Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
mara.roth-Handbook_DocuSign6h0-3958.pdf

Overview

General Information

Sample name:mara.roth-Handbook_DocuSign6h0-3958.pdf
Analysis ID:1652902
MD5:85362b656b460d4fbe705b7b85130f4a
SHA1:7ee05c5a941d6e45e7236bbd507c0a5e07e9b4d5
SHA256:87aa5841fa52af7d4f2e455d2df5a35a4d2ff72ee490606b7bf0ea8689668ac6
Infos:

Detection

Fake Captcha
Score:52
Range:0 - 100
Confidence:100%

Signatures

Yara detected Fake Captcha
AI detected landing page (webpage, office document or email)
Creates files inside the system directory
Deletes files inside the Windows folder
IP address seen in connection with other malware

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 7712 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\mara.roth-Handbook_DocuSign6h0-3958.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 7908 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 8116 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2232 --field-trial-handle=1564,i,1962462157706799152,526781585758020601,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • chrome.exe (PID: 7228 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument about:blank MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 8256 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2304,i,8126060533632964085,3292062182765774855,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2340 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 9008 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://redcon1entertainment.com/jjsaecea MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
dropped/chromecache_172JoeSecurity_FakeCaptchaYara detected Fake CaptchaJoe Security

    HTML

    SourceRuleDescriptionAuthorStrings
    0.0.pages.csvJoeSecurity_FakeCaptchaYara detected Fake CaptchaJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      • Phishing
      • Compliance
      • Networking
      • System Summary
      • Hooking and other Techniques for Hiding and Protection

      Click to jump to signature section

      Show All Signature Results

      Phishing

      barindex
      Source: Yara matchFile source: 0.0.pages.csv, type: HTML
      Source: Yara matchFile source: dropped/chromecache_172, type: DROPPED
      Source: PDF documentJoe Sandbox AI: PDF document contains QR code
      Source: unknownHTTPS traffic detected: 198.57.151.223:443 -> 192.168.2.4:49732 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 198.57.151.223:443 -> 192.168.2.4:49733 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.80.68:443 -> 192.168.2.4:49735 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 109.61.91.195:443 -> 192.168.2.4:49745 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 109.61.91.197:443 -> 192.168.2.4:49751 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.251.40.238:443 -> 192.168.2.4:49750 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.80.68:443 -> 192.168.2.4:49755 version: TLS 1.2
      Source: Joe Sandbox ViewIP Address: 23.216.136.238 23.216.136.238
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
      Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
      Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
      Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
      Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
      Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
      Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
      Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
      Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
      Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
      Source: unknownTCP traffic detected without corresponding DNS query: 142.251.35.163
      Source: unknownTCP traffic detected without corresponding DNS query: 142.251.35.163
      Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.139
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.190.129
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.190.129
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /jjsaecea HTTP/1.1Host: redcon1entertainment.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /recaptcha/intro/images/hero-street-bg.jpg HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJWhywEInP7MAQiFoM0BSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://redcon1entertainment.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /android/24/000000/refresh.png HTTP/1.1Host: img.icons8.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://redcon1entertainment.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /android/24/000000/refresh.png HTTP/1.1Host: img.icons8.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /security/products/recaptcha HTTP/1.1Host: cloud.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJWhywEInP7MAQiFoM0BSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://redcon1entertainment.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org
      Source: global trafficDNS traffic detected: DNS query: redcon1entertainment.com
      Source: global trafficDNS traffic detected: DNS query: www.google.com
      Source: global trafficDNS traffic detected: DNS query: img.icons8.com
      Source: global trafficDNS traffic detected: DNS query: cloud.google.com
      Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 31 Mar 2025 13:15:51 GMTVary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-SiteP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Strict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/GoogleCloudUxWebAppCgcUi/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-euY4zRVAGDa1tw2yoRpAfQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/GoogleCloudUxWebAppCgcUi/cspreport;worker-src 'self' blob:Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://maps.googleapis.com https://googleads.g.doubleclick.net https://s.ytimg.com https://ssl.google-analytics.com https://www.googleadservices.com/pagead/ https://www.youtube.com https://youtube.com https://youtube.googleapis.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/GoogleCloudUxWebAppCgcUi/cspreport/allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Transfer-Encoding: chunkedServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffSet-Cookie: NID=522=reirbNDZx0rmdd8dMghMgcMt_0PZ3bZISuZjIOk4lpkIfawuZ7jAk9cYtLwBX8KuygI6UcL27IJ_iroVNyZRb1N98WAlnrZRYtpvExVNE1jTDVWNH1shHh5lRpG8K4n-dFAuHUgX3Q19QtvSYIn1klHjas72JAohR_1E0JNHgrrsPHCB_VNm6ck79t21gqW7aM2KSw; expires=Tue, 30-Sep-2025 13:15:51 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=noneAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close
      Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
      Source: 2D85F72862B55C4EADD9E66E06947F3D0.1.drString found in binary or memory: http://x1.i.lencr.org/
      Source: chromecache_172.4.drString found in binary or memory: https://img.icons8.com/android/24/000000/refresh.png
      Source: chromecache_172.4.drString found in binary or memory: https://pub-246cb0db54c0496c9e2663418098b419.r2.dev/S.html
      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
      Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
      Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
      Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
      Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
      Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
      Source: unknownHTTPS traffic detected: 198.57.151.223:443 -> 192.168.2.4:49732 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 198.57.151.223:443 -> 192.168.2.4:49733 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.80.68:443 -> 192.168.2.4:49735 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 109.61.91.195:443 -> 192.168.2.4:49745 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 109.61.91.197:443 -> 192.168.2.4:49751 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.251.40.238:443 -> 192.168.2.4:49750 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.80.68:443 -> 192.168.2.4:49755 version: TLS 1.2
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir7228_118078244Jump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir7228_118078244Jump to behavior
      Source: classification engineClassification label: mal52.phis.winPDF@37/55@16/8
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7764Jump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-03-31 09-15-46-983.logJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
      Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\mara.roth-Handbook_DocuSign6h0-3958.pdf"
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2232 --field-trial-handle=1564,i,1962462157706799152,526781585758020601,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument about:blank
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2304,i,8126060533632964085,3292062182765774855,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2340 /prefetch:3
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://redcon1entertainment.com/jjsaecea
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2232 --field-trial-handle=1564,i,1962462157706799152,526781585758020601,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2304,i,8126060533632964085,3292062182765774855,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2340 /prefetch:3Jump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: mara.roth-Handbook_DocuSign6h0-3958.pdfInitial sample: PDF keyword /JS count = 0
      Source: mara.roth-Handbook_DocuSign6h0-3958.pdfInitial sample: PDF keyword /JavaScript count = 0
      Source: A91ah4ttl_kkdf6n_5zo.tmp.0.drInitial sample: PDF keyword /JS count = 0
      Source: A91ah4ttl_kkdf6n_5zo.tmp.0.drInitial sample: PDF keyword /JavaScript count = 0
      Source: mara.roth-Handbook_DocuSign6h0-3958.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
      Browser Extensions      		1
      Process Injection      		11
      Masquerading      		OS Credential Dumping1
      System Information Discovery      		Remote ServicesData from Local System1
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
      Process Injection      		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
      Non-Application Layer Protocol      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
      File Deletion      		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
      Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
      Ingress Tool Transfer      		Traffic DuplicationData Destruction

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1652902 Sample: mara.roth-Handbook_DocuSign... Startdate: 31/03/2025 Architecture: WINDOWS Score: 52 22 x1.i.lencr.org 2->22 24 e8652.dscx.akamaiedge.net 2->24 26 crl.root-x1.letsencrypt.org.edgekey.net 2->26 40 Yara detected Fake Captcha 2->40 42 AI detected landing page (webpage, office document or email) 2->42 8 chrome.exe 2 2->8         started        11 Acrobat.exe 18 73 2->11         started        13 chrome.exe 2->13         started        signatures3 process4 dnsIp5 28 192.168.2.4, 138, 443, 49254 unknown unknown 8->28 30 192.168.2.6 unknown unknown 8->30 15 chrome.exe 8->15         started        18 AcroCEF.exe 106 11->18         started        process6 dnsIp7 32 redcon1entertainment.com 198.57.151.223, 443, 49732, 49733 UNIFIEDLAYER-AS-1US United States 15->32 34 www.google.com 142.250.80.68, 443, 49735, 49755 GOOGLEUS United States 15->34 38 4 other IPs or domains 15->38 36 e8652.dscx.akamaiedge.net 23.216.136.238, 49760, 80 CCCH-3US United States 18->36 20 AcroCEF.exe 2 18->20         started        process8

      Screenshots

      Download Video

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      mara.roth-Handbook_DocuSign6h0-3958.pdf0%VirustotalBrowse

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://pub-246cb0db54c0496c9e2663418098b419.r2.dev/S.html0%Avira URL Cloudsafe

      Domains and IPs

      Download Network PCAP: filteredfull

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      1004834818.rsc.cdn77.org
      		109.61.91.195
      		truefalse
        		high
        e8652.dscx.akamaiedge.net
        		23.216.136.238
        		truefalse
          		high
          redcon1entertainment.com
          		198.57.151.223
          		truefalse
            		unknown
            cloud.google.com
            		142.251.40.238
            		truefalse
              		high
              www.google.com
              		142.250.80.68
              		truefalse
                		high
                x1.i.lencr.org
                		unknown
                		unknownfalse
                  		high
                  img.icons8.com
                  		unknown
                  		unknownfalse
                    		high

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://x1.i.lencr.org/false
                      		high
                      https://img.icons8.com/android/24/000000/refresh.pngfalse
                        		high
                        https://cloud.google.com/security/products/recaptchafalse
                          		high
                          https://redcon1entertainment.com/jjsaeceafalse
                            		unknown
                            https://www.google.com/recaptcha/intro/images/hero-street-bg.jpgfalse
                              		high
                              NameSourceMaliciousAntivirus DetectionReputation
                              https://pub-246cb0db54c0496c9e2663418098b419.r2.dev/S.htmlchromecache_172.4.drfalse
                              • Avira URL Cloud: safe
                              		unknown

                              World Map of Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public IPs

                              IPDomainCountryFlagASNASN NameMalicious
                              142.250.80.68
                              		www.google.comUnited States
                              		15169GOOGLEUSfalse
                              109.61.91.195
                              		1004834818.rsc.cdn77.orgHungary
                              		197248DRAVANET-ASHUfalse
                              23.216.136.238
                              		e8652.dscx.akamaiedge.netUnited States
                              		7016CCCH-3USfalse
                              142.251.40.238
                              		cloud.google.comUnited States
                              		15169GOOGLEUSfalse
                              109.61.91.197
                              		unknownHungary
                              		197248DRAVANET-ASHUfalse
                              198.57.151.223
                              		redcon1entertainment.comUnited States
                              		46606UNIFIEDLAYER-AS-1USfalse

                              Private

                              IP
                              192.168.2.4
                              192.168.2.6

                              General Information

                              Joe Sandbox version:42.0.0 Malachite
                              Analysis ID:1652902
                              Start date and time:2025-03-31 15:14:28 +02:00
                              Joe Sandbox product:CloudBasic
                              Overall analysis duration:0h 4m 41s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Cookbook file name:defaultwindowspdfcookbook.jbs
                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                              Number of analysed new started processes analysed:19
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • EGA enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Sample name:mara.roth-Handbook_DocuSign6h0-3958.pdf
                              Detection:MAL
                              Classification:mal52.phis.winPDF@37/55@16/8
                              Cookbook Comments:
                              • Found application associated with file extension: .pdf
                              • Found PDF document
                              • Close Viewer
                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe
                              • Excluded IPs from analysis (whitelisted): 23.9.183.29, 142.250.64.78, 142.251.179.84, 142.250.80.3, 142.251.40.142, 172.64.41.3, 162.159.61.3, 142.250.81.234, 142.251.32.106, 142.251.35.170, 142.251.40.106, 142.251.40.138, 142.251.40.170, 142.250.64.74, 142.250.64.106, 142.250.72.106, 142.250.80.10, 142.250.80.42, 142.250.80.74, 142.251.41.10, 142.250.65.170, 142.250.65.202, 142.250.65.234, 23.51.56.185, 23.203.176.221, 23.53.35.200, 23.53.35.208, 23.210.73.5, 23.210.92.197, 142.250.72.99, 131.253.33.254, 204.79.197.222, 20.12.23.50, 23.217.172.185, 52.6.155.20
                              • Excluded domains from analysis (whitelisted): a-ring-fallback.msedge.net, fp.msedge.net, chrome.cloudflare-dns.com, e4578.dscg.akamaiedge.net, slscr.update.microsoft.com, clientservices.googleapis.com, a767.dspw65.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, acroipm2.adobe.com, clients2.google.com, redirector.gvt1.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, edgedl.me.gvt1.com, armmf.adobe.com, clients.l.google.com, geo2.adobe.com
                              • Not all processes where analyzed, report is missing behavior information
                              • Report size exceeded maximum capacity and may have missing behavior information.
                              • Report size getting too big, too many NtOpenFile calls found.

                              Simulations

                              Behavior and APIs

                              TimeTypeDescription
                              09:15:57API Interceptor2x Sleep call for process: AcroCEF.exe modified

                              QR Codes

                              SourceURL
                              Screenshothttps://redcon1entertainment.com/jjsaecea
                              Screenshothttps://redcon1entertainment.com/jjsaecea

                              Joe Sandbox View / Context

                              IPs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              23.216.136.238Petroleum Systems Services Corporation WAV Caller.pdfGet hashmaliciousHTMLPhisherBrowse
                              • x1.i.lencr.org/
                              Hess Vioce Message.pdfGet hashmaliciousUnknownBrowse
                              • x1.i.lencr.org/
                              ATT02683-1.pdfGet hashmaliciousUnknownBrowse
                              • x1.i.lencr.org/
                              https://www.transfernow.net/en/bld?utm_source=20250321oYBy7zgbGet hashmaliciousHTMLPhisherBrowse
                              • x1.i.lencr.org/
                              https://app.eraser.io/workspace/ISn1eLCg7dzDBCScfS1e?origin=shareGet hashmaliciousUnknownBrowse
                              • x1.i.lencr.org/
                              345778.pdfGet hashmaliciousHTMLPhisherBrowse
                              • x1.i.lencr.org/
                              MetroHealthNow.com.pdfGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                              • x1.i.lencr.org/
                              windscribe.msiGet hashmaliciousUnknownBrowse
                              • x1.i.lencr.org/
                              https://www.transfernow.net/dl/20250327nEx48coZGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                              • x1.i.lencr.org/
                              taxCPAm.batGet hashmaliciousUnknownBrowse
                              • x1.i.lencr.org/
                              109.61.91.197finding3-26-25.zipGet hashmaliciousUnknownBrowse

                                Domains

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                1004834818.rsc.cdn77.orghttps://tfxluum7zobs.dippitydo.net?nczk=amFtaWUuYmVkbmFyQGNvdGVycmEuY29tGet hashmaliciousUnknownBrowse
                                • 37.19.194.81
                                https://hiiudvt8z.awbpartners.com.au/?yxbe=Y2Fyb2x5bi5tLndldHRlcmxpbkB4Y2VsZW5lcmd5LmNvbQ==Get hashmaliciousUnknownBrowse
                                • 207.211.211.27
                                https://richardsmylawyer.com/?YmJhbHRpbW9yZUBoYXJyaXN3aWxsaWFtcy5jb20=Get hashmaliciousUnknownBrowse
                                • 37.19.194.80
                                https://jdd3gqacof3n1x8.gmclhr.comGet hashmaliciousUnknownBrowse
                                • 169.150.255.181
                                https://gkq.soundestlink.com/ce/c/67bef427de06c30aeb085804/67bef4d94c5d631c24ae2eba/67bef4f247b1d331dcdb3b37?signature=bbeaa7f2656f41600d8b1041675ff610b82e4d46573c43684b09f33bce298ffbGet hashmaliciousHtmlDropperBrowse
                                • 169.150.255.183
                                https://gkq.soundestlink.com/ce/c/67bef427de06c30aeb085804/67bef4d94c5d631c24ae2eba/67bef4f247b1d331dcdb3b37?signature=bbeaa7f2656f41600d8b1041675ff610b82e4d46573c43684b09f33bce298ffbGet hashmaliciousHtmlDropperBrowse
                                • 169.150.255.181
                                https://us.content.exclaimer.net/?url=https%3A%2F%2Fgkq.soundestlink.com%2Fce%2Fc%2F67bef427de06c30aeb085804%2F67bf22b64c5d631c24ae3006%2F67bf22ce47b1d331dcdba128%3Fsignature%3Ddd521ec2ccbfc0003286a1eaa019e996f05b435e985c31912087f08c8a19342e&tenantid=ky73_-4KEe-QywAiSCk5gQ&templateid=9f5b2f234df4ef1190cb002248293981&excomponentid=nFEX-f7jNWeTfOzn2CEZDBNyzTqFqptsBHQZrvkNPgE&excomponenttype=Link&signature=VvbJSPPtLh3M2DPqBpZSgcTrNG2MsTwyb1OO2EXo2cXiwpFgtlA5Yor3vXIZOsLNIiHMX2FhHB4KNbIR-yfyHPLZBTnGT2HrRGBTbMOAmJ0y6AykX6KxnWzWWBZkevRwaaeUI4948TrPQc__eaEqGWYWi494ycWK2Qr-DsJqP6ipWBs9gbERuD4Px9K1TojbS4w-rpk1Ubt1JRFH4BdlneybGKWWUE_QG_rY3FvKjpE1oW5B5iK_w7Yru1a1zLWQkYQWPGwXTV6-8gzrqOd3hIyD8nDlLUlcFC-nCd-zwzgVrKO6iuOvGQtEwt8gH4y7B-spxQ-ppbo16wzeIc9ihw&v=1&imprintMessageId=d23772c5-50c0-4b46-9dab-a9cceabc7beb&c=E,1,_6ofPl04BGcoitM6SMrzQWgc6RGbUqFmiAHaAvVw_ykmG0oebzneVJtiF4VDxJlfmYJqjpr_Qz4AJrpvM2H_2STbWUiXhoiC6PdNURkMn-e5&typo=1Get hashmaliciousHtmlDropperBrowse
                                • 195.181.175.41
                                https://cle.soundestlink.com/ce/c/67af4e08a90b85f6c51e3649/67af4e37c622ca8b13b0643e/67af4e500930257798ab6691?signature=6622e2772a21e189f04bbff6dbd8020cb3c1977d0aa04e3285c329f387017382Get hashmaliciousUnknownBrowse
                                • 169.150.255.184
                                https://cle.soundestlink.com/ce/c/67af4e08a90b85f6c51e3649/67af4e37c622ca8b13b0643e/67af4e500930257798ab6691?signature=6622e2772a21e189f04bbff6dbd8020cb3c1977d0aa04e3285c329f387017382Get hashmaliciousUnknownBrowse
                                • 169.150.255.180
                                https://www.google.com/url?q=https%3A%2F%2Fus.content.exclaimer.net%2F%3Furl%3Dhttps%253A%252F%252F3x20r.r.sp1-brevo.net%252Fmk%252Fcl%252Ff%252Fsh%252F1t6Af4OiGsE8LW2I0PUT7QXsMWGieI%252F-xw8La-ebgZX%26tenantid%3Dky73_-4KEe-QywAiSCk5gQ%26templateid%3De201feacc3efef1190cb002248293981%26excomponentid%3DnFEX-f7jNWeTfOzn2CEZDBNyzTqFqptsBHQZrvkNPgE%26excomponenttype%3DLink%26signature%3DiM2LfAlPpPRmP0prRCJs6TAFoQMLZnqULNwSXA_47D1HdEQJ8-sfJfdWSvX6gPAMgqrVzm2Cy_xwedsxqBT0yYKa96o8saBFp4BFBzLpFiUVWx4ongob_w6SSCcP3UjkYYmXWt77SKYYzQQ67Ep1OhLigx87PnA_L4nyIL_Yt39daiJK-uGZtZXFyORM_HFANryMO_BfrldLb5pqd7gnCBJm5v3X82mo50ET4PICEJ9P-7e9fp1iy1BZGbF_g_vJXQVtDlF_V3Uods5Nfdv8AZoFgH5AskFS8J7ItPXscy7BZFpt6b_ye4vXfEU5uxVdPdjDe2fDLHRg16tpYtNoww%26v%3D1%26imprintMessageId%3D4a68531e-ad34-4aad-a29b-5bf493c5ec36&sa=D&sntz=1&usg=AOvVaw0yDfPTMkSG67FTLe5horH_Get hashmaliciousUnknownBrowse
                                • 169.150.255.183
                                e8652.dscx.akamaiedge.netemail.emlGet hashmaliciousUnknownBrowse
                                • 23.197.253.105
                                Petroleum Systems Services Corporation WAV Caller.pdfGet hashmaliciousHTMLPhisherBrowse
                                • 23.216.136.238
                                7ivgZ6j7.pdfGet hashmaliciousUnknownBrowse
                                • 23.46.224.249
                                Hess Vioce Message.pdfGet hashmaliciousUnknownBrowse
                                • 23.216.136.238
                                ATT02683-1.pdfGet hashmaliciousUnknownBrowse
                                • 23.216.136.238
                                phish_alert_sp2_2.0.0.0.emlGet hashmaliciousUnknownBrowse
                                • 23.197.253.105
                                https://www.transfernow.net/en/bld?utm_source=20250321oYBy7zgbGet hashmaliciousHTMLPhisherBrowse
                                • 23.216.136.238
                                https://app.eraser.io/workspace/ISn1eLCg7dzDBCScfS1e?origin=shareGet hashmaliciousUnknownBrowse
                                • 23.216.136.238
                                345778.pdfGet hashmaliciousHTMLPhisherBrowse
                                • 23.216.136.238
                                MetroHealthNow.com.pdfGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                • 23.216.136.238

                                ASNs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                DRAVANET-ASHUhttps://luckyvybz.top/bonus/com-de-0912/global-bb.php?c=4gzk0c3pz5kz2&k=4500f9583a2e0b6101ea28c483a17e13&1743351160country_code=DE&carrier=-&country_name=Germany&region=Schleswig-Holstein&city=Bargteheide&isp=Vereinigte%20Stadtwerke%20Media%20GmbH&lang=de&os=&osv=&browser=Chrome&browserv=134&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768&e=5Get hashmaliciousUnknownBrowse
                                • 109.61.91.230
                                k03ldc.ppc.elfGet hashmaliciousUnknownBrowse
                                • 109.61.16.1
                                RuntimeBroker.exeGet hashmaliciousXWormBrowse
                                • 109.61.108.172
                                https://aoocezieaoocezie.myfreshworks.com/invite/dc31162a-1c0b-4de0-9bee-658f89e887a0Get hashmaliciousHTMLPhisherBrowse
                                • 109.61.86.70
                                finding3-26-25.zipGet hashmaliciousUnknownBrowse
                                • 109.61.91.230
                                cbr.m68k.elfGet hashmaliciousMiraiBrowse
                                • 77.221.51.234
                                x86_64.elfGet hashmaliciousMirai, MoobotBrowse
                                • 109.61.16.3
                                armv7l.elfGet hashmaliciousUnknownBrowse
                                • 109.61.88.172
                                armv5l.elfGet hashmaliciousUnknownBrowse
                                • 109.61.91.231
                                armv4l.elfGet hashmaliciousUnknownBrowse
                                • 109.61.88.187
                                UNIFIEDLAYER-AS-1USMICWLeJAhJyHGJg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                • 69.49.232.23
                                http://6571564315.sbsGet hashmaliciousUnknownBrowse
                                • 69.49.230.198
                                https://get-razzed.online/krcGet hashmaliciousHTMLPhisherBrowse
                                • 69.49.230.170
                                RE0987656780000.bat.exeGet hashmaliciousAgentTeslaBrowse
                                • 162.241.62.63
                                NDhcNzYq860Q9EI.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                • 69.49.232.23
                                CONCLUSION_519886047_5860889964485988.pdfGet hashmaliciousUnknownBrowse
                                • 50.6.3.64
                                RCY-ENG-SPA-44-25-SPARES.xlsx.bat.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                • 50.87.144.157
                                20253103-173812.pdf.bat.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                • 50.87.144.157
                                http://pluralism.themancav.comGet hashmaliciousUnknownBrowse
                                • 162.241.252.155
                                http://pluralism.themancav.comGet hashmaliciousUnknownBrowse
                                • 162.241.252.155
                                DRAVANET-ASHUhttps://luckyvybz.top/bonus/com-de-0912/global-bb.php?c=4gzk0c3pz5kz2&k=4500f9583a2e0b6101ea28c483a17e13&1743351160country_code=DE&carrier=-&country_name=Germany&region=Schleswig-Holstein&city=Bargteheide&isp=Vereinigte%20Stadtwerke%20Media%20GmbH&lang=de&os=&osv=&browser=Chrome&browserv=134&brand=Desktop&model=Desktop&marketing_name=Desktop&tablet=4&rheight=768&rwidth=768&e=5Get hashmaliciousUnknownBrowse
                                • 109.61.91.230
                                k03ldc.ppc.elfGet hashmaliciousUnknownBrowse
                                • 109.61.16.1
                                RuntimeBroker.exeGet hashmaliciousXWormBrowse
                                • 109.61.108.172
                                https://aoocezieaoocezie.myfreshworks.com/invite/dc31162a-1c0b-4de0-9bee-658f89e887a0Get hashmaliciousHTMLPhisherBrowse
                                • 109.61.86.70
                                finding3-26-25.zipGet hashmaliciousUnknownBrowse
                                • 109.61.91.230
                                cbr.m68k.elfGet hashmaliciousMiraiBrowse
                                • 77.221.51.234
                                x86_64.elfGet hashmaliciousMirai, MoobotBrowse
                                • 109.61.16.3
                                armv7l.elfGet hashmaliciousUnknownBrowse
                                • 109.61.88.172
                                armv5l.elfGet hashmaliciousUnknownBrowse
                                • 109.61.91.231
                                armv4l.elfGet hashmaliciousUnknownBrowse
                                • 109.61.88.187
                                CCCH-3USPetroleum Systems Services Corporation WAV Caller.pdfGet hashmaliciousHTMLPhisherBrowse
                                • 23.216.136.238
                                Hess Vioce Message.pdfGet hashmaliciousUnknownBrowse
                                • 23.216.136.238
                                ATT02683-1.pdfGet hashmaliciousUnknownBrowse
                                • 23.216.136.238
                                https://www.transfernow.net/en/bld?utm_source=20250321oYBy7zgbGet hashmaliciousHTMLPhisherBrowse
                                • 23.216.136.238
                                https://app.eraser.io/workspace/ISn1eLCg7dzDBCScfS1e?origin=shareGet hashmaliciousUnknownBrowse
                                • 23.216.136.238
                                345778.pdfGet hashmaliciousHTMLPhisherBrowse
                                • 23.216.136.238
                                MetroHealthNow.com.pdfGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                • 23.216.136.238
                                windscribe.msiGet hashmaliciousUnknownBrowse
                                • 23.216.136.238
                                forceGB.exeGet hashmaliciousUnknownBrowse
                                • 23.216.136.238
                                Tax_Docu.docx pif.exeGet hashmaliciousUnknownBrowse
                                • 23.216.136.238

                                JA3 Fingerprints

                                No context

                                Dropped Files

                                No context

                                Created / dropped Files

                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):292
                                Entropy (8bit):5.233817996957776
                                Encrypted:false
                                SSDEEP:6:iOEqRp1jL+q2Pwkn2nKuAl9OmbnIFUtqqREq1ZmwAqRE8LVkwOwkn2nKuAl9Omb5:79TjyvYfHAahFUtzx/5tR5JfHAaSJ
                                MD5:A00B2F230F781E6612A28E0ADF887286
                                SHA1:D65DD53BEB2BEC453839B8291A65E53F06EC0803
                                SHA-256:319DA998F49F851EE6B6E93A1A6437FC0CFC679AED3E084845E268D2CD56F15A
                                SHA-512:55F29498225DDF3C99033DD6BD9603AA33B10473746432FD0F7E799116A337FEC02E3E058AF43224E52B4C044A031B588864B1095D6D9393466F724709D293DD
                                Malicious:false
                                Reputation:low
                                Preview:2025/03/31-09:15:42.817 1f18 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/03/31-09:15:42.820 1f18 Recovering log #3.2025/03/31-09:15:42.820 1f18 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):292
                                Entropy (8bit):5.233817996957776
                                Encrypted:false
                                SSDEEP:6:iOEqRp1jL+q2Pwkn2nKuAl9OmbnIFUtqqREq1ZmwAqRE8LVkwOwkn2nKuAl9Omb5:79TjyvYfHAahFUtzx/5tR5JfHAaSJ
                                MD5:A00B2F230F781E6612A28E0ADF887286
                                SHA1:D65DD53BEB2BEC453839B8291A65E53F06EC0803
                                SHA-256:319DA998F49F851EE6B6E93A1A6437FC0CFC679AED3E084845E268D2CD56F15A
                                SHA-512:55F29498225DDF3C99033DD6BD9603AA33B10473746432FD0F7E799116A337FEC02E3E058AF43224E52B4C044A031B588864B1095D6D9393466F724709D293DD
                                Malicious:false
                                Reputation:low
                                Preview:2025/03/31-09:15:42.817 1f18 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/03/31-09:15:42.820 1f18 Recovering log #3.2025/03/31-09:15:42.820 1f18 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):336
                                Entropy (8bit):5.186640827856586
                                Encrypted:false
                                SSDEEP:6:iOEqR1COq2Pwkn2nKuAl9Ombzo2jMGIFUtqqREZmwAqRkkwOwkn2nKuAl9Ombzos:79lvYfHAa8uFUtzE/5k5JfHAa8RJ
                                MD5:648B9F7AEB9F57B9ECEAAF14844F9694
                                SHA1:71405D8538C80B3DBDDE7B2A25035AF333FF48A1
                                SHA-256:66123085E6A8437585A35CDE9247C8C9D0E351BF29ACAE63AFF7837E44A261E6
                                SHA-512:06CE465B4335F8E8236350FBEB91133B3092A5860CE4218D613DEE70ECBAA58F8A8FB1CC1E7C17282E8D418AB0567028C1584A312F897AC567E9E36119D0F60D
                                Malicious:false
                                Reputation:low
                                Preview:2025/03/31-09:15:42.713 1fc0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/03/31-09:15:42.722 1fc0 Recovering log #3.2025/03/31-09:15:42.722 1fc0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):336
                                Entropy (8bit):5.186640827856586
                                Encrypted:false
                                SSDEEP:6:iOEqR1COq2Pwkn2nKuAl9Ombzo2jMGIFUtqqREZmwAqRkkwOwkn2nKuAl9Ombzos:79lvYfHAa8uFUtzE/5k5JfHAa8RJ
                                MD5:648B9F7AEB9F57B9ECEAAF14844F9694
                                SHA1:71405D8538C80B3DBDDE7B2A25035AF333FF48A1
                                SHA-256:66123085E6A8437585A35CDE9247C8C9D0E351BF29ACAE63AFF7837E44A261E6
                                SHA-512:06CE465B4335F8E8236350FBEB91133B3092A5860CE4218D613DEE70ECBAA58F8A8FB1CC1E7C17282E8D418AB0567028C1584A312F897AC567E9E36119D0F60D
                                Malicious:false
                                Reputation:low
                                Preview:2025/03/31-09:15:42.713 1fc0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/03/31-09:15:42.722 1fc0 Recovering log #3.2025/03/31-09:15:42.722 1fc0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):475
                                Entropy (8bit):4.977815470701912
                                Encrypted:false
                                SSDEEP:12:YH/um3RA8sqvJAxsBdOg2HvPcaq3QYiubInP7E4TX:Y2sRdsypdMHW3QYhbG7n7
                                MD5:1C73B8D131918D78D917AC06CBFEE3DB
                                SHA1:EAFD809469EDD981EEFF4840C40247D646177A82
                                SHA-256:26982A2ED3733E588E1537105628CDF41CF08D0813E451E699F66C13052DB248
                                SHA-512:8AEA77BBD2E8EE93181413345CE82C016043F3A6FF89E2E5F4811E1FB5D400F243CA2A65773CDA829BB7A0E4CF8E075C7D865E01A867222B9541C94C38DDF7A8
                                Malicious:false
                                Reputation:low
                                Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13387986958706772","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":106644},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\ad003e70-9b02-4fb6-8144-6a13cd5454e2.tmp

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:JSON data
                                Category:modified
                                Size (bytes):475
                                Entropy (8bit):4.977815470701912
                                Encrypted:false
                                SSDEEP:12:YH/um3RA8sqvJAxsBdOg2HvPcaq3QYiubInP7E4TX:Y2sRdsypdMHW3QYhbG7n7
                                MD5:1C73B8D131918D78D917AC06CBFEE3DB
                                SHA1:EAFD809469EDD981EEFF4840C40247D646177A82
                                SHA-256:26982A2ED3733E588E1537105628CDF41CF08D0813E451E699F66C13052DB248
                                SHA-512:8AEA77BBD2E8EE93181413345CE82C016043F3A6FF89E2E5F4811E1FB5D400F243CA2A65773CDA829BB7A0E4CF8E075C7D865E01A867222B9541C94C38DDF7A8
                                Malicious:false
                                Reputation:low
                                Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13387986958706772","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":106644},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):4730
                                Entropy (8bit):5.250236277265831
                                Encrypted:false
                                SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7df6DjOZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goD
                                MD5:59CF2B88A386899925B1312DD5000164
                                SHA1:AD521161DEF24A1B470ACFAC8C82E6BC7D6C338B
                                SHA-256:14A5594BF0BF9CF24060E33673FF018D9DAA17F870C4FCC165C20C4284C919FE
                                SHA-512:5F5EA1F33028D77A196215E67352C258E9F7A3FE9695000E4B76D17DCFD56452E39F893C30B11DBEB86455B17200241A280396AB38FC4B4AB7F1B311987B41A2
                                Malicious:false
                                Reputation:low
                                Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):324
                                Entropy (8bit):5.205365051543911
                                Encrypted:false
                                SSDEEP:6:iOEqRpOq2Pwkn2nKuAl9OmbzNMxIFUtqqRwOZmwAqR4kwOwkn2nKuAl9OmbzNMFd:79EvYfHAa8jFUtzj/545JfHAa84J
                                MD5:4B8C130BDFDF6F02AD2639655B8901DB
                                SHA1:286910F0A5C80174C4BF7B6DAB5007C44704E9ED
                                SHA-256:A3F4DF74C33C141B27CC377F8946CA9EE99AF789CB09DDDC5209996AF5F2BA50
                                SHA-512:228FBC95809F728F2EB1AA9174E36A74EC92F0526E851523185B9407972656DD6A971BDCD1D037FC4482F882728F44BAA3832A52E463F12023DE6C15BCA6A721
                                Malicious:false
                                Preview:2025/03/31-09:15:42.897 1fc0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/03/31-09:15:42.907 1fc0 Recovering log #3.2025/03/31-09:15:42.911 1fc0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):324
                                Entropy (8bit):5.205365051543911
                                Encrypted:false
                                SSDEEP:6:iOEqRpOq2Pwkn2nKuAl9OmbzNMxIFUtqqRwOZmwAqR4kwOwkn2nKuAl9OmbzNMFd:79EvYfHAa8jFUtzj/545JfHAa84J
                                MD5:4B8C130BDFDF6F02AD2639655B8901DB
                                SHA1:286910F0A5C80174C4BF7B6DAB5007C44704E9ED
                                SHA-256:A3F4DF74C33C141B27CC377F8946CA9EE99AF789CB09DDDC5209996AF5F2BA50
                                SHA-512:228FBC95809F728F2EB1AA9174E36A74EC92F0526E851523185B9407972656DD6A971BDCD1D037FC4482F882728F44BAA3832A52E463F12023DE6C15BCA6A721
                                Malicious:false
                                Preview:2025/03/31-09:15:42.897 1fc0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/03/31-09:15:42.907 1fc0 Recovering log #3.2025/03/31-09:15:42.911 1fc0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250331131558Z-546.bmp

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
                                Category:dropped
                                Size (bytes):71190
                                Entropy (8bit):1.6613052549035607
                                Encrypted:false
                                SSDEEP:96:38pjLKen85B1xSt3MZDMzeUFaU5FYnFLW6sfK2aHMMMMjMMMMr2nYAWBEMMFDMhm:38pjuu7FaU5eW6sfKdZA
                                MD5:69FDA627C8854816924B6F66C639E1E3
                                SHA1:32FF9BF5A1A91F1DA4CEBEE146225B12DF875975
                                SHA-256:C72EAF036563CB1F6767F75B5756E48AE1E78B6D31B89A56BBE7D18C5A3FAF5F
                                SHA-512:8C5E136933843C48D0ECC119B08B85A4D936A87437907AB7C71C14B47D806D82F47D7D3E0249476414946D4D228CCEB890900D8923832E995C419D3D38C4F49F
                                Malicious:false
                                Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                                Category:dropped
                                Size (bytes):86016
                                Entropy (8bit):4.445091393612202
                                Encrypted:false
                                SSDEEP:384:yezci5tuiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rBs3OazzU89UTTgUL
                                MD5:6B73E0AD5F9D36A3E34DA3ECB5AEA807
                                SHA1:90CA91BD833C88836714F7FF78CA99FE1B2BBC2A
                                SHA-256:80832DA922313D7542F8D6C6322BDEC587BD6C8B505DF38CA1A330DAAAC97165
                                SHA-512:F8B5064AD876B4A03FF9677E4D2E029528087198EF84AC7FD59804AC9E961BCEFF2D94D01BFD5FAD80E6C071BE96847011A13EA650682D536B6B4CFD66F5F8ED
                                Malicious:false
                                Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:SQLite Rollback Journal
                                Category:dropped
                                Size (bytes):8720
                                Entropy (8bit):3.774201198501125
                                Encrypted:false
                                SSDEEP:48:7MSp/E2ioyVPioy9oWoy1Cwoy1TKOioy1noy1AYoy1Wioy1hioybioyLoy1noy1H:7xpjuPFCXKQ+Ub9IVXEBodRBkm
                                MD5:CF7B6FCDA94473C19EF94D4B1DA1CABF
                                SHA1:7D63014884D9475598EFE22198D3F2A082DE2B7E
                                SHA-256:02F32C18F705BD3DAF39456F77A450CCC0A44CEAC73372DDA07504C176BC9A49
                                SHA-512:2381402362FA15711FE023E0162566B0901076009E5B393E552F40D366DFA25C35A651C53FA79491686193DC0C2A4ED82AEF46D067B90FE170FA968C6698CAE2
                                Malicious:false
                                Preview:.... .c......D)................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:Certificate, Version=3
                                Category:dropped
                                Size (bytes):1391
                                Entropy (8bit):7.705940075877404
                                Encrypted:false
                                SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                                MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                Malicious:false
                                Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 73305 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                Category:dropped
                                Size (bytes):73305
                                Entropy (8bit):7.996028107841645
                                Encrypted:true
                                SSDEEP:1536:krha8mqJ7v3CeFMz/akys7nSTK7QMuK+C/Oh5:kAOFq+Mba9Ok7C/O/
                                MD5:83142242E97B8953C386F988AA694E4A
                                SHA1:833ED12FC15B356136DCDD27C61A50F59C5C7D50
                                SHA-256:D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755
                                SHA-512:BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10
                                Malicious:false
                                Preview:MSCF....Y.......,...................I.................;Za. .authroot.stl.98.?.6..CK..<Tk......4..c... .Ec...U.d.d.E&I.DH*..M.KB."..rK.RQ*..}f..f...}..1....9...........$.8q..fa...7.o.1.0...bfsM4.........u..l..0..4.a.t....0.....6#....n. :... ....%.,CQ5uU..(.3.<7#.0..JN.$...=j|w..*.#.oU..Eq[..P..^..~.V...;..m...I|...l..@-W..=.QQ.._./.M.nZ..(.........`.$Z.9wW:W.]..8*E.......I.D{..n...K:.m..^.(.S.......c..s.y..<...2.%o.o.....H.B.R.....11.|!.(...........h.SZ........<...^....Z>.Pp?... .pT@p.#.&..........#VEV=.....p........y..."T=l.n..egf.w..X.Y..-G...........KQ.]...pM..[m..-6.wd:........T...:.P5Zs....c.oT`..F1#......EuD.......7....V ..-....!.N..%S...k...S. ...@.J..../..b!B.(=\../.l......`.\...q9..>4!b..8EH.....zdy.....#...X>%0w...i.,>c.z.g"p.S..2W.+mMs.....5Def.....#._D.4....>}...i...\.&`D.......z;..ZY.3.+t.`....z_.q'w.z.)..j3.+.co.s..:.........qK...{...E....uPO...#vs.XxH.B!..(t. 8k+.....G\..?..GF8....'..w.>.ms..\ve.nFN..W)....xi..u..5.f.l....

                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):192
                                Entropy (8bit):2.764745823915414
                                Encrypted:false
                                SSDEEP:3:kkFklGnVHp/XfllXlE/HT8k3s7/XNNX8RolJuRdxLlGB9lQRYwpDdt:kKfnVHp/IT8YszdNMa8RdWBwRd
                                MD5:93857A6150DAD1D019038EAD6940BFA5
                                SHA1:C25AA1699A102EED29C49C7C8683A3FA5DC9B0D9
                                SHA-256:B41596A006404DB6AEAD2294C129569015D7A4677CAC13862C12B3C11D6ABC6A
                                SHA-512:E7D992C070CF6E67C090E8DAD4432A57F37800C703628DD23FEF324184B3CF2D14B5FDF99F75BE37F5A2B2CDEB05AD3E0C9E42761B8192AF3B35F4BC134C8C0D
                                Malicious:false
                                Preview:p...... ........5Bi.?...(....................................................... ..........W....#E..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):330
                                Entropy (8bit):3.1897121670185173
                                Encrypted:false
                                SSDEEP:6:kKJup/emcvSN+SkQlPlEGYRMY9z+4KlDA3RUeqpGVuys1:UGmCkPlE99SNxAhUeq8S
                                MD5:E56AF40073BD6462BCFFD0F82D99EC21
                                SHA1:38A4922204D146C346E638AEE62F150E7BF352EE
                                SHA-256:DC14E85010CB7DC1AAD564BA12578AECC6348E8896610DDB480CB1B8C7D266D2
                                SHA-512:2921CACD17EAA12A0FC1305EDD827AD55533728237AACE1E053AD9BD887B32410038270813286B1231C3932756661045647215272D7B3EF9AFEA6B096A95D1A1
                                Malicious:false
                                Preview:p...... ........V...?...(....................................................... ..................(...........Y...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.4.2.7.f.6.c.2.b.7.8.7.d.b.1.:.0."...

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7764

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:PostScript document text
                                Category:dropped
                                Size (bytes):185099
                                Entropy (8bit):5.182478651346149
                                Encrypted:false
                                SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                                MD5:94185C5850C26B3C6FC24ABC385CDA58
                                SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                                SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                                SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                                Malicious:false
                                Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:PostScript document text
                                Category:dropped
                                Size (bytes):185099
                                Entropy (8bit):5.182478651346149
                                Encrypted:false
                                SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                                MD5:94185C5850C26B3C6FC24ABC385CDA58
                                SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                                SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                                SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                                Malicious:false
                                Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):243196
                                Entropy (8bit):3.3450692389394283
                                Encrypted:false
                                SSDEEP:1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
                                MD5:F5567C4FF4AB049B696D3BE0DD72A793
                                SHA1:EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
                                SHA-256:D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
                                SHA-512:E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
                                Malicious:false
                                Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):295
                                Entropy (8bit):5.355921504061519
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HXHNk3QwHJdVoZcg1vRcR0YCUoAvJM3g98kUwPeUkwRe9:YvXKX4xHJkZc0vVnGMbLUkee9
                                MD5:1DCF5534753F7DD793CD35343DDE0163
                                SHA1:7CC49C7988653FD1A91184D45BB7F5CD899607F3
                                SHA-256:10C1ACF8F9F65FF655AA6A381AD96EA2527819BA6C0DA213F962EEDF2C70EE60
                                SHA-512:A1C6F95F8EEF20687652BFA0C06D7634FE8F2FA53ADC87D486AD0DAEFC396AA0FDE511EF30C4E6F4D644A4ABEA5FD440E5341F69A9698A105183C0DC8F8961A6
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"06a93f72-55b5-45c2-a614-7afaabc0d1fb","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743606105850,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):294
                                Entropy (8bit):5.3055229318399855
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HXHNk3QwHJdVoZcg1vRcR0YCUoAvJfBoTfXpnrPeUkwRe9:YvXKX4xHJkZc0vVnGWTfXcUkee9
                                MD5:A905ACE1498989D3FBCB7E7EDC73E111
                                SHA1:054BA10AF353437811FD30C49794CDE80CFE3B46
                                SHA-256:06EAC9095F863B5E41F8ECE0D668C19CD82C5BEA23AD5DB48D27A0CEFC220E92
                                SHA-512:235DAA77716443C95E6F492D57B5B8EFAF59FD5D34174A70B0352483F92459CB340E3DB7D19D5E206C7A48D7E7ED1B0FB71A566F0C92B7C1057897F559A69E8B
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"06a93f72-55b5-45c2-a614-7afaabc0d1fb","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743606105850,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):294
                                Entropy (8bit):5.283475531839345
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HXHNk3QwHJdVoZcg1vRcR0YCUoAvJfBD2G6UpnrPeUkwRe9:YvXKX4xHJkZc0vVnGR22cUkee9
                                MD5:F96366DE991817B6AFCFA2DF21482DCD
                                SHA1:9D82639BB04BDE9040DE53EFD335D7E769A9C0AF
                                SHA-256:8EFC29923E9206A0C259DD4C894A737073497FBD7536E8AE28254E46A191BADF
                                SHA-512:89F215E394BB373D6324CD493DFCABF8D2449A21CA0248A98FA339C9F3B360F3DF1BE3C7526E8E1B3FC0CE658801D9B29436CA8B84679C9A4B097242B6D86811
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"06a93f72-55b5-45c2-a614-7afaabc0d1fb","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743606105850,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):285
                                Entropy (8bit):5.342670891581041
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HXHNk3QwHJdVoZcg1vRcR0YCUoAvJfPmwrPeUkwRe9:YvXKX4xHJkZc0vVnGH56Ukee9
                                MD5:54D64363161D35109B253FE7BDD4A07C
                                SHA1:29FC609BDC73A0E68826A0B9FB3FAEABAC04C6B9
                                SHA-256:7D9B806D326BC2E4F0078508600C9F4882D39C9ACDE09AC653B0BE651605362A
                                SHA-512:B5F0E08758E760DFB478E5129C6F7DD0182D9F5C42B5A8C172DB9A4EC59BBC0ABD19B87B1CC3A4BBEF77D5AF2CE5CFAAAC651A514024FF2549B11016715B0E47
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"06a93f72-55b5-45c2-a614-7afaabc0d1fb","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743606105850,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):2129
                                Entropy (8bit):5.840491043269893
                                Encrypted:false
                                SSDEEP:48:Yv7JsShgly48Y/TWCjiOumNcXwKOpkUon:G7zgA45/TfZumcOsn
                                MD5:586CCAB0AC69C2DA05D915D5B3DA7D82
                                SHA1:2669F8E0075896522EA28DA32D1C3B7BE778992B
                                SHA-256:39DF29E1524B795C652D61327F0A84424B8DF0E34665A11FE99340215FC98C47
                                SHA-512:82BC02BFC4179A25C69B57F4A318837C92EED555D25BCE96EB9C2BA03A69316A4749F622D9287E94FE485F4220FF074465EA67D8A2AF44126C5836B2417FF7FB
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"06a93f72-55b5-45c2-a614-7afaabc0d1fb","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743606105850,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_1","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"5a9d1955-ab74-4b89-837a-074b702313c0","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2NvbnZlcnQiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRXhwb3J0IFBERnMgdG8gTWljcm9zb2Z0IFdvcmQgYW5kIEV4Y2VsLiIsImN0YUxhYmVsIjpudWxsLCJjdGFCZWhhdmlvciI6bnVsbCwiY3RhVXJsIjpudWxsLCJjdGFVcmxUeXBlIjpudWxsLC

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):289
                                Entropy (8bit):5.290145005780161
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HXHNk3QwHJdVoZcg1vRcR0YCUoAvJf8dPeUkwRe9:YvXKX4xHJkZc0vVnGU8Ukee9
                                MD5:6023C110A1FCE17E5C87D27C15357BC2
                                SHA1:5ECAA39DD4AAC3AF345C011861DE156BB4B592E4
                                SHA-256:CF21752681728BD39E4A820B98F7BF2B360077F241ACF4FBE7D5A72F67AF2DF4
                                SHA-512:33AD17297B91C4DD661D51C783B1CA2907B0C634BBA570072A2B496C1082647E46B27ADF06C8575331A60B73E3A2684E1331D5962BD4FF76AEB269C255CA2A50
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"06a93f72-55b5-45c2-a614-7afaabc0d1fb","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743606105850,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):292
                                Entropy (8bit):5.2955722731940735
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HXHNk3QwHJdVoZcg1vRcR0YCUoAvJfQ1rPeUkwRe9:YvXKX4xHJkZc0vVnGY16Ukee9
                                MD5:D6711B2A193A00122D80AF420B7CB210
                                SHA1:395762909BB7F51E06C7ACBF14C2C3B598A2E62D
                                SHA-256:C88387CB7F281688E7497E84E8650CDEC890A172BC02992149EC66E4C5ED81E5
                                SHA-512:7E7D71C16D33170B7440F765417677AB9F93A2EA05E48D3B00747DBA9F42FC4165DDEEB1B0EAF95F2CC1BE955CB3418160DE15A72D1B66EA190934F529152FD3
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"06a93f72-55b5-45c2-a614-7afaabc0d1fb","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743606105850,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):2080
                                Entropy (8bit):5.8252968581914395
                                Encrypted:false
                                SSDEEP:48:Yv7Js5ogbN48l/GiyLVzyODVHKOkQLcSmjWAon:G77g54Y/IVO48OkQASmgn
                                MD5:B89E171EA2C5B45A2FB47CA649A17E8B
                                SHA1:0503108A2222B0F69651DEBE90A740A931E219BE
                                SHA-256:D4332418409F0BA66FD8C4B02E65966A2BC14835B34C37FA79E5FDCF2E365A74
                                SHA-512:97AAF3B8C14D97B378A12DD9B539A3513783131DAE4EA2225CA9DAF941122DF12CF84B33C857009107586124479F5FDE39DE1D659ED0CBB732D62848011B184D
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"06a93f72-55b5-45c2-a614-7afaabc0d1fb","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743606105850,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_2","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"164bf29d-ee04-491c-adf2-c0bfeedb2d1b","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2VkaXQiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjpudWxsLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJhY2tpbmdJZCI6bnVsbCwiX21ldGFkYXRhIjp7InN0cmluZ01ldGFkYXRhIjp

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):295
                                Entropy (8bit):5.31568431155886
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HXHNk3QwHJdVoZcg1vRcR0YCUoAvJfzdPeUkwRe9:YvXKX4xHJkZc0vVnGb8Ukee9
                                MD5:E59EFA62FC896FE324AD97B55B2884C2
                                SHA1:BC26C1D712D622CAB09223B4F658501EC18D56D6
                                SHA-256:7785CC6BBBEC964820AD382427AB09C54EC89D6FBED608D13AC86A51613218F1
                                SHA-512:E2694E2B1F9F8EAD8BF806581ED2F48BF6509297EF45DACE8AAECF306536D1B162ED116D5D21112AE6A788A52546D1FE1895F4C4F535111D886E7EC0981CDFE6
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"06a93f72-55b5-45c2-a614-7afaabc0d1fb","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743606105850,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):289
                                Entropy (8bit):5.297041709694978
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HXHNk3QwHJdVoZcg1vRcR0YCUoAvJfYdPeUkwRe9:YvXKX4xHJkZc0vVnGg8Ukee9
                                MD5:09446967F70C385FE906491934CBE84F
                                SHA1:F0E775D9FCA2D9905AC1A73DFACCFB2F9D7054C1
                                SHA-256:EB63C9D029D5123223B035FDE3A4A6AD7C182903AF52AB2927CF96256B4C6BEC
                                SHA-512:3225FFA4331A4BF0878E665116F6C4B9C0D95C0702DD1BA502853EA9112724EC60F49CA421BDEC844AC14834971AD0AB02941C8A539E7C817EC30D7377C9EB45
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"06a93f72-55b5-45c2-a614-7afaabc0d1fb","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743606105850,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):284
                                Entropy (8bit):5.282722298409017
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HXHNk3QwHJdVoZcg1vRcR0YCUoAvJf+dPeUkwRe9:YvXKX4xHJkZc0vVnG28Ukee9
                                MD5:4CE62B1D00836B2F4BB09E873F199B0D
                                SHA1:BBF83E146345C0A6D3BA7488074AD20D8C04AF3E
                                SHA-256:B5C11A06817D916E779E5F25E6C612F0061C997FA820ABC81B17B00E4A220168
                                SHA-512:066FF03E8BAEA24C3481BD3C6A5262BD9929260A9AEB0FD6F46F02E38A73EF57C17F05BCC7E890A016D798DAFA611A6FB8B8AD2DBDAF7E2EBEA6DCA37514F6A3
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"06a93f72-55b5-45c2-a614-7afaabc0d1fb","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743606105850,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):291
                                Entropy (8bit):5.280609139260972
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HXHNk3QwHJdVoZcg1vRcR0YCUoAvJfbPtdPeUkwRe9:YvXKX4xHJkZc0vVnGDV8Ukee9
                                MD5:D91DD877FAD6B41047DD311E1ADD6664
                                SHA1:0021D5AE0FEB959BC54AFCE38EF5BA1A285DD642
                                SHA-256:9EEB1E50147278E3F73B77292B865D89AC7E8623B9B3DE695832F5B089A53E14
                                SHA-512:A6A8264D6B71B5B7460FF87DF2A2357394A70B95E6E7E56DAB3AD2996D48421BC09E4D84AB1E1FF00B9837317399B17A23A66684A59047824EAAFB42C8D3270B
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"06a93f72-55b5-45c2-a614-7afaabc0d1fb","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743606105850,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):287
                                Entropy (8bit):5.286059612828944
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HXHNk3QwHJdVoZcg1vRcR0YCUoAvJf21rPeUkwRe9:YvXKX4xHJkZc0vVnG+16Ukee9
                                MD5:26F7ADEB9FB50DB00EBBB26F0D9BD83C
                                SHA1:F6601E1FA66C05092A20A9E12EB913395BF68D98
                                SHA-256:347A61EDF4029A9AC339CD72AEC357A6057114A4A2D490C84D7DCED07309F8BD
                                SHA-512:B457907166227A5E84E73792C5423B38EBFE4C1DC2433D8E93F9670969F9D49772CF4B93205F0B139A139D55F184B9FC532237611E9C60F670F3C4B4EDA1724E
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"06a93f72-55b5-45c2-a614-7afaabc0d1fb","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743606105850,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):2028
                                Entropy (8bit):5.839473629665543
                                Encrypted:false
                                SSDEEP:24:Yv6XaJkzvmamXayLgEdycgNaLcR84bqerISIQ1iyLPZYMWD8W3V1LFnU6QHlOBEz:Yv7JsQBgBG48j/SiyLVWOAlNkUon
                                MD5:7700FE3AC57814CE38CB8C84599CC94C
                                SHA1:0DB0645FB9069B123346C6F36B899E96145AC55F
                                SHA-256:A0A74A75987CF6EE9BA1CDEDF39168F211CA6C3465CBA063D2DF0739E02C8981
                                SHA-512:A04384EE9C520172B4EB19C2A5EE79FB5D61C38C588E67C0863FD970FF08AA484D709814BD019FAFE7CA4621A61142556CDC53055CB52D62596AE7C583CEB35C
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"06a93f72-55b5-45c2-a614-7afaabc0d1fb","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743606105850,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_0","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"339c0ba6-2e61-4622-82f6-f07787d206b8","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL3NpZ24iLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRWFzaWx5IGZpbGwgYW5kIHNpZ24gUERGcy4iLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJhY2tpbmdJZCI6bnVsbCwiX21ldGF

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):286
                                Entropy (8bit):5.26125390852302
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HXHNk3QwHJdVoZcg1vRcR0YCUoAvJfshHHrPeUkwRe9:YvXKX4xHJkZc0vVnGUUUkee9
                                MD5:3BEB68A42427AD70E79F3F255060A4A6
                                SHA1:A7FEEAFB5C3434AF6180C740E365699E38A463CF
                                SHA-256:2359215272E0AC03462416371558E6F3D3EAFF71EEE297A32C53921D27898BDB
                                SHA-512:919AF304CB586FF1DEDDEA5B50F1F1E3EE747D147A6914FBEB092E3A666743D51DF795A3D21EB1390B9779C585B7430D11A15EF3A74EEA6A4E696E0EAA00485C
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"06a93f72-55b5-45c2-a614-7afaabc0d1fb","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743606105850,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):282
                                Entropy (8bit):5.267835958805905
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HXHNk3QwHJdVoZcg1vRcR0YCUoAvJTqgFCrPeUkwRe9:YvXKX4xHJkZc0vVnGTq16Ukee9
                                MD5:32E5D55AEE9098DE026F20047F3A1A37
                                SHA1:54C45CE4B9E2B75292648C790B06776094A2AE7C
                                SHA-256:23EF9441CC117AF0EEBE7CABB305657F3B4ADC06927A5B44ECEB834A1877A003
                                SHA-512:6A53710F805929FBD0DB5B4A1FDBD1E78F09860524C856436376C9385D6536D19B9235A2693BD3F41C7A18F7E6CB38B53996A4F9731EC9A7B71B6E3B9809437E
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"06a93f72-55b5-45c2-a614-7afaabc0d1fb","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743606105850,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):4
                                Entropy (8bit):0.8112781244591328
                                Encrypted:false
                                SSDEEP:3:e:e
                                MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                Malicious:false
                                Preview:....

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):2815
                                Entropy (8bit):5.142190600154406
                                Encrypted:false
                                SSDEEP:24:YpiX1mOa5Ohay/As6DlpBDsPxazLl9FPmKmKzHjYGxj0SdHbIQKa28P2LSdZCwXa:YoX8JQ21bVyc5JbGb3Zr9d
                                MD5:4D2E7C004479A9D7F7481B525B208DBE
                                SHA1:A951BF8B6AE82D0B7ADC22626911B44DA00D6CED
                                SHA-256:2821EC20263402A4628322912822E300158E04B8353ED51EFD56E93F79786D84
                                SHA-512:0DE89B87B63A1422A5214B7422F0E7660FD141FEBE11B034E12B9B3D03B0C26B4803F2957A9502A50D09311E8E8E0D0041F68808523F9211484E1744B408A83E
                                Malicious:false
                                Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"173077f3a8e15ea62a4aa632a79f47c5","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1743426960000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"5a3b5dc42b6b0def7353b577c6641ec8","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":2028,"ts":1743426960000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"180959736e78c154916661b53cc9600d","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":2129,"ts":1743426960000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"3158dad486ccb550d170a39acd1f048d","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":2080,"ts":1743426960000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"1d05035c17d8a705dbacb291c9de6f6b","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1743426960000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"696039b98d241b324eddbc6be5e684f9","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file",

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                                Category:dropped
                                Size (bytes):12288
                                Entropy (8bit):1.1882839400924776
                                Encrypted:false
                                SSDEEP:48:TGufl2GL7msEHUUUUUUUUrvMSvR9H9vxFGiDIAEkGVvpwvy:lNVmswUUUUUUUUrk+FGSIt0q
                                MD5:AAAB02F6CD6C3AA6F0CD92440038D53C
                                SHA1:1D0B4D02F8DD853B5EE6350DAE0D0585B7B05546
                                SHA-256:08D58F299E4A89B162051E61552AD6A216A2B080239307B8DAF9104C5EF50E4B
                                SHA-512:685D8AB2DC486D674C558CDD472A02B59697F29E66B0D05C26AAAA76D39498EB50CCE1CB493F95970F188ECD7D92D98552E32A76D9CB8854B64CBD1E12B8EF44
                                Malicious:false
                                Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:SQLite Rollback Journal
                                Category:dropped
                                Size (bytes):8720
                                Entropy (8bit):1.6065911548999678
                                Encrypted:false
                                SSDEEP:48:7MAKUUUUUUUUUUrvevR9H9vxFGiDIAEkGVvMqFl2GL7msp:7UUUUUUUUUUUrKFGSItSKVmsp
                                MD5:2574005253D03FF40D018C00B6F5B5A5
                                SHA1:ABA12421C8C409A994AFAF76BDFCF3C396A9A71C
                                SHA-256:E7678BA26BE309F74091264414908EE96C6A9122CF489D8AB7704E34BE1E0BC0
                                SHA-512:20B7A18A69504DE88B058853CEF0CCEF1737F8D7097AF4E0565070E00EB6B188192B63DF5D1AAB63DD47053D4307F4464B284B59180261F62A28C9F6E407C40F
                                Malicious:false
                                Preview:.... .c..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\MSIca13f.LOG

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):246
                                Entropy (8bit):3.5309417490522437
                                Encrypted:false
                                SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8fQ+l0A4f9:Qw946cPbiOxDlbYnuRKutm
                                MD5:662330DD0555474FCECD2EEDE2D7CD27
                                SHA1:2BC72C76B79A9D449A30068936B66B3A416A0E3D
                                SHA-256:81812924A851644DB1F5F7968B754C6E51E0A07A50C70BA2375EC3EA7D318F91
                                SHA-512:38D8EEF9C154B565AD1A958046FA7AD6822164106AB4A51183C100B608A435EC3D3F88163EC2B1B6499850D8B1EB6FB9691225225A70FAE11D4A208E071E2A2E
                                Malicious:false
                                Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .3.1./.0.3./.2.0.2.5. . .0.9.:.1.6.:.0.5. .=.=.=.....

                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91ah4ttl_kkdf6n_5zo.tmp

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:PDF document, version 1.6, 0 pages
                                Category:dropped
                                Size (bytes):358
                                Entropy (8bit):5.066113999978261
                                Encrypted:false
                                SSDEEP:6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOQhRD8QW4nRD8QWwCSyAAO:IngVMre9T0HQIDmy9g06JXghRDBW4nRF
                                MD5:401391872AD8366FA075449FC3C0E411
                                SHA1:3F54549F39883715E780F045D1CD0CD444770992
                                SHA-256:0D258E263D15C48922608D18B88FFE245F1BA9C2E55192A3F47868DAE347A764
                                SHA-512:1EC6BAC41207C9B870650ADFEE6CC140CAD2C4C343FBDFB35ADAD10559B30C0182C49E09ACFD0309A7EC0559ABAF7EFA40D19021FE6B93C5E872FB57486A7966
                                Malicious:false
                                Preview:%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<6BAA8F4225B58D4DAD5D47C48E0112BC><6BAA8F4225B58D4DAD5D47C48E0112BC>]>>..startxref..127..%%EOF..

                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-03-31 09-15-46-983.log

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:ASCII text, with very long lines (393)
                                Category:dropped
                                Size (bytes):16525
                                Entropy (8bit):5.345946398610936
                                Encrypted:false
                                SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
                                MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
                                SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
                                SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
                                SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
                                Malicious:false
                                Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                Category:dropped
                                Size (bytes):16603
                                Entropy (8bit):5.3263997544047585
                                Encrypted:false
                                SSDEEP:384:TDfuSSnEprAwpAEUgljR9jw1dq90epD+ocUl1J7dZrPls4t5t4tatXaG+D+DWKoa:fS0LScb/
                                MD5:6E1D7C430D8ED46742A915F2880CBCD1
                                SHA1:C4D82AEECD47F63B9975DE692FA57AF64DA8EC80
                                SHA-256:E81312B6C9921A6C8E8D71EA095AEF3E2AE365F7F681C969C8ED7AF8BD7D2C49
                                SHA-512:3E76D2AE2A1CFA9F9E61D94CFFD37432CE64C3323E4EF15A715CA94A89FB95002F1F39E88B427B064E97C86615B1267F097C62FBE4CFCEC1EF7FFA8A2EA5A2BD
                                Malicious:false
                                Preview:SessionID=e47b8610-da07-4bb7-b940-34ecbc731c73.1743426947004 Timestamp=2025-03-31T09:15:47:004-0400 ThreadID=7392 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=e47b8610-da07-4bb7-b940-34ecbc731c73.1743426947004 Timestamp=2025-03-31T09:15:47:006-0400 ThreadID=7392 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=e47b8610-da07-4bb7-b940-34ecbc731c73.1743426947004 Timestamp=2025-03-31T09:15:47:006-0400 ThreadID=7392 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=e47b8610-da07-4bb7-b940-34ecbc731c73.1743426947004 Timestamp=2025-03-31T09:15:47:006-0400 ThreadID=7392 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=e47b8610-da07-4bb7-b940-34ecbc731c73.1743426947004 Timestamp=2025-03-31T09:15:47:007-0400 ThreadID=7392 Component=ngl-lib_NglAppLib Description="SetConf

                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):29846
                                Entropy (8bit):5.3943427968724595
                                Encrypted:false
                                SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rY:U
                                MD5:44D6B84EF945D43C431C35FC1A91F03A
                                SHA1:0CE6BB76E1BBFDF143FCC50DE7A6DD22DCD7CB4D
                                SHA-256:3387D1904408B223C4E0327F77200F60B2EDBB23C59F36DAA0BB1259370DCF05
                                SHA-512:2656AF50DD3F70687C576AB331322F8F6ADECF24DC2D5D7DBECE42FD23ECA8A0357C9A757B2D8B7ADDBFD4C566179C99D1D0A19C3DA0EFBF909B854506F8E518
                                Malicious:false
                                Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

                                C:\Users\user\AppData\Local\Temp\acrocef_low\00582619-df82-4e3d-91a0-c0b2720cad43.tmp

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                Category:dropped
                                Size (bytes):1407294
                                Entropy (8bit):7.97605879016224
                                Encrypted:false
                                SSDEEP:24576:ZW7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07tOWLaGZ4ZwYIGNPS:FB3mlind9i4ufFXpAXkrfUs0kWLaGZ48
                                MD5:D58FF3E3BA99497C04986602B5B2ED1F
                                SHA1:61C83E8AFCCD7341DE4A1EE99069114A02B37727
                                SHA-256:F218384432EADD167E8829F4701E6322A934F70DC5E86BE15FBB0E13FE46F373
                                SHA-512:104D1B849E5E9043150C44FB543929D6A6EF8391D302D04F75CF9DB2F81C0A6E40FA8C77CDB6798CD1257C9CD0A11D63531464BE790B0A4E64301FD7384A5A0D
                                Malicious:false
                                Preview:...........]..8.}. .)."{g.-.}plw.A........,..Y.tI.g.....)Q.H..'p#p`.U.S.H.)....e....a.><..w.....Dw..9.0Y~.......1.._......j.....Oh.q.\,....tn.....w..i.f..?A../.h.D..........n^......M..w......C....!..4.........w4q..F.1I.!A....(.........TN..'8...Q.........^...za..0Hm/.....{.....\....' ..1..0.qzD........'Y...... .m..8Bh... ...4...z..}.9..Lqp..M \Xe......Q..0..+C.B.4Ijm...o..co..q.d.~.8...\/.4.]....8...1.].D....K.|...hp\..... .ch.....\.g..Qpf.{N....n<......'.....KS(.k..$Q.R...6..'.....7.!....{.....b....C.v~...x...FO^..O.d.>'>...........&.. ..WR...6...^.D..A...d1|..F.g..g;.\...m..V..0..le.......4J..p.(..l'.....n_........n.0..P...Y.KJ.S.B.><.\C.}..~....,..k..V....XI#w..B..Q.B...t..\.lB;&!.n.(._=..>...+..a.......N.X{.{..ly.$V......@..E.....R.j.x[..V.....Ij.....mQ....-D....U1..J...F+.%...6.g.T.....X....(...w...8a..\1..^z.6...@R....l.i.A..,.......o..~^bM.E..qW^?.......!..)u.(&*.v....."c.H..Pp..uy...DP8.m3.:T..U=............0-~.B..w...D..'

                                C:\Users\user\AppData\Local\Temp\acrocef_low\81c2bc61-48db-4fb3-8bf4-0f77f53e4956.tmp

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 921996
                                Category:dropped
                                Size (bytes):386528
                                Entropy (8bit):7.9736851559892425
                                Encrypted:false
                                SSDEEP:6144:rBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOFjNOX1Lj3vfE4JvWTlP:r+Tegs661ybxrr/IxkB1mabFhOXZ/fEh
                                MD5:C14EBC9A03804BAB863F67F539F142C6
                                SHA1:FD44F63771819778149B24DD4B073940F5D95BFA
                                SHA-256:A495629FA5E71EE50BB96F9C4CAEAC46E8B44BFC3F910A073348258F63DFAFCE
                                SHA-512:8ED832A54A3925914E3BCFC96A3ABFF63A511ADAC79A869AD1569BB175CC1AF84E6C2BD20FA2187A5C3B733625EDE5D95C2172B24ED2F252835689F6D4A0F5A2
                                Malicious:false
                                Preview:...........[l\[.......p.a$..$.K...&%J.J...Wuo..dI.vk4.E..P.u..(.....1.I....A...............0.....$ctg.H.'....@.Zk...~.s.A]M.A..:g?.^{...cjL...X..#.Q{......z...m...K.U]-..^V.........@..P...U.R..z.......?......]nG..O{..n........y...v7...~C#..O.z...:...H&..6M;........c..#.y4u.~6.?...V?.%?SW.....K...[..`N.i.1..:..@?i.Q..O...`.....m.!y.{...?=.. .....Zk......%.6......o<.....yA}......no......u,.....U...a.......[S.n..`.....:...1......X..u.u...`..B=.&M.y..s.....}.i..l.'u]. ...6.s`....zdN.F.>;.d%D..}3..b..~..k.......,hl.j..._...F..p.z..o...C..,.Ss.u.Xd..a.Y.{.p...?.k..t,&..'...........^.f.hg....y..Y...i..m....<..^......yK.......;.5...E...K..Q.;k..|;..B.{m..eS..>b..>...6...wmC.i.....wv..k..{..X...RB.P..?w......1l.H..{{.`g.P.8.Z..v_.G.....f.%+z.....p.P..u}.T.....~r]..W7..._..c.k.....@....y.K...uOSj........^....B..]..~{..;...c....r.J.m.S.}.....k....u*^...5./...{......3.I.p.t...V..........W-..|.K.N.....n.........Bl...#)..;..4.x.....'....A....x..

                                C:\Users\user\AppData\Local\Temp\acrocef_low\9fb89bd8-0ad8-4321-8ef9-a48fd282c105.tmp

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 130076
                                Category:dropped
                                Size (bytes):684206
                                Entropy (8bit):7.978753154520273
                                Encrypted:false
                                SSDEEP:12288:6EZJ6ZsYxeoJF4vNamTkdaMm6keS7uK33MADA8qZEjopsGZwe7:6ELYIGNPn9WL07oBGZf7
                                MD5:6E3111799D0BB59FA5BC56DEC2E4BE15
                                SHA1:27724D30A896AB17EB26E14E135D2EEB8E808881
                                SHA-256:AC856503E8000B6CA71D732C84EB667EB602B29F1FA5FFB2ADA0093DAF7CF61D
                                SHA-512:9DD6B98F4453A40335419968E0AC554949717D90A267247AE22903B32278C58657E3850D253F7CA7997D5258EA497D6034BA94989EACA4B0C9223DB29352EF9E
                                Malicious:false
                                Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                C:\Users\user\AppData\Local\Temp\acrocef_low\deb0aacf-9dfc-4863-bec2-9ef0eca077d5.tmp

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                Category:dropped
                                Size (bytes):758601
                                Entropy (8bit):7.98639316555857
                                Encrypted:false
                                SSDEEP:12288:ONh3PhTJJJJv+9UZP5+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEas:O3PJJJJJm94kegf121YS8lkipdjMMNBn
                                MD5:0FD93E20C1612CF7CCA0771CD40D762F
                                SHA1:696E5156CF167B4CF06FF0D5DF3B5D46FABDBD77
                                SHA-256:9CA209D9F3FEF3163FA292A2523DFFB0CE40E2E1067F4E4502A3B9DC8263B56A
                                SHA-512:4CD9E26DE55F15209FD93F553965596986144C4B9A5301FFA8A067492DDB2E19DB2CE1B35F33BED0883705972151F058E6AAD5A143AD1BC0735D94B056BA6B58
                                Malicious:false
                                Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                Chrome Cache Entry: 172

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:HTML document, ASCII text, with very long lines (57582)
                                Category:downloaded
                                Size (bytes):61677
                                Entropy (8bit):6.1226646368429805
                                Encrypted:false
                                SSDEEP:1536:qJ4inW7WtgOWHQ9uIigRpDx+vWUq/t4md+GHMF7fTs:q07WWw9WMx+N6dHHMG
                                MD5:A09AD0565C677439CDC90D6679EFDC39
                                SHA1:2F5200C0AFB7F001763C484096A9A5263308911E
                                SHA-256:F9ECDEC0AEE8513978E121A389436F6EAA037A7844B5B4E4AC4AA67052DC6DA3
                                SHA-512:6E8713D7DF4314589F4716DB151572F9AD088D9984DA026C32C773216FB06DB830BCC75753D1249C49E74C220DF8544F4A0C37552FEC9E8482500E7BF8D6D8CE
                                Malicious:false
                                URL:https://redcon1entertainment.com/jjsaecea
                                Preview:<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1"><meta name="robots" content="noindex, nofollow"><meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1"><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"><title>reCAPTCHA</title><style>body,html{height:100%}body{margin:0;background-image:url(https://www.google.com/recaptcha/intro/images/hero-street-bg.jpg);background-size:cover;background-position:center;display:flex;justify-content:center;align-items:center;font-family:Roboto,sans-serif}.captcha{background-color:#f9f9f9;border:2px solid #d3d3d3;border-radius:5px;color:#4c4a4b;display:flex;justify-content:center;align-items:center}@media screen and (max-width:500px){.captcha{flex-direction:column}.text{margin:.5em!important;text-align:center}.logo{align-self:center!important}.spinner{margin:2em .5em .5em .5em!important}}.text{font-size:1.75em;font-weight:500;margin-ri

                                Chrome Cache Entry: 173

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:ASCII text, with no line terminators
                                Category:downloaded
                                Size (bytes):16
                                Entropy (8bit):3.875
                                Encrypted:false
                                SSDEEP:3:HwDn:C
                                MD5:39218C64CBF848E6A62FAD74310DC5DD
                                SHA1:C0E43287A3C95376B03DABE4F01FE53275B6AB8F
                                SHA-256:8603397D7A49D2AE843659642101E6FEF0F4671BAD04B71E3CC193C396526BFE
                                SHA-512:BD9929445F9117B1BB6AC66C574302780BDCE05F7CA5CB525C00D9C8D6FBF874EEF0DFE06B68E0365028A9C9931EAAEC9D543E6F020BF1A8B7409CD4A957820A
                                Malicious:false
                                URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIZCesIRabGdjfTEgUN8dk3CSGa4raeNeDq3w==?alt=proto
                                Preview:CgkKBw3x2TcJGgA=

                                Chrome Cache Entry: 174

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                Category:dropped
                                Size (bytes):330
                                Entropy (8bit):6.943288143011628
                                Encrypted:false
                                SSDEEP:6:6v/lhPZ2/6TzilHP9BgduUx4P8JAn+U3OC0in0sYdw+dz6p1Qp:6v/74/6TzidrggUCKA+U3b0sYdbzWa
                                MD5:278D44E4FB6E6C67BDC229BBA4B1AAFF
                                SHA1:8AF80DAC51B646D8C867BA18AC7A4C016F4EE2CC
                                SHA-256:A91D174D2617A552F57A456EC82A4D68FBE99D2B3B9037F182026EC115AB62C5
                                SHA-512:7AC493AB4598888C0E2AE14D6048FA54D37A6E7BC69FDAA8188545466D3C12BECC23110AA4F22DE0604939F7DA35C2FB6572407CAD3B1C489CCC6AF8C3B5FD2F
                                Malicious:false
                                Preview:.PNG........IHDR..............w=.....pHYs.................IDATx....0.E..4@I...@...`.&...2..c..--U.H...}K($...'.d%...K.....(,C..<Kq....H|7o.[.Y[.......H.N...Cd........4;...#.y...8KgN.E.8U...w.&..5*......'.f.J....L.},...y,./}t.\..X.G%Lc...`:.,.7O.,....F..s.0..5m.....s...2,.S1U.....(o..N...................oy...&.....IEND.B`.

                                Chrome Cache Entry: 175

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                Category:downloaded
                                Size (bytes):330
                                Entropy (8bit):6.943288143011628
                                Encrypted:false
                                SSDEEP:6:6v/lhPZ2/6TzilHP9BgduUx4P8JAn+U3OC0in0sYdw+dz6p1Qp:6v/74/6TzidrggUCKA+U3b0sYdbzWa
                                MD5:278D44E4FB6E6C67BDC229BBA4B1AAFF
                                SHA1:8AF80DAC51B646D8C867BA18AC7A4C016F4EE2CC
                                SHA-256:A91D174D2617A552F57A456EC82A4D68FBE99D2B3B9037F182026EC115AB62C5
                                SHA-512:7AC493AB4598888C0E2AE14D6048FA54D37A6E7BC69FDAA8188545466D3C12BECC23110AA4F22DE0604939F7DA35C2FB6572407CAD3B1C489CCC6AF8C3B5FD2F
                                Malicious:false
                                URL:https://img.icons8.com/android/24/000000/refresh.png
                                Preview:.PNG........IHDR..............w=.....pHYs.................IDATx....0.E..4@I...@...`.&...2..c..--U.H...}K($...'.d%...K.....(,C..<Kq....H|7o.[.Y[.......H.N...Cd........4;...#.y...8KgN.E.8U...w.&..5*......'.f.J....L.},...y,./}t.\..X.G%Lc...`:.,.7O.,....F..s.0..5m.....s...2,.S1U.....(o..N...................oy...&.....IEND.B`.

                                Static File Info

                                General

                                File type:PDF document, version 1.7, 0 pages
                                Entropy (8bit):7.893813274892373
                                TrID:
                                • Adobe Portable Document Format (5005/1) 100.00%
                                File name:mara.roth-Handbook_DocuSign6h0-3958.pdf
                                File size:27'508 bytes
                                MD5:85362b656b460d4fbe705b7b85130f4a
                                SHA1:7ee05c5a941d6e45e7236bbd507c0a5e07e9b4d5
                                SHA256:87aa5841fa52af7d4f2e455d2df5a35a4d2ff72ee490606b7bf0ea8689668ac6
                                SHA512:7d7738d7385358432bc778cafbe8c0cc11b71c3e438acbc3e22f1f8b3df75bf0405a900efbd6b6ea5e5b4c8c60de3e2ab26d15a50d36a53125386ab7c1c96cd3
                                SSDEEP:768:9Gs58ASIY7BfRUeIe9RzkoXLQ4c0XBRHtZXWKAW2UF:9Gs5PSn7BfRUexRzXXLQ4jXBRJ6UF
                                TLSH:BBC2D025F870D898FD4FCD64C46E74CD2D183253B9C038C15E185EA27B91E96F49EAD1
                                File Content Preview:%PDF-1.7.1 0 obj.<< /Type /Catalog./Outlines 2 0 R./Pages 3 0 R >>.endobj.2 0 obj.<< /Type /Outlines /Count 0 >>.endobj.3 0 obj.<< /Type /Pages./Kids [6 0 R.]./Count 1./Resources <<./ProcSet 4 0 R./Font << ./F1 8 0 R./F2 9 0 R.>>./XObject << ./I1 10 0 R./

                                File Icon

                                Icon Hash:62cc8caeb29e8ae0

                                Static PDF Info

                                General

                                Header:%PDF-1.7
                                Total Entropy:7.893813
                                Total Bytes:27508
                                Stream Entropy:7.917222
                                Stream Bytes:25386
                                Entropy outside Streams:5.077512
                                Bytes outside Streams:2122
                                Number of EOF found:1
                                Bytes after EOF:
                                NameCount
                                obj16
                                endobj16
                                stream3
                                endstream3
                                xref1
                                trailer1
                                startxref1
                                /Page1
                                /Encrypt0
                                /ObjStm0
                                /URI0
                                /JS0
                                /JavaScript0
                                /AA0
                                /OpenAction0
                                /AcroForm0
                                /JBIG2Decode0
                                /RichMedia0
                                /Launch0
                                /EmbeddedFile0
                                IDDHASHMD5Preview
                                10003938986c2b3b00f67dcb9ca51603d111c483d9436980c3
                                12356d17250b1551571dfb6de8a8d979d96939b32da1a4263c

                                Network Behavior

                                Download Network PCAP: filteredfull

                                Network Port Distribution

                                • Total Packets: 122
                                • 443 (HTTPS)
                                • 80 (HTTP)
                                • 53 (DNS)
                                TimestampSource PortDest PortSource IPDest IP
                                Mar 31, 2025 15:15:38.644160032 CEST49678443192.168.2.420.189.173.27
                                Mar 31, 2025 15:15:38.956549883 CEST49678443192.168.2.420.189.173.27
                                Mar 31, 2025 15:15:39.221867085 CEST49671443192.168.2.4204.79.197.203
                                Mar 31, 2025 15:15:39.566273928 CEST49678443192.168.2.420.189.173.27
                                Mar 31, 2025 15:15:40.768682003 CEST49678443192.168.2.420.189.173.27
                                Mar 31, 2025 15:15:43.177484035 CEST49678443192.168.2.420.189.173.27
                                Mar 31, 2025 15:15:43.503076077 CEST4968180192.168.2.42.17.190.73
                                Mar 31, 2025 15:15:47.976720095 CEST49678443192.168.2.420.189.173.27
                                Mar 31, 2025 15:15:48.834821939 CEST49732443192.168.2.4198.57.151.223
                                Mar 31, 2025 15:15:48.834918976 CEST44349732198.57.151.223192.168.2.4
                                Mar 31, 2025 15:15:48.835025072 CEST49732443192.168.2.4198.57.151.223
                                Mar 31, 2025 15:15:48.835705996 CEST49733443192.168.2.4198.57.151.223
                                Mar 31, 2025 15:15:48.835735083 CEST44349733198.57.151.223192.168.2.4
                                Mar 31, 2025 15:15:48.835788965 CEST49733443192.168.2.4198.57.151.223
                                Mar 31, 2025 15:15:48.891993046 CEST49733443192.168.2.4198.57.151.223
                                Mar 31, 2025 15:15:48.892019033 CEST44349733198.57.151.223192.168.2.4
                                Mar 31, 2025 15:15:48.892180920 CEST49732443192.168.2.4198.57.151.223
                                Mar 31, 2025 15:15:48.892216921 CEST44349732198.57.151.223192.168.2.4
                                Mar 31, 2025 15:15:49.007097006 CEST49671443192.168.2.4204.79.197.203
                                Mar 31, 2025 15:15:49.208426952 CEST44349732198.57.151.223192.168.2.4
                                Mar 31, 2025 15:15:49.208527088 CEST49732443192.168.2.4198.57.151.223
                                Mar 31, 2025 15:15:49.209568024 CEST49732443192.168.2.4198.57.151.223
                                Mar 31, 2025 15:15:49.209598064 CEST44349732198.57.151.223192.168.2.4
                                Mar 31, 2025 15:15:49.209912062 CEST44349732198.57.151.223192.168.2.4
                                Mar 31, 2025 15:15:49.210182905 CEST49732443192.168.2.4198.57.151.223
                                Mar 31, 2025 15:15:49.210767031 CEST44349733198.57.151.223192.168.2.4
                                Mar 31, 2025 15:15:49.210840940 CEST49733443192.168.2.4198.57.151.223
                                Mar 31, 2025 15:15:49.211194992 CEST49733443192.168.2.4198.57.151.223
                                Mar 31, 2025 15:15:49.211205959 CEST44349733198.57.151.223192.168.2.4
                                Mar 31, 2025 15:15:49.211452007 CEST44349733198.57.151.223192.168.2.4
                                Mar 31, 2025 15:15:49.256273985 CEST44349732198.57.151.223192.168.2.4
                                Mar 31, 2025 15:15:49.258794069 CEST49733443192.168.2.4198.57.151.223
                                Mar 31, 2025 15:15:49.517302036 CEST44349732198.57.151.223192.168.2.4
                                Mar 31, 2025 15:15:49.517327070 CEST44349732198.57.151.223192.168.2.4
                                Mar 31, 2025 15:15:49.517393112 CEST49732443192.168.2.4198.57.151.223
                                Mar 31, 2025 15:15:49.517426968 CEST44349732198.57.151.223192.168.2.4
                                Mar 31, 2025 15:15:49.572712898 CEST49732443192.168.2.4198.57.151.223
                                Mar 31, 2025 15:15:49.665759087 CEST44349732198.57.151.223192.168.2.4
                                Mar 31, 2025 15:15:49.665772915 CEST44349732198.57.151.223192.168.2.4
                                Mar 31, 2025 15:15:49.665848970 CEST49732443192.168.2.4198.57.151.223
                                Mar 31, 2025 15:15:49.665916920 CEST44349732198.57.151.223192.168.2.4
                                Mar 31, 2025 15:15:49.665949106 CEST44349732198.57.151.223192.168.2.4
                                Mar 31, 2025 15:15:49.665987968 CEST49732443192.168.2.4198.57.151.223
                                Mar 31, 2025 15:15:49.666033983 CEST49732443192.168.2.4198.57.151.223
                                Mar 31, 2025 15:15:49.745265007 CEST44349732198.57.151.223192.168.2.4
                                Mar 31, 2025 15:15:49.745352983 CEST49732443192.168.2.4198.57.151.223
                                Mar 31, 2025 15:15:49.820792913 CEST44349732198.57.151.223192.168.2.4
                                Mar 31, 2025 15:15:49.820895910 CEST49732443192.168.2.4198.57.151.223
                                Mar 31, 2025 15:15:49.820945978 CEST44349732198.57.151.223192.168.2.4
                                Mar 31, 2025 15:15:49.821018934 CEST49732443192.168.2.4198.57.151.223
                                Mar 31, 2025 15:15:49.821109056 CEST44349732198.57.151.223192.168.2.4
                                Mar 31, 2025 15:15:49.821190119 CEST49732443192.168.2.4198.57.151.223
                                Mar 31, 2025 15:15:49.821228981 CEST44349732198.57.151.223192.168.2.4
                                Mar 31, 2025 15:15:49.821285963 CEST49732443192.168.2.4198.57.151.223
                                Mar 31, 2025 15:15:49.822252989 CEST44349732198.57.151.223192.168.2.4
                                Mar 31, 2025 15:15:49.822318077 CEST44349732198.57.151.223192.168.2.4
                                Mar 31, 2025 15:15:49.822371006 CEST49732443192.168.2.4198.57.151.223
                                Mar 31, 2025 15:15:49.853441954 CEST49732443192.168.2.4198.57.151.223
                                Mar 31, 2025 15:15:49.853528976 CEST44349732198.57.151.223192.168.2.4
                                Mar 31, 2025 15:15:49.861953974 CEST49735443192.168.2.4142.250.80.68
                                Mar 31, 2025 15:15:49.861993074 CEST44349735142.250.80.68192.168.2.4
                                Mar 31, 2025 15:15:49.862111092 CEST49735443192.168.2.4142.250.80.68
                                Mar 31, 2025 15:15:49.862256050 CEST49735443192.168.2.4142.250.80.68
                                Mar 31, 2025 15:15:49.862272024 CEST44349735142.250.80.68192.168.2.4
                                Mar 31, 2025 15:15:50.080944061 CEST44349735142.250.80.68192.168.2.4
                                Mar 31, 2025 15:15:50.081082106 CEST49735443192.168.2.4142.250.80.68
                                Mar 31, 2025 15:15:50.086997032 CEST49735443192.168.2.4142.250.80.68
                                Mar 31, 2025 15:15:50.087021112 CEST44349735142.250.80.68192.168.2.4
                                Mar 31, 2025 15:15:50.087347031 CEST44349735142.250.80.68192.168.2.4
                                Mar 31, 2025 15:15:50.087735891 CEST49735443192.168.2.4142.250.80.68
                                Mar 31, 2025 15:15:50.128273964 CEST44349735142.250.80.68192.168.2.4
                                Mar 31, 2025 15:15:50.131285906 CEST49733443192.168.2.4198.57.151.223
                                Mar 31, 2025 15:15:50.131375074 CEST44349733198.57.151.223192.168.2.4
                                Mar 31, 2025 15:15:50.131525993 CEST44349733198.57.151.223192.168.2.4
                                Mar 31, 2025 15:15:50.131586075 CEST49733443192.168.2.4198.57.151.223
                                Mar 31, 2025 15:15:50.131726980 CEST49733443192.168.2.4198.57.151.223
                                Mar 31, 2025 15:15:50.231988907 CEST49745443192.168.2.4109.61.91.195
                                Mar 31, 2025 15:15:50.232039928 CEST44349745109.61.91.195192.168.2.4
                                Mar 31, 2025 15:15:50.232177019 CEST49745443192.168.2.4109.61.91.195
                                Mar 31, 2025 15:15:50.232314110 CEST49745443192.168.2.4109.61.91.195
                                Mar 31, 2025 15:15:50.232321978 CEST44349745109.61.91.195192.168.2.4
                                Mar 31, 2025 15:15:50.611596107 CEST44349735142.250.80.68192.168.2.4
                                Mar 31, 2025 15:15:50.611690044 CEST44349735142.250.80.68192.168.2.4
                                Mar 31, 2025 15:15:50.611839056 CEST49735443192.168.2.4142.250.80.68
                                Mar 31, 2025 15:15:50.653206110 CEST49735443192.168.2.4142.250.80.68
                                Mar 31, 2025 15:15:50.653233051 CEST44349735142.250.80.68192.168.2.4
                                Mar 31, 2025 15:15:50.884660959 CEST49750443192.168.2.4142.251.40.238
                                Mar 31, 2025 15:15:50.884711981 CEST44349750142.251.40.238192.168.2.4
                                Mar 31, 2025 15:15:50.884780884 CEST49750443192.168.2.4142.251.40.238
                                Mar 31, 2025 15:15:50.894371986 CEST44349745109.61.91.195192.168.2.4
                                Mar 31, 2025 15:15:50.894460917 CEST49745443192.168.2.4109.61.91.195
                                Mar 31, 2025 15:15:50.919707060 CEST49750443192.168.2.4142.251.40.238
                                Mar 31, 2025 15:15:50.919735909 CEST44349750142.251.40.238192.168.2.4
                                Mar 31, 2025 15:15:50.953692913 CEST49745443192.168.2.4109.61.91.195
                                Mar 31, 2025 15:15:50.953731060 CEST44349745109.61.91.195192.168.2.4
                                Mar 31, 2025 15:15:50.954755068 CEST44349745109.61.91.195192.168.2.4
                                Mar 31, 2025 15:15:50.996758938 CEST49745443192.168.2.4109.61.91.195
                                Mar 31, 2025 15:15:51.044282913 CEST44349745109.61.91.195192.168.2.4
                                Mar 31, 2025 15:15:51.098946095 CEST44349745109.61.91.195192.168.2.4
                                Mar 31, 2025 15:15:51.099114895 CEST44349745109.61.91.195192.168.2.4
                                Mar 31, 2025 15:15:51.099201918 CEST49745443192.168.2.4109.61.91.195
                                Mar 31, 2025 15:15:51.100156069 CEST49745443192.168.2.4109.61.91.195
                                Mar 31, 2025 15:15:51.100178003 CEST44349745109.61.91.195192.168.2.4
                                Mar 31, 2025 15:15:51.204900026 CEST49751443192.168.2.4109.61.91.197
                                Mar 31, 2025 15:15:51.204960108 CEST44349751109.61.91.197192.168.2.4
                                Mar 31, 2025 15:15:51.205048084 CEST49751443192.168.2.4109.61.91.197
                                Mar 31, 2025 15:15:51.205367088 CEST49751443192.168.2.4109.61.91.197
                                Mar 31, 2025 15:15:51.205379009 CEST44349751109.61.91.197192.168.2.4
                                Mar 31, 2025 15:15:51.411310911 CEST44349751109.61.91.197192.168.2.4
                                Mar 31, 2025 15:15:51.411376953 CEST49751443192.168.2.4109.61.91.197
                                Mar 31, 2025 15:15:51.411849022 CEST49751443192.168.2.4109.61.91.197
                                Mar 31, 2025 15:15:51.411858082 CEST44349751109.61.91.197192.168.2.4
                                Mar 31, 2025 15:15:51.412072897 CEST44349751109.61.91.197192.168.2.4
                                Mar 31, 2025 15:15:51.412298918 CEST49751443192.168.2.4109.61.91.197
                                Mar 31, 2025 15:15:51.456278086 CEST44349751109.61.91.197192.168.2.4
                                Mar 31, 2025 15:15:51.520309925 CEST44349750142.251.40.238192.168.2.4
                                Mar 31, 2025 15:15:51.520382881 CEST49750443192.168.2.4142.251.40.238
                                Mar 31, 2025 15:15:51.521061897 CEST44349750142.251.40.238192.168.2.4
                                Mar 31, 2025 15:15:51.521126986 CEST49750443192.168.2.4142.251.40.238
                                Mar 31, 2025 15:15:51.522438049 CEST49750443192.168.2.4142.251.40.238
                                Mar 31, 2025 15:15:51.522442102 CEST44349750142.251.40.238192.168.2.4
                                Mar 31, 2025 15:15:51.522656918 CEST44349750142.251.40.238192.168.2.4
                                Mar 31, 2025 15:15:51.522933006 CEST49750443192.168.2.4142.251.40.238
                                Mar 31, 2025 15:15:51.568272114 CEST44349750142.251.40.238192.168.2.4
                                Mar 31, 2025 15:15:51.620779037 CEST44349751109.61.91.197192.168.2.4
                                Mar 31, 2025 15:15:51.620953083 CEST44349751109.61.91.197192.168.2.4
                                Mar 31, 2025 15:15:51.621009111 CEST49751443192.168.2.4109.61.91.197
                                Mar 31, 2025 15:15:51.629682064 CEST49751443192.168.2.4109.61.91.197
                                Mar 31, 2025 15:15:51.629703045 CEST44349751109.61.91.197192.168.2.4
                                Mar 31, 2025 15:15:51.753582954 CEST44349750142.251.40.238192.168.2.4
                                Mar 31, 2025 15:15:51.753678083 CEST49750443192.168.2.4142.251.40.238
                                Mar 31, 2025 15:15:51.753688097 CEST44349750142.251.40.238192.168.2.4
                                Mar 31, 2025 15:15:51.757019997 CEST44349750142.251.40.238192.168.2.4
                                Mar 31, 2025 15:15:51.757057905 CEST49750443192.168.2.4142.251.40.238
                                Mar 31, 2025 15:15:51.757062912 CEST44349750142.251.40.238192.168.2.4
                                Mar 31, 2025 15:15:51.765156984 CEST44349750142.251.40.238192.168.2.4
                                Mar 31, 2025 15:15:51.765229940 CEST49750443192.168.2.4142.251.40.238
                                Mar 31, 2025 15:15:51.791914940 CEST49750443192.168.2.4142.251.40.238
                                Mar 31, 2025 15:15:51.791925907 CEST44349750142.251.40.238192.168.2.4
                                Mar 31, 2025 15:15:52.453557968 CEST49708443192.168.2.452.113.196.254
                                Mar 31, 2025 15:15:52.454201937 CEST49708443192.168.2.452.113.196.254
                                Mar 31, 2025 15:15:52.454201937 CEST49708443192.168.2.452.113.196.254
                                Mar 31, 2025 15:15:52.562954903 CEST4434970852.113.196.254192.168.2.4
                                Mar 31, 2025 15:15:52.563859940 CEST4434970852.113.196.254192.168.2.4
                                Mar 31, 2025 15:15:52.563872099 CEST4434970852.113.196.254192.168.2.4
                                Mar 31, 2025 15:15:52.564825058 CEST4434970852.113.196.254192.168.2.4
                                Mar 31, 2025 15:15:52.564872026 CEST4434970852.113.196.254192.168.2.4
                                Mar 31, 2025 15:15:52.564901114 CEST49708443192.168.2.452.113.196.254
                                Mar 31, 2025 15:15:52.564928055 CEST49708443192.168.2.452.113.196.254
                                Mar 31, 2025 15:15:52.565499067 CEST49708443192.168.2.452.113.196.254
                                Mar 31, 2025 15:15:52.568676949 CEST4434970852.113.196.254192.168.2.4
                                Mar 31, 2025 15:15:52.568691015 CEST4434970852.113.196.254192.168.2.4
                                Mar 31, 2025 15:15:52.568783045 CEST49708443192.168.2.452.113.196.254
                                Mar 31, 2025 15:15:52.574001074 CEST49708443192.168.2.452.113.196.254
                                Mar 31, 2025 15:15:52.697807074 CEST4434970852.113.196.254192.168.2.4
                                Mar 31, 2025 15:15:53.086000919 CEST49755443192.168.2.4142.250.80.68
                                Mar 31, 2025 15:15:53.086038113 CEST44349755142.250.80.68192.168.2.4
                                Mar 31, 2025 15:15:53.086113930 CEST49755443192.168.2.4142.250.80.68
                                Mar 31, 2025 15:15:53.086249113 CEST49755443192.168.2.4142.250.80.68
                                Mar 31, 2025 15:15:53.086261034 CEST44349755142.250.80.68192.168.2.4
                                Mar 31, 2025 15:15:53.281899929 CEST4434970852.113.196.254192.168.2.4
                                Mar 31, 2025 15:15:53.281990051 CEST49708443192.168.2.452.113.196.254
                                Mar 31, 2025 15:15:53.312443018 CEST44349755142.250.80.68192.168.2.4
                                Mar 31, 2025 15:15:53.312525988 CEST49755443192.168.2.4142.250.80.68
                                Mar 31, 2025 15:15:53.448261976 CEST49755443192.168.2.4142.250.80.68
                                Mar 31, 2025 15:15:53.448292017 CEST44349755142.250.80.68192.168.2.4
                                Mar 31, 2025 15:15:53.448601007 CEST44349755142.250.80.68192.168.2.4
                                Mar 31, 2025 15:15:53.506738901 CEST49755443192.168.2.4142.250.80.68
                                Mar 31, 2025 15:15:57.580995083 CEST49678443192.168.2.420.189.173.27
                                Mar 31, 2025 15:15:58.721421003 CEST4976080192.168.2.423.216.136.238
                                Mar 31, 2025 15:15:58.821218967 CEST804976023.216.136.238192.168.2.4
                                Mar 31, 2025 15:15:58.821319103 CEST4976080192.168.2.423.216.136.238
                                Mar 31, 2025 15:15:58.821487904 CEST4976080192.168.2.423.216.136.238
                                Mar 31, 2025 15:15:58.901015043 CEST804976023.216.136.238192.168.2.4
                                Mar 31, 2025 15:15:58.901256084 CEST4976080192.168.2.423.216.136.238
                                Mar 31, 2025 15:15:58.920042038 CEST804976023.216.136.238192.168.2.4
                                Mar 31, 2025 15:15:58.920963049 CEST804976023.216.136.238192.168.2.4
                                Mar 31, 2025 15:15:58.920977116 CEST804976023.216.136.238192.168.2.4
                                Mar 31, 2025 15:15:58.921031952 CEST4976080192.168.2.423.216.136.238
                                Mar 31, 2025 15:16:03.293049097 CEST44349755142.250.80.68192.168.2.4
                                Mar 31, 2025 15:16:03.293132067 CEST44349755142.250.80.68192.168.2.4
                                Mar 31, 2025 15:16:03.293188095 CEST49755443192.168.2.4142.250.80.68
                                Mar 31, 2025 15:16:03.935858965 CEST49755443192.168.2.4142.250.80.68
                                Mar 31, 2025 15:16:03.935900927 CEST44349755142.250.80.68192.168.2.4
                                Mar 31, 2025 15:16:07.225349903 CEST4976080192.168.2.423.216.136.238
                                Mar 31, 2025 15:16:27.798841953 CEST4971480192.168.2.4142.251.35.163
                                Mar 31, 2025 15:16:27.898377895 CEST8049714142.251.35.163192.168.2.4
                                Mar 31, 2025 15:16:27.898515940 CEST4971480192.168.2.4142.251.35.163
                                Mar 31, 2025 15:16:28.817926884 CEST49717443192.168.2.423.57.90.139
                                Mar 31, 2025 15:16:51.940085888 CEST49774443192.168.2.4142.250.80.68
                                Mar 31, 2025 15:16:51.940130949 CEST44349774142.250.80.68192.168.2.4
                                Mar 31, 2025 15:16:51.940274954 CEST49774443192.168.2.4142.250.80.68
                                Mar 31, 2025 15:16:51.940407991 CEST49774443192.168.2.4142.250.80.68
                                Mar 31, 2025 15:16:51.940414906 CEST44349774142.250.80.68192.168.2.4
                                Mar 31, 2025 15:16:52.834973097 CEST44349774142.250.80.68192.168.2.4
                                Mar 31, 2025 15:16:52.835302114 CEST49774443192.168.2.4142.250.80.68
                                Mar 31, 2025 15:16:52.835321903 CEST44349774142.250.80.68192.168.2.4
                                Mar 31, 2025 15:17:02.157202959 CEST44349774142.250.80.68192.168.2.4
                                Mar 31, 2025 15:17:02.157275915 CEST44349774142.250.80.68192.168.2.4
                                Mar 31, 2025 15:17:02.157382011 CEST49774443192.168.2.4142.250.80.68
                                Mar 31, 2025 15:17:03.925658941 CEST49774443192.168.2.4142.250.80.68
                                Mar 31, 2025 15:17:03.925704002 CEST44349774142.250.80.68192.168.2.4
                                Mar 31, 2025 15:17:14.336642027 CEST49710443192.168.2.420.190.190.129
                                Mar 31, 2025 15:17:14.495933056 CEST4434971020.190.190.129192.168.2.4
                                Mar 31, 2025 15:17:14.496064901 CEST49710443192.168.2.420.190.190.129
                                TimestampSource PortDest PortSource IPDest IP
                                Mar 31, 2025 15:15:47.876154900 CEST53627481.1.1.1192.168.2.4
                                Mar 31, 2025 15:15:48.127576113 CEST53537761.1.1.1192.168.2.4
                                Mar 31, 2025 15:15:48.630779982 CEST5663953192.168.2.41.1.1.1
                                Mar 31, 2025 15:15:48.630940914 CEST5924053192.168.2.41.1.1.1
                                Mar 31, 2025 15:15:48.645555019 CEST53520111.1.1.1192.168.2.4
                                Mar 31, 2025 15:15:48.787491083 CEST53566391.1.1.1192.168.2.4
                                Mar 31, 2025 15:15:48.850481987 CEST53592401.1.1.1192.168.2.4
                                Mar 31, 2025 15:15:49.761410952 CEST6421053192.168.2.41.1.1.1
                                Mar 31, 2025 15:15:49.761590004 CEST6340753192.168.2.41.1.1.1
                                Mar 31, 2025 15:15:49.858983040 CEST5408753192.168.2.41.1.1.1
                                Mar 31, 2025 15:15:49.859116077 CEST5745353192.168.2.41.1.1.1
                                Mar 31, 2025 15:15:49.861105919 CEST53642101.1.1.1192.168.2.4
                                Mar 31, 2025 15:15:49.861133099 CEST53634071.1.1.1192.168.2.4
                                Mar 31, 2025 15:15:50.085935116 CEST53609241.1.1.1192.168.2.4
                                Mar 31, 2025 15:15:50.132381916 CEST5315053192.168.2.41.1.1.1
                                Mar 31, 2025 15:15:50.132499933 CEST4925453192.168.2.41.1.1.1
                                Mar 31, 2025 15:15:50.231266022 CEST53556841.1.1.1192.168.2.4
                                Mar 31, 2025 15:15:50.231282949 CEST53531501.1.1.1192.168.2.4
                                Mar 31, 2025 15:15:50.231296062 CEST53492541.1.1.1192.168.2.4
                                Mar 31, 2025 15:15:50.662470102 CEST5182653192.168.2.41.1.1.1
                                Mar 31, 2025 15:15:50.662786007 CEST6352553192.168.2.41.1.1.1
                                Mar 31, 2025 15:15:50.762063026 CEST53518261.1.1.1192.168.2.4
                                Mar 31, 2025 15:15:50.762237072 CEST53635251.1.1.1192.168.2.4
                                Mar 31, 2025 15:15:51.106327057 CEST5395553192.168.2.41.1.1.1
                                Mar 31, 2025 15:15:51.106507063 CEST6214953192.168.2.41.1.1.1
                                Mar 31, 2025 15:15:51.204276085 CEST53539551.1.1.1192.168.2.4
                                Mar 31, 2025 15:15:51.204299927 CEST53621491.1.1.1192.168.2.4
                                Mar 31, 2025 15:15:51.913007021 CEST6036053192.168.2.41.1.1.1
                                Mar 31, 2025 15:15:51.913621902 CEST5933553192.168.2.41.1.1.1
                                Mar 31, 2025 15:15:52.021991014 CEST53593351.1.1.1192.168.2.4
                                Mar 31, 2025 15:15:52.931780100 CEST6550453192.168.2.41.1.1.1
                                Mar 31, 2025 15:15:53.016685009 CEST53655041.1.1.1192.168.2.4
                                Mar 31, 2025 15:15:58.615228891 CEST5218153192.168.2.41.1.1.1
                                Mar 31, 2025 15:15:58.717319965 CEST53521811.1.1.1192.168.2.4
                                Mar 31, 2025 15:16:07.177846909 CEST53508351.1.1.1192.168.2.4
                                Mar 31, 2025 15:16:27.083647966 CEST53629191.1.1.1192.168.2.4
                                Mar 31, 2025 15:16:30.993525028 CEST5362066162.159.36.2192.168.2.4
                                Mar 31, 2025 15:16:47.437127113 CEST53586071.1.1.1192.168.2.4
                                Mar 31, 2025 15:16:47.616941929 CEST138138192.168.2.4192.168.2.255
                                Mar 31, 2025 15:16:48.380970001 CEST53495981.1.1.1192.168.2.4
                                Mar 31, 2025 15:17:19.359153032 CEST53519401.1.1.1192.168.2.4
                                TimestampSource IPDest IPChecksumCodeType
                                Mar 31, 2025 15:15:48.850542068 CEST192.168.2.41.1.1.1c232(Port unreachable)Destination Unreachable

                                DNS Queries

                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                Mar 31, 2025 15:15:48.630779982 CEST192.168.2.41.1.1.10xacacStandard query (0)redcon1entertainment.comA (IP address)IN (0x0001)false
                                Mar 31, 2025 15:15:48.630940914 CEST192.168.2.41.1.1.10x9c6dStandard query (0)redcon1entertainment.com65IN (0x0001)false
                                Mar 31, 2025 15:15:49.761410952 CEST192.168.2.41.1.1.10x79cdStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                Mar 31, 2025 15:15:49.761590004 CEST192.168.2.41.1.1.10x379bStandard query (0)www.google.com65IN (0x0001)false
                                Mar 31, 2025 15:15:49.858983040 CEST192.168.2.41.1.1.10xcc4Standard query (0)img.icons8.comA (IP address)IN (0x0001)false
                                Mar 31, 2025 15:15:49.859116077 CEST192.168.2.41.1.1.10x14a6Standard query (0)img.icons8.com65IN (0x0001)false
                                Mar 31, 2025 15:15:50.132381916 CEST192.168.2.41.1.1.10x4b76Standard query (0)img.icons8.comA (IP address)IN (0x0001)false
                                Mar 31, 2025 15:15:50.132499933 CEST192.168.2.41.1.1.10xab85Standard query (0)img.icons8.com65IN (0x0001)false
                                Mar 31, 2025 15:15:50.662470102 CEST192.168.2.41.1.1.10x58e4Standard query (0)cloud.google.comA (IP address)IN (0x0001)false
                                Mar 31, 2025 15:15:50.662786007 CEST192.168.2.41.1.1.10xb5c4Standard query (0)cloud.google.com65IN (0x0001)false
                                Mar 31, 2025 15:15:51.106327057 CEST192.168.2.41.1.1.10x30d7Standard query (0)img.icons8.comA (IP address)IN (0x0001)false
                                Mar 31, 2025 15:15:51.106507063 CEST192.168.2.41.1.1.10x1050Standard query (0)img.icons8.com65IN (0x0001)false
                                Mar 31, 2025 15:15:51.913007021 CEST192.168.2.41.1.1.10xac01Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                Mar 31, 2025 15:15:51.913621902 CEST192.168.2.41.1.1.10x498cStandard query (0)www.google.com65IN (0x0001)false
                                Mar 31, 2025 15:15:52.931780100 CEST192.168.2.41.1.1.10xaf8Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                Mar 31, 2025 15:15:58.615228891 CEST192.168.2.41.1.1.10x2221Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

                                DNS Answers

                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                Mar 31, 2025 15:15:48.787491083 CEST1.1.1.1192.168.2.40xacacNo error (0)redcon1entertainment.com198.57.151.223A (IP address)IN (0x0001)false
                                Mar 31, 2025 15:15:49.861105919 CEST1.1.1.1192.168.2.40x79cdNo error (0)www.google.com142.250.80.68A (IP address)IN (0x0001)false
                                Mar 31, 2025 15:15:49.861133099 CEST1.1.1.1192.168.2.40x379bNo error (0)www.google.com65IN (0x0001)false
                                Mar 31, 2025 15:15:50.231282949 CEST1.1.1.1192.168.2.40x4b76No error (0)img.icons8.com1004834818.rsc.cdn77.orgCNAME (Canonical name)IN (0x0001)false
                                Mar 31, 2025 15:15:50.231282949 CEST1.1.1.1192.168.2.40x4b76No error (0)1004834818.rsc.cdn77.org109.61.91.195A (IP address)IN (0x0001)false
                                Mar 31, 2025 15:15:50.231282949 CEST1.1.1.1192.168.2.40x4b76No error (0)1004834818.rsc.cdn77.org109.61.91.197A (IP address)IN (0x0001)false
                                Mar 31, 2025 15:15:50.231282949 CEST1.1.1.1192.168.2.40x4b76No error (0)1004834818.rsc.cdn77.org109.61.91.230A (IP address)IN (0x0001)false
                                Mar 31, 2025 15:15:50.231296062 CEST1.1.1.1192.168.2.40xab85No error (0)img.icons8.com1004834818.rsc.cdn77.orgCNAME (Canonical name)IN (0x0001)false
                                Mar 31, 2025 15:15:50.762063026 CEST1.1.1.1192.168.2.40x58e4No error (0)cloud.google.com142.251.40.238A (IP address)IN (0x0001)false
                                Mar 31, 2025 15:15:51.204276085 CEST1.1.1.1192.168.2.40x30d7No error (0)img.icons8.com1004834818.rsc.cdn77.orgCNAME (Canonical name)IN (0x0001)false
                                Mar 31, 2025 15:15:51.204276085 CEST1.1.1.1192.168.2.40x30d7No error (0)1004834818.rsc.cdn77.org109.61.91.197A (IP address)IN (0x0001)false
                                Mar 31, 2025 15:15:51.204276085 CEST1.1.1.1192.168.2.40x30d7No error (0)1004834818.rsc.cdn77.org109.61.91.230A (IP address)IN (0x0001)false
                                Mar 31, 2025 15:15:51.204276085 CEST1.1.1.1192.168.2.40x30d7No error (0)1004834818.rsc.cdn77.org109.61.91.195A (IP address)IN (0x0001)false
                                Mar 31, 2025 15:15:51.204299927 CEST1.1.1.1192.168.2.40x1050No error (0)img.icons8.com1004834818.rsc.cdn77.orgCNAME (Canonical name)IN (0x0001)false
                                Mar 31, 2025 15:15:52.021991014 CEST1.1.1.1192.168.2.40x498cNo error (0)www.google.com65IN (0x0001)false
                                Mar 31, 2025 15:15:53.016685009 CEST1.1.1.1192.168.2.40xaf8No error (0)www.google.com142.250.80.68A (IP address)IN (0x0001)false
                                Mar 31, 2025 15:15:58.717319965 CEST1.1.1.1192.168.2.40x2221No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                Mar 31, 2025 15:15:58.717319965 CEST1.1.1.1192.168.2.40x2221No error (0)crl.root-x1.letsencrypt.org.edgekey.nete8652.dscx.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                                Mar 31, 2025 15:15:58.717319965 CEST1.1.1.1192.168.2.40x2221No error (0)e8652.dscx.akamaiedge.net23.216.136.238A (IP address)IN (0x0001)false

                                HTTP Request Dependency Graph

                                • redcon1entertainment.com
                                  • www.google.com
                                  • img.icons8.com
                                  • cloud.google.com
                                • x1.i.lencr.org

                                HTTP Packets

                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                0192.168.2.44976023.216.136.238807908C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                TimestampBytes transferredDirectionData
                                Mar 31, 2025 15:15:58.821487904 CEST115OUTGET / HTTP/1.1
                                Connection: Keep-Alive
                                Accept: */*
                                User-Agent: Microsoft-CryptoAPI/10.0
                                Host: x1.i.lencr.org
                                Mar 31, 2025 15:15:58.920963049 CEST1031INHTTP/1.1 200 OK
                                Server: nginx
                                Content-Type: application/pkix-cert
                                Last-Modified: Fri, 04 Aug 2023 20:57:56 GMT
                                ETag: "64cd6654-56f"
                                Content-Disposition: attachment; filename="ISRG Root X1.der"
                                Cache-Control: max-age=83235
                                Expires: Tue, 01 Apr 2025 12:23:13 GMT
                                Date: Mon, 31 Mar 2025 13:15:58 GMT
                                Content-Length: 1391
                                Connection: keep-alive
                                Data Raw: 30 82 05 6b 30 82 03 53 a0 03 02 01 02 02 11 00 82 10 cf b0 d2 40 e3 59 44 63 e0 bb 63 82 8b 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 1e 17 0d 31 35 30 36 30 34 31 31 30 34 33 38 5a 17 0d 33 35 30 36 30 34 31 31 30 34 33 38 5a 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 ad e8 24 73 f4 14 37 f3 9b 9e 2b 57 28 1c 87 be dc b7 df 38 90 8c 6e 3c e6 57 a0 78 f7 75 c2 a2 fe f5 6a 6e f6 00 4f 28 db de 68 86 6c 44 93 b6 b1 63 fd 14 12 6b bf 1f d2 ea 31 9b 21 7e d1 33 [TRUNCATED]
                                Data Ascii: 0k0S@YDcc0*H0O10UUS1)0'U Internet Security Research Group10UISRG Root X10150604110438Z350604110438Z0O10UUS1)0'U Internet Security Research Group10UISRG Root X10"0*H0$s7+W(8n<WxujnO(hlDck1!~3<Hy!KqiJffl~<p)"K~G|H#S8Oo.IWt/8{p!u0<cOK~w.{JL%p)S$J?aQcq.o[\4ylv;by/&676urI*Av5/(ldwnG7Y^hrA)>Y>&$ZL@F:Qn;}rxY>Qx/>{JKsP|Ctt
                                Mar 31, 2025 15:15:58.920977116 CEST714INData Raw: 30 d4 5b 71 36 b4 07 ba c1 30 30 5c 48 b7 82 3b 98 a6 7d 60 8a a2 a3 29 82 cc ba bd 83 04 1b a2 83 03 41 a1 d6 05 f1 1b c2 b6 f0 a8 7c 86 3b 46 a8 48 2a 88 dc 76 9a 76 bf 1f 6a a5 3d 19 8f eb 38 f3 64 de c8 2b 0d 0a 28 ff f7 db e2 15 42 d4 22 d0
                                Data Ascii: 0[q600\H;}`)A|;FH*vvj=8d+(B"']ypN:'Qnd3COB0@0U0U00UyY{sXn0*HUXPi ')au\ni/VKsY!


                                HTTPS Proxied Packets

                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                0192.168.2.449732198.57.151.2234438256C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                2025-03-31 13:15:49 UTC682OUTGET /jjsaecea HTTP/1.1
                                Host: redcon1entertainment.com
                                Connection: keep-alive
                                sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                sec-ch-ua-mobile: ?0
                                sec-ch-ua-platform: "Windows"
                                Upgrade-Insecure-Requests: 1
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Sec-Fetch-Site: none
                                Sec-Fetch-Mode: navigate
                                Sec-Fetch-User: ?1
                                Sec-Fetch-Dest: document
                                Accept-Encoding: gzip, deflate, br, zstd
                                Accept-Language: en-US,en;q=0.9
                                2025-03-31 13:15:49 UTC208INHTTP/1.1 200 OK
                                Date: Mon, 31 Mar 2025 13:15:49 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Last-Modified: Fri, 28 Mar 2025 04:34:47 GMT
                                Accept-Ranges: bytes
                                Content-Length: 61677
                                2025-03-31 13:15:49 UTC7984INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69
                                Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1"><meta name="robots" content="noindex, nofollow"><meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1"><li
                                2025-03-31 13:15:49 UTC8000INData Raw: 6d 65 63 62 54 76 70 38 62 70 78 6c 36 46 51 45 4a 48 72 4d 54 6b 4b 45 63 48 6e 77 44 4a 49 41 54 34 6b 50 6c 46 4d 64 37 51 68 61 35 64 71 57 4e 43 58 4e 2f 32 71 55 57 59 58 4d 4f 69 54 42 38 6e 79 76 6c 78 67 5a 71 6a 6c 37 54 31 58 49 75 30 62 6c 6b 5a 42 37 6f 5a 61 48 4e 45 63 53 4a 64 75 63 43 67 6c 4b 66 46 76 47 62 6e 62 39 73 5a 33 44 53 36 54 65 37 78 56 4f 6d 7a 56 4a 50 76 6d 6d 61 37 43 2b 5a 32 6d 6b 55 67 6b 4e 41 52 79 7a 41 33 32 70 44 36 6a 56 70 71 48 51 58 61 6b 6e 70 72 53 52 76 48 38 44 76 69 47 4f 36 4d 58 70 79 36 35 6e 5a 72 57 57 77 5a 32 78 4f 6f 6e 69 52 62 72 77 5a 65 2f 44 4e 31 6e 4e 34 66 62 59 64 4c 33 69 65 62 79 41 51 43 4b 75 61 32 79 33 6b 47 41 30 55 4b 70 53 4c 64 58 56 48 65 68 36 58 55 44 7a 69 75 38 37 38 31 49
                                Data Ascii: mecbTvp8bpxl6FQEJHrMTkKEcHnwDJIAT4kPlFMd7Qha5dqWNCXN/2qUWYXMOiTB8nyvlxgZqjl7T1XIu0blkZB7oZaHNEcSJducCglKfFvGbnb9sZ3DS6Te7xVOmzVJPvmma7C+Z2mkUgkNARyzA32pD6jVpqHQXaknprSRvH8DviGO6MXpy65nZrWWwZ2xOoniRbrwZe/DN1nN4fbYdL3iebyAQCKua2y3kGA0UKpSLdXVHeh6XUDziu8781I
                                2025-03-31 13:15:49 UTC8000INData Raw: 66 4c 6f 76 71 31 57 55 50 6d 64 6f 33 6d 69 6a 33 4b 44 50 62 57 62 6c 2b 79 78 68 48 64 58 30 61 74 32 36 57 4a 35 35 65 30 32 64 72 76 71 4e 52 58 41 30 76 50 44 61 4f 6f 4a 32 5a 44 32 4c 70 78 36 44 64 47 4e 67 34 38 55 4a 39 30 50 38 71 4c 30 57 46 43 5a 37 6f 56 50 6a 2b 53 7a 4f 4d 77 75 2b 4e 2b 30 68 4f 47 7a 4b 64 62 79 70 79 67 44 63 6b 38 6f 54 2f 33 2f 36 39 6c 71 50 74 71 43 49 71 35 46 37 69 4d 2f 65 36 30 4a 4c 7a 6d 74 2b 61 4a 43 45 72 59 72 41 78 43 33 65 39 74 53 37 4c 78 6e 4e 62 32 6a 50 55 79 58 36 64 41 79 38 43 4d 58 77 4c 39 6d 6b 36 39 6c 73 64 49 57 71 52 64 61 55 70 77 5a 32 68 75 35 37 6e 65 31 64 76 50 72 76 37 4d 47 61 78 2f 6a 37 54 6d 7a 4f 33 66 36 59 78 72 56 77 38 75 4a 50 4d 72 6c 47 75 58 70 6a 31 52 6d 61 4d 4a 7a
                                Data Ascii: fLovq1WUPmdo3mij3KDPbWbl+yxhHdX0at26WJ55e02drvqNRXA0vPDaOoJ2ZD2Lpx6DdGNg48UJ90P8qL0WFCZ7oVPj+SzOMwu+N+0hOGzKdbypygDck8oT/3/69lqPtqCIq5F7iM/e60JLzmt+aJCErYrAxC3e9tS7LxnNb2jPUyX6dAy8CMXwL9mk69lsdIWqRdaUpwZ2hu57ne1dvPrv7MGax/j7TmzO3f6YxrVw8uJPMrlGuXpj1RmaMJz
                                2025-03-31 13:15:49 UTC8000INData Raw: 31 33 4d 6c 2b 48 6b 53 37 44 5a 72 78 2f 75 51 72 44 72 2b 32 39 35 53 4e 76 38 68 75 50 33 57 36 54 66 39 4c 65 57 45 71 46 6b 31 46 7a 34 71 32 52 56 2f 6d 72 79 50 64 61 53 76 33 34 4d 64 54 31 61 57 59 46 4c 46 2b 47 6f 64 50 50 61 5a 55 58 54 61 65 46 5a 59 34 4c 74 59 6e 70 75 2f 62 64 39 72 47 72 2f 65 72 44 33 37 53 4f 79 4a 70 4a 50 63 50 44 59 7a 6d 6b 33 71 6b 72 51 77 35 47 51 6b 39 67 36 78 41 76 39 32 41 4d 6c 4b 61 6e 2b 49 4b 64 71 4c 41 48 39 59 63 71 58 79 43 64 37 4a 79 35 4d 70 34 63 35 2f 6d 76 55 38 61 76 69 62 7a 5a 2b 31 4b 32 79 75 71 59 44 55 63 30 54 4f 75 6d 66 34 31 6f 4e 4c 38 51 6d 58 75 78 6d 38 57 73 4a 76 7a 65 48 5a 55 75 77 43 6d 57 6f 48 7a 69 53 66 45 38 62 46 70 4a 6e 54 4b 37 77 63 76 64 65 77 37 75 2b 62 75 72 6e
                                Data Ascii: 13Ml+HkS7DZrx/uQrDr+295SNv8huP3W6Tf9LeWEqFk1Fz4q2RV/mryPdaSv34MdT1aWYFLF+GodPPaZUXTaeFZY4LtYnpu/bd9rGr/erD37SOyJpJPcPDYzmk3qkrQw5GQk9g6xAv92AMlKan+IKdqLAH9YcqXyCd7Jy5Mp4c5/mvU8avibzZ+1K2yuqYDUc0TOumf41oNL8QmXuxm8WsJvzeHZUuwCmWoHziSfE8bFpJnTK7wcvdew7u+burn
                                2025-03-31 13:15:49 UTC8000INData Raw: 59 47 35 63 4a 79 72 70 6b 69 63 7a 49 2f 5a 33 36 6d 44 62 4e 54 4e 2f 66 6b 67 31 4d 68 56 44 71 30 4e 43 31 4c 34 66 62 4d 78 59 63 49 4c 42 42 32 61 50 67 7a 51 2b 6a 43 54 62 4b 67 6c 57 61 44 4d 71 49 46 6d 2b 71 2b 31 4d 68 62 46 73 46 6e 49 31 4c 56 39 70 47 5a 6c 67 47 72 6f 6e 42 4b 31 49 50 37 6b 6f 32 71 31 2f 34 67 49 6d 4f 4c 69 77 55 4b 56 7a 32 4e 77 76 4d 75 49 6e 45 74 39 69 44 4b 7a 75 4f 79 34 66 63 6e 62 62 61 4a 6e 79 48 38 38 39 30 6b 33 71 55 74 7a 51 50 7a 69 57 48 32 44 49 30 4e 6f 38 79 35 34 35 77 7a 4d 44 72 38 46 39 51 78 5a 42 34 72 63 39 47 52 46 58 5a 5a 32 6b 6b 74 30 35 63 35 58 79 5a 32 35 58 50 71 75 73 65 71 6b 32 57 43 30 42 75 74 4c 48 63 7a 46 6a 63 70 6f 4d 55 6c 76 62 46 46 65 70 42 65 67 74 6c 36 6d 73 39 54 32
                                Data Ascii: YG5cJyrpkiczI/Z36mDbNTN/fkg1MhVDq0NC1L4fbMxYcILBB2aPgzQ+jCTbKglWaDMqIFm+q+1MhbFsFnI1LV9pGZlgGronBK1IP7ko2q1/4gImOLiwUKVz2NwvMuInEt9iDKzuOy4fcnbbaJnyH8890k3qUtzQPziWH2DI0No8y545wzMDr8F9QxZB4rc9GRFXZZ2kkt05c5XyZ25XPquseqk2WC0ButLHczFjcpoMUlvbFFepBegtl6ms9T2
                                2025-03-31 13:15:49 UTC8000INData Raw: 41 36 41 49 65 70 50 4c 6c 53 31 35 79 56 75 72 37 72 54 30 5a 48 43 7a 66 48 4b 56 35 6e 6e 33 78 34 64 76 71 53 4a 56 31 30 78 52 56 6e 79 73 68 78 58 57 33 63 48 55 77 32 76 4f 64 4d 79 4c 76 49 69 5a 6b 33 4a 6a 63 30 48 4e 6e 51 34 44 62 6d 36 30 38 50 36 64 55 72 6c 43 68 69 66 33 71 4c 51 6e 30 46 4a 5a 70 55 68 34 67 64 51 4f 67 41 6a 4a 4f 6c 62 62 76 4b 71 6c 55 4c 72 6a 7a 2f 66 4f 65 37 76 62 32 56 6c 30 31 7a 39 6b 53 2b 50 43 6d 4f 52 77 47 61 6d 6e 51 36 39 64 52 7a 4b 4d 66 4c 6f 36 4a 6b 4a 4f 68 66 6e 79 2f 58 4a 35 39 70 6e 6b 47 66 4d 41 52 64 76 46 62 51 32 53 75 49 58 74 69 68 78 6c 33 78 4a 57 53 65 41 78 41 36 41 47 4e 52 4f 6d 66 7a 61 6d 70 4b 6e 76 36 71 56 33 56 2f 78 50 4e 33 66 37 4a 72 6f 53 63 6a 34 4a 6d 58 4f 6e 63 42 70
                                Data Ascii: A6AIepPLlS15yVur7rT0ZHCzfHKV5nn3x4dvqSJV10xRVnyshxXW3cHUw2vOdMyLvIiZk3Jjc0HNnQ4Dbm608P6dUrlChif3qLQn0FJZpUh4gdQOgAjJOlbbvKqlULrjz/fOe7vb2Vl01z9kS+PCmORwGamnQ69dRzKMfLo6JkJOhfny/XJ59pnkGfMARdvFbQ2SuIXtihxl3xJWSeAxA6AGNROmfzampKnv6qV3V/xPN3f7JroScj4JmXOncBp
                                2025-03-31 13:15:49 UTC8000INData Raw: 36 6e 6c 69 35 66 33 76 6d 4e 49 4f 69 2f 58 74 5a 72 44 2b 43 65 67 4e 44 6e 55 57 54 4f 4d 6e 64 36 4e 6d 2f 65 39 31 48 75 5a 6f 38 6a 63 36 55 6d 37 50 31 77 70 74 66 4f 7a 67 79 64 63 30 37 76 49 64 33 71 51 71 6a 79 2b 30 33 55 33 39 2f 33 2f 4a 4e 50 2f 76 70 7a 62 33 6a 44 68 58 66 71 65 6d 75 6e 71 6d 71 51 4f 67 51 4f 63 41 31 4f 65 36 51 75 70 62 35 53 52 75 70 33 62 74 38 2b 63 4d 33 77 63 4f 6b 58 51 6d 69 45 4c 76 69 35 52 55 4e 30 75 59 2b 4c 62 4d 56 55 2f 6f 35 36 4f 74 64 69 77 64 36 2b 62 64 76 49 64 59 57 43 2f 62 50 44 52 65 59 48 33 69 77 68 32 62 59 71 44 2b 32 41 77 33 48 69 78 41 37 63 62 66 2f 44 48 2f 37 34 4a 34 38 2f 33 76 39 35 31 77 32 72 2f 50 72 67 35 43 76 4c 6f 78 30 41 7a 50 53 31 4f 52 73 44 6c 55 72 46 6f 6d 52 53 34
                                Data Ascii: 6nli5f3vmNIOi/XtZrD+CegNDnUWTOMnd6Nm/e91HuZo8jc6Um7P1wptfOzgydc07vId3qQqjy+03U39/3/JNP/vpzb3jDhXfqemunqmqQOgQOcA1Oe6Qupb5SRup3bt8+cM3wcOkXQmiELvi5RUN0uY+LbMVU/o56Otdiwd6+bdvIdYWC/bPDReYH3iwh2bYqD+2Aw3HixA7cbf/DH/74J48/3v951w2r/Prg5CvLox0AzPS1ORsDlUrFomRS4
                                2025-03-31 13:15:49 UTC5693INData Raw: 36 6c 30 30 70 61 53 6e 2b 52 46 34 67 46 67 77 57 72 4b 61 74 72 79 39 4f 70 78 4c 6d 71 46 72 35 57 79 6d 71 52 6c 4a 77 6d 49 33 64 44 76 6b 79 4b 48 32 75 36 49 71 4e 4a 6c 55 52 59 69 30 66 48 55 74 73 65 4f 4f 6d 75 4c 73 2b 44 68 58 57 38 6b 66 36 78 6e 68 2f 4c 39 4e 6a 4c 39 4f 72 66 4f 39 78 6b 77 46 6a 55 39 53 37 79 4d 47 6f 4d 78 5a 46 34 62 56 4b 69 79 6e 75 49 52 78 75 63 38 4e 63 35 6d 34 73 6c 6e 2b 2b 78 37 7a 56 4e 32 65 31 37 34 6e 48 58 43 35 37 66 73 4c 31 6e 31 33 4e 50 2f 72 72 30 2b 2b 39 37 58 33 38 79 31 62 52 37 59 4b 42 63 62 57 6c 4a 30 36 4a 46 54 62 56 65 44 35 56 4d 30 30 42 58 4f 67 41 51 4f 67 43 54 47 61 32 4f 4c 59 32 72 79 6b 2b 33 53 49 64 74 63 64 79 41 64 43 6d 75 52 4d 4c 4d 36 49 61 61 66 2f 6e 6c 6e 56 6c 64 54
                                Data Ascii: 6l00paSn+RF4gFgwWrKatry9OpxLmqFr5WymqRlJwmI3dDvkyKH2u6IqNJlURYi0fHUtseOOmuLs+DhXW8kf6xnh/L9NjL9OrfO9xkwFjU9S7yMGoMxZF4bVKiynuIRxuc8Nc5m4sln++x7zVN2e174nHXC57fsL1n13NP/rr0++97X38y1bR7YKBcbWlJ06JFTbVeD5VM00BXOgAQOgCTGa2OLY2ryk+3SIdtcdyAdCmuRMLM6Iaaf/nlnVldT


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                1192.168.2.449735142.250.80.684438256C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                2025-03-31 13:15:50 UTC741OUTGET /recaptcha/intro/images/hero-street-bg.jpg HTTP/1.1
                                Host: www.google.com
                                Connection: keep-alive
                                sec-ch-ua-platform: "Windows"
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                sec-ch-ua-mobile: ?0
                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJWhywEInP7MAQiFoM0B
                                Sec-Fetch-Site: cross-site
                                Sec-Fetch-Mode: no-cors
                                Sec-Fetch-Dest: image
                                Sec-Fetch-Storage-Access: active
                                Referer: https://redcon1entertainment.com/
                                Accept-Encoding: gzip, deflate, br, zstd
                                Accept-Language: en-US,en;q=0.9
                                2025-03-31 13:15:50 UTC417INHTTP/1.1 301 Moved Permanently
                                Location: https://cloud.google.com/security/products/recaptcha
                                Content-Type: text/html; charset=UTF-8
                                X-Content-Type-Options: nosniff
                                Date: Mon, 31 Mar 2025 13:15:50 GMT
                                Expires: Mon, 31 Mar 2025 13:45:50 GMT
                                Cache-Control: public, max-age=1800
                                Server: sffe
                                Content-Length: 249
                                X-XSS-Protection: 0
                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                Connection: close
                                2025-03-31 13:15:50 UTC249INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 63 6c 6f 75 64 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 65 63 75 72 69 74 79 2f 70 72 6f 64 75 63 74 73 2f 72 65 63 61 70 74 63 68 61 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://cloud.google.com/security/products/recaptcha">here</A>.</BODY></HTML>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                2192.168.2.449745109.61.91.1954438256C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                2025-03-31 13:15:50 UTC652OUTGET /android/24/000000/refresh.png HTTP/1.1
                                Host: img.icons8.com
                                Connection: keep-alive
                                sec-ch-ua-platform: "Windows"
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                sec-ch-ua-mobile: ?0
                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                Sec-Fetch-Site: cross-site
                                Sec-Fetch-Mode: no-cors
                                Sec-Fetch-Dest: image
                                Sec-Fetch-Storage-Access: active
                                Referer: https://redcon1entertainment.com/
                                Accept-Encoding: gzip, deflate, br, zstd
                                Accept-Language: en-US,en;q=0.9
                                2025-03-31 13:15:51 UTC635INHTTP/1.1 200 OK
                                Date: Mon, 31 Mar 2025 13:15:51 GMT
                                Content-Type: image/png
                                Content-Length: 330
                                Connection: close
                                access-control-allow-origin: *
                                icon-id: 15469
                                icon-size: 24
                                icon-format: png
                                last-modified: Fri, 28 Mar 2025 03:52:38
                                version: 0.0.29
                                from-mongo-cache: true
                                from-redis-cache: false
                                not-found-platform: false
                                cache-control: public, max-age=302400
                                Strict-Transport-Security: max-age=15724800; includeSubDomains
                                X-77-NZT: EgwBbT1bwQHXaYoDAAwBWbuxDAG3IgAAAA
                                X-77-NZT-Ray: 068a823304d05b138795ea6768e05702
                                X-77-Cache: HIT
                                X-77-Age: 232041
                                Server: CDN77-Turbo
                                X-77-POP: ashburnUSVA
                                Accept-Ranges: bytes
                                2025-03-31 13:15:51 UTC330INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 18 00 00 00 18 08 06 00 00 00 e0 77 3d f8 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 fc 49 44 41 54 78 9c ed 95 b1 0d c2 30 10 45 1f 05 34 40 49 c9 02 a4 40 a2 00 a6 60 16 26 01 91 11 32 03 1d 63 00 0d 2d 2d 55 a0 48 81 00 19 7d 4b 28 24 8e 8d e4 8e 27 9d 64 25 f7 fd e5 4b ee 0c 7f 02 19 28 2c 43 e0 02 3c 4b 71 03 0e c0 1a 48 7c 37 6f 01 5b 85 59 5b 16 c0 a3 c2 c4 c6 1d 48 81 4e 93 c1 f2 43 64 d6 2e ba c0 0c d8 00 85 34 3b 97 c9 e4 23 f1 a9 b5 79 e6 c3 18 38 4b 67 4e f2 45 1f 38 55 1c fd a4 77 be 26 85 ca 35 2a bf cc 1c f5 cd f0 27 95 66 e5 4a b2 1b ff c2 4c da 7d 2c 83 9e b4 79 2c 03 2f 7d 74 83 5c 09 bd 58 06 47 25 4c 63 19 ac 95 60 3a d4 97 2c e4 37 4f d4 2c 85 9a c7
                                Data Ascii: PNGIHDRw=pHYsIDATx0E4@I@`&2c--UH}K($'d%K(,C<KqH|7o[Y[HNCd.4;#y8KgNE8Uw&5*'fJL},y,/}t\XG%Lc`:,7O,


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                3192.168.2.449751109.61.91.1974438256C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                2025-03-31 13:15:51 UTC407OUTGET /android/24/000000/refresh.png HTTP/1.1
                                Host: img.icons8.com
                                Connection: keep-alive
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                Accept: */*
                                Sec-Fetch-Site: none
                                Sec-Fetch-Mode: cors
                                Sec-Fetch-Dest: empty
                                Sec-Fetch-Storage-Access: active
                                Accept-Encoding: gzip, deflate, br, zstd
                                Accept-Language: en-US,en;q=0.9
                                2025-03-31 13:15:51 UTC635INHTTP/1.1 200 OK
                                Date: Mon, 31 Mar 2025 13:15:51 GMT
                                Content-Type: image/png
                                Content-Length: 330
                                Connection: close
                                access-control-allow-origin: *
                                icon-id: 15469
                                icon-size: 24
                                icon-format: png
                                last-modified: Fri, 28 Mar 2025 03:52:38
                                version: 0.0.29
                                from-mongo-cache: true
                                from-redis-cache: false
                                not-found-platform: false
                                cache-control: public, max-age=302400
                                Strict-Transport-Security: max-age=15724800; includeSubDomains
                                X-77-NZT: EgwBbT1bxAHXd4oDAAwBWbuxDAG3FAAAAA
                                X-77-NZT-Ray: bff7651d661c5a018795ea67568c2b21
                                X-77-Cache: HIT
                                X-77-Age: 232055
                                Server: CDN77-Turbo
                                X-77-POP: ashburnUSVA
                                Accept-Ranges: bytes
                                2025-03-31 13:15:51 UTC330INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 18 00 00 00 18 08 06 00 00 00 e0 77 3d f8 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 fc 49 44 41 54 78 9c ed 95 b1 0d c2 30 10 45 1f 05 34 40 49 c9 02 a4 40 a2 00 a6 60 16 26 01 91 11 32 03 1d 63 00 0d 2d 2d 55 a0 48 81 00 19 7d 4b 28 24 8e 8d e4 8e 27 9d 64 25 f7 fd e5 4b ee 0c 7f 02 19 28 2c 43 e0 02 3c 4b 71 03 0e c0 1a 48 7c 37 6f 01 5b 85 59 5b 16 c0 a3 c2 c4 c6 1d 48 81 4e 93 c1 f2 43 64 d6 2e ba c0 0c d8 00 85 34 3b 97 c9 e4 23 f1 a9 b5 79 e6 c3 18 38 4b 67 4e f2 45 1f 38 55 1c fd a4 77 be 26 85 ca 35 2a bf cc 1c f5 cd f0 27 95 66 e5 4a b2 1b ff c2 4c da 7d 2c 83 9e b4 79 2c 03 2f 7d 74 83 5c 09 bd 58 06 47 25 4c 63 19 ac 95 60 3a d4 97 2c e4 37 4f d4 2c 85 9a c7
                                Data Ascii: PNGIHDRw=pHYsIDATx0E4@I@`&2c--UH}K($'d%K(,C<KqH|7o[Y[HNCd.4;#y8KgNE8Uw&5*'fJL},y,/}t\XG%Lc`:,7O,


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                4192.168.2.449750142.251.40.2384438256C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                2025-03-31 13:15:51 UTC729OUTGET /security/products/recaptcha HTTP/1.1
                                Host: cloud.google.com
                                Connection: keep-alive
                                sec-ch-ua-platform: "Windows"
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                sec-ch-ua-mobile: ?0
                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJWhywEInP7MAQiFoM0B
                                Sec-Fetch-Site: cross-site
                                Sec-Fetch-Mode: no-cors
                                Sec-Fetch-Dest: image
                                Sec-Fetch-Storage-Access: active
                                Referer: https://redcon1entertainment.com/
                                Accept-Encoding: gzip, deflate, br, zstd
                                Accept-Language: en-US,en;q=0.9
                                2025-03-31 13:15:51 UTC2391INHTTP/1.1 403 Forbidden
                                Content-Type: text/html; charset=utf-8
                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                Pragma: no-cache
                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                Date: Mon, 31 Mar 2025 13:15:51 GMT
                                Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
                                P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                Strict-Transport-Security: max-age=31536000
                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/GoogleCloudUxWebAppCgcUi/cspreport
                                Content-Security-Policy: script-src 'report-sample' 'nonce-euY4zRVAGDa1tw2yoRpAfQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/GoogleCloudUxWebAppCgcUi/cspreport;worker-src 'self' blob:
                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://maps.googleapis.com https://googleads.g.doubleclick.net https://s.ytimg.com https://ssl.google-analytics.com https://www.googleadservices.com/pagead/ https://www.youtube.com https://youtube.com https://youtube.googleapis.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/GoogleCloudUxWebAppCgcUi/cspreport/allowlist
                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                Cross-Origin-Opener-Policy: same-origin
                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                Transfer-Encoding: chunked
                                Server: ESF
                                X-XSS-Protection: 0
                                X-Content-Type-Options: nosniff
                                Set-Cookie: NID=522=reirbNDZx0rmdd8dMghMgcMt_0PZ3bZISuZjIOk4lpkIfawuZ7jAk9cYtLwBX8KuygI6UcL27IJ_iroVNyZRb1N98WAlnrZRYtpvExVNE1jTDVWNH1shHh5lRpG8K4n-dFAuHUgX3Q19QtvSYIn1klHjas72JAohR_1E0JNHgrrsPHCB_VNm6ck79t21gqW7aM2KSw; expires=Tue, 30-Sep-2025 13:15:51 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                Connection: close
                                2025-03-31 13:15:51 UTC1665INData Raw: 36 37 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 33 20 28 46 6f 72 62 69 64 64 65 6e 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 70 6b 6b 76 4e 59 4e 6b 46 4c 58 6c 30 6b 74 6d 34 61 4a 71 61 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20
                                Data Ascii: 67a<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 403 (Forbidden)!!1</title><style nonce="pkkvNYNkFLXl0ktm4aJqaQ">*{margin:0;padding:0}html,code{font:15px/22px
                                2025-03-31 13:15:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                Data Ascii: 0


                                Statistics

                                CPU Usage

                                Click to jump to process

                                Memory Usage

                                Click to jump to process

                                High Level Behavior Distribution

                                • File
                                • Registry

                                Click to dive into process behavior distribution

                                Behavior

                                Click to jump to process

                                System Behavior

                                General

                                Target ID:0
                                Start time:09:15:40
                                Start date:31/03/2025
                                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\mara.roth-Handbook_DocuSign6h0-3958.pdf"
                                Imagebase:0x7ff78be20000
                                File size:5'641'176 bytes
                                MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true
                                Show Windows behavior

                                File Activities

                                Show Windows behavior

                                Section Activities

                                Show Windows behavior

                                Registry Activities

                                Show Windows behavior

                                COM Activities

                                Show Windows behavior

                                Mutex Activities

                                Show Windows behavior

                                Process Activities

                                Show Windows behavior

                                Thread Activities

                                Show Windows behavior

                                Memory Activities

                                Show Windows behavior

                                System Activities

                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                Show Windows behavior

                                Windows UI Activities

                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                General

                                Target ID:1
                                Start time:09:15:41
                                Start date:31/03/2025
                                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                Imagebase:0x7ff649300000
                                File size:3'581'912 bytes
                                MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true
                                Show Windows behavior

                                File Activities

                                Show Windows behavior

                                Section Activities

                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                Show Windows behavior

                                Mutex Activities

                                Show Windows behavior

                                Process Activities

                                Show Windows behavior

                                Thread Activities

                                Show Windows behavior

                                Memory Activities

                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                Show Windows behavior

                                Process Token Activities

                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                General

                                Target ID:2
                                Start time:09:15:42
                                Start date:31/03/2025
                                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2232 --field-trial-handle=1564,i,1962462157706799152,526781585758020601,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                Imagebase:0x7ff649300000
                                File size:3'581'912 bytes
                                MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true
                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                Show Windows behavior

                                Section Activities

                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                Show Windows behavior

                                Process Activities

                                Show Windows behavior

                                Thread Activities

                                Show Windows behavior

                                Memory Activities

                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                General

                                Target ID:3
                                Start time:09:15:45
                                Start date:31/03/2025
                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument about:blank
                                Imagebase:0x7ff786830000
                                File size:3'388'000 bytes
                                MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:false
                                Show Windows behavior

                                File Activities

                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                Show Windows behavior

                                COM Activities

                                Show Windows behavior

                                Process Activities

                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                Show Windows behavior

                                Memory Activities

                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                Show Windows behavior

                                Process Token Activities


                                General

                                Target ID:4
                                Start time:09:15:46
                                Start date:31/03/2025
                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2304,i,8126060533632964085,3292062182765774855,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2340 /prefetch:3
                                Imagebase:0x7ff786830000
                                File size:3'388'000 bytes
                                MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:false
                                Show Windows behavior

                                File Activities

                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                Show Windows behavior

                                Memory Activities

                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                General

                                Target ID:6
                                Start time:09:15:47
                                Start date:31/03/2025
                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://redcon1entertainment.com/jjsaecea
                                Imagebase:0x7ff786830000
                                File size:3'388'000 bytes
                                MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true
                                Show Windows behavior

                                File Activities

                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                Show Windows behavior

                                Memory Activities


                                Disassembly

                                No disassembly