Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
AR Care.pdf

Overview

General Information

Sample name:AR Care.pdf
Analysis ID:1652981
MD5:3f4fce75f73e2833fcfd4daf7e776247
SHA1:27360ba18d8c41a6b827fefeb5bf3ffe2dc64bc7
SHA256:5fff95ecd9a376d87ce626273a765836871875e03ce5c60c4002103b11e9da0d
Infos:

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

AI detected landing page (webpage, office document or email)
Suspicious PDF detected (based on various text indicators)
Creates files inside the system directory
Deletes files inside the Windows folder
IP address seen in connection with other malware

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 7872 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\AR Care.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 8072 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7400 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1612 --field-trial-handle=1604,i,5356942124287896857,12943061900740152347,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • chrome.exe (PID: 8888 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 8924 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2008,i,3824752678761937169,17390088200995456266,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2060 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 7528 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://g7868d.onrender.com/b765a52bd2c50a8e/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJiNzY1YTUyYmQyYzUwYThlIiwiaWF0IjoxNzM5MjkyMDg2fQ.QgLKBfHewGnX9JgoiBZq79fw-TDoD0F41eawEVZJyrY" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • Phishing
  • Compliance
  • Networking
  • System Summary
  • Hooking and other Techniques for Hiding and Protection

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: PDF documentJoe Sandbox AI: Page contains button: 'REVIEW DOCUMENT' Source: 'PDF document'
Source: PDF documentJoe Sandbox AI: PDF document contains prominent button: 'review document'
Source: Adobe Acrobat PDFOCR Text: g Dropbox DocSend Click the button below to access this content REVIEW DOCUMENT DocSend is the best way to securely send and track your content. Learn more. Dropbox DocSend Made in San Francisco, CA O 2025 DocSend.
Source: unknownHTTPS traffic detected: 142.251.32.100:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.24.57.252:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.24.57.252:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: Joe Sandbox ViewIP Address: 216.24.57.252 216.24.57.252
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.35.163
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.35.163
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.35.163
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.35.163
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.35.163
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.35.163
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.35.163
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.35.163
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.35.163
Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /b765a52bd2c50a8e/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJiNzY1YTUyYmQyYzUwYThlIiwiaWF0IjoxNzM5MjkyMDg2fQ.QgLKBfHewGnX9JgoiBZq79fw-TDoD0F41eawEVZJyrY HTTP/1.1Host: g7868d.onrender.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJWhywEInP7MAQiFoM0BCL7VzgEIgdbOAQjI3M4BCIrgzgEIruTOAQiL5c4BSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: g7868d.onrender.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://g7868d.onrender.com/b765a52bd2c50a8e/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJiNzY1YTUyYmQyYzUwYThlIiwiaWF0IjoxNzM5MjkyMDg2fQ.QgLKBfHewGnX9JgoiBZq79fw-TDoD0F41eawEVZJyrYAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org
Source: global trafficHTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: g7868d.onrender.com
Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service UnavailableDate: Mon, 31 Mar 2025 15:32:49 GMTContent-Type: text/html; charset=utf-8Content-Length: 243Connection: closex-render-routing: suspendcf-cache-status: DYNAMICServer: cloudflareCF-RAY: 9290e6ccbaefc3f3-EWRalt-svc: h3=":443"; ma=86400
Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service UnavailableDate: Mon, 31 Mar 2025 15:32:50 GMTContent-Type: text/html; charset=utf-8Content-Length: 243Connection: closex-render-routing: suspendcf-cache-status: DYNAMICServer: cloudflareCF-RAY: 9290e6d9b9ea7281-EWRalt-svc: h3=":443"; ma=86400
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.drString found in binary or memory: http://x1.i.lencr.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownHTTPS traffic detected: 142.251.32.100:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.24.57.252:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.24.57.252:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir8888_213586689Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir8888_213586689Jump to behavior
Source: classification engineClassification label: mal48.phis.winPDF@37/51@6/5
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-03-31 11-32-18-896.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\AR Care.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1612 --field-trial-handle=1604,i,5356942124287896857,12943061900740152347,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2008,i,3824752678761937169,17390088200995456266,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2060 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://g7868d.onrender.com/b765a52bd2c50a8e/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJiNzY1YTUyYmQyYzUwYThlIiwiaWF0IjoxNzM5MjkyMDg2fQ.QgLKBfHewGnX9JgoiBZq79fw-TDoD0F41eawEVZJyrY"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1612 --field-trial-handle=1604,i,5356942124287896857,12943061900740152347,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2008,i,3824752678761937169,17390088200995456266,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2060 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: AR Care.pdfInitial sample: PDF keyword /JS count = 0
Source: AR Care.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: AR Care.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions		1
Process Injection		11
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1652981 Sample: AR Care.pdf Startdate: 31/03/2025 Architecture: WINDOWS Score: 48 22 x1.i.lencr.org 2->22 24 e8652.dscx.akamaiedge.net 2->24 26 2 other IPs or domains 2->26 40 Suspicious PDF detected (based on various text indicators) 2->40 42 AI detected landing page (webpage, office document or email) 2->42 8 chrome.exe 2 2->8         started        11 Acrobat.exe 20 70 2->11         started        13 chrome.exe 2->13         started        signatures3 process4 dnsIp5 28 192.168.2.17 unknown unknown 8->28 30 192.168.2.4, 138, 443, 49709 unknown unknown 8->30 15 chrome.exe 8->15         started        18 AcroCEF.exe 106 11->18         started        process6 dnsIp7 32 gcp-us-west1-1.origin.onrender.com.cdn.cloudflare.net 216.24.57.252, 443, 49743, 49744 RENDERUS United States 15->32 34 www.google.com 142.251.32.100, 443, 49742, 49751 GOOGLEUS United States 15->34 38 2 other IPs or domains 15->38 36 e8652.dscx.akamaiedge.net 23.48.144.248, 49725, 80 AKAMAI-ASN1EU United States 18->36 20 AcroCEF.exe 2 18->20         started        process8

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://g7868d.onrender.com/favicon.ico0%Avira URL Cloudsafe

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.90.172
truefalse
    		high
    e8652.dscx.akamaiedge.net
    		23.48.144.248
    		truefalse
      		high
      gcp-us-west1-1.origin.onrender.com.cdn.cloudflare.net
      		216.24.57.252
      		truefalse
        		high
        www.google.com
        		142.251.32.100
        		truefalse
          		high
          x1.i.lencr.org
          		unknown
          		unknownfalse
            		high
            g7868d.onrender.com
            		unknown
            		unknownfalse
              		unknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://g7868d.onrender.com/b765a52bd2c50a8e/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJiNzY1YTUyYmQyYzUwYThlIiwiaWF0IjoxNzM5MjkyMDg2fQ.QgLKBfHewGnX9JgoiBZq79fw-TDoD0F41eawEVZJyrYfalse
                		unknown
                http://x1.i.lencr.org/false
                  		high
                  http://c.pki.goog/r/gsr1.crlfalse
                    		high
                    http://c.pki.goog/r/r4.crlfalse
                      		high
                      https://g7868d.onrender.com/favicon.icofalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhEfalse
                        		high

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        23.48.144.248
                        		e8652.dscx.akamaiedge.netUnited States
                        		20940AKAMAI-ASN1EUfalse
                        142.251.32.100
                        		www.google.comUnited States
                        		15169GOOGLEUSfalse
                        216.24.57.252
                        		gcp-us-west1-1.origin.onrender.com.cdn.cloudflare.netUnited States
                        		397273RENDERUSfalse

                        Private

                        IP
                        192.168.2.17
                        192.168.2.4

                        General Information

                        Joe Sandbox version:42.0.0 Malachite
                        Analysis ID:1652981
                        Start date and time:2025-03-31 17:31:13 +02:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 5m 38s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:defaultwindowspdfcookbook.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:25
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:AR Care.pdf
                        Detection:MAL
                        Classification:mal48.phis.winPDF@37/51@6/5
                        Cookbook Comments:
                        • Found application associated with file extension: .pdf
                        • Found PDF document
                        • Close Viewer
                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                        • Excluded IPs from analysis (whitelisted): 23.51.56.185, 23.215.0.48, 23.215.0.36, 162.159.61.3, 172.64.41.3, 18.213.11.84, 54.224.241.105, 34.237.241.83, 50.16.47.176, 199.232.90.172, 184.31.68.248, 23.195.76.153, 142.250.80.3, 142.251.41.14, 142.251.179.84, 142.250.64.78, 142.250.80.67, 23.9.183.29, 172.202.163.200
                        • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, slscr.update.microsoft.com, e4578.dscb.akamaiedge.net, clientservices.googleapis.com, acroipm2.adobe.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, c.pki.goog, wu-b-net.trafficmanager.net, clients1.google.com, fs.microsoft.com, accounts.google.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, edgedl.me.gvt1.com, armmf.adobe.com, clients.l.google.com, geo2.adobe.com
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size exceeded maximum capacity and may have missing behavior information.
                        • Report size getting too big, too many NtOpenFile calls found.

                        Simulations

                        Behavior and APIs

                        TimeTypeDescription
                        11:32:27API Interceptor2x Sleep call for process: AcroCEF.exe modified

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        23.48.144.248Invoice Number INV132146-1.pdfGet hashmaliciousUnknownBrowse
                        • x1.i.lencr.org/
                        Invoice Number INV132146-1.pdfGet hashmaliciousUnknownBrowse
                        • x1.i.lencr.org/
                        3bSDIpSIdF.msiGet hashmaliciousUnknownBrowse
                        • x1.c.lencr.org/
                        216.24.57.252smtp12_0_BANK DETAILS.xlsGet hashmaliciousAgentTeslaBrowse
                        • uri.ac/UXLwPY
                        Transferencia.xlaGet hashmaliciousAgentTeslaBrowse
                        • uri.ac/bHA3z_
                        n#U00e1kupn#U00fa objedn#U00e1vku.xla.xlsxGet hashmaliciousAgentTeslaBrowse
                        • uri.ac/cjwX3v
                        Comprobante.xla.xlsxGet hashmaliciousAgentTeslaBrowse
                        • uri.ac/bHA3z_
                        comand#U0103 de achizi#U021bie.xla.xlsxGet hashmaliciousAgentTeslaBrowse
                        • uri.ac/sUkkLX
                        Payment Advice Copy.xlsGet hashmaliciousUnknownBrowse
                        • uri.ac/gUUc_w
                        Payment Advice Copy.xlsGet hashmaliciousUnknownBrowse
                        • uri.ac/gUUc_w
                        DHLXInvoice.xlsGet hashmaliciousAgentTesla, PureLog StealerBrowse
                        • uri.ac/wfvMQA
                        DHL_89576534576879899009079968.pdf.xla.xlsxGet hashmaliciousAgentTeslaBrowse
                        • uri.ac/IUTYP4

                        Domains

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        gcp-us-west1-1.origin.onrender.com.cdn.cloudflare.nethttps://ebidxs0lqgtrc1e6kmwrwew9kcjkl3nqg0ud6g8m5kilxdom6s.g8way.io/O-wpvbR0VIDe1sWempQ4ZZLhpjGlCINUUh9hHVDZnXc?email=portugal.reception@daiichi-sankyo.ptGet hashmaliciousUnknownBrowse
                        • 216.24.57.4
                        http://download-wetransfer-wp8tkd96cmrqfbloynb7vhxy2rjqg3t5aztpxlmapp.vercel.app/Get hashmaliciousUnknownBrowse
                        • 216.24.57.4
                        FW_ Ready for Your Review & Sign-Off Before Submission #U2014 Final Q1 Financials.msgGet hashmaliciousUnknownBrowse
                        • 216.24.57.4
                        http://www.google.com/url?q=http%3A%2F%2Fbusiness-page-appealdepart-de.vercel.app&sa=D&sntz=1&usg=AOvVaw3y7XLatnyOzQiEGegrNq5uGet hashmaliciousUnknownBrowse
                        • 216.24.57.4
                        https://wetranfshare-download.vercel.app/?_vercel_share=mMrjHbEyWpUy8BtvznHKEbLe5VGwPObG93LXJheS5nbGl0Y2gubWUvc2NyLmpzIj48L3NjcmlwdD4KPC9oZWFkPgo8Ym9k?email=Get hashmaliciousHTMLPhisherBrowse
                        • 216.24.57.4
                        https://ahorrosparati.vercel.app/points/PSE/falabella/index.htmlGet hashmaliciousUnknownBrowse
                        • 216.24.57.4
                        http://yesincs.comGet hashmaliciousUnknownBrowse
                        • 216.24.57.4
                        Fulcrumair- Insurance - Agreementfdp.pdfGet hashmaliciousHTMLPhisherBrowse
                        • 216.24.57.4
                        http://ipfs.io/ipns/k51qzi5uqu5dju03dk6lty37zzhw75rly586fojrercxcsjg745vjuulzzc1wiGet hashmaliciousHTMLPhisherBrowse
                        • 216.24.57.4
                        https://cloudgate.digitalshrill.com/c/pokhhtfeGet hashmaliciousHackBrowserBrowse
                        • 216.24.57.4
                        bg.microsoft.map.fastly.netR5STYRsz6b.exeGet hashmaliciousVanhelsingBrowse
                        • 199.232.90.172
                        Revised - Bcs 2025 Handbook21920.docGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                        • 199.232.90.172
                        Natsu.exeGet hashmaliciousQuasarBrowse
                        • 151.101.46.172
                        Setup.exeGet hashmaliciousLummaC StealerBrowse
                        • 199.232.90.172
                        DoxoGram V14 (PC).exeGet hashmaliciousLummaC StealerBrowse
                        • 199.232.38.172
                        StartupScript_0f6d844f.cmdGet hashmaliciousBatch Injector, XWormBrowse
                        • 199.232.38.172
                        crypted.exeGet hashmaliciousVidarBrowse
                        • 199.232.38.172
                        8L1kW88HYO.msiGet hashmaliciousUnknownBrowse
                        • 199.232.38.172
                        hv1A8vuC6I.exeGet hashmaliciousUnknownBrowse
                        • 199.232.38.172
                        sypoZWXQNe.exeGet hashmaliciousUnknownBrowse
                        • 199.232.38.172
                        e8652.dscx.akamaiedge.netmara.roth-Handbook_DocuSign6h0-3958.pdfGet hashmaliciousFake CaptchaBrowse
                        • 23.216.136.238
                        email.emlGet hashmaliciousUnknownBrowse
                        • 23.197.253.105
                        Petroleum Systems Services Corporation WAV Caller.pdfGet hashmaliciousHTMLPhisherBrowse
                        • 23.216.136.238
                        7ivgZ6j7.pdfGet hashmaliciousUnknownBrowse
                        • 23.46.224.249
                        Hess Vioce Message.pdfGet hashmaliciousUnknownBrowse
                        • 23.216.136.238
                        ATT02683-1.pdfGet hashmaliciousUnknownBrowse
                        • 23.216.136.238
                        phish_alert_sp2_2.0.0.0.emlGet hashmaliciousUnknownBrowse
                        • 23.197.253.105
                        https://www.transfernow.net/en/bld?utm_source=20250321oYBy7zgbGet hashmaliciousHTMLPhisherBrowse
                        • 23.216.136.238
                        https://app.eraser.io/workspace/ISn1eLCg7dzDBCScfS1e?origin=shareGet hashmaliciousUnknownBrowse
                        • 23.216.136.238
                        345778.pdfGet hashmaliciousHTMLPhisherBrowse
                        • 23.216.136.238

                        ASNs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        RENDERUS345778.pdfGet hashmaliciousHTMLPhisherBrowse
                        • 216.24.57.1
                        https://tb.gitcombust.shop/Get hashmaliciousUnknownBrowse
                        • 216.24.57.1
                        https://nrro.ogquwu.top/Get hashmaliciousHTMLPhisherBrowse
                        • 216.24.57.1
                        https://krunk.basalikum.top/Get hashmaliciousHTMLPhisherBrowse
                        • 216.24.57.1
                        https://ebidxs0lqgtrc1e6kmwrwew9kcjkl3nqg0ud6g8m5kilxdom6s.g8way.io/O-wpvbR0VIDe1sWempQ4ZZLhpjGlCINUUh9hHVDZnXc?email=portugal.reception@daiichi-sankyo.ptGet hashmaliciousUnknownBrowse
                        • 216.24.57.4
                        http://download-wetransfer-wp8tkd96cmrqfbloynb7vhxy2rjqg3t5aztpxlmapp.vercel.app/Get hashmaliciousUnknownBrowse
                        • 216.24.57.4
                        FW_ Ready for Your Review & Sign-Off Before Submission #U2014 Final Q1 Financials.msgGet hashmaliciousUnknownBrowse
                        • 216.24.57.4
                        https://nettl.ntfs2.shop/Get hashmaliciousUnknownBrowse
                        • 216.24.57.1
                        https://nettl.ntfs2.shop/Get hashmaliciousUnknownBrowse
                        • 216.24.57.1
                        https://tb.boldntfst.shop/Get hashmaliciousUnknownBrowse
                        • 216.24.57.1
                        AKAMAI-ASN1EUhttps://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=ptVtrO5h6UWXTNoyJZlZvSNGCqYt2kJIvbb15hNxtbZURExOSDBUQjFVNEI3SEVSUk9CSTk4TFg2SS4uGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                        • 23.219.36.138
                        https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=ptVtrO5h6UWXTNoyJZlZvSNGCqYt2kJIvbb15hNxtbZURExOSDBUQjFVNEI3SEVSUk9CSTk4TFg2SS4uGet hashmaliciousHTMLPhisherBrowse
                        • 23.53.35.207
                        Listen_mp3 (1).svgGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                        • 23.209.72.9
                        random.exeGet hashmaliciousCredential FlusherBrowse
                        • 23.199.55.56
                        random.exeGet hashmaliciousCredential FlusherBrowse
                        • 23.199.55.56
                        https://bankonlinesupport.com/render-template/?csu=PPEGYaHY&status_id=nGet hashmaliciousUnknownBrowse
                        • 23.210.73.169
                        x86.elfGet hashmaliciousMiraiBrowse
                        • 23.7.208.96
                        email.emlGet hashmaliciousUnknownBrowse
                        • 23.209.72.172
                        SecuriteInfo.com.Win64.CrypterX-gen.470.14444.exeGet hashmaliciousVidarBrowse
                        • 23.210.73.162
                        Presentation Of Court Order_Letter.pptxGet hashmaliciousHTMLPhisherBrowse
                        • 23.209.72.207

                        JA3 Fingerprints

                        No context

                        Dropped Files

                        No context

                        Created / dropped Files

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):292
                        Entropy (8bit):5.184162797819037
                        Encrypted:false
                        SSDEEP:6:iOEePUkVq2Pwkn2nKuAl9OmbnIFUtqePUJuegZmwAePUJueIkwOwkn2nKuAl9Omt:7CkVvYfHAahFUtMJueg/OJueI5JfHAae
                        MD5:88A463801552E23E2358AE69D73FFA0A
                        SHA1:B51BF2D7EC046081F01E09016686C739070B0C7E
                        SHA-256:0B8C712BC57D978D35EC27951EFBC45F2818448496C33A80819CCA29C2CBC359
                        SHA-512:BF3C1EA0302E2C8281D1AB8DFC570646D6E422C5D5595E668046C8814805088C85951717F5E23687A42B745CD3294782C24AF5578D309AD408B70BEBD949461C
                        Malicious:false
                        Reputation:low
                        Preview:2025/03/31-11:32:16.203 1fd4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/03/31-11:32:16.206 1fd4 Recovering log #3.2025/03/31-11:32:16.206 1fd4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):292
                        Entropy (8bit):5.184162797819037
                        Encrypted:false
                        SSDEEP:6:iOEePUkVq2Pwkn2nKuAl9OmbnIFUtqePUJuegZmwAePUJueIkwOwkn2nKuAl9Omt:7CkVvYfHAahFUtMJueg/OJueI5JfHAae
                        MD5:88A463801552E23E2358AE69D73FFA0A
                        SHA1:B51BF2D7EC046081F01E09016686C739070B0C7E
                        SHA-256:0B8C712BC57D978D35EC27951EFBC45F2818448496C33A80819CCA29C2CBC359
                        SHA-512:BF3C1EA0302E2C8281D1AB8DFC570646D6E422C5D5595E668046C8814805088C85951717F5E23687A42B745CD3294782C24AF5578D309AD408B70BEBD949461C
                        Malicious:false
                        Reputation:low
                        Preview:2025/03/31-11:32:16.203 1fd4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/03/31-11:32:16.206 1fd4 Recovering log #3.2025/03/31-11:32:16.206 1fd4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):336
                        Entropy (8bit):5.12516079208442
                        Encrypted:false
                        SSDEEP:6:iOEePUFAq2Pwkn2nKuAl9Ombzo2jMGIFUtqePUzFUZmwAePUzFUkwOwkn2nKuAlx:7CFAvYfHAa8uFUtMq/OW5JfHAa8RJ
                        MD5:38E6B12EBA6EB929BBD6B632B8BB0B82
                        SHA1:DE80E13066C535F02B6A38376E8D528A63A8AFCD
                        SHA-256:91A16206273BD8907827A0FD251B952E3B056801EC74AE3D02E3E05C1BAE87C8
                        SHA-512:1561139084AC750FB2BFC19B451DC78D95051790F0BE293EF2B057E0F07D15BEAB8B45DB1BBABC26B01EA836D9BE03B98507DE5EBE6E9C6B1A0F97DEF928113C
                        Malicious:false
                        Reputation:low
                        Preview:2025/03/31-11:32:15.990 1d00 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/03/31-11:32:15.993 1d00 Recovering log #3.2025/03/31-11:32:15.993 1d00 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):336
                        Entropy (8bit):5.12516079208442
                        Encrypted:false
                        SSDEEP:6:iOEePUFAq2Pwkn2nKuAl9Ombzo2jMGIFUtqePUzFUZmwAePUzFUkwOwkn2nKuAlx:7CFAvYfHAa8uFUtMq/OW5JfHAa8RJ
                        MD5:38E6B12EBA6EB929BBD6B632B8BB0B82
                        SHA1:DE80E13066C535F02B6A38376E8D528A63A8AFCD
                        SHA-256:91A16206273BD8907827A0FD251B952E3B056801EC74AE3D02E3E05C1BAE87C8
                        SHA-512:1561139084AC750FB2BFC19B451DC78D95051790F0BE293EF2B057E0F07D15BEAB8B45DB1BBABC26B01EA836D9BE03B98507DE5EBE6E9C6B1A0F97DEF928113C
                        Malicious:false
                        Reputation:low
                        Preview:2025/03/31-11:32:15.990 1d00 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/03/31-11:32:15.993 1d00 Recovering log #3.2025/03/31-11:32:15.993 1d00 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):475
                        Entropy (8bit):4.96612785178761
                        Encrypted:false
                        SSDEEP:12:YH/um3RA8sq5sBdOg2HO2caq3QYiubInP7E4T3y:Y2sRdsHdMHOJ3QYhbG7nby
                        MD5:AB9799B239E8538C3F478C4AFAEDF6FC
                        SHA1:C57A74F9D0AE33FE23B0B6E53D1CB595432EB264
                        SHA-256:77D0829BE0B78EAA911ECBB5F471F698DAA6FEC8FBBC5FE2CD571FC36F3E6122
                        SHA-512:259A3B8906EEBA1795E502BF41E75411C7F8C85CF28C4CCCDBB01A27D99EA772FD134CC2998D5F5FA70E8E968C1074F5ABFF8160598390D29E1C2D90B79ED500
                        Malicious:false
                        Reputation:low
                        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13387995143109318","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":109852},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\ff09b2dc-2381-4352-9578-99a5ef90b2d3.tmp

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:JSON data
                        Category:modified
                        Size (bytes):475
                        Entropy (8bit):4.96612785178761
                        Encrypted:false
                        SSDEEP:12:YH/um3RA8sq5sBdOg2HO2caq3QYiubInP7E4T3y:Y2sRdsHdMHOJ3QYhbG7nby
                        MD5:AB9799B239E8538C3F478C4AFAEDF6FC
                        SHA1:C57A74F9D0AE33FE23B0B6E53D1CB595432EB264
                        SHA-256:77D0829BE0B78EAA911ECBB5F471F698DAA6FEC8FBBC5FE2CD571FC36F3E6122
                        SHA-512:259A3B8906EEBA1795E502BF41E75411C7F8C85CF28C4CCCDBB01A27D99EA772FD134CC2998D5F5FA70E8E968C1074F5ABFF8160598390D29E1C2D90B79ED500
                        Malicious:false
                        Reputation:low
                        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13387995143109318","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":109852},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):4730
                        Entropy (8bit):5.248773788071163
                        Encrypted:false
                        SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo73FuC7FufZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goK
                        MD5:44CACD5898235A7BDA434FABB51DAF01
                        SHA1:235081D99C4658B999917EED270155AA1ED1D8C0
                        SHA-256:E69259D1B69F28D3F63C5B584F1EB063772C6DBF578483FBA7D32CB1F9AD3101
                        SHA-512:56BFB3B43614D591638AE898F5614E904F5E68C08766A8972F05C33EED2B7EAA52FB74D101FACF69D1D97104F82E78EA9FC50149F2F55B6CC0EA36DFBD217EC9
                        Malicious:false
                        Reputation:low
                        Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):324
                        Entropy (8bit):5.152039638065632
                        Encrypted:false
                        SSDEEP:6:iOEePUVEq2Pwkn2nKuAl9OmbzNMxIFUtqePURZmwAePUZFkwOwkn2nKuAl9OmbzE:7CKvYfHAa8jFUtMR/On5JfHAa84J
                        MD5:9483BFF5E301888E9163549C95EAF812
                        SHA1:258FC69CCE377ADAE1C6C7CCB51D5F6F213C12FC
                        SHA-256:68DB8E8EC346E58C707359B987183651EB8532B8DC76AD9F55045CE40DD93C30
                        SHA-512:C9B617783FE4C76E95A04A9FF5049576F51F44726DCBCE2A88CBFE7B6789FCBAEB8A26E270B8840F29116944A11E7604ABC41257F527C57393757FB3CC431A73
                        Malicious:false
                        Preview:2025/03/31-11:32:16.283 1d00 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/03/31-11:32:16.285 1d00 Recovering log #3.2025/03/31-11:32:16.292 1d00 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):324
                        Entropy (8bit):5.152039638065632
                        Encrypted:false
                        SSDEEP:6:iOEePUVEq2Pwkn2nKuAl9OmbzNMxIFUtqePURZmwAePUZFkwOwkn2nKuAl9OmbzE:7CKvYfHAa8jFUtMR/On5JfHAa84J
                        MD5:9483BFF5E301888E9163549C95EAF812
                        SHA1:258FC69CCE377ADAE1C6C7CCB51D5F6F213C12FC
                        SHA-256:68DB8E8EC346E58C707359B987183651EB8532B8DC76AD9F55045CE40DD93C30
                        SHA-512:C9B617783FE4C76E95A04A9FF5049576F51F44726DCBCE2A88CBFE7B6789FCBAEB8A26E270B8840F29116944A11E7604ABC41257F527C57393757FB3CC431A73
                        Malicious:false
                        Preview:2025/03/31-11:32:16.283 1d00 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/03/31-11:32:16.285 1d00 Recovering log #3.2025/03/31-11:32:16.292 1d00 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250331153221Z-234.bmp

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:PC bitmap, Windows 3.x format, 164 x -71 x 32, cbSize 46630, bits offset 54
                        Category:dropped
                        Size (bytes):46630
                        Entropy (8bit):2.388829347952151
                        Encrypted:false
                        SSDEEP:96:7gXspYjTPPIoxKdxvwKvf/YnQb+RzjF+FRh4wFpb3q/5tJYRd:MzFxKdxvwKvf/YnZzWl5qhtJYRd
                        MD5:653700ED84206E574E0E230CE2E7FD72
                        SHA1:7B71C54E0B38A1CB448DB4B13FF13E790FDBED53
                        SHA-256:631ACFEB7061D29C60924A341305E1432522889568686C7458BDB572BD187F8B
                        SHA-512:13C666DDAB40AD34B3508BC7862E7877AC8815E11431092C0E2341168A3251747BCCE2D542A595D582F898DE7FB7577C68099B78E1372F4F6906F1D6F8D9A2F2
                        Malicious:false
                        Preview:BM&.......6...(............. ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                        Category:dropped
                        Size (bytes):86016
                        Entropy (8bit):4.444996570356774
                        Encrypted:false
                        SSDEEP:384:yezci5toiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rPs3OazzU89UTTgUL
                        MD5:B3E92885CD87DD3855E84735A7BFFDCC
                        SHA1:DCE500CE617B29561A8F0AD6FCA119EC300FCE18
                        SHA-256:7074FC35951CAE9536E5FADE949C4FF9E567E61DCBBDA6AF191CB30D9740A626
                        SHA-512:87EC9903B6D1FCCC272E1E2F31687C4F63FBD6CF556B1DA82136976E08ABFBE8FBCBA009D37B309A672CF9D23562EE677ED3E45476CE3F180CE6D7F71E428160
                        Malicious:false
                        Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:SQLite Rollback Journal
                        Category:dropped
                        Size (bytes):8720
                        Entropy (8bit):3.7762333819454694
                        Encrypted:false
                        SSDEEP:48:7MFp/E2ioyVSioy9oWoy1Cwoy1eKOioy1noy1AYoy1Wioy1hioybioy8oy1noy1q:7+pjuSFBXKQldb9IVXEBodRBks
                        MD5:5E1C83E6657323A9CBE61289855DD6FB
                        SHA1:E02E47FE3D9431AD197CA4006236ADBAA4A2E107
                        SHA-256:9B0F52276301433C22619AE05F0FF8B1158B5E24C3128FE9A6FAFC3E8EFBF870
                        SHA-512:CAE4CE93227474CFC39BC7C921AB10D8B28B77EF9C17713F10D4BE556774AC22DC3DC1194F49A1BB400C38E951CA7EAB4A346C3FD9ACF1912563EE66886F0FFB
                        Malicious:false
                        Preview:.... .c........B...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:Certificate, Version=3
                        Category:dropped
                        Size (bytes):1391
                        Entropy (8bit):7.705940075877404
                        Encrypted:false
                        SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                        MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                        SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                        SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                        SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                        Malicious:false
                        Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 73305 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                        Category:dropped
                        Size (bytes):73305
                        Entropy (8bit):7.996028107841645
                        Encrypted:true
                        SSDEEP:1536:krha8mqJ7v3CeFMz/akys7nSTK7QMuK+C/Oh5:kAOFq+Mba9Ok7C/O/
                        MD5:83142242E97B8953C386F988AA694E4A
                        SHA1:833ED12FC15B356136DCDD27C61A50F59C5C7D50
                        SHA-256:D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755
                        SHA-512:BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10
                        Malicious:false
                        Preview:MSCF....Y.......,...................I.................;Za. .authroot.stl.98.?.6..CK..<Tk......4..c... .Ec...U.d.d.E&I.DH*..M.KB."..rK.RQ*..}f..f...}..1....9...........$.8q..fa...7.o.1.0...bfsM4.........u..l..0..4.a.t....0.....6#....n. :... ....%.,CQ5uU..(.3.<7#.0..JN.$...=j|w..*.#.oU..Eq[..P..^..~.V...;..m...I|...l..@-W..=.QQ.._./.M.nZ..(.........`.$Z.9wW:W.]..8*E.......I.D{..n...K:.m..^.(.S.......c..s.y..<...2.%o.o.....H.B.R.....11.|!.(...........h.SZ........<...^....Z>.Pp?... .pT@p.#.&..........#VEV=.....p........y..."T=l.n..egf.w..X.Y..-G...........KQ.]...pM..[m..-6.wd:........T...:.P5Zs....c.oT`..F1#......EuD.......7....V ..-....!.N..%S...k...S. ...@.J..../..b!B.(=\../.l......`.\...q9..>4!b..8EH.....zdy.....#...X>%0w...i.,>c.z.g"p.S..2W.+mMs.....5Def.....#._D.4....>}...i...\.&`D.......z;..ZY.3.+t.`....z_.q'w.z.)..j3.+.co.s..:.........qK...{...E....uPO...#vs.XxH.B!..(t. 8k+.....G\..?..GF8....'..w.>.ms..\ve.nFN..W)....xi..u..5.f.l....

                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):192
                        Entropy (8bit):2.7895108629891827
                        Encrypted:false
                        SSDEEP:3:kkFklzZF6b3lXfllXlE/HT8kiAkh/ltNNX8RolJuRdxLlGB9lQRYwpDdt:kKhlIT8UqlTNMa8RdWBwRd
                        MD5:1157C02B4079956F693265BC314D9866
                        SHA1:A49AA79BD945401113EDFE558ED822B96477D7BA
                        SHA-256:4651F97E598FE3AAB68F0A8329EFD0B6D324E7DD7FE34BDF0BAF283815F8AF72
                        SHA-512:2F96362EB8AEB3A349B587D2046CF6FF3BE3206836434FEC8C9A1877E29F19196E45E0FE3F60C20830DCFC22CF99B9ABC89136A6504524CE9C0CBAD3DF2A121C
                        Malicious:false
                        Preview:p...... ............R...(....................................................... ..........W.....%..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:data
                        Category:modified
                        Size (bytes):330
                        Entropy (8bit):3.2558293872250603
                        Encrypted:false
                        SSDEEP:6:kK/kemcQRnSN+SkQlPlEGYRMY9z+4KlDA3RUeqpGVuys1:3kemfZkPlE99SNxAhUeq8S
                        MD5:DECC9279D5860188B5AD3B7A3C5AAEA6
                        SHA1:1FB3CF512D4B88750645BD537062ECD6E8424B3E
                        SHA-256:F4917737659EB6B2CF383DD19FE85ECB7EB9DE16B0A6EF5121007112ECD36EFB
                        SHA-512:E883209F6B5258750E3AEECC669189BBC5F404806EE21A3AD3099CC8EA5D213EB2251DFD8EC0F92EC8C3011537B45BB0C56F17ABA214D70CEEBE05DD340114B4
                        Malicious:false
                        Preview:p...... ........t._.R...(....................................................... ..................(....c*.....Y...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.4.2.7.f.6.c.2.b.7.8.7.d.b.1.:.0."...

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):244540
                        Entropy (8bit):3.3415042960460593
                        Encrypted:false
                        SSDEEP:1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwggErRo+RQn:yPClJ/3AYvYwgrFo+RQn
                        MD5:758B42992DDFC41CB5E57069C621B54A
                        SHA1:D0C28AF6CF1BD2208DA97DEDE57F6C78CEC98DCD
                        SHA-256:55DF75758DD6CA825ED2DC9380EDC8469351191308C34CACFC44205197ABD25D
                        SHA-512:437918372167A402005A728DCBBEF7B3A9580B794AD6A948A435C9D57C1672ACC1B7376E2A09113B66600EF5049D23625174256565BC639125A2F2BD07928926
                        Malicious:false
                        Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):295
                        Entropy (8bit):5.340894839445235
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXBADy7TQLp9VoZcg1vRcR0Y+UoAvJM3g98kUwPeUkwRe9:YvXKXBT4pEZc0vhGMbLUkee9
                        MD5:499490DE0BFDE07EC26A336FA7767B32
                        SHA1:62886D2851326CCC26A95C6E8F82C2CD61872631
                        SHA-256:2F893DEE2BBD61B2418449BAA72A7A16499A73319CCAD9C1FBBB7AA68C987602
                        SHA-512:EF5BF5AD636E381C7A1106E4BAE67A8F5BF7543EAC33F927C9D66EB087DF590E7B2D743E902C8BE90E68E0EF4C3305BC3634452F46E0B3D28A78E654463EA985
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"92fa0b4c-4fe4-45b0-9cc9-f0ef57326fec","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743609309121,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):294
                        Entropy (8bit):5.28563377462379
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXBADy7TQLp9VoZcg1vRcR0Y+UoAvJfBoTfXpnrPeUkwRe9:YvXKXBT4pEZc0vhGWTfXcUkee9
                        MD5:4DD11F2968E1EB876354D9F513134A0D
                        SHA1:41EC9A7236AB114ECEAE37166257F886B43C1FF8
                        SHA-256:76B819150C1D6B439BF6BB7653DDA423889BB537D9C65FAE6E443FA9FDCDD5CF
                        SHA-512:47FC2B860BFAB04A7B32732FF319DDA4A2FE5B053DACE5DC415EB879E1C3D40615111074EDCF4AA9460B8543C1A153C53D511484088C6BE49F511A8E7F0F113B
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"92fa0b4c-4fe4-45b0-9cc9-f0ef57326fec","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743609309121,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):294
                        Entropy (8bit):5.263667603515209
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXBADy7TQLp9VoZcg1vRcR0Y+UoAvJfBD2G6UpnrPeUkwRe9:YvXKXBT4pEZc0vhGR22cUkee9
                        MD5:56F11B12CCEDACBF86DF5D1738E364BF
                        SHA1:22D40E4E76F3AEFB0EF155A7DC2E26F7DDE4C9A9
                        SHA-256:4039DB77E1C84D436AFDEF5FC84EA9FC0A6D3A2714CF257B4D497B3649213A4D
                        SHA-512:C12A5D8F680730745010E262ADB7872061F5569BC8DBBB1D43DB97A1873317E0600CBE4146BD6655CB123146CEE4BA8AFC11922ED246B2F00D093180F5426839
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"92fa0b4c-4fe4-45b0-9cc9-f0ef57326fec","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743609309121,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):285
                        Entropy (8bit):5.327116975574711
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXBADy7TQLp9VoZcg1vRcR0Y+UoAvJfPmwrPeUkwRe9:YvXKXBT4pEZc0vhGH56Ukee9
                        MD5:7306CF086157596831DC020ADA27F6F8
                        SHA1:B328F2B92DEEFE3BFC8F919794AAFD2C0A9ED95D
                        SHA-256:4A2E0A2998C96DCF60F95EC7B1AD42C24ABEEA109318F62ABFC30B6F5831F925
                        SHA-512:F0996E7DFAFEDD3BCCEA02BA4B21B3A03BA54CF15F1BC7E85057BAE56DA87E000FF5EE0CF2F616A96D565B936D735E0FF819F1DC9BD56D21808E2E7EC847A34C
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"92fa0b4c-4fe4-45b0-9cc9-f0ef57326fec","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743609309121,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):2129
                        Entropy (8bit):5.839354690947147
                        Encrypted:false
                        SSDEEP:24:Yv6XaWzvGpLgEGycjycR84bNerISIedJGWQxiE5iODneLKnlYMfNcX5bpEsrAr3s:YvlOuhgly48Y/TWCjiOumNcXwKOpkUw
                        MD5:0B75D70F0D28C9AC17D55F05A245B1D2
                        SHA1:9D6D26CDC2E95A934BEC37736E3CF2A9A88B69EB
                        SHA-256:E0122B58D59E597D31CE016AC0A2F6898ECC46071AF33F4ACFFC362C4C79D8CF
                        SHA-512:EA2EAD1F42DB31981A1A0D09370C6D6955580579575CC5B8C24AAFD534CD65244F39F507C90026219FADE3D7FBC5C9ECD09FF94BE57DD1ED5D996874640A8F78
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"92fa0b4c-4fe4-45b0-9cc9-f0ef57326fec","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743609309121,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_1","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"5a9d1955-ab74-4b89-837a-074b702313c0","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2NvbnZlcnQiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRXhwb3J0IFBERnMgdG8gTWljcm9zb2Z0IFdvcmQgYW5kIEV4Y2VsLiIsImN0YUxhYmVsIjpudWxsLCJjdGFCZWhhdmlvciI6bnVsbCwiY3RhVXJsIjpudWxsLCJjdGFVcmxUeXBlIjpudWxsLC

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):289
                        Entropy (8bit):5.274979116773438
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXBADy7TQLp9VoZcg1vRcR0Y+UoAvJf8dPeUkwRe9:YvXKXBT4pEZc0vhGU8Ukee9
                        MD5:25A59FA244D10833693E5F18AE5F1FE2
                        SHA1:A342473516D259AF4461D75231628C0A120C1DD1
                        SHA-256:35D56F12431FD6B7D5C7253929F5AAEF80321F1DE3D010B2E92F952805C65B31
                        SHA-512:9F019A6954349D583AC87FD86DECB8AE5B9BEE6377FC7F4C3E899209BB799E892A658B5FA097C0F8A78085E91DD1B538CD8B7D562B802A6C8FCB61010DC027D7
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"92fa0b4c-4fe4-45b0-9cc9-f0ef57326fec","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743609309121,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):292
                        Entropy (8bit):5.278553192156457
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXBADy7TQLp9VoZcg1vRcR0Y+UoAvJfQ1rPeUkwRe9:YvXKXBT4pEZc0vhGY16Ukee9
                        MD5:C7A243DB367C3A8C8E544C2A09CFEC63
                        SHA1:D56BE29B8429385DD589C8729813F92D670CC81A
                        SHA-256:D9DC29DE707951F3328A0F042A806D6DEA64AF4A8AC81812BC7432B617859173
                        SHA-512:A624F4E2C90B22C7B22CB552BEEE9313B77A4018907F8E9A8B9A77FEDF9281E0AEA91A24DC29C1061ADD698B14B36A8F67A867AFA2C13076FF0CF1DA34F829D8
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"92fa0b4c-4fe4-45b0-9cc9-f0ef57326fec","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743609309121,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):2080
                        Entropy (8bit):5.824298061624203
                        Encrypted:false
                        SSDEEP:48:YvlO9ogbN48l/GiyLVzyODVHKOkQLcSmjWAw:Gljg54Y/IVO48OkQASmo
                        MD5:57EBFFC4F1FD336E675AC5FC05198687
                        SHA1:9AFBB807005EA0209005F714F3088C922B1C04D9
                        SHA-256:EA33F1A4306BF2CD7DD35C132D0DEEF94B99F92E13CF5379E79FC049B89C8762
                        SHA-512:F8D28F155CE8F9648BA025845F28BC5B433DB6113BB31620D8FD3AB23E83AA689C4FAF4BC46B6DA68ED1FD6964E9F6B3E7B9D14E2F70ED0C096689F15768C9EF
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"92fa0b4c-4fe4-45b0-9cc9-f0ef57326fec","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743609309121,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_2","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"164bf29d-ee04-491c-adf2-c0bfeedb2d1b","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2VkaXQiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjpudWxsLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJhY2tpbmdJZCI6bnVsbCwiX21ldGFkYXRhIjp7InN0cmluZ01ldGFkYXRhIjp

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):295
                        Entropy (8bit):5.301876384656682
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXBADy7TQLp9VoZcg1vRcR0Y+UoAvJfzdPeUkwRe9:YvXKXBT4pEZc0vhGb8Ukee9
                        MD5:BD86EE895DEDEC07753D10513B69241B
                        SHA1:FE057E5DD22A41ED939039113F3EEE057583DF81
                        SHA-256:7EE7B074880A8C3CBE250335D5E79D9CDA412A29926CB229E844A9B3DF042FAD
                        SHA-512:F0A381CA9F3B137D1B5AF21E65FD4D8BD98809531B490823AE0100246355952955358C3D54BE368F69810A692080989812F5D95C3167254BE96393E917258DB6
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"92fa0b4c-4fe4-45b0-9cc9-f0ef57326fec","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743609309121,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):289
                        Entropy (8bit):5.281863252547941
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXBADy7TQLp9VoZcg1vRcR0Y+UoAvJfYdPeUkwRe9:YvXKXBT4pEZc0vhGg8Ukee9
                        MD5:DD3F5073DA763B8A699D5908CC8A5074
                        SHA1:66057F8728CBBA9348B3B11E631E70EECF91BDDC
                        SHA-256:820CD4C0020922AD0FE8318F20C1FEA1F735E73F37868406D16F3BAB204BD35B
                        SHA-512:1F925BDEBE48AABDAD5DA9B0FF17DCA87C97FDFCFBD5FE183162ACC4428D859FB0468F5325D9695CCF1EC4A683C6E2D69E64278AF99186AE5113C463889D3888
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"92fa0b4c-4fe4-45b0-9cc9-f0ef57326fec","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743609309121,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):284
                        Entropy (8bit):5.268175670057261
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXBADy7TQLp9VoZcg1vRcR0Y+UoAvJf+dPeUkwRe9:YvXKXBT4pEZc0vhG28Ukee9
                        MD5:037E5BE08D4AB25537AD6404573B9DF2
                        SHA1:0C2665F40888E07D3D364ACF5D1D2CAEE810C5E4
                        SHA-256:1334E97603AFF29318C83A1F247454C4DF922D0E85DCBD75F638782948B9827C
                        SHA-512:0F0E8D1C19A6C19453D6F13D915D86919ACA927E7475EA1EB58E774F8CAC10A36B6CFCCD3171CAC7F6DDE2B26AFF76C8EA49C2DA9CA48A4D31A8462518A007CE
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"92fa0b4c-4fe4-45b0-9cc9-f0ef57326fec","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743609309121,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):291
                        Entropy (8bit):5.265535001407042
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXBADy7TQLp9VoZcg1vRcR0Y+UoAvJfbPtdPeUkwRe9:YvXKXBT4pEZc0vhGDV8Ukee9
                        MD5:5C2C24F9AD802CAD716F794708006F5A
                        SHA1:3944E04FEEA1B4C72DE8D5310E3300673CCA38DB
                        SHA-256:EFC1513D99A332C1BD53B55C46C875CFDBD9266F56C2D8EBE17E3A55A2B043A0
                        SHA-512:7CDFBCAAFED6F18ACD699700FCDCABF4E815030EA8A754C5E9D7A79108CCAD482D0398E9C66C7901C22C7BA3C22ACF97A307D1846896B4FAF12BA679CDE114EC
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"92fa0b4c-4fe4-45b0-9cc9-f0ef57326fec","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743609309121,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):287
                        Entropy (8bit):5.269621033762951
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXBADy7TQLp9VoZcg1vRcR0Y+UoAvJf21rPeUkwRe9:YvXKXBT4pEZc0vhG+16Ukee9
                        MD5:0D1654A23CBB58C426CC5466973C694D
                        SHA1:FF3E8EBF1D98DEF903CA5DC520A474D6BD569B0A
                        SHA-256:55100CB836807F1C2A153EF1E6702D24D4B17397CAFD86117D0613EC4DC98D5F
                        SHA-512:9595E078E44CB6AA159A8CE1BFA59C71E3EA42058ED5E1922995D0BF36343F2110E24C91717D4BAB21AEA447960E40B11C7B65ED839B5E6B710E7A6F81C8FE3B
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"92fa0b4c-4fe4-45b0-9cc9-f0ef57326fec","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743609309121,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):2028
                        Entropy (8bit):5.839465557048491
                        Encrypted:false
                        SSDEEP:24:Yv6XaWzvaamXayLgEdycgNaLcR84bqerISIQ1iyLPZYMWD8W3V1LFnU6QHlOBEDf:YvlOMBgBG48j/SiyLVWOAlNkUw
                        MD5:23139E2DD46BEDB75A056FC62EE3C368
                        SHA1:31C584C91C8885B87160AFEDF9456945DF1B9012
                        SHA-256:30721E7E889D08852A2A42C972BD6A7FE899782F0E1D59613AC309752ECA6DA3
                        SHA-512:E68FDECD44A9A418645858089ADD9E5CDAF63582E34B6B9E36A1661B19B13EAB2866971037E5C0D87B41DC6E0BE08441CD17A335A68B8ECD91BE6C1AE3A449FE
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"92fa0b4c-4fe4-45b0-9cc9-f0ef57326fec","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743609309121,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_0","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"339c0ba6-2e61-4622-82f6-f07787d206b8","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL3NpZ24iLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRWFzaWx5IGZpbGwgYW5kIHNpZ24gUERGcy4iLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJhY2tpbmdJZCI6bnVsbCwiX21ldGF

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):286
                        Entropy (8bit):5.248083578189807
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXBADy7TQLp9VoZcg1vRcR0Y+UoAvJfshHHrPeUkwRe9:YvXKXBT4pEZc0vhGUUUkee9
                        MD5:C4473EF240771150492A733DE286DB63
                        SHA1:E680D6AA523A6B1001DB0948F8D9C46D50AC377D
                        SHA-256:E8F9FCBAEC7804427EA38CB72202F79C4314334A3C346B7E57E06D0C4B275A06
                        SHA-512:9D90519FC72B20871FE480C3D0A774F90BEEEE38F6CA40305F027064E824AE5C41400FCA9F93116F97CEC70D877996C869909E37A0A116B0A8D1869806950B4B
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"92fa0b4c-4fe4-45b0-9cc9-f0ef57326fec","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743609309121,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):282
                        Entropy (8bit):5.251968192700336
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXBADy7TQLp9VoZcg1vRcR0Y+UoAvJTqgFCrPeUkwRe9:YvXKXBT4pEZc0vhGTq16Ukee9
                        MD5:2E5447F8E407E3430C3378918C0D4A67
                        SHA1:2C9745F9A1E91AAF3F46B6E8214086456AFB84CD
                        SHA-256:29231F0844E0589340DE00AD5EC1EB42A039A3EA1E13151C7E484357AAF343DA
                        SHA-512:74DC0690028FAB391D3FBE52F03FAA60A9C235CFA43A6DB87800D4021D5AB2FF458B2950DA934D49304938CE9B68931259F4111CA5B3498B2A9062E79B358FCE
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"92fa0b4c-4fe4-45b0-9cc9-f0ef57326fec","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743609309121,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):4
                        Entropy (8bit):0.8112781244591328
                        Encrypted:false
                        SSDEEP:3:e:e
                        MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                        SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                        SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                        SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                        Malicious:false
                        Preview:....

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):2815
                        Entropy (8bit):5.134365096735041
                        Encrypted:false
                        SSDEEP:24:YSPfgPa+dmD6ayiJs5i3VfdqSr+Vjwkj0SHer2u2LSZChB8GJLk5Ot99Yfu6OG:Yo2UD3nVfdrkVMfLwB8GJw29a1
                        MD5:891334613BF8EE070D305D18870CBE81
                        SHA1:575B9FFB1B59FD0656C4EC48DF499FC3BC0FA991
                        SHA-256:D017A5DEDBA3025A9D801F5060FE1E0E0395CB7AAFE24BE5082F75A10221BB80
                        SHA-512:F87AC181F16F2D562170031FF78C192B3C20E44D4B9E787D6339226488ED202A233B6014D83FA93228EDEA47CA384E9920935B5ACC69E70C7F6FD2B174375771
                        Malicious:false
                        Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"c8fc0c3eabf85922f86a5b10278c5786","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1743435144000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"ccb16b7a7b7b87d167be8b88bcbe9f98","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":2028,"ts":1743435144000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"f8789f85c81b81f322d2d5fc1d3dbbc5","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":2129,"ts":1743435144000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"ccc433e7b1d275a2425a59e3c1e57c42","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":2080,"ts":1743435144000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"ad188e5f41af224ad00b939d78c513e1","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1743435144000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"1a4370baad3801fb166fe78177f38673","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file",

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                        Category:dropped
                        Size (bytes):12288
                        Entropy (8bit):1.1882234493213153
                        Encrypted:false
                        SSDEEP:48:TGufl2GL7msEHUUUUUUUUUSvR9H9vxFGiDIAEkGVvpH:lNVmswUUUUUUUUU+FGSItj
                        MD5:FA3598FF40B4176F120EBC785DFF4F1A
                        SHA1:5F08B08C64AEE1B1A22721EBD29EADF77025AF1E
                        SHA-256:0CB0196EF617ADFF43609D72D4DABCEE37B8E102A9BA68D2FEF2750E46AE1EA6
                        SHA-512:5C0C6DF408FC6414C391E6C7D1DEC3A616ADE7A791F1D04E981A307B0AE0757DC62A879D99AC2B13599AA83500E802E4DB14B553D93CCB3DE8AF41031F89EE97
                        Malicious:false
                        Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:SQLite Rollback Journal
                        Category:dropped
                        Size (bytes):8720
                        Entropy (8bit):1.6081019792780489
                        Encrypted:false
                        SSDEEP:48:7M7KUUUUUUUUUU2vR9H9vxFGiDIAEkGVvWqFl2GL7msqO:75UUUUUUUUUU6FGSIt8KVmsqO
                        MD5:51486CCEA5522185D621981C9B52A62C
                        SHA1:C8DEBABF9100B30BE3500FDF5F5AFE171DA00749
                        SHA-256:3AE2396492E11D9DF40B7B7519F4747E700A3CB56C5554F6D8359B4FA92925A8
                        SHA-512:0A5DF464E26856F74C6989F7FA023AD5D365B2369372888C9FF2277EF4C069BEACD8C277D9C5422905B1254C677E0EDB803F8822875D6B506FB74FCF8942B82A
                        Malicious:false
                        Preview:.... .c........}......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\MSId4405.LOG

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):246
                        Entropy (8bit):3.4965336456103326
                        Encrypted:false
                        SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8fQ+lEnNBCH:Qw946cPbiOxDlbYnuRKuonc
                        MD5:0190BE42195EDD8FBBC320206D2B4EFF
                        SHA1:4DA92EFA5AFC977061FABBBDD94C09FBBE26B9BA
                        SHA-256:8F8F44B9B2ABAD346C0F649B3848D7FA9EB467F536847F52CB82C6C81C3ED276
                        SHA-512:3293DE860AB50182E3A48B06802E7A3F47311F407FBD4155B86FFD6E68078987AE534EE27C98A6DF33316A203B28E4CBDDE82CE50D4C22EA5204CD7E104EE470
                        Malicious:false
                        Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .3.1./.0.3./.2.0.2.5. . .1.1.:.3.2.:.2.3. .=.=.=.....

                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-03-31 11-32-18-896.log

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:ASCII text, with very long lines (393)
                        Category:dropped
                        Size (bytes):16525
                        Entropy (8bit):5.345946398610936
                        Encrypted:false
                        SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
                        MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
                        SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
                        SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
                        SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
                        Malicious:false
                        Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:ASCII text, with very long lines (393), with CRLF line terminators
                        Category:dropped
                        Size (bytes):15114
                        Entropy (8bit):5.353225156791735
                        Encrypted:false
                        SSDEEP:384:4dR4RRzk5P4IZvxyBE/wg68l9edUuWCcw2hn9xHbJrwmN0zwIcdatGtsBfYqidNB:EJH
                        MD5:9AF5B1E368C66AB178260D41B4E05BAF
                        SHA1:254FC29DF7E718675F362AC37C9A763EF71CD38E
                        SHA-256:915ADEAD77B1B286A4CB02A275A31C65DFCDB77C8E213BFE06621D3BAE017D0D
                        SHA-512:41C815D1C6D0B8E53742C1AB07C831DDBE1A37FA9D688F79DF5DDA85DEAD8FDBF22940E7EF1C327DB8352BC47E6601E6F7509A60B2C5341CB90C09CB5E90FA83
                        Malicious:false
                        Preview:SessionID=eec05de6-5b5d-4c92-ba92-9451f61d776e.1743435138909 Timestamp=2025-03-31T11:32:18:909-0400 ThreadID=5916 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=eec05de6-5b5d-4c92-ba92-9451f61d776e.1743435138909 Timestamp=2025-03-31T11:32:18:911-0400 ThreadID=5916 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=eec05de6-5b5d-4c92-ba92-9451f61d776e.1743435138909 Timestamp=2025-03-31T11:32:18:911-0400 ThreadID=5916 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=eec05de6-5b5d-4c92-ba92-9451f61d776e.1743435138909 Timestamp=2025-03-31T11:32:18:911-0400 ThreadID=5916 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=eec05de6-5b5d-4c92-ba92-9451f61d776e.1743435138909 Timestamp=2025-03-31T11:32:18:911-0400 ThreadID=5916 Component=ngl-lib_NglAppLib Description="SetConf

                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):29752
                        Entropy (8bit):5.3891677308995805
                        Encrypted:false
                        SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rD:vWrQ/
                        MD5:AA174BA28635354E1D2EE5610A2D39C2
                        SHA1:7E4ED0450FE62CDE581F43C79F709B823DA2AA96
                        SHA-256:874FD66560AB8AA96849233BB34A0C89F734FD3F241C9B4DA4A8D9ABF0C9A300
                        SHA-512:546A9D519206DB58DA49A8C7CFCEAF7DBEFCBD2072C87A984C527B7D114F28ACFE81263DED8DB8D1BA58AC4CB52A46BD243B772563A641AF0FDAC6649B17586A
                        Malicious:false
                        Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

                        C:\Users\user\AppData\Local\Temp\acrocef_low\51306292-ff4a-45df-820f-eb297e1f59b2.tmp

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 647360
                        Category:dropped
                        Size (bytes):1407294
                        Entropy (8bit):7.97605879016224
                        Encrypted:false
                        SSDEEP:24576:/yowYIGNP4bdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07WWL07oBGZd:twZG6b3mlind9i4ufFXpAXkrfUs0qWLa
                        MD5:8D04FDC5022E491B91EC6B32F003430B
                        SHA1:6619D46E06076B5669D4CC677D6D8F638189E46A
                        SHA-256:7682C53053D66EF0B1A89335C88C4420226B10AFAC87A286E6E1A6BC795FEE61
                        SHA-512:AA96FA56D3C5C4200BAA917D3091ADB1A5FAE7D534DD9C909D8B60AE13E902D6B71D42C2823319483414987E4B41079FA241B3D0A384EE4B281B63F834917E7D
                        Malicious:false
                        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                        C:\Users\user\AppData\Local\Temp\acrocef_low\62dce22d-32a0-44bf-bc76-ee5974d7ce32.tmp

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                        Category:dropped
                        Size (bytes):758601
                        Entropy (8bit):7.98639316555857
                        Encrypted:false
                        SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                        MD5:3A49135134665364308390AC398006F1
                        SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                        SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                        SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                        Malicious:false
                        Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                        C:\Users\user\AppData\Local\Temp\acrocef_low\b350b525-a118-42e6-a1fd-11da0324ccf3.tmp

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                        Category:dropped
                        Size (bytes):1419751
                        Entropy (8bit):7.976496077007677
                        Encrypted:false
                        SSDEEP:24576:uoD9WL07oXGZflYIGNPZdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:uy9WLxXGZNZGH3mlind9i4ufFXpAXkru
                        MD5:130BE2FD618BFD72EFAE881EB827AE8F
                        SHA1:943042DBAF8A8E2F70A79F41F6B0C76880D62803
                        SHA-256:647467C57EE2B583A18E9946EA78CEC9265634A35F8A5E584097818DAA596004
                        SHA-512:4741A8FC7E59C5260EA1AF15C3C82FA95625FE3CB1025F311C859B4F9732A126826C4E2FFDAACB7CF72CE15DD901AAC4F2152DACDF7AABAD07CA4A901DDEE9BC
                        Malicious:false
                        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                        C:\Users\user\AppData\Local\Temp\acrocef_low\b5dc07f7-3b6f-454c-a0d2-81331abdf073.tmp

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                        Category:dropped
                        Size (bytes):386528
                        Entropy (8bit):7.9736851559892425
                        Encrypted:false
                        SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                        MD5:5C48B0AD2FEF800949466AE872E1F1E2
                        SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                        SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                        SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                        Malicious:false
                        Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                        Chrome Cache Entry: 179

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:HTML document, ASCII text
                        Category:downloaded
                        Size (bytes):243
                        Entropy (8bit):4.804672457629345
                        Encrypted:false
                        SSDEEP:6:hxuJzhqIziYvfAbpl+O+mTZ+EdxlzIEsXnBA4X4QL:hYkuOI4xO9XloQL
                        MD5:13D70AE483107BE11FD796D86ACA6829
                        SHA1:53180A8253440BD14C18B5B1C24722EC429A56B9
                        SHA-256:E5805CCCE9532A696C4103997AD9E6D34037DFAC71E46DD615641CD7869B3956
                        SHA-512:8CC6A0B3A57AF384EDA7222708F79D84D781BC60AC25CC68EF16CFB0426829A54BEA722C08D934DCD29B362D43FF7C61FC601DF92FB5550B4084069AB4289A2C
                        Malicious:false
                        URL:https://g7868d.onrender.com/favicon.ico
                        Preview:<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1" />. <title>Service Suspended</title>.</head>.<body>.This service has been suspended..</body>.</html>.

                        Chrome Cache Entry: 180

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:HTML document, ASCII text
                        Category:downloaded
                        Size (bytes):243
                        Entropy (8bit):4.804672457629345
                        Encrypted:false
                        SSDEEP:6:hxuJzhqIziYvfAbpl+O+mTZ+EdxlzIEsXnBA4X4QL:hYkuOI4xO9XloQL
                        MD5:13D70AE483107BE11FD796D86ACA6829
                        SHA1:53180A8253440BD14C18B5B1C24722EC429A56B9
                        SHA-256:E5805CCCE9532A696C4103997AD9E6D34037DFAC71E46DD615641CD7869B3956
                        SHA-512:8CC6A0B3A57AF384EDA7222708F79D84D781BC60AC25CC68EF16CFB0426829A54BEA722C08D934DCD29B362D43FF7C61FC601DF92FB5550B4084069AB4289A2C
                        Malicious:false
                        URL:https://g7868d.onrender.com/b765a52bd2c50a8e/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJiNzY1YTUyYmQyYzUwYThlIiwiaWF0IjoxNzM5MjkyMDg2fQ.QgLKBfHewGnX9JgoiBZq79fw-TDoD0F41eawEVZJyrY
                        Preview:<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1" />. <title>Service Suspended</title>.</head>.<body>.This service has been suspended..</body>.</html>.

                        Chrome Cache Entry: 181

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with very long lines (892)
                        Category:downloaded
                        Size (bytes):897
                        Entropy (8bit):5.1819583460958665
                        Encrypted:false
                        SSDEEP:24:J9r4AL2zb+FaO2BHslgT1d1uawBATomuoBN2t2t2t2t2t2t2tomffffffo:J9LbFaRKlgJXwBAUmuSNYYYYYYYomffI
                        MD5:44141D0CDFA31F9491A0B735E93400CA
                        SHA1:C31DBADEFF954F565A57581BCA480440F198C84D
                        SHA-256:8A0AA2AC4BF571EF401D47EA86237A0B7FF3A47C6D0B7C2AF911C5CA6623697B
                        SHA-512:3787130E614892A2426AE9C6E4E7444F3F481C66F181EEFFB15FF13A212C2019634D43BFF03D634878DDAD1543DBE7B5764DB87DA696314E27A8A913721E81EB
                        Malicious:false
                        URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
                        Preview:)]}'.["",["jalil bethea transfer portal decision","irs tax refund april","nyt crossword clues","ps plus april games","delta airlines flight diversion phoenix","jason anderson seattle supercross","lottery mega millions powerball jackpot","jack reacher season 3"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChoIkk4SFQoRVHJlbmRpbmcgc2VhcmNoZXMoCg\u003d\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggesteventid":"-645166143796611433","google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

                        Static File Info

                        General

                        File type:PDF document, version 1.5
                        Entropy (8bit):7.971358274035555
                        TrID:
                        • Adobe Portable Document Format (5005/1) 100.00%
                        File name:AR Care.pdf
                        File size:70'640 bytes
                        MD5:3f4fce75f73e2833fcfd4daf7e776247
                        SHA1:27360ba18d8c41a6b827fefeb5bf3ffe2dc64bc7
                        SHA256:5fff95ecd9a376d87ce626273a765836871875e03ce5c60c4002103b11e9da0d
                        SHA512:cee1027d81b48596b54fa73c4a71aefd3bac8aa32410c89bc3710ff2670713dbc0280fb631ad21e9d942140f78cd57cf5427e09f939c9e14916f7a93a855fde3
                        SSDEEP:1536:1anRLLLLLLLLLLLLLLAeClUic6rzKVqBS1Kc29qNzUrjdfdi+u2c:1aHgUiNKV70qNzYjdfQ2c
                        TLSH:C863E0C664A0587A484398FD8C08A3A7748A010B15DC3F73CD68679F257F9B06DAD6FE
                        File Content Preview:%PDF-1.5.%.....2 0 obj.<<./Type /Catalog./Pages 4 0 R./AcroForm 5 0 R./Version /1#2E5.>>.endobj.10 0 obj.<<./Filter /FlateDecode./Length 10.>>.stream..x.+......|..endstream.endobj.11 0 obj.<<./Filter /FlateDecode./Length 244.>>.stream..x.m..N.0...}.).....

                        File Icon

                        Icon Hash:62cc8caeb29e8ae0

                        Static PDF Info

                        General

                        Header:%PDF-1.5
                        Total Entropy:7.971358
                        Total Bytes:70640
                        Stream Entropy:7.973598
                        Stream Bytes:69107
                        Entropy outside Streams:5.066530
                        Bytes outside Streams:1533
                        Number of EOF found:1
                        Bytes after EOF:
                        NameCount
                        obj16
                        endobj16
                        stream14
                        endstream14
                        xref0
                        trailer0
                        startxref1
                        /Page0
                        /Encrypt0
                        /ObjStm1
                        /URI0
                        /JS0
                        /JavaScript0
                        /AA0
                        /OpenAction0
                        /AcroForm1
                        /JBIG2Decode0
                        /RichMedia0
                        /Launch0
                        /EmbeddedFile0
                        IDDHASHMD5Preview
                        240000000000000000dc0ce50988d4ffab383edbee0e302cab

                        Network Behavior

                        Download Network PCAP: filteredfull

                        Network Port Distribution

                        • Total Packets: 90
                        • 443 (HTTPS)
                        • 80 (HTTP)
                        • 53 (DNS)
                        TimestampSource PortDest PortSource IPDest IP
                        Mar 31, 2025 17:32:10.909681082 CEST49671443192.168.2.4204.79.197.203
                        Mar 31, 2025 17:32:11.221010923 CEST49671443192.168.2.4204.79.197.203
                        Mar 31, 2025 17:32:11.830398083 CEST49671443192.168.2.4204.79.197.203
                        Mar 31, 2025 17:32:13.033483028 CEST49671443192.168.2.4204.79.197.203
                        Mar 31, 2025 17:32:15.443830013 CEST49671443192.168.2.4204.79.197.203
                        Mar 31, 2025 17:32:19.713979959 CEST49678443192.168.2.420.189.173.27
                        Mar 31, 2025 17:32:20.016953945 CEST49678443192.168.2.420.189.173.27
                        Mar 31, 2025 17:32:20.254300117 CEST49671443192.168.2.4204.79.197.203
                        Mar 31, 2025 17:32:20.622306108 CEST49678443192.168.2.420.189.173.27
                        Mar 31, 2025 17:32:21.900624037 CEST49678443192.168.2.420.189.173.27
                        Mar 31, 2025 17:32:24.303819895 CEST49678443192.168.2.420.189.173.27
                        Mar 31, 2025 17:32:26.830806971 CEST4968180192.168.2.42.17.190.73
                        Mar 31, 2025 17:32:27.136442900 CEST4968180192.168.2.42.17.190.73
                        Mar 31, 2025 17:32:27.301480055 CEST49709443192.168.2.4131.253.33.254
                        Mar 31, 2025 17:32:27.302388906 CEST49709443192.168.2.4131.253.33.254
                        Mar 31, 2025 17:32:27.304722071 CEST49709443192.168.2.4131.253.33.254
                        Mar 31, 2025 17:32:27.418657064 CEST44349709131.253.33.254192.168.2.4
                        Mar 31, 2025 17:32:27.419740915 CEST44349709131.253.33.254192.168.2.4
                        Mar 31, 2025 17:32:27.420835972 CEST44349709131.253.33.254192.168.2.4
                        Mar 31, 2025 17:32:27.420897007 CEST49709443192.168.2.4131.253.33.254
                        Mar 31, 2025 17:32:27.421272993 CEST44349709131.253.33.254192.168.2.4
                        Mar 31, 2025 17:32:27.421317101 CEST49709443192.168.2.4131.253.33.254
                        Mar 31, 2025 17:32:27.421909094 CEST49709443192.168.2.4131.253.33.254
                        Mar 31, 2025 17:32:27.422872066 CEST44349709131.253.33.254192.168.2.4
                        Mar 31, 2025 17:32:27.422924995 CEST49709443192.168.2.4131.253.33.254
                        Mar 31, 2025 17:32:27.424000978 CEST44349709131.253.33.254192.168.2.4
                        Mar 31, 2025 17:32:27.424036026 CEST44349709131.253.33.254192.168.2.4
                        Mar 31, 2025 17:32:27.424076080 CEST49709443192.168.2.4131.253.33.254
                        Mar 31, 2025 17:32:27.432799101 CEST49709443192.168.2.4131.253.33.254
                        Mar 31, 2025 17:32:27.537331104 CEST44349709131.253.33.254192.168.2.4
                        Mar 31, 2025 17:32:27.546117067 CEST44349709131.253.33.254192.168.2.4
                        Mar 31, 2025 17:32:27.547801971 CEST44349709131.253.33.254192.168.2.4
                        Mar 31, 2025 17:32:27.547841072 CEST44349709131.253.33.254192.168.2.4
                        Mar 31, 2025 17:32:27.547952890 CEST49709443192.168.2.4131.253.33.254
                        Mar 31, 2025 17:32:27.745810986 CEST4968180192.168.2.42.17.190.73
                        Mar 31, 2025 17:32:28.546984911 CEST4972580192.168.2.423.48.144.248
                        Mar 31, 2025 17:32:28.650950909 CEST804972523.48.144.248192.168.2.4
                        Mar 31, 2025 17:32:28.651036978 CEST4972580192.168.2.423.48.144.248
                        Mar 31, 2025 17:32:28.653264046 CEST4972580192.168.2.423.48.144.248
                        Mar 31, 2025 17:32:28.763468981 CEST804972523.48.144.248192.168.2.4
                        Mar 31, 2025 17:32:28.763533115 CEST4972580192.168.2.423.48.144.248
                        Mar 31, 2025 17:32:28.766649961 CEST804972523.48.144.248192.168.2.4
                        Mar 31, 2025 17:32:28.766693115 CEST804972523.48.144.248192.168.2.4
                        Mar 31, 2025 17:32:28.766747952 CEST4972580192.168.2.423.48.144.248
                        Mar 31, 2025 17:32:28.948931932 CEST4968180192.168.2.42.17.190.73
                        Mar 31, 2025 17:32:29.105197906 CEST49678443192.168.2.420.189.173.27
                        Mar 31, 2025 17:32:29.778692007 CEST4973180192.168.2.4142.251.35.163
                        Mar 31, 2025 17:32:29.871139050 CEST49671443192.168.2.4204.79.197.203
                        Mar 31, 2025 17:32:29.883506060 CEST8049731142.251.35.163192.168.2.4
                        Mar 31, 2025 17:32:29.886337996 CEST4973180192.168.2.4142.251.35.163
                        Mar 31, 2025 17:32:29.887649059 CEST4973180192.168.2.4142.251.35.163
                        Mar 31, 2025 17:32:29.994963884 CEST8049731142.251.35.163192.168.2.4
                        Mar 31, 2025 17:32:29.995446920 CEST8049731142.251.35.163192.168.2.4
                        Mar 31, 2025 17:32:30.003963947 CEST4973180192.168.2.4142.251.35.163
                        Mar 31, 2025 17:32:30.306134939 CEST4973180192.168.2.4142.251.35.163
                        Mar 31, 2025 17:32:30.616679907 CEST4973180192.168.2.4142.251.35.163
                        Mar 31, 2025 17:32:30.764410019 CEST8049731142.251.35.163192.168.2.4
                        Mar 31, 2025 17:32:30.811388016 CEST4973180192.168.2.4142.251.35.163
                        Mar 31, 2025 17:32:31.351331949 CEST4968180192.168.2.42.17.190.73
                        Mar 31, 2025 17:32:36.155360937 CEST4968180192.168.2.42.17.190.73
                        Mar 31, 2025 17:32:38.712337971 CEST49678443192.168.2.420.189.173.27
                        Mar 31, 2025 17:32:39.280690908 CEST4972580192.168.2.423.48.144.248
                        Mar 31, 2025 17:32:45.753315926 CEST49742443192.168.2.4142.251.32.100
                        Mar 31, 2025 17:32:45.753386974 CEST44349742142.251.32.100192.168.2.4
                        Mar 31, 2025 17:32:45.753468990 CEST49742443192.168.2.4142.251.32.100
                        Mar 31, 2025 17:32:45.753644943 CEST49742443192.168.2.4142.251.32.100
                        Mar 31, 2025 17:32:45.753679037 CEST44349742142.251.32.100192.168.2.4
                        Mar 31, 2025 17:32:45.767730951 CEST4968180192.168.2.42.17.190.73
                        Mar 31, 2025 17:32:46.636960030 CEST44349742142.251.32.100192.168.2.4
                        Mar 31, 2025 17:32:46.637106895 CEST49742443192.168.2.4142.251.32.100
                        Mar 31, 2025 17:32:46.638115883 CEST49742443192.168.2.4142.251.32.100
                        Mar 31, 2025 17:32:46.638130903 CEST44349742142.251.32.100192.168.2.4
                        Mar 31, 2025 17:32:46.638564110 CEST44349742142.251.32.100192.168.2.4
                        Mar 31, 2025 17:32:46.689618111 CEST49742443192.168.2.4142.251.32.100
                        Mar 31, 2025 17:32:48.347570896 CEST49743443192.168.2.4216.24.57.252
                        Mar 31, 2025 17:32:48.347609997 CEST44349743216.24.57.252192.168.2.4
                        Mar 31, 2025 17:32:48.347676039 CEST49743443192.168.2.4216.24.57.252
                        Mar 31, 2025 17:32:48.349742889 CEST49744443192.168.2.4216.24.57.252
                        Mar 31, 2025 17:32:48.349796057 CEST44349744216.24.57.252192.168.2.4
                        Mar 31, 2025 17:32:48.349862099 CEST49744443192.168.2.4216.24.57.252
                        Mar 31, 2025 17:32:48.350090027 CEST49744443192.168.2.4216.24.57.252
                        Mar 31, 2025 17:32:48.350106001 CEST44349744216.24.57.252192.168.2.4
                        Mar 31, 2025 17:32:48.350270033 CEST49743443192.168.2.4216.24.57.252
                        Mar 31, 2025 17:32:48.350281954 CEST44349743216.24.57.252192.168.2.4
                        Mar 31, 2025 17:32:48.572107077 CEST44349744216.24.57.252192.168.2.4
                        Mar 31, 2025 17:32:48.572189093 CEST49744443192.168.2.4216.24.57.252
                        Mar 31, 2025 17:32:48.573338985 CEST49744443192.168.2.4216.24.57.252
                        Mar 31, 2025 17:32:48.573365927 CEST44349744216.24.57.252192.168.2.4
                        Mar 31, 2025 17:32:48.573609114 CEST44349744216.24.57.252192.168.2.4
                        Mar 31, 2025 17:32:48.574594975 CEST49744443192.168.2.4216.24.57.252
                        Mar 31, 2025 17:32:48.616271019 CEST44349744216.24.57.252192.168.2.4
                        Mar 31, 2025 17:32:49.139867067 CEST44349744216.24.57.252192.168.2.4
                        Mar 31, 2025 17:32:49.139925957 CEST44349744216.24.57.252192.168.2.4
                        Mar 31, 2025 17:32:49.140162945 CEST49744443192.168.2.4216.24.57.252
                        Mar 31, 2025 17:32:49.140885115 CEST49744443192.168.2.4216.24.57.252
                        Mar 31, 2025 17:32:49.140912056 CEST44349744216.24.57.252192.168.2.4
                        Mar 31, 2025 17:32:49.307493925 CEST49742443192.168.2.4142.251.32.100
                        Mar 31, 2025 17:32:49.348277092 CEST44349742142.251.32.100192.168.2.4
                        Mar 31, 2025 17:32:49.476990938 CEST44349742142.251.32.100192.168.2.4
                        Mar 31, 2025 17:32:49.481565952 CEST44349742142.251.32.100192.168.2.4
                        Mar 31, 2025 17:32:49.481765985 CEST49742443192.168.2.4142.251.32.100
                        Mar 31, 2025 17:32:49.482305050 CEST49742443192.168.2.4142.251.32.100
                        Mar 31, 2025 17:32:49.482332945 CEST44349742142.251.32.100192.168.2.4
                        Mar 31, 2025 17:32:50.647754908 CEST44349743216.24.57.252192.168.2.4
                        Mar 31, 2025 17:32:50.647844076 CEST49743443192.168.2.4216.24.57.252
                        Mar 31, 2025 17:32:50.648471117 CEST49743443192.168.2.4216.24.57.252
                        Mar 31, 2025 17:32:50.648480892 CEST44349743216.24.57.252192.168.2.4
                        Mar 31, 2025 17:32:50.648797035 CEST44349743216.24.57.252192.168.2.4
                        Mar 31, 2025 17:32:50.649110079 CEST49743443192.168.2.4216.24.57.252
                        Mar 31, 2025 17:32:50.692281008 CEST44349743216.24.57.252192.168.2.4
                        Mar 31, 2025 17:32:51.012360096 CEST44349743216.24.57.252192.168.2.4
                        Mar 31, 2025 17:32:51.012536049 CEST44349743216.24.57.252192.168.2.4
                        Mar 31, 2025 17:32:51.012593031 CEST49743443192.168.2.4216.24.57.252
                        Mar 31, 2025 17:32:51.013995886 CEST49743443192.168.2.4216.24.57.252
                        Mar 31, 2025 17:32:51.014014006 CEST44349743216.24.57.252192.168.2.4
                        Mar 31, 2025 17:33:37.814296961 CEST4973180192.168.2.4142.251.35.163
                        Mar 31, 2025 17:33:37.919251919 CEST8049731142.251.35.163192.168.2.4
                        Mar 31, 2025 17:33:37.919384956 CEST4973180192.168.2.4142.251.35.163
                        Mar 31, 2025 17:33:45.706953049 CEST49751443192.168.2.4142.251.32.100
                        Mar 31, 2025 17:33:45.706984997 CEST44349751142.251.32.100192.168.2.4
                        Mar 31, 2025 17:33:45.707050085 CEST49751443192.168.2.4142.251.32.100
                        Mar 31, 2025 17:33:45.707241058 CEST49751443192.168.2.4142.251.32.100
                        Mar 31, 2025 17:33:45.707253933 CEST44349751142.251.32.100192.168.2.4
                        Mar 31, 2025 17:33:46.645313978 CEST44349751142.251.32.100192.168.2.4
                        Mar 31, 2025 17:33:46.645766973 CEST49751443192.168.2.4142.251.32.100
                        Mar 31, 2025 17:33:46.645786047 CEST44349751142.251.32.100192.168.2.4
                        Mar 31, 2025 17:33:56.234148026 CEST44349751142.251.32.100192.168.2.4
                        Mar 31, 2025 17:33:56.234286070 CEST44349751142.251.32.100192.168.2.4
                        Mar 31, 2025 17:33:56.234363079 CEST49751443192.168.2.4142.251.32.100
                        Mar 31, 2025 17:33:57.472687960 CEST49751443192.168.2.4142.251.32.100
                        Mar 31, 2025 17:33:57.472716093 CEST44349751142.251.32.100192.168.2.4
                        Mar 31, 2025 17:33:58.143074036 CEST49708443192.168.2.452.113.196.254
                        Mar 31, 2025 17:34:45.769243002 CEST49765443192.168.2.4142.251.32.100
                        Mar 31, 2025 17:34:45.769305944 CEST44349765142.251.32.100192.168.2.4
                        Mar 31, 2025 17:34:45.769401073 CEST49765443192.168.2.4142.251.32.100
                        Mar 31, 2025 17:34:45.769622087 CEST49765443192.168.2.4142.251.32.100
                        Mar 31, 2025 17:34:45.769640923 CEST44349765142.251.32.100192.168.2.4
                        Mar 31, 2025 17:34:45.987225056 CEST44349765142.251.32.100192.168.2.4
                        Mar 31, 2025 17:34:45.987555981 CEST49765443192.168.2.4142.251.32.100
                        Mar 31, 2025 17:34:45.987591982 CEST44349765142.251.32.100192.168.2.4
                        Mar 31, 2025 17:34:55.995112896 CEST44349765142.251.32.100192.168.2.4
                        Mar 31, 2025 17:34:55.995174885 CEST44349765142.251.32.100192.168.2.4
                        Mar 31, 2025 17:34:55.995245934 CEST49765443192.168.2.4142.251.32.100
                        Mar 31, 2025 17:34:57.473064899 CEST49765443192.168.2.4142.251.32.100
                        Mar 31, 2025 17:34:57.473100901 CEST44349765142.251.32.100192.168.2.4
                        TimestampSource PortDest PortSource IPDest IP
                        Mar 31, 2025 17:32:28.389760017 CEST5064453192.168.2.41.1.1.1
                        Mar 31, 2025 17:32:28.487066984 CEST53506441.1.1.1192.168.2.4
                        Mar 31, 2025 17:32:41.316071033 CEST53504721.1.1.1192.168.2.4
                        Mar 31, 2025 17:32:41.485574961 CEST53620571.1.1.1192.168.2.4
                        Mar 31, 2025 17:32:42.289242029 CEST53647061.1.1.1192.168.2.4
                        Mar 31, 2025 17:32:42.425961018 CEST53535941.1.1.1192.168.2.4
                        Mar 31, 2025 17:32:44.477009058 CEST53573861.1.1.1192.168.2.4
                        Mar 31, 2025 17:32:45.650538921 CEST6108353192.168.2.41.1.1.1
                        Mar 31, 2025 17:32:45.650675058 CEST5716853192.168.2.41.1.1.1
                        Mar 31, 2025 17:32:45.751934052 CEST53610831.1.1.1192.168.2.4
                        Mar 31, 2025 17:32:45.751976013 CEST53571681.1.1.1192.168.2.4
                        Mar 31, 2025 17:32:47.226263046 CEST5395453192.168.2.41.1.1.1
                        Mar 31, 2025 17:32:47.227895975 CEST5802153192.168.2.41.1.1.1
                        Mar 31, 2025 17:32:47.346525908 CEST53580211.1.1.1192.168.2.4
                        Mar 31, 2025 17:32:48.240766048 CEST6166653192.168.2.41.1.1.1
                        Mar 31, 2025 17:32:48.346643925 CEST53616661.1.1.1192.168.2.4
                        Mar 31, 2025 17:32:54.480581999 CEST5351397162.159.36.2192.168.2.4
                        Mar 31, 2025 17:33:02.422677994 CEST53636351.1.1.1192.168.2.4
                        Mar 31, 2025 17:33:19.169604063 CEST138138192.168.2.4192.168.2.255
                        Mar 31, 2025 17:33:20.345159054 CEST53535841.1.1.1192.168.2.4
                        Mar 31, 2025 17:33:40.958105087 CEST53653491.1.1.1192.168.2.4
                        Mar 31, 2025 17:33:42.816164970 CEST53570551.1.1.1192.168.2.4
                        Mar 31, 2025 17:34:13.266771078 CEST53626021.1.1.1192.168.2.4
                        Mar 31, 2025 17:34:59.285013914 CEST53542871.1.1.1192.168.2.4

                        DNS Queries

                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Mar 31, 2025 17:32:28.389760017 CEST192.168.2.41.1.1.10x4e4cStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                        Mar 31, 2025 17:32:45.650538921 CEST192.168.2.41.1.1.10x8e51Standard query (0)www.google.comA (IP address)IN (0x0001)false
                        Mar 31, 2025 17:32:45.650675058 CEST192.168.2.41.1.1.10x2197Standard query (0)www.google.com65IN (0x0001)false
                        Mar 31, 2025 17:32:47.226263046 CEST192.168.2.41.1.1.10x5fc3Standard query (0)g7868d.onrender.comA (IP address)IN (0x0001)false
                        Mar 31, 2025 17:32:47.227895975 CEST192.168.2.41.1.1.10x218dStandard query (0)g7868d.onrender.com65IN (0x0001)false
                        Mar 31, 2025 17:32:48.240766048 CEST192.168.2.41.1.1.10xf710Standard query (0)g7868d.onrender.comA (IP address)IN (0x0001)false

                        DNS Answers

                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Mar 31, 2025 17:32:28.487066984 CEST1.1.1.1192.168.2.40x4e4cNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                        Mar 31, 2025 17:32:28.487066984 CEST1.1.1.1192.168.2.40x4e4cNo error (0)crl.root-x1.letsencrypt.org.edgekey.nete8652.dscx.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                        Mar 31, 2025 17:32:28.487066984 CEST1.1.1.1192.168.2.40x4e4cNo error (0)e8652.dscx.akamaiedge.net23.48.144.248A (IP address)IN (0x0001)false
                        Mar 31, 2025 17:32:29.455611944 CEST1.1.1.1192.168.2.40xc7bbNo error (0)bg.microsoft.map.fastly.net199.232.90.172A (IP address)IN (0x0001)false
                        Mar 31, 2025 17:32:45.751934052 CEST1.1.1.1192.168.2.40x8e51No error (0)www.google.com142.251.32.100A (IP address)IN (0x0001)false
                        Mar 31, 2025 17:32:45.751976013 CEST1.1.1.1192.168.2.40x2197No error (0)www.google.com65IN (0x0001)false
                        Mar 31, 2025 17:32:47.346525908 CEST1.1.1.1192.168.2.40x218dNo error (0)g7868d.onrender.comgcp-us-west1-1.origin.onrender.comCNAME (Canonical name)IN (0x0001)false
                        Mar 31, 2025 17:32:47.346525908 CEST1.1.1.1192.168.2.40x218dNo error (0)gcp-us-west1-1.origin.onrender.comgcp-us-west1-1.origin.onrender.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                        Mar 31, 2025 17:32:48.346643925 CEST1.1.1.1192.168.2.40xf710No error (0)g7868d.onrender.comgcp-us-west1-1.origin.onrender.comCNAME (Canonical name)IN (0x0001)false
                        Mar 31, 2025 17:32:48.346643925 CEST1.1.1.1192.168.2.40xf710No error (0)gcp-us-west1-1.origin.onrender.comgcp-us-west1-1.origin.onrender.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                        Mar 31, 2025 17:32:48.346643925 CEST1.1.1.1192.168.2.40xf710No error (0)gcp-us-west1-1.origin.onrender.com.cdn.cloudflare.net216.24.57.252A (IP address)IN (0x0001)false
                        Mar 31, 2025 17:32:48.346643925 CEST1.1.1.1192.168.2.40xf710No error (0)gcp-us-west1-1.origin.onrender.com.cdn.cloudflare.net216.24.57.4A (IP address)IN (0x0001)false

                        HTTP Request Dependency Graph

                        • g7868d.onrender.com
                        • www.google.com
                        • x1.i.lencr.org
                        • c.pki.goog

                        HTTP Packets

                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        0192.168.2.44972523.48.144.248808072C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        TimestampBytes transferredDirectionData
                        Mar 31, 2025 17:32:28.653264046 CEST115OUTGET / HTTP/1.1
                        Connection: Keep-Alive
                        Accept: */*
                        User-Agent: Microsoft-CryptoAPI/10.0
                        Host: x1.i.lencr.org
                        Mar 31, 2025 17:32:28.766649961 CEST1031INHTTP/1.1 200 OK
                        Server: nginx
                        Content-Type: application/pkix-cert
                        Last-Modified: Fri, 04 Aug 2023 20:57:56 GMT
                        ETag: "64cd6654-56f"
                        Content-Disposition: attachment; filename="ISRG Root X1.der"
                        Cache-Control: max-age=75143
                        Expires: Tue, 01 Apr 2025 12:24:51 GMT
                        Date: Mon, 31 Mar 2025 15:32:28 GMT
                        Content-Length: 1391
                        Connection: keep-alive
                        Data Raw: 30 82 05 6b 30 82 03 53 a0 03 02 01 02 02 11 00 82 10 cf b0 d2 40 e3 59 44 63 e0 bb 63 82 8b 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 1e 17 0d 31 35 30 36 30 34 31 31 30 34 33 38 5a 17 0d 33 35 30 36 30 34 31 31 30 34 33 38 5a 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 ad e8 24 73 f4 14 37 f3 9b 9e 2b 57 28 1c 87 be dc b7 df 38 90 8c 6e 3c e6 57 a0 78 f7 75 c2 a2 fe f5 6a 6e f6 00 4f 28 db de 68 86 6c 44 93 b6 b1 63 fd 14 12 6b bf 1f d2 ea 31 9b 21 7e d1 33 [TRUNCATED]
                        Data Ascii: 0k0S@YDcc0*H0O10UUS1)0'U Internet Security Research Group10UISRG Root X10150604110438Z350604110438Z0O10UUS1)0'U Internet Security Research Group10UISRG Root X10"0*H0$s7+W(8n<WxujnO(hlDck1!~3<Hy!KqiJffl~<p)"K~G|H#S8Oo.IWt/8{p!u0<cOK~w.{JL%p)S$J?aQcq.o[\4ylv;by/&676urI*Av5/(ldwnG7Y^hrA)>Y>&$ZL@F:Qn;}rxY>Qx/>{JKsP|Ctt
                        Mar 31, 2025 17:32:28.766693115 CEST714INData Raw: 30 d4 5b 71 36 b4 07 ba c1 30 30 5c 48 b7 82 3b 98 a6 7d 60 8a a2 a3 29 82 cc ba bd 83 04 1b a2 83 03 41 a1 d6 05 f1 1b c2 b6 f0 a8 7c 86 3b 46 a8 48 2a 88 dc 76 9a 76 bf 1f 6a a5 3d 19 8f eb 38 f3 64 de c8 2b 0d 0a 28 ff f7 db e2 15 42 d4 22 d0
                        Data Ascii: 0[q600\H;}`)A|;FH*vvj=8d+(B"']ypN:'Qnd3COB0@0U0U00UyY{sXn0*HUXPi ')au\ni/VKsY!


                        Session IDSource IPSource PortDestination IPDestination Port
                        1192.168.2.449731142.251.35.16380
                        TimestampBytes transferredDirectionData
                        Mar 31, 2025 17:32:29.887649059 CEST202OUTGET /r/gsr1.crl HTTP/1.1
                        Cache-Control: max-age = 3000
                        Connection: Keep-Alive
                        Accept: */*
                        If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT
                        User-Agent: Microsoft-CryptoAPI/10.0
                        Host: c.pki.goog
                        Mar 31, 2025 17:32:29.995446920 CEST223INHTTP/1.1 304 Not Modified
                        Date: Mon, 31 Mar 2025 14:49:48 GMT
                        Expires: Mon, 31 Mar 2025 15:39:48 GMT
                        Age: 2561
                        Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT
                        Cache-Control: public, max-age=3000
                        Vary: Accept-Encoding
                        Mar 31, 2025 17:32:30.003963947 CEST200OUTGET /r/r4.crl HTTP/1.1
                        Cache-Control: max-age = 3000
                        Connection: Keep-Alive
                        Accept: */*
                        If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
                        User-Agent: Microsoft-CryptoAPI/10.0
                        Host: c.pki.goog
                        Mar 31, 2025 17:32:30.306134939 CEST200OUTGET /r/r4.crl HTTP/1.1
                        Cache-Control: max-age = 3000
                        Connection: Keep-Alive
                        Accept: */*
                        If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
                        User-Agent: Microsoft-CryptoAPI/10.0
                        Host: c.pki.goog
                        Mar 31, 2025 17:32:30.616679907 CEST200OUTGET /r/r4.crl HTTP/1.1
                        Cache-Control: max-age = 3000
                        Connection: Keep-Alive
                        Accept: */*
                        If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
                        User-Agent: Microsoft-CryptoAPI/10.0
                        Host: c.pki.goog
                        Mar 31, 2025 17:32:30.764410019 CEST222INHTTP/1.1 304 Not Modified
                        Date: Mon, 31 Mar 2025 15:30:24 GMT
                        Expires: Mon, 31 Mar 2025 16:20:24 GMT
                        Age: 126
                        Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
                        Cache-Control: public, max-age=3000
                        Vary: Accept-Encoding


                        HTTPS Proxied Packets

                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        0192.168.2.449744216.24.57.2524438924C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampBytes transferredDirectionData
                        2025-03-31 15:32:48 UTC825OUTGET /b765a52bd2c50a8e/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJiNzY1YTUyYmQyYzUwYThlIiwiaWF0IjoxNzM5MjkyMDg2fQ.QgLKBfHewGnX9JgoiBZq79fw-TDoD0F41eawEVZJyrY HTTP/1.1
                        Host: g7868d.onrender.com
                        Connection: keep-alive
                        sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                        sec-ch-ua-mobile: ?0
                        sec-ch-ua-platform: "Windows"
                        Upgrade-Insecure-Requests: 1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                        Sec-Fetch-Site: none
                        Sec-Fetch-Mode: navigate
                        Sec-Fetch-User: ?1
                        Sec-Fetch-Dest: document
                        Accept-Encoding: gzip, deflate, br, zstd
                        Accept-Language: en-US,en;q=0.9
                        2025-03-31 15:32:49 UTC286INHTTP/1.1 503 Service Unavailable
                        Date: Mon, 31 Mar 2025 15:32:49 GMT
                        Content-Type: text/html; charset=utf-8
                        Content-Length: 243
                        Connection: close
                        x-render-routing: suspend
                        cf-cache-status: DYNAMIC
                        Server: cloudflare
                        CF-RAY: 9290e6ccbaefc3f3-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-03-31 15:32:49 UTC243INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 65 72 76 69 63 65 20 53 75 73 70 65 6e 64 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 54 68 69 73 20 73 65 72 76 69 63 65 20 68 61 73 20 62 65 65 6e 20 73 75 73 70 65 6e 64 65 64 2e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1" /> <title>Service Suspended</title></head><body>This service has been suspended.</body></html>


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        1192.168.2.449742142.251.32.1004438924C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampBytes transferredDirectionData
                        2025-03-31 15:32:49 UTC579OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1
                        Host: www.google.com
                        Connection: keep-alive
                        X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJWhywEInP7MAQiFoM0BCL7VzgEIgdbOAQjI3M4BCIrgzgEIruTOAQiL5c4B
                        Sec-Fetch-Site: none
                        Sec-Fetch-Mode: no-cors
                        Sec-Fetch-Dest: empty
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                        Accept-Encoding: gzip, deflate, br, zstd
                        Accept-Language: en-US,en;q=0.9
                        2025-03-31 15:32:49 UTC1303INHTTP/1.1 200 OK
                        Date: Mon, 31 Mar 2025 15:32:49 GMT
                        Pragma: no-cache
                        Expires: -1
                        Cache-Control: no-cache, must-revalidate
                        Content-Type: text/javascript; charset=UTF-8
                        Strict-Transport-Security: max-age=31536000
                        Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-OoyUVT8r-nsjC5xicKEu0w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                        Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                        Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                        Accept-CH: Sec-CH-Prefers-Color-Scheme
                        Accept-CH: Downlink
                        Accept-CH: RTT
                        Accept-CH: Sec-CH-UA-Form-Factors
                        Accept-CH: Sec-CH-UA-Platform
                        Accept-CH: Sec-CH-UA-Platform-Version
                        Accept-CH: Sec-CH-UA-Full-Version
                        Accept-CH: Sec-CH-UA-Arch
                        Accept-CH: Sec-CH-UA-Model
                        Accept-CH: Sec-CH-UA-Bitness
                        Accept-CH: Sec-CH-UA-Full-Version-List
                        Accept-CH: Sec-CH-UA-WoW64
                        Permissions-Policy: unload=()
                        Content-Disposition: attachment; filename="f.txt"
                        Server: gws
                        X-XSS-Protection: 0
                        X-Frame-Options: SAMEORIGIN
                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                        Accept-Ranges: none
                        Vary: Accept-Encoding
                        Connection: close
                        Transfer-Encoding: chunked
                        2025-03-31 15:32:49 UTC904INData Raw: 33 38 31 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6a 61 6c 69 6c 20 62 65 74 68 65 61 20 74 72 61 6e 73 66 65 72 20 70 6f 72 74 61 6c 20 64 65 63 69 73 69 6f 6e 22 2c 22 69 72 73 20 74 61 78 20 72 65 66 75 6e 64 20 61 70 72 69 6c 22 2c 22 6e 79 74 20 63 72 6f 73 73 77 6f 72 64 20 63 6c 75 65 73 22 2c 22 70 73 20 70 6c 75 73 20 61 70 72 69 6c 20 67 61 6d 65 73 22 2c 22 64 65 6c 74 61 20 61 69 72 6c 69 6e 65 73 20 66 6c 69 67 68 74 20 64 69 76 65 72 73 69 6f 6e 20 70 68 6f 65 6e 69 78 22 2c 22 6a 61 73 6f 6e 20 61 6e 64 65 72 73 6f 6e 20 73 65 61 74 74 6c 65 20 73 75 70 65 72 63 72 6f 73 73 22 2c 22 6c 6f 74 74 65 72 79 20 6d 65 67 61 20 6d 69 6c 6c 69 6f 6e 73 20 70 6f 77 65 72 62 61 6c 6c 20 6a 61 63 6b 70 6f 74 22 2c 22 6a 61 63 6b 20 72 65 61 63 68 65 72
                        Data Ascii: 381)]}'["",["jalil bethea transfer portal decision","irs tax refund april","nyt crossword clues","ps plus april games","delta airlines flight diversion phoenix","jason anderson seattle supercross","lottery mega millions powerball jackpot","jack reacher
                        2025-03-31 15:32:49 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        2192.168.2.449743216.24.57.2524438924C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampBytes transferredDirectionData
                        2025-03-31 15:32:50 UTC757OUTGET /favicon.ico HTTP/1.1
                        Host: g7868d.onrender.com
                        Connection: keep-alive
                        sec-ch-ua-platform: "Windows"
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                        sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                        sec-ch-ua-mobile: ?0
                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                        Sec-Fetch-Site: same-origin
                        Sec-Fetch-Mode: no-cors
                        Sec-Fetch-Dest: image
                        Referer: https://g7868d.onrender.com/b765a52bd2c50a8e/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJiNzY1YTUyYmQyYzUwYThlIiwiaWF0IjoxNzM5MjkyMDg2fQ.QgLKBfHewGnX9JgoiBZq79fw-TDoD0F41eawEVZJyrY
                        Accept-Encoding: gzip, deflate, br, zstd
                        Accept-Language: en-US,en;q=0.9
                        2025-03-31 15:32:51 UTC286INHTTP/1.1 503 Service Unavailable
                        Date: Mon, 31 Mar 2025 15:32:50 GMT
                        Content-Type: text/html; charset=utf-8
                        Content-Length: 243
                        Connection: close
                        x-render-routing: suspend
                        cf-cache-status: DYNAMIC
                        Server: cloudflare
                        CF-RAY: 9290e6d9b9ea7281-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-03-31 15:32:51 UTC243INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 65 72 76 69 63 65 20 53 75 73 70 65 6e 64 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 54 68 69 73 20 73 65 72 76 69 63 65 20 68 61 73 20 62 65 65 6e 20 73 75 73 70 65 6e 64 65 64 2e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1" /> <title>Service Suspended</title></head><body>This service has been suspended.</body></html>


                        Statistics

                        CPU Usage

                        Click to jump to process

                        Memory Usage

                        Click to jump to process

                        High Level Behavior Distribution

                        • File
                        • Registry

                        Click to dive into process behavior distribution

                        Behavior

                        Click to jump to process

                        System Behavior

                        General

                        Target ID:1
                        Start time:11:32:13
                        Start date:31/03/2025
                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\AR Care.pdf"
                        Imagebase:0x7ff6f9de0000
                        File size:5'641'176 bytes
                        MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true
                        Show Windows behavior

                        File Activities

                        Show Windows behavior

                        Section Activities

                        Show Windows behavior

                        Registry Activities

                        Show Windows behavior

                        COM Activities

                        Show Windows behavior

                        Mutex Activities

                        Show Windows behavior

                        Process Activities

                        Show Windows behavior

                        Thread Activities

                        Show Windows behavior

                        Memory Activities

                        Show Windows behavior

                        System Activities

                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                        Show Windows behavior

                        Windows UI Activities

                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                        General

                        Target ID:2
                        Start time:11:32:15
                        Start date:31/03/2025
                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                        Imagebase:0x7ff60c9b0000
                        File size:3'581'912 bytes
                        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true
                        Show Windows behavior

                        File Activities

                        Show Windows behavior

                        Section Activities

                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                        Show Windows behavior

                        Mutex Activities

                        Show Windows behavior

                        Process Activities

                        Show Windows behavior

                        Thread Activities

                        Show Windows behavior

                        Memory Activities

                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                        Show Windows behavior

                        Process Token Activities

                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                        General

                        Target ID:3
                        Start time:11:32:15
                        Start date:31/03/2025
                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1612 --field-trial-handle=1604,i,5356942124287896857,12943061900740152347,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                        Imagebase:0x7ff60c9b0000
                        File size:3'581'912 bytes
                        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true
                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                        Show Windows behavior

                        Section Activities

                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                        Show Windows behavior

                        Process Activities

                        Show Windows behavior

                        Thread Activities

                        Show Windows behavior

                        Memory Activities

                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                        General

                        Target ID:19
                        Start time:11:32:38
                        Start date:31/03/2025
                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                        Imagebase:0x7ff786830000
                        File size:3'388'000 bytes
                        MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:false
                        Show Windows behavior

                        File Activities

                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                        Show Windows behavior

                        COM Activities

                        Show Windows behavior

                        Process Activities

                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                        Show Windows behavior

                        Memory Activities

                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                        Show Windows behavior

                        Process Token Activities


                        General

                        Target ID:20
                        Start time:11:32:39
                        Start date:31/03/2025
                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2008,i,3824752678761937169,17390088200995456266,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2060 /prefetch:3
                        Imagebase:0x7ff786830000
                        File size:3'388'000 bytes
                        MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:false
                        Show Windows behavior

                        File Activities

                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                        Show Windows behavior

                        Memory Activities

                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                        General

                        Target ID:21
                        Start time:11:32:46
                        Start date:31/03/2025
                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://g7868d.onrender.com/b765a52bd2c50a8e/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJiNzY1YTUyYmQyYzUwYThlIiwiaWF0IjoxNzM5MjkyMDg2fQ.QgLKBfHewGnX9JgoiBZq79fw-TDoD0F41eawEVZJyrY"
                        Imagebase:0x7ff786830000
                        File size:3'388'000 bytes
                        MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true
                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                        Disassembly

                        No disassembly