.nicepage.ioConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://usersharepoint.nicepage.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /index.css HTTP/1.1Host: usersharepoint.nicepage.ioConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://usersharepoint.nicepage.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /eeff2eae/6366116/images/SharePoint-Symbol.webp HTTP/1.1Host: assets.nicepagecdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://usersharepoint.nicepage.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /d29e8cf1cf4d4fade598bc5c32341cd518073458/nicepage.css HTTP/1.1Host: capp.nicepage.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://usersharepoint.nicepage.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /assets/jquery-3.5.1.min.js HTTP/1.1Host: capp.nicepage.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://usersharepoint.nicepage.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /d29e8cf1cf4d4fade598bc5c32341cd518073458/nicepage.js HTTP/1.1Host: capp.nicepage.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://usersharepoint.nicepage.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /eeff2eae/6366116/images/SharePoint-Symbol.webp HTTP/1.1Host: assets.nicepagecdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /eeff2eae/6366116/images/11513839.png HTTP/1.1Host: assets.nicepagecdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://usersharepoint.nicepage.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /eeff2eae/6366116/images/11513839.png HTTP/1.1Host: assets.nicepagecdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: usersharepoint.nicepage.ioConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://usersharepoint.nicepage.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: sessionId=e8c6e496-3cb2-418c-ac8d-52d99b14a945; userId=b44eca1c-43a3-462b-8024-8ebac8fc7ba3
    Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
    Source: global trafficDNS traffic detected: DNS query: www.google.com
    Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
    Source: global trafficDNS traffic detected: DNS query: i.ibb.co
    Source: global trafficDNS traffic detected: DNS query: cdn-icons-png.flaticon.com
    Source: global trafficDNS traffic detected: DNS query: upload.wikimedia.org
    Source: global trafficDNS traffic detected: DNS query: s.w.org
    Source: global trafficDNS traffic detected: DNS query: api.staticforms.xyz
    Source: global trafficDNS traffic detected: DNS query: usersharepoint.nicepage.io
    Source: global trafficDNS traffic detected: DNS query: capp.nicepage.com
    Source: global trafficDNS traffic detected: DNS query: assets.nicepagecdn.com
    Source: unknownHTTP traffic detected: POST /submit HTTP/1.1Host: api.staticforms.xyzConnection: keep-aliveContent-Length: 146Cache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Origin: https://medpetroenergydmcc.comContent-Type: application/x-www-form-urlencodedUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://medpetroenergydmcc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 26 Mar 2025 06:16:33 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://medpetroenergydmcc.com/wp-json/>; rel="https://api.w.org/"Connection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Length: 5034Server: nginx/1.19.2Content-Type: text/htmlLast-Modified: Mon, 01 Jul 2024 13:10:38 GMTx-amz-version-id: FT9qWE0BVhUpA2Q17BX6y15wtpUeS1FKETag: "e01836379a08fd6809bc20a9933f25ef"x-amz-error-code: NoSuchKeyx-amz-error-message: The specified key does not exist.x-amz-error-detail-Key: oi/nt/usersharepoint/favicon.icox-amz-request-id: JNKH5V23MFBZFJT4x-amz-id-2: K3J6IRL3IXRjvOkwmKYyDBAME+WduMYYywgl1fUfXezyb42FOjQ5HtMYYUf9BGcMUOjr4i+uZTs+OHUSGI0u3ZYnTvdc//WzPry4UTd86WA=Accept-Ranges: bytesAge: 0Date: Wed, 26 Mar 2025 06:18:15 GMTVia: 1.1 varnishX-Served-By: cache-lga21952-LGAX-Cache: MISSX-Cache-Hits: 0X-Timer: S1742969895.329461,VS0,VE203Vary: Accept-Encoding
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
    Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
    Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
    Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
    Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
    Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
    Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
    Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
    Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
    Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
    Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
    Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
    Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
    Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
    Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
    Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
    Source: unknownHTTPS traffic detected: 192.250.234.26:443 -> 192.168.2.16:49711 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 192.250.234.26:443 -> 192.168.2.16:49716 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 192.250.234.26:443 -> 192.168.2.16:49738 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 142.251.40.132:443 -> 192.168.2.16:49741 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 192.250.234.26:443 -> 192.168.2.16:49744 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 207.174.26.219:443 -> 192.168.2.16:49749 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 207.174.26.219:443 -> 192.168.2.16:49748 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 23.40.179.204:443 -> 192.168.2.16:49750 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.17.24.14:443 -> 192.168.2.16:49745 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 208.80.154.240:443 -> 192.168.2.16:49747 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 23.40.179.204:443 -> 192.168.2.16:49752 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 207.174.26.219:443 -> 192.168.2.16:49756 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 207.174.26.219:443 -> 192.168.2.16:49755 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 192.0.77.48:443 -> 192.168.2.16:49757 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 208.80.154.240:443 -> 192.168.2.16:49759 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 192.0.77.48:443 -> 192.168.2.16:49760 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.21.16.1:443 -> 192.168.2.16:49791 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.21.16.1:443 -> 192.168.2.16:49792 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.2.132:443 -> 192.168.2.16:49793 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 79.127.206.208:443 -> 192.168.2.16:49797 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 79.127.206.234:443 -> 192.168.2.16:49800 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 79.127.206.234:443 -> 192.168.2.16:49798 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 79.127.206.234:443 -> 192.168.2.16:49799 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 79.127.206.208:443 -> 192.168.2.16:49802 version: TLS 1.2
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir6152_1227482337
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir6152_1227482337
    Source: classification engineClassification label: mal64.phis.troj.winPDF@37/40@31/240
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\Dictionaries
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-03-26 02-16-21-144.log
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
    Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Legal_Notice _Letter.pdf"
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2252 --field-trial-handle=1568,i,13348185088713582975,14693787249420378949,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
    Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding AC7EB501DEC2EC5B8D4A4B6D45861241
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://medpetroenergydmcc.com/zagov/
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2252 --field-trial-handle=1568,i,13348185088713582975,14693787249420378949,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2004,i,1218145802496445552,3600186377913807813,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2196 /prefetch:3
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://medpetroenergydmcc.com/zagov/
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2004,i,1218145802496445552,3600186377913807813,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2196 /prefetch:3
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries
    Source: Legal_Notice _Letter.pdfInitial sample: PDF keyword /JS count = 0
    Source: Legal_Notice _Letter.pdfInitial sample: PDF keyword /JavaScript count = 0
    Source: Legal_Notice _Letter.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformation

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity Information1
    Scripting    		Valid AccountsWindows Management Instrumentation1
    Browser Extensions    		1
    Process Injection    		13
    Masquerading    		OS Credential Dumping1
    Process Discovery    		Remote ServicesData from Local System1
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/Job1
    Scripting    		1
    Extra Window Memory Injection    		1
    Process Injection    		LSASS Memory1
    System Information Discovery    		Remote Desktop ProtocolData from Removable Media4
    Non-Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
    Deobfuscate/Decode Files or Information    		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
    Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
    File Deletion    		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
    Ingress Tool Transfer    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    Extra Window Memory Injection    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

    Screenshots

    Download Video

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    Legal_Notice _Letter.pdf0%VirustotalBrowse
    Legal_Notice _Letter.pdf3%ReversingLabs

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://medpetroenergydmcc.com/wp-includes/js/wp-emoji-release.min.js?ver=6.7.20%Avira URL Cloudsafe
    https://medpetroenergydmcc.com/wp-includes/js/dist/script-modules/block-library/navigation/view.min.js?ver=8ff192874fc8910a284c0%Avira URL Cloudsafe
    https://medpetroenergydmcc.com/wp-includes/blocks/social-links/style.min.css?ver=6.7.20%Avira URL Cloudsafe
    https://medpetroenergydmcc.com/wp-includes/js/dist/script-modules/interactivity/index.min.js?ver=907ea3b2f317a78b7b9b0%Avira URL Cloudsafe
    https://medpetroenergydmcc.com/wp-includes/blocks/navigation/style.min.css?ver=6.7.20%Avira URL Cloudsafe
    https://medpetroenergydmcc.com/wp-content/themes/extendable/style.css?ver=2.0.170%Avira URL Cloudsafe
    https://medpetroenergydmcc.com/wp-content/themes/extendable/assets/fonts/mulish/mulish.woff20%Avira URL Cloudsafe
    https://medpetroenergydmcc.com/wp-content/uploads/2025/03/doj_logo-300x102.png0%Avira URL Cloudsafe
    https://medpetroenergydmcc.com/wp-content/uploads/2025/03/cropped-judiciary_logo-32x32.jpg0%Avira URL Cloudsafe
    https://medpetroenergydmcc.com/wp-content/themes/extendable/assets/fonts/baloo-tamma-2/baloo-tamma-2_wght.woff20%Avira URL Cloudsafe
    https://cdn-icons-png.flaticon.com/512/3064/3064197.png0%Avira URL Cloudsafe
    https://i.ibb.co/602rr6NL/images-2.png0%Avira URL Cloudsafe
    https://i.ibb.co/Lz16CgGJ/judiciary-logo.jpg0%Avira URL Cloudsafe
    https://i.ibb.co/sdYVzd3X/download-1-22.jpg0%Avira URL Cloudsafe
    https://i.ibb.co/bjwfL99R/logo-dark-6.png0%Avira URL Cloudsafe
    https://medpetroenergydmcc.com/wp-content/plugins/seedprod-coming-soon-pro-5/public/css/tailwind.min.css?ver=6.18.140%Avira URL Cloudsafe
    https://medpetroenergydmcc.com/court/0%Avira URL Cloudsafe
    https://medpetroenergydmcc.com/wp-content/plugins/seedprod-coming-soon-pro-5/public/fontawesome/css/all.min.css?ver=6.18.140%Avira URL Cloudsafe
    https://medpetroenergydmcc.com/wp-content/uploads/2025/03/download-1.jpeg0%Avira URL Cloudsafe
    https://medpetroenergydmcc.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.10%Avira URL Cloudsafe
    https://medpetroenergydmcc.com/wp-content/plugins/seedprod-coming-soon-pro-5/public/js/sp-scripts.min.js0%Avira URL Cloudsafe
    https://medpetroenergydmcc.com/wp-content/plugins/seedprod-coming-soon-pro-5/public/js/dynamic-text.js0%Avira URL Cloudsafe
    https://medpetroenergydmcc.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.10%Avira URL Cloudsafe
    https://medpetroenergydmcc.com/wp-content/plugins/seedprod-coming-soon-pro-5/public/js/tsparticles.min.js0%Avira URL Cloudsafe
    https://api.staticforms.xyz/submit0%Avira URL Cloudsafe
    https://usersharepoint.nicepage.io/0%Avira URL Cloudsafe
    https://capp.nicepage.com/d29e8cf1cf4d4fade598bc5c32341cd518073458/nicepage.js0%Avira URL Cloudsafe
    https://usersharepoint.nicepage.io/nicepage-site.css0%Avira URL Cloudsafe
    https://assets.nicepagecdn.com/eeff2eae/6366116/images/11513839.png0%Avira URL Cloudsafe
    https://usersharepoint.nicepage.io/index.css0%Avira URL Cloudsafe
    https://assets.nicepagecdn.com/eeff2eae/6366116/images/SharePoint-Symbol.webp0%Avira URL Cloudsafe
    https://capp.nicepage.com/d29e8cf1cf4d4fade598bc5c32341cd518073458/nicepage.css0%Avira URL Cloudsafe
    https://usersharepoint.nicepage.io/favicon.ico0%Avira URL Cloudsafe
    https://capp.nicepage.com/assets/jquery-3.5.1.min.js0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    bg.microsoft.map.fastly.net
    		199.232.214.172
    		truefalse
      		high
      1071178158.rsc.cdn77.org
      		79.127.206.208
      		truefalse
        		unknown
        e8652.dscx.akamaiedge.net
        		23.39.37.95
        		truefalse
          		high
          j.sni.global.fastly.net
          		151.101.2.132
          		truefalse
            		high
            cdnjs.cloudflare.com
            		104.17.24.14
            		truefalse
              		high
              www.google.com
              		142.251.40.132
              		truefalse
                		high
                a1990.dscd.akamai.net
                		23.40.179.204
                		truefalse
                  		high
                  1156509985.rsc.cdn77.org
                  		79.127.206.234
                  		truefalse
                    		unknown
                    upload.wikimedia.org
                    		208.80.154.240
                    		truefalse
                      		high
                      s.w.org
                      		192.0.77.48
                      		truefalse
                        		high
                        api.staticforms.xyz
                        		104.21.16.1
                        		truefalse
                          		high
                          i.ibb.co
                          		207.174.26.219
                          		truefalse
                            		high
                            cdn-icons-png.flaticon.com
                            		unknown
                            		unknownfalse
                              		high
                              x1.i.lencr.org
                              		unknown
                              		unknownfalse
                                		high
                                capp.nicepage.com
                                		unknown
                                		unknownfalse
                                  		high
                                  usersharepoint.nicepage.io
                                  		unknown
                                  		unknownfalse
                                    		high
                                    assets.nicepagecdn.com
                                    		unknown
                                    		unknownfalse
                                      		high

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      https://medpetroenergydmcc.com/wp-includes/js/wp-emoji-release.min.js?ver=6.7.2false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://capp.nicepage.com/d29e8cf1cf4d4fade598bc5c32341cd518073458/nicepage.cssfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://cdn-icons-png.flaticon.com/512/3064/3064197.pngfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://medpetroenergydmcc.com/wp-includes/js/dist/script-modules/interactivity/index.min.js?ver=907ea3b2f317a78b7b9bfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.jsfalse
                                        		high
                                        https://usersharepoint.nicepage.io/nicepage-site.cssfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://medpetroenergydmcc.com/court/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://usersharepoint.nicepage.io/false
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://medpetroenergydmcc.com/wp-content/themes/extendable/assets/fonts/baloo-tamma-2/baloo-tamma-2_wght.woff2false
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://i.ibb.co/Lz16CgGJ/judiciary-logo.jpgfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://i.ibb.co/602rr6NL/images-2.pngfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://medpetroenergydmcc.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1false
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://medpetroenergydmcc.com/wp-includes/js/dist/script-modules/block-library/navigation/view.min.js?ver=8ff192874fc8910a284cfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://i.ibb.co/sdYVzd3X/download-1-22.jpgfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://api.staticforms.xyz/submitfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://medpetroenergydmcc.com/wp-content/plugins/seedprod-coming-soon-pro-5/public/js/tsparticles.min.jsfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://medpetroenergydmcc.com/zagov/false
                                          		unknown
                                          https://medpetroenergydmcc.com/wp-content/uploads/2025/03/doj_logo-300x102.pngfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://medpetroenergydmcc.com/wp-content/plugins/seedprod-coming-soon-pro-5/public/css/tailwind.min.css?ver=6.18.14false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://medpetroenergydmcc.com/wp-content/plugins/seedprod-coming-soon-pro-5/public/fontawesome/css/all.min.css?ver=6.18.14false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://i.ibb.co/bjwfL99R/logo-dark-6.pngfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://usersharepoint.nicepage.io/favicon.icofalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://upload.wikimedia.org/wikipedia/commons/8/87/PDF_file_icon.svgfalse
                                            		high
                                            https://medpetroenergydmcc.com/wp-content/plugins/seedprod-coming-soon-pro-5/public/js/sp-scripts.min.jsfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://assets.nicepagecdn.com/eeff2eae/6366116/images/11513839.pngfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://medpetroenergydmcc.com/wp-includes/blocks/navigation/style.min.css?ver=6.7.2false
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://medpetroenergydmcc.com/wp-includes/blocks/social-links/style.min.css?ver=6.7.2false
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://medpetroenergydmcc.com/wp-content/themes/extendable/style.css?ver=2.0.17false
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://capp.nicepage.com/d29e8cf1cf4d4fade598bc5c32341cd518073458/nicepage.jsfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://medpetroenergydmcc.com/wp-content/uploads/2025/03/download-1.jpegfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://capp.nicepage.com/assets/jquery-3.5.1.min.jsfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://usersharepoint.nicepage.io/index.cssfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://medpetroenergydmcc.com/wp-content/themes/extendable/assets/fonts/mulish/mulish.woff2false
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://medpetroenergydmcc.com/false
                                              		unknown
                                              https://medpetroenergydmcc.com/wp-content/uploads/2025/03/cropped-judiciary_logo-32x32.jpgfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://assets.nicepagecdn.com/eeff2eae/6366116/images/SharePoint-Symbol.webpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://s.w.org/images/core/emoji/15.0.3/svg/1f512.svgfalse
                                                		high
                                                https://medpetroenergydmcc.com/wp-content/plugins/seedprod-coming-soon-pro-5/public/js/dynamic-text.jsfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://medpetroenergydmcc.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1false
                                                • Avira URL Cloud: safe
                                                		unknown

                                                World Map of Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public IPs

                                                IPDomainCountryFlagASNASN NameMalicious
                                                207.174.26.219
                                                		i.ibb.coUnited States
                                                		6079RCN-ASUSfalse
                                                104.118.8.172
                                                		unknownUnited States
                                                		16625AKAMAI-ASUSfalse
                                                192.0.77.48
                                                		s.w.orgUnited States
                                                		2635AUTOMATTICUSfalse
                                                142.250.81.238
                                                		unknownUnited States
                                                		15169GOOGLEUSfalse
                                                142.250.80.67
                                                		unknownUnited States
                                                		15169GOOGLEUSfalse
                                                142.251.40.132
                                                		www.google.comUnited States
                                                		15169GOOGLEUSfalse
                                                162.159.61.3
                                                		unknownUnited States
                                                		13335CLOUDFLARENETUSfalse
                                                142.251.41.14
                                                		unknownUnited States
                                                		15169GOOGLEUSfalse
                                                199.232.214.172
                                                		bg.microsoft.map.fastly.netUnited States
                                                		54113FASTLYUSfalse
                                                192.250.234.26
                                                		unknownUnited States
                                                		36454CNSV-LLCUSfalse
                                                23.40.179.204
                                                		a1990.dscd.akamai.netUnited States
                                                		16625AKAMAI-ASUSfalse
                                                142.251.40.170
                                                		unknownUnited States
                                                		15169GOOGLEUSfalse
                                                3.219.243.226
                                                		unknownUnited States
                                                		14618AMAZON-AESUSfalse
                                                104.17.24.14
                                                		cdnjs.cloudflare.comUnited States
                                                		13335CLOUDFLARENETUSfalse
                                                104.21.16.1
                                                		api.staticforms.xyzUnited States
                                                		13335CLOUDFLARENETUSfalse
                                                1.1.1.1
                                                		unknownAustralia
                                                		13335CLOUDFLARENETUSfalse
                                                172.217.165.138
                                                		unknownUnited States
                                                		15169GOOGLEUSfalse
                                                142.250.65.174
                                                		unknownUnited States
                                                		15169GOOGLEUSfalse
                                                142.250.65.195
                                                		unknownUnited States
                                                		15169GOOGLEUSfalse
                                                208.80.154.240
                                                		upload.wikimedia.orgUnited States
                                                		14907WIKIMEDIAUSfalse
                                                142.250.80.74
                                                		unknownUnited States
                                                		15169GOOGLEUSfalse
                                                79.127.206.234
                                                		1156509985.rsc.cdn77.orgCzech Republic
                                                		9080GINCzechRepublicEUCZfalse
                                                142.250.81.227
                                                		unknownUnited States
                                                		15169GOOGLEUSfalse
                                                23.39.37.95
                                                		e8652.dscx.akamaiedge.netUnited States
                                                		16625AKAMAI-ASUSfalse
                                                79.127.206.208
                                                		1071178158.rsc.cdn77.orgCzech Republic
                                                		9080GINCzechRepublicEUCZfalse
                                                142.250.72.99
                                                		unknownUnited States
                                                		15169GOOGLEUSfalse
                                                23.200.196.138
                                                		unknownUnited States
                                                		2860NOS_COMUNICACOESPTfalse
                                                151.101.2.132
                                                		j.sni.global.fastly.netUnited States
                                                		54113FASTLYUSfalse
                                                142.251.163.84
                                                		unknownUnited States
                                                		15169GOOGLEUSfalse

                                                Private

                                                IP
                                                192.168.2.17
                                                192.168.2.16
                                                192.168.2.13

                                                General Information

                                                Joe Sandbox version:42.0.0 Malachite
                                                Analysis ID:1648753
                                                Start date and time:2025-03-26 07:15:48 +01:00
                                                Joe Sandbox product:CloudBasic
                                                Overall analysis duration:
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                Number of analysed new started processes analysed:20
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:0
                                                Technologies:
                                                • EGA enabled
                                                Analysis Mode:stream
                                                Analysis stop reason:Timeout
                                                Sample name:Legal_Notice _Letter.pdf
                                                Detection:MAL
                                                Classification:mal64.phis.troj.winPDF@37/40@31/240
                                                Cookbook Comments:
                                                • Found application associated with file extension: .pdf
                                                • Exclude process from analysis (whitelisted): SIHClient.exe, svchost.exe
                                                • Excluded IPs from analysis (whitelisted): 104.118.8.172
                                                • Excluded domains from analysis (whitelisted): geo2.adobe.com
                                                • Not all processes where analyzed, report is missing behavior information
                                                • Report size getting too big, too many NtOpenFile calls found.
                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                • VT rate limit hit for: https://medpetroenergydmcc.com/wp-content/themes/extendable/assets/fonts/baloo-tamma-2/baloo-tamma-2_wght.woff2
                                                • VT rate limit hit for: https://medpetroenergydmcc.com/wp-content/themes/extendable/assets/fonts/mulish/mulish.woff2
                                                • VT rate limit hit for: https://medpetroenergydmcc.com/wp-content/themes/extendable/style.css?ver=2.0.17
                                                • VT rate limit hit for: https://medpetroenergydmcc.com/wp-content/uploads/2025/03/cropped-judiciary_logo-32x32.jpg
                                                • VT rate limit hit for: https://medpetroenergydmcc.com/wp-content/uploads/2025/03/doj_logo-300x102.png
                                                • VT rate limit hit for: https://medpetroenergydmcc.com/wp-includes/blocks/navigation/style.min.css?ver=6.7.2
                                                • VT rate limit hit for: https://medpetroenergydmcc.com/wp-includes/blocks/social-links/style.min.css?ver=6.7.2
                                                • VT rate limit hit for: https://medpetroenergydmcc.com/wp-includes/js/dist/script-modules/block-library/navigation/view.min.js?ver=8ff192874fc8910a284c
                                                • VT rate limit hit for: https://medpetroenergydmcc.com/wp-includes/js/dist/script-modules/interactivity/index.min.js?ver=907ea3b2f317a78b7b9b
                                                • VT rate limit hit for: https://medpetroenergydmcc.com/wp-includes/js/wp-emoji-release.min.js?ver=6.7.2

                                                Created / dropped Files

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):287
                                                Entropy (8bit):5.24186080896516
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:8C3EC8349374D75B5AF2C9C7BD947B33
                                                SHA1:4FC2E29CB3E950610EE1D0FA673CA9D116F1D902
                                                SHA-256:5BE656669EEDFB845C389D076201B1F1C90734614B4BA365EEC1046536E2FD49
                                                SHA-512:4748BCA79D809ECF4F69BB9C9C8602375FF1D342A6BCAD6DE4E0B554E35E4DDD321F5A1ED9BC72761BE2079878FC2D141326F2C37CC7A6CD19B6E619ABD22F0E
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:2025/03/26-02:16:19.761 bd8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/03/26-02:16:19.763 bd8 Recovering log #3.2025/03/26-02:16:19.763 bd8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):334
                                                Entropy (8bit):5.172344968791909
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:4150467428235FEC51F5D097635D7614
                                                SHA1:CDE81D213957062DB57AD4110C70F3AE1D77F1C4
                                                SHA-256:C68F8D1EBCCDC2C6A362BCCA85CAFBDC3A8AA4A71B3803EB2E31652C0A1B6724
                                                SHA-512:50457EC6D47B1D8FDF549B0063B76E1C3110C6DDD4DE2F498D23014E543D3CB8A30D05AEEDB4BF907956FF23513BDDD2324E1E1A469E3CA8B1C40B05FFF25568
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:2025/03/26-02:16:19.663 1908 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/03/26-02:16:19.668 1908 Recovering log #3.2025/03/26-02:16:19.669 1908 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\1d755294-989f-40ac-a329-587e80d669d8.tmp

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):403
                                                Entropy (8bit):4.997123204763721
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:4F4339BF7EA8852AEEB721C5D581BB92
                                                SHA1:08E70743A36656AE8A657D0B6794872AFFBE9582
                                                SHA-256:C03BE101DE24F4345ADB23057AA6B34AAB910E508657D63F923891CE1E5C9D6C
                                                SHA-512:CF13BA4969D370881788DCCE3D655B8E9650F1E9B50FDD7788C410880C0049644834FE72300CFED06E59D7A847C1D77BD79CD6DF0C106C5FCBCF12C87BE2BBB4
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13387529792024576","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":104731},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\856be08f-11c7-453c-b0fb-dd58d26352da.tmp

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:JSON data
                                                Category:modified
                                                Size (bytes):403
                                                Entropy (8bit):4.953858338552356
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:4C313FE514B5F4E7E89329630909F8DC
                                                SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                                                SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                                                SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):0
                                                Entropy (8bit):0.0
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:4C313FE514B5F4E7E89329630909F8DC
                                                SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                                                SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                                                SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF658542.TMP (copy)

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):0
                                                Entropy (8bit):0.0
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:4C313FE514B5F4E7E89329630909F8DC
                                                SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                                                SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                                                SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):4099
                                                Entropy (8bit):5.230059456903435
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:A42A2CC5CA58D37269BCB162E2434BB6
                                                SHA1:CEF2B603B45B5759E3DB92D8483153422A56D656
                                                SHA-256:F8F0A085FA6A5FD5758A3090F327967937B44F4199E181928287DB8278A3179B
                                                SHA-512:7504E81E1196AC07C001DE772EDF0062F99576E80EB7594BFF7A3F38F755CFA9D1682280FAEF7F8FD11BA0B855F7B17A71D5E577450A9F1E30A53059C51B626B
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):322
                                                Entropy (8bit):5.188986339806476
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:A3DF0B8B32413B8011D13E523E5D2778
                                                SHA1:3A00CB7509DFC0154960356DB55C23D28D90668E
                                                SHA-256:84016FDC8E1885C050232AEBEF60424DC4A96397ED56207520FFD6B5D1C2A958
                                                SHA-512:7860D039BFE3244F627774194034098C5BDF0222401530F663490FAB625CBEF8BE38043C05A6E643353D93AF166038A1CB071BA6ACCDB4829F43B876BE72B7DF
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:2025/03/26-02:16:19.799 1908 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/03/26-02:16:19.801 1908 Recovering log #3.2025/03/26-02:16:19.802 1908 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                                                Category:dropped
                                                Size (bytes):57344
                                                Entropy (8bit):3.291927920232006
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
                                                SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
                                                SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
                                                SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:SQLite Rollback Journal
                                                Category:dropped
                                                Size (bytes):16928
                                                Entropy (8bit):1.2156526289386262
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:8D13FD4D7A11BF3E9DDC922176460D75
                                                SHA1:526F16AE2CF46282CB4158EF3270692CC7BB311E
                                                SHA-256:66021CD393A3C5EE248DFBA563B6A554672FD06336F28CA8299DAFCD89FDC532
                                                SHA-512:38EBE5317453FCDF9254824FCE7D6DE3FF681334D513209D8C6E846C209B1B35FC5228B241B8564AE6E19F6C2B99C19E6AACF15EFBBE69D483649E3A61D82722
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:.... .c.....>wX.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:Certificate, Version=3
                                                Category:dropped
                                                Size (bytes):1391
                                                Entropy (8bit):7.705940075877404
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                                SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                                SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                                SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 73305 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                Category:dropped
                                                Size (bytes):73305
                                                Entropy (8bit):7.996028107841645
                                                Encrypted:true
                                                SSDEEP:
                                                MD5:83142242E97B8953C386F988AA694E4A
                                                SHA1:833ED12FC15B356136DCDD27C61A50F59C5C7D50
                                                SHA-256:D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755
                                                SHA-512:BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:MSCF....Y.......,...................I.................;Za. .authroot.stl.98.?.6..CK..<Tk......4..c... .Ec...U.d.d.E&I.DH*..M.KB."..rK.RQ*..}f..f...}..1....9...........$.8q..fa...7.o.1.0...bfsM4.........u..l..0..4.a.t....0.....6#....n. :... ....%.,CQ5uU..(.3.<7#.0..JN.$...=j|w..*.#.oU..Eq[..P..^..~.V...;..m...I|...l..@-W..=.QQ.._./.M.nZ..(.........`.$Z.9wW:W.]..8*E.......I.D{..n...K:.m..^.(.S.......c..s.y..<...2.%o.o.....H.B.R.....11.|!.(...........h.SZ........<...^....Z>.Pp?... .pT@p.#.&..........#VEV=.....p........y..."T=l.n..egf.w..X.Y..-G...........KQ.]...pM..[m..-6.wd:........T...:.P5Zs....c.oT`..F1#......EuD.......7....V ..-....!.N..%S...k...S. ...@.J..../..b!B.(=\../.l......`.\...q9..>4!b..8EH.....zdy.....#...X>%0w...i.,>c.z.g"p.S..2W.+mMs.....5Def.....#._D.4....>}...i...\.&`D.......z;..ZY.3.+t.`....z_.q'w.z.)..j3.+.co.s..:.........qK...{...E....uPO...#vs.XxH.B!..(t. 8k+.....G\..?..GF8....'..w.>.ms..\ve.nFN..W)....xi..u..5.f.l....

                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):192
                                                Entropy (8bit):2.746484906506307
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:F59FE92C9F71BD7765DA57427CC34A78
                                                SHA1:0216BAF42A925A00251D18A2410B185DF0D86009
                                                SHA-256:13833BA6680366D1262CAD914626E4FE45EC43BEBDC8EB14BD59A3B07E412AED
                                                SHA-512:A440E5A6EA5E366741413610C80262C5E1467E0D26E575A22E88A75B6AB69ACB28EAEA12768D3B6165BA216ADCA06BB864BC6C3846CA97170FB8D930780751E7
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:p...... ..........8.....(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:data
                                                Category:modified
                                                Size (bytes):330
                                                Entropy (8bit):3.2750150806342027
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:C818AAD00A2BCC786EB94EB354850301
                                                SHA1:99A23865B222731709D32B4BA9DDA4F4A97EC9C1
                                                SHA-256:D6E0F3B914ADBF0C3E366E8FC9D8F61BE488564EE9F2F395B4B83BCE5478A17C
                                                SHA-512:F4BF7EC0BCAF7503685AC5CF6BDA64FCCAF89EA09E13A66177B5C92984D3DF00B9C1DAD6F38004E2DD01013697B4D28BD29BCA60635C41B515D671071A616AF4
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:p...... ........X.<.....(....................................................... ..................(....c*.....Y...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.4.2.7.f.6.c.2.b.7.8.7.d.b.1.:.0."...

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):295
                                                Entropy (8bit):5.3482972750696955
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:5212B1333A42F9E05A6ED86B31B61101
                                                SHA1:16B39EAF1C8CF32846481032AEA3395F6268A5AB
                                                SHA-256:F7872C8B74B18F54701F6D63AB12AFB4250835D05841850F25895DEB32CAF522
                                                SHA-512:F94663A21F77E9EFFA37661D64CE3A229CB87AB019AF865E3BA1CD26721D92D8E29134246F65055E85DBC69B39E2A9015D73125196D6F37A47184F10334B7A9E
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:{"analyticsData":{"responseGUID":"132e45d2-4331-430c-ac5d-564a3d413e58","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743148884128,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):294
                                                Entropy (8bit):5.2979141629992945
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:45EBB838B5ADBFD5C2C6F5B7655209B4
                                                SHA1:7087F47ED199FBBB4B49484C5A55C0CE78E21E5D
                                                SHA-256:7BD316CDC73D9CC0F1D29E800D6C6626062B32052B6CCCF86F08E772C544D585
                                                SHA-512:C5A826608271EA328D6FF7E0AAF59DDE4645D26E4415FC8C143F69BC78AEA2910F43F340F77D99BFA8DA4F41F2D4F13D3D12140BF69C7304B9A9A258D07FD854
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:{"analyticsData":{"responseGUID":"132e45d2-4331-430c-ac5d-564a3d413e58","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743148884128,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):294
                                                Entropy (8bit):5.276462479525299
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:3672D721FAA4FDC95FCE80AEC2BC4334
                                                SHA1:ABBE8F5D73C6AE202E0F234A85E848C8BEAA5077
                                                SHA-256:D3B6095543DAE11EA2D7F39C4B36A9AE357B62029D2BDC017BA221902D5ECF3C
                                                SHA-512:5A0AD09CB2F37DC9DAB02E0C7A403AC331C6A9B328B798FFEFAE86D47596EBCF22608E6188A42F4E368F2CB519A1F29300459B225E277733FEB352699C6B8D14
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:{"analyticsData":{"responseGUID":"132e45d2-4331-430c-ac5d-564a3d413e58","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743148884128,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):285
                                                Entropy (8bit):5.336148828328323
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:8E5C40F575115394207A30AE847B3136
                                                SHA1:30A833FE9BFD172EB33022467B23DB6F2BCF6E68
                                                SHA-256:3FED75408938566B27BC12634CBAB567D1993989E3BDFD11517DEE211930DCE1
                                                SHA-512:9187DB52697625D126F342B0DD21EE19A23407249C2BCB753F012F2CADD9817E14866F1D721DC5662CB9A0B9B5EE66B88B0050CEE07727BB167650806AEDAC21
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:{"analyticsData":{"responseGUID":"132e45d2-4331-430c-ac5d-564a3d413e58","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743148884128,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):2129
                                                Entropy (8bit):5.842344087979414
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:948A15B656C5607BC9EE65813DE58539
                                                SHA1:47CCBFD2DFA052ED65B23FCF89EE4FE2D116C226
                                                SHA-256:E2C452204E79A9DD8DEDA7EABBF8DE2A7EAB9A88EABA568397C2F93A5382E0D3
                                                SHA-512:EDA6E84D1AB8D6A6A1FD5870D3AF26EAD6F1CE2CACAD1F494AF3EAC84AF746766EED856B5C57D48D9B398E876DE42AEA953D712A8FF600EF5E9623A0E6B6696C
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:{"analyticsData":{"responseGUID":"132e45d2-4331-430c-ac5d-564a3d413e58","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743148884128,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_1","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"5a9d1955-ab74-4b89-837a-074b702313c0","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2NvbnZlcnQiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRXhwb3J0IFBERnMgdG8gTWljcm9zb2Z0IFdvcmQgYW5kIEV4Y2VsLiIsImN0YUxhYmVsIjpudWxsLCJjdGFCZWhhdmlvciI6bnVsbCwiY3RhVXJsIjpudWxsLCJjdGFVcmxUeXBlIjpudWxsLC

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):289
                                                Entropy (8bit):5.282349261680521
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:620833892665767C0D87CAFA4E1FA7E0
                                                SHA1:C562FE1FC8C87C364A19CC382599E4B056E03918
                                                SHA-256:2B2EAA3987BF58EFEC127970EFD9DB1AA729F2688E50E573E18BAD1D797421BF
                                                SHA-512:C909BDF6B0F2A921340EA9716681881C46BB9D2D92F7F6570D212D190D4FE3C69A533D40011BE54AFEFEF4E184060958978603136066B86A6D90CFAB62A0FBD3
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:{"analyticsData":{"responseGUID":"132e45d2-4331-430c-ac5d-564a3d413e58","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743148884128,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):292
                                                Entropy (8bit):5.285182857025262
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:7F78A00C695C2DCB990B12B01C636C7E
                                                SHA1:A92C882D2C73DB220F0A8546F8A667219FFDF298
                                                SHA-256:E040694E5E5A26F544164E31BB5586618A75A2D89698829352F51F88625CC7FC
                                                SHA-512:1D53D521BB84F25536A941BEE9B5A088EDAA857DB6A39C5BE9469272A8BC1F82C30163C9B03C8C0BF0A00F71966514E24B32A31EDE66A3094F4DF0CAE9B25250
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:{"analyticsData":{"responseGUID":"132e45d2-4331-430c-ac5d-564a3d413e58","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743148884128,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):2080
                                                Entropy (8bit):5.827622282645112
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:52CF685C5188C69F2EF0EAC240B45830
                                                SHA1:636EEDB16F30C2839539535F039891233BB699C0
                                                SHA-256:AAC146852CEF0280786BB037CF2D5F400074083497B26470DC914DEA5B1C567B
                                                SHA-512:6BD97317342663114CDD76162C75DC623C59E56572116647DEB9E5F227F3772688AD7A883D6071BB1038862D5DBA086DDF0D8F4F76783E22326C6B6A0CAFDA8C
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:{"analyticsData":{"responseGUID":"132e45d2-4331-430c-ac5d-564a3d413e58","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743148884128,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_2","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"164bf29d-ee04-491c-adf2-c0bfeedb2d1b","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2VkaXQiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjpudWxsLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJhY2tpbmdJZCI6bnVsbCwiX21ldGFkYXRhIjp7InN0cmluZ01ldGFkYXRhIjp

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):295
                                                Entropy (8bit):5.308227401566559
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:4DB5E65736EB834BAA7FBEEDDDDFA13D
                                                SHA1:04990BF1AB2CEECCEF0DA213A9F90DDD42A2ECC2
                                                SHA-256:E6E41F7A81D1381115A9DCAC7E04F263281DEC04F106BE9B738EFB7A8B00D448
                                                SHA-512:09D9116A75E8CF77174EF3B949C6FBB9E53905888DCFCB37DEEE7BF928E7153C3B9B6D36A4230E87266870007FA8494E746377C219BBCE1CA339F73E1EBCA038
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:{"analyticsData":{"responseGUID":"132e45d2-4331-430c-ac5d-564a3d413e58","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743148884128,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):289
                                                Entropy (8bit):5.288639942554391
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:AB5519B635D853D132BD80B9343E7E9D
                                                SHA1:E6AF00B425A27511690B11694CD5B24DDBD454EC
                                                SHA-256:9C07F6BA82E774C515CE118238A9B50BDFA7693C453312D1B3A4B3F6C07C6837
                                                SHA-512:96632934A593A3EA54BD6421A93196D4C9BB38BC94AC27CFA0A45B4F8382A33D8783E25F34541879BF4A94F4B7D6447F4A17D520FBC5E7AA4E6C349894398BF0
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:{"analyticsData":{"responseGUID":"132e45d2-4331-430c-ac5d-564a3d413e58","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743148884128,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):284
                                                Entropy (8bit):5.274789305293539
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:279F39B2327EF888744B958696944F40
                                                SHA1:2869E50488B308E90A7EF7B71D0597271FE60E71
                                                SHA-256:0D61E7BF8808E0BC6A9542E138612B8C3E337A53025F0922363A07BA15EFD2B7
                                                SHA-512:C09361C7D4A363CA04326095917E3409EF6DA86718F62325014C1288CCA6B228BDA36800F1DE8F269A10941F13827963BC26772EB216BE0BBBFBFB823E5349D6
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:{"analyticsData":{"responseGUID":"132e45d2-4331-430c-ac5d-564a3d413e58","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743148884128,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):291
                                                Entropy (8bit):5.272265116224443
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:18AA141AF05F95AE7A496E77EC0F9F78
                                                SHA1:62D2CB6148E9B0FF7BA450D5F160AE387904ADB3
                                                SHA-256:C789CE55C33026BB68F966CBE4423E7324AECDB14BF325AC6C3375D9ABDD38FB
                                                SHA-512:64B7364FD5DDE4427D46EB97FEEA3B9DFBA7681E7F66D54CC33D0907ABFC12A23B24F1C502DEA06882741A79C18518654A86FA1921E8C21A157C659B4CFE9E75
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:{"analyticsData":{"responseGUID":"132e45d2-4331-430c-ac5d-564a3d413e58","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743148884128,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):287
                                                Entropy (8bit):5.275489196378446
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:FAEC09513B57B3AE5234E68C66365D36
                                                SHA1:843BF8975B611BAB960FFB140C592FFDD89E8A90
                                                SHA-256:178F4A7CC718C2A9527B308B0E01E94FF0BA5160A919536D0AE408A4F60E8E5A
                                                SHA-512:477D904818BD3956BCC066358FD0114C3768B42447180BCB3043656E4B59D51CCC0BBEC5E2E1186BD7E901C72011F91A758AF1C7159B3FE023FEBAC99C4FD1FF
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:{"analyticsData":{"responseGUID":"132e45d2-4331-430c-ac5d-564a3d413e58","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743148884128,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):2028
                                                Entropy (8bit):5.84178530915409
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:78C5E46516F09E76D9280B3F4B036BDB
                                                SHA1:53AB48E9A89994F5307F1437F3EBECD9A227FA6A
                                                SHA-256:7D73CBCB000AD25286D67B76C9F474F7989FA30A3DC5CAD5E3925B6EC7E68B0F
                                                SHA-512:D7D62837A498831B75DF3C5DC51246D8ED480F2AF7FE5492AAB8B52FB034B1B536D38A894FE09374CC241E77013B7D2594EAD2C343A484708CDF7E9D6C0677A5
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:{"analyticsData":{"responseGUID":"132e45d2-4331-430c-ac5d-564a3d413e58","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743148884128,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_0","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"339c0ba6-2e61-4622-82f6-f07787d206b8","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL3NpZ24iLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRWFzaWx5IGZpbGwgYW5kIHNpZ24gUERGcy4iLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJhY2tpbmdJZCI6bnVsbCwiX21ldGF

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):286
                                                Entropy (8bit):5.250241436505412
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:BFE31878D46FBC9FDEE92AFEE5709864
                                                SHA1:C536362F78D627596BF026CA81CBB7865DBDBF5E
                                                SHA-256:BE796A3C7F4B55ECE04175193E2732C7B1BC26E230BBA5A2574F78BFB08A43C2
                                                SHA-512:8828161FF985C73867DF534465749C41D1C4A640792C1B67BC33FB33F846D573FB205B88EB7BAE25FEE6FC1F776C10B00879CC974882EEAB07DFA0D0953F95C4
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:{"analyticsData":{"responseGUID":"132e45d2-4331-430c-ac5d-564a3d413e58","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743148884128,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):282
                                                Entropy (8bit):5.261507043536835
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:5DAFD4E4E8A89059CDA49B3E4C7992C9
                                                SHA1:008C535041B2B1CF4EC2E669663B45F6C5405D5A
                                                SHA-256:D920FE2417786E8D7FD901BFAE718CF2388C82A3FD5C7FC4747EE8E11C30CDE3
                                                SHA-512:9CE0A3BDC26AF690AF7067C2FC2C331C626E57219446133BC83D820EFA47EADCEDFE935A74CBC7628F4F222A9C498004D69D911EF5D4659EBB0CF7B5DE5FA389
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:{"analyticsData":{"responseGUID":"132e45d2-4331-430c-ac5d-564a3d413e58","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743148884128,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):4
                                                Entropy (8bit):0.8112781244591328
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:....

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):2815
                                                Entropy (8bit):5.141232507356329
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:10B14EDED8B4CB609610248EE9283D28
                                                SHA1:36D902B1376DAA9D05E0AFBD6C7AD37EAF594329
                                                SHA-256:F30B7B5A39785268AFAB2E0CE68D3FB7AC14B5DA1AD01EF6F50870FE979C69DB
                                                SHA-512:C78763EAA7609993F66199967339C82EC2289A230B8C3512AD4A8EDF560A7FC192611A5CA3E9067CA8C6171B3A137C285F3055D26BE478AB3A1863421ADDE742
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"5e164870e6ef1837098434c6f957af8e","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1742969783000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"3fc0c625c28d7299d911280139e0f7bd","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":2028,"ts":1742969783000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"f1199cb4f1373b673ef11ebb350c8225","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":2129,"ts":1742969783000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"76308d8d346be115cee2d3b7f4538b2f","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":2080,"ts":1742969783000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"439b3ed0525b0520b78ba91ecc2e372b","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1742969783000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"097b9d96f98d3b286f1e9be0ee8963b8","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file",

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                                                Category:dropped
                                                Size (bytes):12288
                                                Entropy (8bit):0.9891120157656901
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:2D6091B4C00D60E037829A5691D6864A
                                                SHA1:30EB2C107DCC8223141785A02475E7D430C7D5FD
                                                SHA-256:4F1E491836C99BBD4D96CE85EFACC0EA24751F8F933D819996227284F3DEB1CF
                                                SHA-512:5397A0AF3A749E8D7AD2BFF4B96433ACAABE68B0B316A9AF172C3AA8F77046F5F45393F32302F3F8C4513250853282044330B56F8ECC58D374BC0BEBB5A2C2A9
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:SQLite Rollback Journal
                                                Category:dropped
                                                Size (bytes):8720
                                                Entropy (8bit):1.3450337576301556
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:125838FD1BBF0012B50140CE08496CBA
                                                SHA1:61384F561A3A37B5CE9BCB47381886C590FD41A7
                                                SHA-256:10B3C17D631B3E50B3FDCDF1FEEB368F92ADC30EFA6C80B2EC604E65566E590A
                                                SHA-512:11C03743870F7F34BAE2D668AEA099B168E7A02B5FFBE9A2A85C1F821D02249D3F3957B9AB22680C756484EBDC80228E1026C3CB80F97C939D0CC14F525CEBD7
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:.... .c.....&2{F......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\MSI477f8.LOG

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):246
                                                Entropy (8bit):3.5105370742203172
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:6AC038A38AADAAC5200630611E634489
                                                SHA1:4FFDCBBBB0C137792B89A5F88B1F54A0E92D4526
                                                SHA-256:03FFE92325049EB20259678D61AE890432B2102AFE76D623FBEEDC955316C64E
                                                SHA-512:3CEBEBC957512FDEE51190F6A4B95625284EA7096B40AAC5C25853F04CF86745A52BB21C3AB2A7CEBFFCE927C925BEDE65D3ECAFBCB00DBC650B75259F5365F3
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.6./.0.3./.2.0.2.5. . .0.2.:.1.6.:.2.6. .=.=.=.....

                                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-03-26 02-16-21-144.log

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:ASCII text, with very long lines (393)
                                                Category:dropped
                                                Size (bytes):16525
                                                Entropy (8bit):5.353642815103214
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:91F06491552FC977E9E8AF47786EE7C1
                                                SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
                                                SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
                                                SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

                                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):15114
                                                Entropy (8bit):5.366531286637749
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:7CBE33716386B6B0BE393DD1A2F3C148
                                                SHA1:56507DB1EB59EBE1FE40EBB180A73E2170EC11A5
                                                SHA-256:7BD05DB7B01D5FF4B19B6299897DDC565F89E7730A328B998CE994CEA72E949C
                                                SHA-512:8BF97E0AAF2A86E304893C52EA4CF2AB44154F6D22DD6E56F7B5A08AA53E7B23B98C40117A5AB412E47F8E2700E9BCF1AD97265330E57B78AD403E0298C6F5DD
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:SessionID=43dcce97-3f2b-4103-adc9-1dca837507c9.1742969781159 Timestamp=2025-03-26T02:16:21:159-0400 ThreadID=7164 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=43dcce97-3f2b-4103-adc9-1dca837507c9.1742969781159 Timestamp=2025-03-26T02:16:21:161-0400 ThreadID=7164 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=43dcce97-3f2b-4103-adc9-1dca837507c9.1742969781159 Timestamp=2025-03-26T02:16:21:161-0400 ThreadID=7164 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=43dcce97-3f2b-4103-adc9-1dca837507c9.1742969781159 Timestamp=2025-03-26T02:16:21:161-0400 ThreadID=7164 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=43dcce97-3f2b-4103-adc9-1dca837507c9.1742969781159 Timestamp=2025-03-26T02:16:21:162-0400 ThreadID=7164 Component=ngl-lib_NglAppLib Description="SetConf

                                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):29752
                                                Entropy (8bit):5.418578639249114
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:6488986CB4A39CC211845D4949E09984
                                                SHA1:FCC06174A49A5CC0AFA7F03BE6CC6BB9F1205608
                                                SHA-256:D730954061EBF7B80DFEDF0A15930D195BECF722A26B266B56EDF8211D37EE02
                                                SHA-512:ACFB15E60A47E0BF3FC98143AEFF72FF9122BA7C9A34934C662C46934C67ED115F2A7B8740C464BE0D82F4653083A34DA69AB91AB2599E74CFE08488E943078E
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

                                                C:\Users\user\AppData\Local\Temp\acrocef_low\4d2bce89-1b8a-4ee3-b210-2bd46e4f3673.tmp

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                Category:dropped
                                                Size (bytes):386528
                                                Entropy (8bit):7.9736851559892425
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                                SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                                SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                                SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                                C:\Users\user\AppData\Local\Temp\acrocef_low\5cc2fda8-0729-41d4-9348-a5c7f399abf7.tmp

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                                Category:dropped
                                                Size (bytes):758601
                                                Entropy (8bit):7.98639316555857
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:3A49135134665364308390AC398006F1
                                                SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                                SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                                SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                                C:\Users\user\AppData\Local\Temp\acrocef_low\c0132844-b660-4ac6-a53f-a63cf7885065.tmp

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                                Category:dropped
                                                Size (bytes):1419751
                                                Entropy (8bit):7.976496077007677
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:A8E5C37206C98D1B655FF994A420FFB6
                                                SHA1:827237782AB5971EC205C3BCECCC7950BE9F84C3
                                                SHA-256:F1F755059AF7C2CBC36920337941AEFB18FBDB3CD14D3239CBBBCF0CB8F208EA
                                                SHA-512:12DE33EB7624458AEC44D83D4E2C09E626F8E54E177FC0C26EEBA232935F34FAAAEB71FBB025EB7C53BEA9933C46ADCE759C32516D1B80C03B6734C61D61CEB2
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                C:\Users\user\AppData\Local\Temp\acrocef_low\fedc3326-7d9f-4c51-89b9-29942f1427c1.tmp

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                                Category:dropped
                                                Size (bytes):1407294
                                                Entropy (8bit):7.97605879016224
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:8B9FA2EC5118087D19CFDB20DA7C4C26
                                                SHA1:E32D6A1829B18717EF1455B73E88D36E0410EF93
                                                SHA-256:4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
                                                SHA-512:662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                Static File Info

                                                General

                                                File type:PDF document, version 1.6
                                                Entropy (8bit):7.980000874435009
                                                TrID:
                                                • Adobe Portable Document Format (5005/1) 100.00%
                                                File name:Legal_Notice _Letter.pdf
                                                File size:54'495 bytes
                                                MD5:948fb4a9d9af82ee5345ae76ba345d41
                                                SHA1:c8ad3eacaf2cc9dca02d3940f11305f58071ea81
                                                SHA256:7f28d6bb1855c7f388315a2beee039518c82e512597a908888826db9c73c84be
                                                SHA512:ba2277a0c85abbd7a05019f624b98260cf62756bff63e03a3cdb573ef873d0ae98419ad0b98913a1f95373995a625f1a80162d080a8494877fc348697be34c7e
                                                SSDEEP:768:0FpQJAinjt3cXVDP9x7rKQhVfFa+WVzrhCVcJQWRdKqyIYGNeQ0fI8US:0FpQ+Mp3cz9uV/JXfKqyIYGLmpUS
                                                TLSH:323302C9EDE96DCE0CF8287A7D44B09BD0868893730D42E3E86486C326AB5E4DD5077C
                                                File Content Preview:%PDF-1.6.%.....3 0 obj.<<./Type /Catalog./Pages 4 0 R./Outlines 5 0 R./Version /1.6.>>.endobj.6 0 obj.<<./Length 28 0 R./Filter /FlateDecode.>>.stream..x..ZY..5.F...j.E.qk..mBr.?..R>....`Q..C.@.../..;9....r..g.r;.7_..Y....$~......GG.?.......}..:...ot...w:

                                                File Icon

                                                Icon Hash:62cc8caeb29e8ae0

                                                Static PDF Info

                                                General

                                                Header:%PDF-1.6
                                                Total Entropy:7.980001
                                                Total Bytes:54495
                                                Stream Entropy:7.984837
                                                Stream Bytes:52827
                                                Entropy outside Streams:5.206893
                                                Bytes outside Streams:1668
                                                Number of EOF found:1
                                                Bytes after EOF:
                                                NameCount
                                                obj12
                                                endobj12
                                                stream11
                                                endstream11
                                                xref0
                                                trailer0
                                                startxref1
                                                /Page0
                                                /Encrypt0
                                                /ObjStm1
                                                /URI0
                                                /JS0
                                                /JavaScript0
                                                /AA0
                                                /OpenAction0
                                                /AcroForm0
                                                /JBIG2Decode0
                                                /RichMedia0
                                                /Launch0
                                                /EmbeddedFile0
                                                IDDHASHMD5Preview
                                                35cf6b6965f76771b5dcff61e109e1e6e6f1aebdd6cef97153
                                                37174b4bcb8c4d0f17591956a3b6e6134038ae4790e0f6e353