Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Visix Digital Signage.pdf

Overview

General Information

Sample name:Visix Digital Signage.pdf
Analysis ID:1524439
MD5:ff383d05bf9b51eba7105b2a8e6a5719
SHA1:df0d9d06c65cdcb9a9d53b6fe447157a7bfb2830
SHA256:f60d8fda0e37f482dbc8cf3dc5029f5fad9d1ae1d326c2b1da4774fd0f18ef3d
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Suspicious PDF detected (based on various text indicators)
Detected non-DNS traffic on DNS port
Detected suspicious crossdomain redirect
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 2944 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Visix Digital Signage.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 5284 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7244 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1628,i,3762446524523621955,14140293356470645305,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • chrome.exe (PID: 7288 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://docsend.com/view/6bkxyed8jn8y29xw" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 1868 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=2004,i,9085540079256255740,3480827009133672095,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: https://dianemccabe.com/n/?c3Y9bzM2NV8xX25vbSZyYW5kPVR6WXpVMjQ9JnVpZD1VU0VSMjMwOTIwMjRVMzMwOTIzMjU=N0123N[EMAIL]SlashNext: Label: Credential Stealing type: Phishing & Social Engineering

Phishing

barindex
Suspicious PDF detected (based on various text indicators)
Source: Adobe Acrobat PDFOCR Text: SECURE ONLINE DOCUMENT CLICK HERE TO ACCESS VIA MICROSOFT PDF READER
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:61253 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.4:61245 -> 1.1.1.1:53
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: docsend.com to https://dianemccabe.com/n/?c3y9bzm2nv8xx25vbszyyw5kpvr6wxpvmjq9jnvpzd1vu0vsmjmwotiwmjrvmzmwotizmju=n0123n[email]
Source: Joe Sandbox ViewIP Address: 18.173.205.62 18.173.205.62
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewIP Address: 23.203.104.175 23.203.104.175
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=a8eGsHWKylSgLdw&MD=MbhUNfdD HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /view/6bkxyed8jn8y29xw HTTP/1.1Host: docsend.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /n/?c3Y9bzM2NV8xX25vbSZyYW5kPVR6WXpVMjQ9JnVpZD1VU0VSMjMwOTIwMjRVMzMwOTIzMjU=N0123N[EMAIL] HTTP/1.1Host: dianemccabe.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: dianemccabe.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://dianemccabe.com/n/?c3Y9bzM2NV8xX25vbSZyYW5kPVR6WXpVMjQ9JnVpZD1VU0VSMjMwOTIwMjRVMzMwOTIzMjU=N0123N[EMAIL]Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=a8eGsHWKylSgLdw&MD=MbhUNfdD HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: docsend.com
Source: global trafficDNS traffic detected: DNS query: dianemccabe.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 02 Oct 2024 17:52:55 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.1.drString found in binary or memory: http://x1.i.lencr.org/
Source: Visix Digital Signage.pdfString found in binary or memory: https://docsend.com/view/6bkxyed8jn8y29xw)
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61253
Source: unknownNetwork traffic detected: HTTP traffic on port 61255 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61253 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61255
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:61253 version: TLS 1.2
Source: classification engineClassification label: mal52.phis.winPDF@44/51@7/6
Source: Visix Digital Signage.pdfInitial sample: https://docsend.com/view/6bkxyed8jn8y29xw
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5472Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-02 13-52-27-857.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Visix Digital Signage.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1628,i,3762446524523621955,14140293356470645305,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://docsend.com/view/6bkxyed8jn8y29xw"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=2004,i,9085540079256255740,3480827009133672095,262144 /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1628,i,3762446524523621955,14140293356470645305,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=2004,i,9085540079256255740,3480827009133672095,262144 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Visix Digital Signage.pdfInitial sample: PDF keyword /JS count = 0
Source: Visix Digital Signage.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: Visix Digital Signage.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Spearphishing Link		Windows Management InstrumentationPath Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Visix Digital Signage.pdf11%ReversingLabsDocument-PDF.Phishing.Generic

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://dianemccabe.com/n/?c3Y9bzM2NV8xX25vbSZyYW5kPVR6WXpVMjQ9JnVpZD1VU0VSMjMwOTIwMjRVMzMwOTIzMjU=N0123N[EMAIL]100%SlashNextCredential Stealing type: Phishing & Social Engineering
http://x1.i.lencr.org/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		unknown
    dianemccabe.com
    		217.115.114.114
    		truefalse
      		unknown
      www.google.com
      		142.250.185.100
      		truefalse
        		unknown
        docsend.com
        		18.173.205.62
        		truefalse
          		unknown
          x1.i.lencr.org
          		unknown
          		unknownfalse
            		unknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://dianemccabe.com/favicon.icofalse
              		unknown
              https://docsend.com/view/6bkxyed8jn8y29xwfalse
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                https://docsend.com/view/6bkxyed8jn8y29xw)Visix Digital Signage.pdffalse
                  		unknown
                  http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.1.drfalse
                  • URL Reputation: safe
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  142.250.185.100
                  		www.google.comUnited States
                  		15169GOOGLEUSfalse
                  18.173.205.62
                  		docsend.comUnited States
                  		3MIT-GATEWAYSUSfalse
                  239.255.255.250
                  		unknownReserved
                  		unknownunknownfalse
                  23.203.104.175
                  		unknownUnited States
                  		16625AKAMAI-ASUSfalse
                  217.115.114.114
                  		dianemccabe.comIreland
                  		30900WEBWORLD-AStaWebWorldIrelandIEfalse

                  Private

                  IP
                  192.168.2.4

                  General Information

                  Joe Sandbox version:41.0.0 Charoite
                  Analysis ID:1524439
                  Start date and time:2024-10-02 19:51:31 +02:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 5m 41s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:defaultwindowspdfcookbook.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:13
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample name:Visix Digital Signage.pdf
                  Detection:MAL
                  Classification:mal52.phis.winPDF@44/51@7/6
                  Cookbook Comments:
                  • Found application associated with file extension: .pdf
                  • Found PDF document
                  • Close Viewer

                  Warnings

                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
                  • Excluded IPs from analysis (whitelisted): 184.28.88.176, 52.202.204.11, 52.5.13.197, 23.22.254.206, 54.227.187.23, 2.19.126.149, 2.19.126.143, 172.64.41.3, 162.159.61.3, 2.23.197.184, 199.232.210.172, 192.229.221.95, 142.250.186.67, 142.250.184.238, 74.125.71.84, 34.104.35.123, 216.58.206.74, 142.250.186.106, 142.250.186.170, 216.58.212.170, 142.250.184.234, 142.250.186.138, 142.250.186.74, 142.250.186.42, 172.217.16.138, 172.217.18.10, 142.250.184.202, 142.250.185.234, 142.250.74.202, 216.58.206.42, 172.217.16.202, 142.250.181.234, 216.58.206.35, 142.250.186.174
                  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, clientservices.googleapis.com, acroipm2.adobe.com, clients2.google.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net, optimizationguide-pa.googleapis.com, clients1.google.com, fs.microsoft.com, accounts.google.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com, geo2.adobe.com
                  • Not all processes where analyzed, report is missing behavior information
                  • VT rate limit hit for: Visix Digital Signage.pdf

                  Simulations

                  Behavior and APIs

                  TimeTypeDescription
                  13:52:38API Interceptor3x Sleep call for process: AcroCEF.exe modified

                  Joe Sandbox View / Context

                  IPs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  239.255.255.250file.exeGet hashmaliciousCredential FlusherBrowse
                    https://kfdsh.org/frrgde?e=Get hashmaliciousUnknownBrowse
                      file.exeGet hashmaliciousUnknownBrowse
                        file.exeGet hashmaliciousCredential FlusherBrowse
                          file.exeGet hashmaliciousCredential FlusherBrowse
                            file.exeGet hashmaliciousCredential FlusherBrowse
                              file.exeGet hashmaliciousCredential FlusherBrowse
                                file.exeGet hashmaliciousCredential FlusherBrowse
                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                    file.exeGet hashmaliciousUnknownBrowse
                                      23.203.104.175Final_Contract_Copy-532392974.pdfGet hashmaliciousUnknownBrowse
                                        Hamilton Associates, PC..pdfGet hashmaliciousUnknownBrowse
                                          #U0631#U0648#U0632 #U0633#U06cc#U0627#U0647 #U06a9#U0627#U0631#U06af#U0631.exeGet hashmaliciousUnknownBrowse
                                            Inv_Doc_18#908.pdfGet hashmaliciousUnknownBrowse
                                              IN-ORDER.pdfGet hashmaliciousUnknownBrowse
                                                EXTERNALInvoice 3388 from Mazzitti Sullivan EAP.msgGet hashmaliciousUnknownBrowse
                                                  https://cloudsds1-my.sharepoint.com/:f:/g/personal/soumitra_cloudsds_com/Ei6OHXc0_bNHleZYwdiea4gBdHbOiJReQ2tSzcE567VwIQ?e=C01mZ0&xsdata=MDV8MDJ8ZGVzdGluLmNvbGVAeGNlbGVuZXJneS5jb218NGY4MDM5MDliNTcwNDQ5MDRmNTMwOGRjZDFkNTZmZTl8MjRiMmE1ODM1YzA1NGI2YWI0ZTk0ZTEyZGMwMDI1YWR8MHwwfDYzODYxNTk2MTg1OTEwMjA0MHxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=bUh6aFliRUZYLzNBRGdPWk1kTFd6R0o5N3pKdkxXSnNpUVptVUFXZXYwZz0%3dGet hashmaliciousHTMLPhisherBrowse
                                                    Employee Appraisal Egrazak Hilcorp Agreement Signature Required.pdfGet hashmaliciousUnknownBrowse
                                                      Payment.pdfGet hashmaliciousHTMLPhisherBrowse
                                                        Madisonwellsmedia546.pdfGet hashmaliciousHTMLPhisherBrowse
                                                          217.115.114.114https://fshjjfetalpacksrlfggghhgfgj.taplink.ws/Get hashmaliciousHTMLPhisherBrowse
                                                            https://jbrizuelablplegal.taplink.ws/Get hashmaliciousHTMLPhisherBrowse
                                                              18.173.205.62https://treezoriostart.github.io/Get hashmaliciousUnknownBrowse
                                                                https://learn--sso-cdn---coinbasepro--auth.webflow.io/Get hashmaliciousUnknownBrowse
                                                                  https://docsend.com/view/s/g9wy7hdqt2mwawpcGet hashmaliciousUnknownBrowse
                                                                    https://docsend.com/view/s/iud5yxnaersq5gxcGet hashmaliciousUnknownBrowse
                                                                      https://click.dn.askhelp247.com/?qs=56daa84a9aeab310141fd7b3abd36125b539fd4f3799231d7ea795f5ca63ee3d16f8d954cbf1ffa46296eb2ff8fe4db6c125eafbd8e358283667a34a51f183eeGet hashmaliciousUnknownBrowse
                                                                        https://start-trenzor.webflow.io/Get hashmaliciousUnknownBrowse
                                                                          http://instagramexternalwebsite.rf.gd/Get hashmaliciousUnknownBrowse
                                                                            https://secure.bookipi.com/bpay/pay/66a8a106a4b309d1b595d02f/loadingGet hashmaliciousUnknownBrowse
                                                                              Prlawfirm.pdfGet hashmaliciousUnknownBrowse
                                                                                https://my.invoice-maker.app/share/show/67663E57-C8C7-4CC4-BAAE-1557D89C5215Get hashmaliciousPayPal PhisherBrowse

                                                                                  Domains

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  dianemccabe.comhttps://fshjjfetalpacksrlfggghhgfgj.taplink.ws/Get hashmaliciousHTMLPhisherBrowse
                                                                                  • 217.115.114.114
                                                                                  https://jbrizuelablplegal.taplink.ws/Get hashmaliciousHTMLPhisherBrowse
                                                                                  • 217.115.114.114
                                                                                  docsend.comSteel Dynamics.pdfGet hashmaliciousUnknownBrowse
                                                                                  • 18.173.205.86
                                                                                  https://docsend.com/view/ym7bma8v9byv5mznGet hashmaliciousUnknownBrowse
                                                                                  • 18.173.205.86
                                                                                  Brownsburg Fire Territory.pdfGet hashmaliciousUnknownBrowse
                                                                                  • 13.227.219.106
                                                                                  https://click.mailchimp.com/track/click/30010842/docsend.com?p=eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ#bob_cotton@mohawkind.comGet hashmaliciousHTMLPhisherBrowse
                                                                                  • 13.227.219.36
                                                                                  bg.microsoft.map.fastly.netIir6rxs8r6.exeGet hashmaliciousRhysidaBrowse
                                                                                  • 199.232.214.172
                                                                                  27987136e29b3032ad40982c8b7c2e168112c9601e08da806119dcba615524b5.htmlGet hashmaliciousUnknownBrowse
                                                                                  • 199.232.214.172
                                                                                  http://freemangas.comGet hashmaliciousUnknownBrowse
                                                                                  • 199.232.214.172
                                                                                  62-3590.pdfGet hashmaliciousUnknownBrowse
                                                                                  • 199.232.214.172
                                                                                  lK1DKi27B4.dllGet hashmaliciousUnknownBrowse
                                                                                  • 199.232.214.172
                                                                                  ZAMOWIEN.EXE.exeGet hashmaliciousGuLoaderBrowse
                                                                                  • 199.232.210.172
                                                                                  7ffbfc130000.conhost2.dll.dllGet hashmaliciousUnknownBrowse
                                                                                  • 199.232.214.172
                                                                                  https://sportmansguilde.com/?https://www.office.comGet hashmaliciousUnknownBrowse
                                                                                  • 199.232.210.172
                                                                                  Axactor Microsoft - Introduksjonsm#U00f8te.msgGet hashmaliciousEvilProxyBrowse
                                                                                  • 199.232.214.172
                                                                                  http://Asm.alcateia.orgGet hashmaliciousHTMLPhisherBrowse
                                                                                  • 199.232.214.172

                                                                                  ASNs

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  AKAMAI-ASUSnovo.arm7.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                  • 184.28.163.53
                                                                                  novo.m68k.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                  • 104.65.167.25
                                                                                  novo.ppc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                  • 23.204.25.166
                                                                                  Iir6rxs8r6.exeGet hashmaliciousRhysidaBrowse
                                                                                  • 96.17.64.189
                                                                                  Setup.exeGet hashmaliciousLummaC, MicroClipBrowse
                                                                                  • 104.102.49.254
                                                                                  66fb252fe232b_Patksl.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                  • 104.102.49.254
                                                                                  http://view.flodesk.com/emails/66fd2053af85c99dd55d1461Get hashmaliciousUnknownBrowse
                                                                                  • 2.19.126.198
                                                                                  file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                  • 104.102.49.254
                                                                                  test.exeGet hashmaliciousBabadedaBrowse
                                                                                  • 23.223.209.207
                                                                                  kuly.exeGet hashmaliciousLummaCBrowse
                                                                                  • 104.102.49.254
                                                                                  WEBWORLD-AStaWebWorldIrelandIEhttps://fshjjfetalpacksrlfggghhgfgj.taplink.ws/Get hashmaliciousHTMLPhisherBrowse
                                                                                  • 217.115.114.114
                                                                                  https://jbrizuelablplegal.taplink.ws/Get hashmaliciousHTMLPhisherBrowse
                                                                                  • 217.115.114.114
                                                                                  tWpGuzQQoW.elfGet hashmaliciousMiraiBrowse
                                                                                  • 83.138.10.55
                                                                                  1ZUx4TSDeU.elfGet hashmaliciousMoobotBrowse
                                                                                  • 83.138.10.98
                                                                                  rIStusmUkm.elfGet hashmaliciousMiraiBrowse
                                                                                  • 83.138.10.67
                                                                                  Factura_1-000816pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                  • 217.115.117.198
                                                                                  payment_confirmation.exeGet hashmaliciousFormBookBrowse
                                                                                  • 217.115.117.198
                                                                                  swift_copy.exeGet hashmaliciousFormBookBrowse
                                                                                  • 217.115.117.198
                                                                                  Order_32420_03.07.2023.exeGet hashmaliciousFormBookBrowse
                                                                                  • 217.115.117.198
                                                                                  https://metamask.io.connect-crm.web.tr/dex/Get hashmaliciousUnknownBrowse
                                                                                  • 185.24.233.147
                                                                                  MIT-GATEWAYSUSyakov.mips.elfGet hashmaliciousMiraiBrowse
                                                                                  • 18.117.117.234
                                                                                  yakov.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                  • 19.226.51.157
                                                                                  novo.arm7.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                  • 19.129.220.164
                                                                                  novo.mips.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                  • 19.165.185.139
                                                                                  novo.mpsl.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                  • 19.140.194.113
                                                                                  novo.sh4.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                  • 19.252.62.95
                                                                                  novo.x86.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                  • 19.57.143.167
                                                                                  novo.x86_64.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                  • 18.11.5.88
                                                                                  yakov.spc.elfGet hashmaliciousMiraiBrowse
                                                                                  • 19.202.176.96
                                                                                  yakov.x86.elfGet hashmaliciousMiraiBrowse
                                                                                  • 19.27.124.40

                                                                                  JA3 Fingerprints

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  28a2c9bd18a11de089ef85a160da29e4file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                  • 184.28.90.27
                                                                                  • 20.114.59.183
                                                                                  https://kfdsh.org/frrgde?e=Get hashmaliciousUnknownBrowse
                                                                                  • 184.28.90.27
                                                                                  • 20.114.59.183
                                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                                  • 184.28.90.27
                                                                                  • 20.114.59.183
                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                  • 184.28.90.27
                                                                                  • 20.114.59.183
                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                  • 184.28.90.27
                                                                                  • 20.114.59.183
                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                  • 184.28.90.27
                                                                                  • 20.114.59.183
                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                  • 184.28.90.27
                                                                                  • 20.114.59.183
                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                  • 184.28.90.27
                                                                                  • 20.114.59.183
                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                  • 184.28.90.27
                                                                                  • 20.114.59.183
                                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                                  • 184.28.90.27
                                                                                  • 20.114.59.183

                                                                                  Dropped Files

                                                                                  No context

                                                                                  Created / dropped Files

                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):289
                                                                                  Entropy (8bit):5.179899204999623
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:W4UAskpQ+q2Pwkn2nKuAl9OmbnIFUt8B4UASqgZmw+B4UASqQVkwOwkn2nKuAl91:3EP+vYfHAahFUt8Co/+C4V5JfHAaSJ
                                                                                  MD5:A5596F9440520C8CC1914B9738E81C07
                                                                                  SHA1:7305CDE0DB5DCE072F4EB2A9A530D6FAF79C0CAC
                                                                                  SHA-256:DBE0A7766ACB0938C072BAF35D3D1B258D01AEED106888639C1B304AC6F6D5B7
                                                                                  SHA-512:ADC22A7C70BF1A12107FF5060DB1178C1338F4851253B9E0693D33AECAA6E44F74A28925FFB3F6349D66B87A425E2A343C23067BF2445785F5FCAE4DBC2FCB87
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  Preview:2024/10/02-13:52:25.654 edc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/02-13:52:25.656 edc Recovering log #3.2024/10/02-13:52:25.656 edc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):289
                                                                                  Entropy (8bit):5.179899204999623
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:W4UAskpQ+q2Pwkn2nKuAl9OmbnIFUt8B4UASqgZmw+B4UASqQVkwOwkn2nKuAl91:3EP+vYfHAahFUt8Co/+C4V5JfHAaSJ
                                                                                  MD5:A5596F9440520C8CC1914B9738E81C07
                                                                                  SHA1:7305CDE0DB5DCE072F4EB2A9A530D6FAF79C0CAC
                                                                                  SHA-256:DBE0A7766ACB0938C072BAF35D3D1B258D01AEED106888639C1B304AC6F6D5B7
                                                                                  SHA-512:ADC22A7C70BF1A12107FF5060DB1178C1338F4851253B9E0693D33AECAA6E44F74A28925FFB3F6349D66B87A425E2A343C23067BF2445785F5FCAE4DBC2FCB87
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  Preview:2024/10/02-13:52:25.654 edc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/02-13:52:25.656 edc Recovering log #3.2024/10/02-13:52:25.656 edc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):336
                                                                                  Entropy (8bit):5.141985121325197
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:W4UAmyq2Pwkn2nKuAl9Ombzo2jMGIFUt8B4UAmaZmw+B4UAm4GIzkwOwkn2nKuAv:3dvYfHAa8uFUt8Cd/+CtG05JfHAa8RJ
                                                                                  MD5:3BE04182A46FEE10615322CF57646050
                                                                                  SHA1:00101C58E5EE6301B31077335F8E30F3CE9DB4AF
                                                                                  SHA-256:4AD3B821098FA7F23998AD9CBEEA4E2D522D7EEDF2FF1F08428A4FC8FB0A7C82
                                                                                  SHA-512:BA9075668D424F39E4BD56B4AEC722C58547B6EA9B585E6152EC9EA23BE352F5AD46E41E600BAA16E0145A0E1D2FA3DB7A134F2A1A40D98EDFD0DD49363C50F1
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  Preview:2024/10/02-13:52:25.721 1ca4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/02-13:52:25.722 1ca4 Recovering log #3.2024/10/02-13:52:25.724 1ca4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):336
                                                                                  Entropy (8bit):5.141985121325197
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:W4UAmyq2Pwkn2nKuAl9Ombzo2jMGIFUt8B4UAmaZmw+B4UAm4GIzkwOwkn2nKuAv:3dvYfHAa8uFUt8Cd/+CtG05JfHAa8RJ
                                                                                  MD5:3BE04182A46FEE10615322CF57646050
                                                                                  SHA1:00101C58E5EE6301B31077335F8E30F3CE9DB4AF
                                                                                  SHA-256:4AD3B821098FA7F23998AD9CBEEA4E2D522D7EEDF2FF1F08428A4FC8FB0A7C82
                                                                                  SHA-512:BA9075668D424F39E4BD56B4AEC722C58547B6EA9B585E6152EC9EA23BE352F5AD46E41E600BAA16E0145A0E1D2FA3DB7A134F2A1A40D98EDFD0DD49363C50F1
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  Preview:2024/10/02-13:52:25.721 1ca4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/02-13:52:25.722 1ca4 Recovering log #3.2024/10/02-13:52:25.724 1ca4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\3d382397-6b7e-4fcd-b1bb-899dacd911be.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                  File Type:JSON data
                                                                                  Category:modified
                                                                                  Size (bytes):475
                                                                                  Entropy (8bit):4.970895562327589
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:YH/um3RA8sqlBxsBdOg2H2hAcaq3QYiubInP7E4T3y:Y2sRdsrdMHw3QYhbG7nby
                                                                                  MD5:A3CC8DCDF798151BE958183963271CF5
                                                                                  SHA1:35567AFE5EC87C0D9BC1CA144955022928EF065B
                                                                                  SHA-256:9A365C2800240A4E0CA83F39017D33DF37DCB73D8327E10FDEB732B9EC2C706D
                                                                                  SHA-512:6CFC31790B2F64E625D4B45A37261486F5E32B89B31DB5D5B96DAD922A24AC34ABB92B92804E652E22D7E5EA346274F135D8FFC19924A8DC248FC301E4FEF822
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372451558240328","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":166947},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):475
                                                                                  Entropy (8bit):4.970895562327589
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:YH/um3RA8sqlBxsBdOg2H2hAcaq3QYiubInP7E4T3y:Y2sRdsrdMHw3QYhbG7nby
                                                                                  MD5:A3CC8DCDF798151BE958183963271CF5
                                                                                  SHA1:35567AFE5EC87C0D9BC1CA144955022928EF065B
                                                                                  SHA-256:9A365C2800240A4E0CA83F39017D33DF37DCB73D8327E10FDEB732B9EC2C706D
                                                                                  SHA-512:6CFC31790B2F64E625D4B45A37261486F5E32B89B31DB5D5B96DAD922A24AC34ABB92B92804E652E22D7E5EA346274F135D8FFC19924A8DC248FC301E4FEF822
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372451558240328","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":166947},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):4730
                                                                                  Entropy (8bit):5.257666724510051
                                                                                  Encrypted:false
                                                                                  SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7dV7OrM5VSZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goK
                                                                                  MD5:94ED79EA6DBCC3612E699FD65B150CAB
                                                                                  SHA1:198FE0972DE0A490389B4F577A115EFC01625A98
                                                                                  SHA-256:4AF6FE3827332ED5592BFF93A349AA99E018FE87DF126664BA39EA2D5BF4C528
                                                                                  SHA-512:69B7701685A992ADFFCF33290549F00AB7FA7CD42BB5A8459E6AF898B062C2F72714BC0840C1BCB1E0B08EF56F3674A519F7A525F418F62AAB04AD93393A4BB3
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):324
                                                                                  Entropy (8bit):5.16316676590871
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:W4UAomXq2Pwkn2nKuAl9OmbzNMxIFUt8B4UX/wXZmw+B4UXzsPkwOwkn2nKuAl9c:3AmXvYfHAa8jFUt8COwX/+Cac5JfHAab
                                                                                  MD5:3CABC7D60A939F47738B036A4479C641
                                                                                  SHA1:925D030F02CF3DAEC94C7AE545338EEDFD2E2597
                                                                                  SHA-256:F10EB47074AA6467A0FC02AB70167E5AB3573E83283441990E771A9EA2C70695
                                                                                  SHA-512:A9949D1C4DC6CDFB72D8FBFBD71624033F24B047DBDFC24A2B84F3F14AED2E3310ABD3AE7253BF1ED769C1449054EC77615746EE833A203D036B5B0012F8D321
                                                                                  Malicious:false
                                                                                  Preview:2024/10/02-13:52:25.992 1ca4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/02-13:52:26.031 1ca4 Recovering log #3.2024/10/02-13:52:26.035 1ca4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):324
                                                                                  Entropy (8bit):5.16316676590871
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:W4UAomXq2Pwkn2nKuAl9OmbzNMxIFUt8B4UX/wXZmw+B4UXzsPkwOwkn2nKuAl9c:3AmXvYfHAa8jFUt8COwX/+Cac5JfHAab
                                                                                  MD5:3CABC7D60A939F47738B036A4479C641
                                                                                  SHA1:925D030F02CF3DAEC94C7AE545338EEDFD2E2597
                                                                                  SHA-256:F10EB47074AA6467A0FC02AB70167E5AB3573E83283441990E771A9EA2C70695
                                                                                  SHA-512:A9949D1C4DC6CDFB72D8FBFBD71624033F24B047DBDFC24A2B84F3F14AED2E3310ABD3AE7253BF1ED769C1449054EC77615746EE833A203D036B5B0012F8D321
                                                                                  Malicious:false
                                                                                  Preview:2024/10/02-13:52:25.992 1ca4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/02-13:52:26.031 1ca4 Recovering log #3.2024/10/02-13:52:26.035 1ca4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241002175229Z-152.bmp

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                  File Type:PC bitmap, Windows 3.x format, 164 x -115 x 32, cbSize 75494, bits offset 54
                                                                                  Category:dropped
                                                                                  Size (bytes):75494
                                                                                  Entropy (8bit):3.5365751369680654
                                                                                  Encrypted:false
                                                                                  SSDEEP:768:kqDueEF4Z9V0mKtyj22A222gTCbrsbkr/:zESZ6to22A222gTCbeq
                                                                                  MD5:657351598782C1AE9BB156EC37DD7E98
                                                                                  SHA1:E787B49CACB2ABC179E1459E75039D327BA45491
                                                                                  SHA-256:9FB0B3584CC88BC6C98335C3D80E1D231453749DFCE46E944EFF6C63707700DB
                                                                                  SHA-512:4C636CE236A1426580FE4A8F13B3C4E1E7825459EE7C673EEAB67136D3B540A43E02EAB842E23D80EB5FD9EB4656629F299223590DFEBD9A4B69B63A73834749
                                                                                  Malicious:false
                                                                                  Preview:BM.&......6...(............. ....................................."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'........................."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#'."#

                                                                                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                                                                                  Category:dropped
                                                                                  Size (bytes):86016
                                                                                  Entropy (8bit):4.444965091766289
                                                                                  Encrypted:false
                                                                                  SSDEEP:384:yezci5tMiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rrs3OazzU89UTTgUL
                                                                                  MD5:8587A4E267D618645371706EE3C9FA2F
                                                                                  SHA1:4EA52383E2576A48D1045C1B47DCAD0AEFE1D6AB
                                                                                  SHA-256:5C11244A6B71130BC28281FF6B56D718CF5B6D06C034D347ECD215E8346E9C5B
                                                                                  SHA-512:B8E3CD7BBC844C6A413F737BD800927F2184BDADA4481D279503650449CD6CBF4D58778BDEC418955AFD8D9215E52D4E5C46206B66A24918F30C689146FDFDD5
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                  File Type:SQLite Rollback Journal
                                                                                  Category:dropped
                                                                                  Size (bytes):8720
                                                                                  Entropy (8bit):3.7754942169663015
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:7MSp/E2ioyVoioy9oWoy1Cwoy14KOioy1noy1AYoy1Wioy1hioybioySoy1noy1M:7NpjuoFrXKQzGb9IVXEBodRBkn
                                                                                  MD5:98A0AF9B7F129BC0BF3D53017A99E446
                                                                                  SHA1:C6C869842C5581D383CFA396F1493034BA1B1A11
                                                                                  SHA-256:076BFCF7E1E2B258B69571D95D6A85D018EFD82E8858A3B54C4225052A20DA70
                                                                                  SHA-512:FF415E8C59F8711DDAEFC0E7C2697214C3FC0EBEA8A3E87A2C01F5BACA212A0A7C5ACC69B843EF6BC68FDA6B50D7CECE87DDF3B6324C445350E9341405B1EA7C
                                                                                  Malicious:false
                                                                                  Preview:.... .c.....`._...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                  File Type:Certificate, Version=3
                                                                                  Category:dropped
                                                                                  Size (bytes):1391
                                                                                  Entropy (8bit):7.705940075877404
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                                                                                  MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                                                                  SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                                                                  SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                                                                  SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                                                                  Malicious:false
                                                                                  Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                  File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                                  Category:dropped
                                                                                  Size (bytes):71954
                                                                                  Entropy (8bit):7.996617769952133
                                                                                  Encrypted:true
                                                                                  SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                                                  MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                                                  SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                                                  SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                                                  SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                                                  Malicious:false
                                                                                  Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):192
                                                                                  Entropy (8bit):2.7673182398396405
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:kkFkl8QvfllXlE/HT8kuiXNNX8RolJuRdxLlGB9lQRYwpDdt:kKlQQT8idNMa8RdWBwRd
                                                                                  MD5:FF4A6B1424A05A61E20E6C7BF1CE7722
                                                                                  SHA1:0F4166BB40BFED63E2A96658336AEF85F0C45964
                                                                                  SHA-256:BF270E5F1B978112B3828A2FF05378D1E2B194299D18397B870AFC10A322140D
                                                                                  SHA-512:FA4A05F2B4D33D699FE62844D9E93AF30BF090FA4B746FF70A8E200CAE14821059BDC7269DD6B75656099CB19D4FF3A4F58B177E52D7CC464839670DF00135CB
                                                                                  Malicious:false
                                                                                  Preview:p...... ................(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                  File Type:data
                                                                                  Category:modified
                                                                                  Size (bytes):328
                                                                                  Entropy (8bit):3.2418003062782916
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:kKlT9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:kDImsLNkPlE99SNxAhUe/3
                                                                                  MD5:E230D9F474E71FC4695E964C52A0CB55
                                                                                  SHA1:51ACA9306C53F703DB25C06C72C8940C28EF0345
                                                                                  SHA-256:E189B272BA835BB5299016EB1C18A7F18D602B064F935A672A350433B94C2C33
                                                                                  SHA-512:480E98FF5C53CA605BAA478BD3FB34DA0952DDA68A2B0AA4F6019209548FA49BC754B1CEC5377AC39CA5AC60782FA841F1C6671289C11D3CA9632F15AF0E75D0
                                                                                  Malicious:false
                                                                                  Preview:p...... ................(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5472

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                  File Type:PostScript document text
                                                                                  Category:dropped
                                                                                  Size (bytes):185099
                                                                                  Entropy (8bit):5.182478651346149
                                                                                  Encrypted:false
                                                                                  SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                                                                                  MD5:94185C5850C26B3C6FC24ABC385CDA58
                                                                                  SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                                                                                  SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                                                                                  SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                                                                                  Malicious:false
                                                                                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                  File Type:PostScript document text
                                                                                  Category:dropped
                                                                                  Size (bytes):185099
                                                                                  Entropy (8bit):5.182478651346149
                                                                                  Encrypted:false
                                                                                  SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                                                                                  MD5:94185C5850C26B3C6FC24ABC385CDA58
                                                                                  SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                                                                                  SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                                                                                  SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                                                                                  Malicious:false
                                                                                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):244540
                                                                                  Entropy (8bit):3.3415042960460593
                                                                                  Encrypted:false
                                                                                  SSDEEP:1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwggErRo+RQn:yPClJ/3AYvYwgrFo+RQn
                                                                                  MD5:758B42992DDFC41CB5E57069C621B54A
                                                                                  SHA1:D0C28AF6CF1BD2208DA97DEDE57F6C78CEC98DCD
                                                                                  SHA-256:55DF75758DD6CA825ED2DC9380EDC8469351191308C34CACFC44205197ABD25D
                                                                                  SHA-512:437918372167A402005A728DCBBEF7B3A9580B794AD6A948A435C9D57C1672ACC1B7376E2A09113B66600EF5049D23625174256565BC639125A2F2BD07928926
                                                                                  Malicious:false
                                                                                  Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):295
                                                                                  Entropy (8bit):5.35763125086245
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:YEQXJ2HX+ajyqVc9VoZcg1vRcR0YGVdXUoAvJM3g98kUwPeUkwRe9:YvXKX+ajykZc0vLGMbLUkee9
                                                                                  MD5:77E1B153D65E1794F6B6B551CC01E5E4
                                                                                  SHA1:F479BE43D18C18CD7056E64492F19F0AB756F463
                                                                                  SHA-256:A58F4180B1A3D7BDFFDF78BC843AD39B53969B8836D7D8190E66F17E037C3EE5
                                                                                  SHA-512:A4F789FD45D25FECE0757C1169C4AEB2FE7DF0237E209127BA7B75AAEC80BFB68806A7C8F5FFC5CC54A3E40C5F60E25E04646F57DCC5B305A446F40387DE95B7
                                                                                  Malicious:false
                                                                                  Preview:{"analyticsData":{"responseGUID":"715ff6ef-4979-451e-8358-1e8a1585530c","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728064847319,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):294
                                                                                  Entropy (8bit):5.305093187284576
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:YEQXJ2HX+ajyqVc9VoZcg1vRcR0YGVdXUoAvJfBoTfXpnrPeUkwRe9:YvXKX+ajykZc0vLGWTfXcUkee9
                                                                                  MD5:A066BF6F7DB17E5A7647E330CB795211
                                                                                  SHA1:13CF86279642431979D8CC7A827206BC39F33F61
                                                                                  SHA-256:4654F42D912ED334E7A227F4E626E07ADCE19AEDFD1A3580C77AE85A095139C0
                                                                                  SHA-512:129A5A1E6FBF8B00CF60CE53BAD63B60D739D3B24530A7CEAFD58734793F0F6783C0CDE3196F8C68F15729A7B8FF5E23F0781236115DC746EECAE23D86A27C84
                                                                                  Malicious:false
                                                                                  Preview:{"analyticsData":{"responseGUID":"715ff6ef-4979-451e-8358-1e8a1585530c","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728064847319,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):294
                                                                                  Entropy (8bit):5.284360981199245
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:YEQXJ2HX+ajyqVc9VoZcg1vRcR0YGVdXUoAvJfBD2G6UpnrPeUkwRe9:YvXKX+ajykZc0vLGR22cUkee9
                                                                                  MD5:A757B38EDC86ED2F1668DB35F72AA590
                                                                                  SHA1:E1477405839579153D03DB7BC6017741E2C7EAB1
                                                                                  SHA-256:8C37B08263B2D873C198CBB266C8A7FE3D0C5FC475FF4C76E562E045EA97D5FC
                                                                                  SHA-512:125F8F64A95E90BB38DB3C63D6CD322211729654741121720F0140E3D0E947749AC2ACE9B0631CF4C9B5F811F779B5F3A195B9ECD4485EA0EAAA613A687DAB07
                                                                                  Malicious:false
                                                                                  Preview:{"analyticsData":{"responseGUID":"715ff6ef-4979-451e-8358-1e8a1585530c","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728064847319,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):285
                                                                                  Entropy (8bit):5.344440629497794
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:YEQXJ2HX+ajyqVc9VoZcg1vRcR0YGVdXUoAvJfPmwrPeUkwRe9:YvXKX+ajykZc0vLGH56Ukee9
                                                                                  MD5:C2D9E46E69D5A45CB62627A26A6A86F1
                                                                                  SHA1:6B8B99FCCDC6AB11710E7C131A54EE7621926759
                                                                                  SHA-256:5BCFBFDC23EACC14831A166CB2D034D309F23D831372E04C04BDAF9A85075787
                                                                                  SHA-512:9641770D16B06E3590BE903AA0627C49B380C7606411F7065673C09B10B367B0FBBB60838795C2D83B1E275E64706D92AC999B19C3E6F1CE34CFA5EFFEC6F8CF
                                                                                  Malicious:false
                                                                                  Preview:{"analyticsData":{"responseGUID":"715ff6ef-4979-451e-8358-1e8a1585530c","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728064847319,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1063
                                                                                  Entropy (8bit):5.667403548880453
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:Yv6X+AlzvApLgEFqciGennl0RCmK8czOCY4w2N:YvbIYhgLtaAh8cvYv6
                                                                                  MD5:A68B85BABCCA0FD063C64FB9CDEC9870
                                                                                  SHA1:B1B99F4C67ABBB5139E3D078F071B31D5C7A12A7
                                                                                  SHA-256:C965EFFED9F310384F1FE241F33C2A7BC914210BFDF4B0CAA6E791C89A4B8A03
                                                                                  SHA-512:9CBBBFB59F085859BBB27FA945156898FF5B47C0218383EA8D5D20D28FAEE130F680B0A4C65B5E204B1E85079BF6A452B1B970FB30F300EA127305DB8174AFF8
                                                                                  Malicious:false
                                                                                  Preview:{"analyticsData":{"responseGUID":"715ff6ef-4979-451e-8358-1e8a1585530c","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728064847319,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_2","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"afb9c2a3-eaf4-41f9-9d73-768e72f72282","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgZmlsZXMgdG8gYW5kIGZyb20gUERGXG53aXRob3V0IGxpbWl0cy4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingSc

                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1050
                                                                                  Entropy (8bit):5.654452749449715
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:Yv6X+AlzvSVLgEF0c7sbnl0RCmK8czOCYHflEpwiVN:YvbIKFg6sGAh8cvYHWpwI
                                                                                  MD5:22D022A6DCAA015CE0EC801DE2F49A5B
                                                                                  SHA1:5CD0685039384394942CECEBF120708E969E6151
                                                                                  SHA-256:5B0F6B0555D559BFD6962DE60FB1F18CD2E394EB74C22C2D82586114589F56CF
                                                                                  SHA-512:3070F58E3D092933378538AFE0516ECB522095959E37C0C8545C958BDFDB27478878B3B6FEED2CC0160F284EF3C3D52032442B0A071690AEF1C2985799F1E56A
                                                                                  Malicious:false
                                                                                  Preview:{"analyticsData":{"responseGUID":"715ff6ef-4979-451e-8358-1e8a1585530c","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728064847319,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):292
                                                                                  Entropy (8bit):5.296818437907712
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:YEQXJ2HX+ajyqVc9VoZcg1vRcR0YGVdXUoAvJfQ1rPeUkwRe9:YvXKX+ajykZc0vLGY16Ukee9
                                                                                  MD5:2258551D7E4816766AA8360FDAEF70F4
                                                                                  SHA1:A0969C4C52AE965526AB71C0AC69F0C465DE01BE
                                                                                  SHA-256:525B57D69748F6803B0EE1D97827F4EEEA69E145C4A0484C046572D3E5E0C610
                                                                                  SHA-512:D0F6B7EB8868039EACF8EF22AD64EDAC14B1A4B76ADD0A271B97D8AD9A308FCBEE83A16311DAF2C8AD2FAB3D626C3DC5FBB8F972A1EF1780B71638D1A6022B28
                                                                                  Malicious:false
                                                                                  Preview:{"analyticsData":{"responseGUID":"715ff6ef-4979-451e-8358-1e8a1585530c","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728064847319,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1038
                                                                                  Entropy (8bit):5.649347262826427
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:Yv6X+Alzv/2LgEF7cciAXs0nl0RCmK8czOCAPtciBN:YvbI3ogc8hAh8cvAz
                                                                                  MD5:1D12568BDAEA09837115685B9C8B89A6
                                                                                  SHA1:0DAE5CEEC186B2946259422BF3B038A82EE379D7
                                                                                  SHA-256:33ED943C2CF683CADCDB7DC15ECD1A3A82BCC706E4DCDE1FC5330019A7B348D6
                                                                                  SHA-512:226D1AC2DC49E1F67CF3D90B86AAAE09A0D4FF20C8081A0941282AE8806E8E8DFA918DD95DD036E062663121B81F1FEC8B4219AB4F13602C5A256CA798250DC2
                                                                                  Malicious:false
                                                                                  Preview:{"analyticsData":{"responseGUID":"715ff6ef-4979-451e-8358-1e8a1585530c","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728064847319,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1164
                                                                                  Entropy (8bit):5.702485118182417
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:Yv6X+AlzvTKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5N:YvbIbEgqprtrS5OZjSlwTmAfSKH
                                                                                  MD5:BB05F162E5D05529BA5A25D7F096AD39
                                                                                  SHA1:19DA69EEA7FB3E2EC72C7EA229B20F8861E5467E
                                                                                  SHA-256:D0E1218CE41A7DA5DE06D2C5A75DA419C1E3F49EAA8414FAA9031F1E39FF5D45
                                                                                  SHA-512:F5D04A93EE9681AFE239144FCAA2BDE40BB17340EABE4D1252DD4080B606D668303F8B2990357568439B604191B202654F74C87F0F8F379980612EC717BD3F2A
                                                                                  Malicious:false
                                                                                  Preview:{"analyticsData":{"responseGUID":"715ff6ef-4979-451e-8358-1e8a1585530c","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728064847319,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):289
                                                                                  Entropy (8bit):5.298947132714304
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:YEQXJ2HX+ajyqVc9VoZcg1vRcR0YGVdXUoAvJfYdPeUkwRe9:YvXKX+ajykZc0vLGg8Ukee9
                                                                                  MD5:BAFC2A33D3A5E42DE498F0B2A904EFCA
                                                                                  SHA1:BE7DE98A093B07AF8C07EA9982ECB22BF604E43C
                                                                                  SHA-256:F3CA3630E451107C8633B8A4FFF4EBA0F5AF1E60D73A8EA82312BD768D938655
                                                                                  SHA-512:01C4008F21A671126D4BE31EDA234A96FFF85FA4E5CA9EB72A8D71F3D0A8D1C042D30A8215BA6BC99F46E9C299B2ED1382D3AD43D077CA60CDBBD08F4FC0DF11
                                                                                  Malicious:false
                                                                                  Preview:{"analyticsData":{"responseGUID":"715ff6ef-4979-451e-8358-1e8a1585530c","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728064847319,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1395
                                                                                  Entropy (8bit):5.7822680565672595
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:Yv6X+AlzvurLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNV:YvbIGHgDv3W2aYQfgB5OUupHrQ9FJH
                                                                                  MD5:5A100BB8F66ABB3CA85BE1D63F9E2E21
                                                                                  SHA1:3D2562DDAE009945B0B966175D47F28FD6A9CB39
                                                                                  SHA-256:BABF79DBCE39BDFDD47D197E9FDF08A958CE1F85153C91509CF9A677DD959F27
                                                                                  SHA-512:AEC9269B73FD2188A327E4C109A2FAC11899365EB774B2224BD9526651759DE050A93F7061A52D17E45C4A2221013CDDDDB7E13BFBB9B17D8700AE11E4DA1CDA
                                                                                  Malicious:false
                                                                                  Preview:{"analyticsData":{"responseGUID":"715ff6ef-4979-451e-8358-1e8a1585530c","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728064847319,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):291
                                                                                  Entropy (8bit):5.282501466589443
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:YEQXJ2HX+ajyqVc9VoZcg1vRcR0YGVdXUoAvJfbPtdPeUkwRe9:YvXKX+ajykZc0vLGDV8Ukee9
                                                                                  MD5:11DC8FC3BAD75EE815F398BACBF7EECB
                                                                                  SHA1:01C04D173F34E6E705B385117F88780C1938610B
                                                                                  SHA-256:ABA8AFFEAC0848058AA9EF7F08DAE9477EAEBB7D462E3936F5E59F5006BA74CD
                                                                                  SHA-512:ADFC2F20ED4C98DB77A0C9A98E81C19F0A483CF6AFDDF5FE2BA6AA382D8600FB4F7CDAB85F8AEB6223F3C5E667AD64EEC5BE22AD232816031100A6B1F8A02518
                                                                                  Malicious:false
                                                                                  Preview:{"analyticsData":{"responseGUID":"715ff6ef-4979-451e-8358-1e8a1585530c","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728064847319,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):287
                                                                                  Entropy (8bit):5.286823965359043
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:YEQXJ2HX+ajyqVc9VoZcg1vRcR0YGVdXUoAvJf21rPeUkwRe9:YvXKX+ajykZc0vLG+16Ukee9
                                                                                  MD5:E6B1D4EDB2353D61B75596D90D87A482
                                                                                  SHA1:57F28676F9A0A0BE96B87E666F0DD5377B7DE416
                                                                                  SHA-256:9DB751078F05C8D4079A075B664A5C1FB5666E87AA94532F548A5CE5EE73D481
                                                                                  SHA-512:7FC2595F8DACE4B6C00BF6864287B41C3D68F7EB4EFB8E0E7DEDB997D171ECF27D0D676A2ECD7185C90BF5845150740F251D7EB395CBE4C6C406C47D393A94C6
                                                                                  Malicious:false
                                                                                  Preview:{"analyticsData":{"responseGUID":"715ff6ef-4979-451e-8358-1e8a1585530c","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728064847319,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):1058
                                                                                  Entropy (8bit):5.6588930513998505
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:Yv6X+AlzvkamXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8BN:YvbIKBguOAh8cv+NKS
                                                                                  MD5:21BB0A9859C009766B8989A8C4B6203A
                                                                                  SHA1:C340005255A8C9DCA24B01BEB60FA18CD2C0729F
                                                                                  SHA-256:D54E5C1CE260592E1F667A7472C55A7A0AA525E169B6A6581D99A95CEDB18FFC
                                                                                  SHA-512:A71A0A209873742CA936B2E1B6B40322093DDAC8F21C44CC20595AF363E24E21B96E2C395C3D96E1DDB99F5D02ECADA706C9CFBBCBF5E80D8613724B6AFE997C
                                                                                  Malicious:false
                                                                                  Preview:{"analyticsData":{"responseGUID":"715ff6ef-4979-451e-8358-1e8a1585530c","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728064847319,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_3","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"ece07729-7db6-4f20-9f8d-7976ad373049","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlNlbmQgZG9jdW1lbnRzICYgZm9ybXNcbmZvciBmYXN0IGUtc2lnbmluZyBvbmxpbmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme"

                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):286
                                                                                  Entropy (8bit):5.265346659896378
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:YEQXJ2HX+ajyqVc9VoZcg1vRcR0YGVdXUoAvJfshHHrPeUkwRe9:YvXKX+ajykZc0vLGUUUkee9
                                                                                  MD5:750F8ED891E0A032068DDDBB11BD87FA
                                                                                  SHA1:EA1B2B99443AEAEE0A103D6C28B83922A1F45B15
                                                                                  SHA-256:53D9EFAAC86326F9909128029DA746E03113B3696F2DDB2224CB8870271E60C5
                                                                                  SHA-512:5F323B322BA6E1EB6B4E8396A7B84AFF8C55632B73EED0B5D6AB516E6AF51DB74C251DB08050C96BE19620352DC017E1ED07DCB191A32C94446224C2B6E09093
                                                                                  Malicious:false
                                                                                  Preview:{"analyticsData":{"responseGUID":"715ff6ef-4979-451e-8358-1e8a1585530c","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728064847319,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):782
                                                                                  Entropy (8bit):5.372161016249532
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:YvXKX+ajykZc0vLGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWT1:Yv6X+Alzvr168CgEXX5kcIfANhI
                                                                                  MD5:FABB17C3FDA24B84660BC8699C35F201
                                                                                  SHA1:8362A8518B5268DBD9D496DD0715659F7B999A82
                                                                                  SHA-256:5DAB50E65B3CB37F160135FC50203781F246FA9C378B73301F5E2809B48DB371
                                                                                  SHA-512:CAEECCB51027CB65488644D358B73E8BC653888A9291718876EA8D0F5747DCCDD691B6244EDFD684E6ABCB3AE134A0AC4B512FB942D0B1F728927255B28698A9
                                                                                  Malicious:false
                                                                                  Preview:{"analyticsData":{"responseGUID":"715ff6ef-4979-451e-8358-1e8a1585530c","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728064847319,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1727891552355}}}}

                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):4
                                                                                  Entropy (8bit):0.8112781244591328
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:e:e
                                                                                  MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                                                  SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                                                  SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                                                  SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                                                  Malicious:false
                                                                                  Preview:....

                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                  File Type:JSON data
                                                                                  Category:dropped
                                                                                  Size (bytes):2818
                                                                                  Entropy (8bit):5.134904563366145
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:YmmaBOhayq7qe7E/2FzhC2hp34Eq11nvnjaPsj0Sp80cm92R2LSrlqbq5G9vNVu7:YYDXfN5r4Eq3e+OxiUtIqY9vk
                                                                                  MD5:1B5107572E3BEDEAF12A6DE9AC26352D
                                                                                  SHA1:FA5DAFA8D8C366CECC78DA73730CD5BAD3874B4F
                                                                                  SHA-256:005BDAA069B0CEBDC1D969AB189A1E9752712DF1D744D396846BB89671509161
                                                                                  SHA-512:3439B3075531502C55069BD41EA0FB029A4D6F46B3944387F0A845214D1B122EF88EBFFC741A8D6665359FE2AE997BEDD4B84A77B994C40A7292819B83AC3009
                                                                                  Malicious:false
                                                                                  Preview:{"all":[{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"6cef23a00b584f6d311c86d98e184ad7","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1727891551000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"07083e57d47cbd72774da519e048134b","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1058,"ts":1727891551000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"64a28b2e8fa99c7e8b6718d810593d99","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1063,"ts":1727891551000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"679e8bfb51268eb75084bc32bccdaf49","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1727891551000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"3d8a655900da3be48c0efaf2de1b00fb","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1727891551000},{"id":"Edit_InApp_Aug2020","info":{"dg":"396d2df1f23b51c95618850251353988","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                                                                                  Category:dropped
                                                                                  Size (bytes):12288
                                                                                  Entropy (8bit):1.188437327607825
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:TGufl2GL7msEHUUUUUUUUdcSvR9H9vxFGiDIAEkGVvppi:lNVmswUUUUUUUUS+FGSItU
                                                                                  MD5:276811CC754A71046391B0ADEBA8C3A0
                                                                                  SHA1:E1BEDCB0CB6F963E8F4B5DD1B335DBFB0DA7A820
                                                                                  SHA-256:9889F59948599DC975ADF8A83DADE8C65C90D22230BED0F2C3D1A6A203C6A72B
                                                                                  SHA-512:7ED3A63A03447C0010151F4A0E8E4453A9A7024DE9AA74ADB2652B660702804589C66D3B5FAB213B1E97F1F6489185B018D9831B2A22204746F457993A20C384
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                  File Type:SQLite Rollback Journal
                                                                                  Category:dropped
                                                                                  Size (bytes):8720
                                                                                  Entropy (8bit):1.6077438800036894
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:7MJKUUUUUUUUUUdOvR9H9vxFGiDIAEkGVvFqFl2GL7msf:7bUUUUUUUUUU4FGSIt7KVmsf
                                                                                  MD5:AB4226A7493D0A024840B178B91A2CAD
                                                                                  SHA1:570AC38167FE5590944F300F5DE88717B16D45C1
                                                                                  SHA-256:66647FFD5700F4BB909A7EDED27E91497B6190138E7BE442B3C91B7A86911DAA
                                                                                  SHA-512:84DEDC83380C3EEE53F0856434AA9E65CA263998FA31DB30730CA698A2E8E3982A82E308A7EF19E04CF0D75BC3E2801219A39F86ED09297B84662692F26850A1
                                                                                  Malicious:false
                                                                                  Preview:.... .c...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Temp\MSI83aca.LOG

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):246
                                                                                  Entropy (8bit):3.5085442896850614
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8gjqA1flH:Qw946cPbiOxDlbYnuRKLhflH
                                                                                  MD5:1F31ACF02A12EA45A2A0655E59BE09BA
                                                                                  SHA1:E837D79C32C0F4036F4B37FE3623DA7D4B7D13AA
                                                                                  SHA-256:A91919EB2972DDC350045639250D24A719218374F75833BCC2532B048FDC7C2F
                                                                                  SHA-512:C30197C347EC6C9D1D041ECB218BD5C96BE4045D61BF4D61E4C50F475A9E7F2BD7252DFFB9A0E3741C3911D9558C9C18CCE0439BCC08A8871323173FCF0EF950
                                                                                  Malicious:false
                                                                                  Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.2./.1.0./.2.0.2.4. . .1.3.:.5.2.:.3.2. .=.=.=.....

                                                                                  C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-02 13-52-27-857.log

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                  File Type:ASCII text, with very long lines (393)
                                                                                  Category:dropped
                                                                                  Size (bytes):16525
                                                                                  Entropy (8bit):5.345946398610936
                                                                                  Encrypted:false
                                                                                  SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
                                                                                  MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
                                                                                  SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
                                                                                  SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
                                                                                  SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
                                                                                  Malicious:false
                                                                                  Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

                                                                                  C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                  File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):15114
                                                                                  Entropy (8bit):5.3558911443977335
                                                                                  Encrypted:false
                                                                                  SSDEEP:384:dLPqXrbu3XYIpsLcJ4Eb14WX3oTGeUEzX0eMais4RLypbNIygxSFFIFYtsaV2l9c:p4/
                                                                                  MD5:419A100BD3D5F674CAB097E4993D1C61
                                                                                  SHA1:3A12CDCCC644ABB2A87C8119D77C84EA9D65394B
                                                                                  SHA-256:9699779D35DB99BE0A5755040128B538F2C6A66820832CCAC9511BA2E8C3CF51
                                                                                  SHA-512:428D8ECAE5CA4AEC3F200092C10BFD447273FE4FCE8093B250DD094A99455FA886937192AD96030F827D204857CC2B552AF39A3593D52BB15E667D44CDA07101
                                                                                  Malicious:false
                                                                                  Preview:SessionID=dac999ef-e568-4afd-9c33-cde433a7f8f7.1727891547877 Timestamp=2024-10-02T13:52:27:877-0400 ThreadID=7800 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=dac999ef-e568-4afd-9c33-cde433a7f8f7.1727891547877 Timestamp=2024-10-02T13:52:27:880-0400 ThreadID=7800 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=dac999ef-e568-4afd-9c33-cde433a7f8f7.1727891547877 Timestamp=2024-10-02T13:52:27:880-0400 ThreadID=7800 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=dac999ef-e568-4afd-9c33-cde433a7f8f7.1727891547877 Timestamp=2024-10-02T13:52:27:880-0400 ThreadID=7800 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=dac999ef-e568-4afd-9c33-cde433a7f8f7.1727891547877 Timestamp=2024-10-02T13:52:27:880-0400 ThreadID=7800 Component=ngl-lib_NglAppLib Description="SetConf

                                                                                  C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):29752
                                                                                  Entropy (8bit):5.3818998490806935
                                                                                  Encrypted:false
                                                                                  SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rh:d
                                                                                  MD5:5A1F35969DEB8E67757E37DE5933BD69
                                                                                  SHA1:D8285F85760990621B1AB9EE9D01AA6DC7CD8C0A
                                                                                  SHA-256:279C7BB37E16E01285FF380C656DBBD6A3ED37B3C5F4D6B580AA8B653F294CC0
                                                                                  SHA-512:2D0BE698EBCB2D7F7C4F66A1C32F58252A02F9D5A3EEF3AF98B8BE2880F5D361F2C6CDEAD820733BFA3D7236F1CB8B38E56E525BAC09A7DA2189844280309FC9
                                                                                  Malicious:false
                                                                                  Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

                                                                                  C:\Users\user\AppData\Local\Temp\acrocef_low\675b6b74-76d7-452c-8be9-a3077b15fe88.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57837
                                                                                  Category:dropped
                                                                                  Size (bytes):1419751
                                                                                  Entropy (8bit):7.976496077007677
                                                                                  Encrypted:false
                                                                                  SSDEEP:24576:/xA7ouWLaGZ7wYIGNPJxdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07c:JVuWLaGZ7wZGV3mlind9i4ufFXpAXkrj
                                                                                  MD5:CB3005DBED13F33D7F7EA7E227F8A141
                                                                                  SHA1:15E1DC8FB74151572E1CF67AD62F534A5C1E2214
                                                                                  SHA-256:64AE1E5231E631117B7D69BB0EB4369EC2153376C07FF6CA8A0A138051B65FC5
                                                                                  SHA-512:7D97AA765E55F1F3CA189F353FC78F9B23C262383A2710CC1FF8A8F2A35EA7B1E1DB2B78478D952B4EEE59BF2258E77114042EF219F575F8A5D722FFD85FF295
                                                                                  Malicious:false
                                                                                  Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                                  C:\Users\user\AppData\Local\Temp\acrocef_low\c118642d-fcd4-46ec-a383-0c2f6e1ff1da.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                                                  Category:dropped
                                                                                  Size (bytes):386528
                                                                                  Entropy (8bit):7.9736851559892425
                                                                                  Encrypted:false
                                                                                  SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                                                                  MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                                                                  SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                                                                  SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                                                                  SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                                                                  Malicious:false
                                                                                  Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                                                                  C:\Users\user\AppData\Local\Temp\acrocef_low\fbb7e342-2b44-4173-a04b-7d7159dc5ae9.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                                                                  Category:dropped
                                                                                  Size (bytes):758601
                                                                                  Entropy (8bit):7.98639316555857
                                                                                  Encrypted:false
                                                                                  SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                                                                  MD5:3A49135134665364308390AC398006F1
                                                                                  SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                                                                  SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                                                                  SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                                                                  Malicious:false
                                                                                  Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                                                                  C:\Users\user\AppData\Local\Temp\acrocef_low\fdfc15f8-6aaf-4732-a7d4-78f2a6da5459.tmp

                                                                                  Download File
                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                                                                  Category:dropped
                                                                                  Size (bytes):1407294
                                                                                  Entropy (8bit):7.97605879016224
                                                                                  Encrypted:false
                                                                                  SSDEEP:24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07tOWLRGZtZwYIGNPS:RB3mlind9i4ufFXpAXkrfUs0kWLRGZt8
                                                                                  MD5:76D770656BCA5C50B47663BBA9CBBB1E
                                                                                  SHA1:61F8515EB2EB04907C7E1F150922977F7709E230
                                                                                  SHA-256:AA844E9DCAFD08C25B59663279A3F15C694947AAA8E7FF7B6F29E76865CFFD71
                                                                                  SHA-512:3D267C1BF4424E1FFB6B521A40AEF2BC4025626405150DD4288B0CCB75D6E1CEB89636620BF76F72824DC7875C2F0B5FBA68DB8604026B10B63928FDA30EF0DA
                                                                                  Malicious:false
                                                                                  Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                                  Chrome Cache Entry: 247

                                                                                  Download File
                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  File Type:HTML document, ASCII text
                                                                                  Category:downloaded
                                                                                  Size (bytes):315
                                                                                  Entropy (8bit):5.0572271090563765
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoFEHcLgabzjsKtgsg93wzRbKqD:J0+oxBeRmR9etdzRxGezZfCzjsKtgizR
                                                                                  MD5:A34AC19F4AFAE63ADC5D2F7BC970C07F
                                                                                  SHA1:A82190FC530C265AA40A045C21770D967F4767B8
                                                                                  SHA-256:D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
                                                                                  SHA-512:42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
                                                                                  Malicious:false
                                                                                  URL:https://dianemccabe.com/favicon.ico
                                                                                  Preview:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

                                                                                  Chrome Cache Entry: 248

                                                                                  Download File
                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  File Type:very short file (no magic)
                                                                                  Category:downloaded
                                                                                  Size (bytes):1
                                                                                  Entropy (8bit):0.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:v:v
                                                                                  MD5:68B329DA9893E34099C7D8AD5CB9C940
                                                                                  SHA1:ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC
                                                                                  SHA-256:01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
                                                                                  SHA-512:BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09
                                                                                  Malicious:false
                                                                                  URL:https://dianemccabe.com/n/?c3Y9bzM2NV8xX25vbSZyYW5kPVR6WXpVMjQ9JnVpZD1VU0VSMjMwOTIwMjRVMzMwOTIzMjU=N0123N[EMAIL]
                                                                                  Preview:.

                                                                                  Static File Info

                                                                                  General

                                                                                  File type:PDF document, version 1.7, 1 pages
                                                                                  Entropy (8bit):7.622551597153199
                                                                                  TrID:
                                                                                  • Adobe Portable Document Format (5005/1) 100.00%
                                                                                  File name:Visix Digital Signage.pdf
                                                                                  File size:51'778 bytes
                                                                                  MD5:ff383d05bf9b51eba7105b2a8e6a5719
                                                                                  SHA1:df0d9d06c65cdcb9a9d53b6fe447157a7bfb2830
                                                                                  SHA256:f60d8fda0e37f482dbc8cf3dc5029f5fad9d1ae1d326c2b1da4774fd0f18ef3d
                                                                                  SHA512:69329aa0d1bfd50bc69f4e30d3baab0bc308bd19ea0afb6c5bb7bf3a796f719a1a42aca07b34b63280ad34d327107054cd45b75e6e1e08ee55a848060e5ab733
                                                                                  SSDEEP:768:y2ok3guTsU9ygQS2zm/qU+28kcwfaSc0j2qVJjF+c/6Bd3/sIJHgrWU6xXdIVltg:/+wygQlUb8vaaSMCFq/LZXd2F4bd
                                                                                  TLSH:2233D2078E091BC2D51C86E83E536D9D6F55660ED8C46AEF38AF0E833B50B361D0E16E
                                                                                  File Content Preview:%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 12 0 R/MarkInfo<</Marked true>>/Metadata 26 0 R/ViewerPreferences 27 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 1/Kids[ 4 0 R] >>..endobj..3 0 obj..<</MSIP_Label_ecc91b28-7e0e

                                                                                  File Icon

                                                                                  Icon Hash:62cc8caeb29e8ae0

                                                                                  Static PDF Info

                                                                                  General

                                                                                  Header:%PDF-1.7
                                                                                  Total Entropy:7.622552
                                                                                  Total Bytes:51778
                                                                                  Stream Entropy:7.635788
                                                                                  Stream Bytes:48077
                                                                                  Entropy outside Streams:5.434644
                                                                                  Bytes outside Streams:3701
                                                                                  Number of EOF found:2
                                                                                  Bytes after EOF:

                                                                                  Keywords Statistics

                                                                                  NameCount
                                                                                  obj17
                                                                                  endobj17
                                                                                  stream6
                                                                                  endstream6
                                                                                  xref2
                                                                                  trailer2
                                                                                  startxref2
                                                                                  /Page1
                                                                                  /Encrypt0
                                                                                  /ObjStm1
                                                                                  /URI2
                                                                                  /JS0
                                                                                  /JavaScript0
                                                                                  /AA0
                                                                                  /OpenAction0
                                                                                  /AcroForm0
                                                                                  /JBIG2Decode0
                                                                                  /RichMedia0
                                                                                  /Launch0
                                                                                  /EmbeddedFile0

                                                                                  Image Streams

                                                                                  IDDHASHMD5Preview
                                                                                  796e8717169e9e4024617e4548f34da86aba13587d48bec5c

                                                                                  Network Behavior

                                                                                  Network Port Distribution

                                                                                  TCP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Oct 2, 2024 19:52:32.194736004 CEST49739443192.168.2.4184.28.90.27
                                                                                  Oct 2, 2024 19:52:32.194823980 CEST44349739184.28.90.27192.168.2.4
                                                                                  Oct 2, 2024 19:52:32.194919109 CEST49739443192.168.2.4184.28.90.27
                                                                                  Oct 2, 2024 19:52:32.196487904 CEST49739443192.168.2.4184.28.90.27
                                                                                  Oct 2, 2024 19:52:32.196527004 CEST44349739184.28.90.27192.168.2.4
                                                                                  Oct 2, 2024 19:52:33.053689003 CEST44349739184.28.90.27192.168.2.4
                                                                                  Oct 2, 2024 19:52:33.053879976 CEST49739443192.168.2.4184.28.90.27
                                                                                  Oct 2, 2024 19:52:33.058625937 CEST49739443192.168.2.4184.28.90.27
                                                                                  Oct 2, 2024 19:52:33.058657885 CEST44349739184.28.90.27192.168.2.4
                                                                                  Oct 2, 2024 19:52:33.058881998 CEST44349739184.28.90.27192.168.2.4
                                                                                  Oct 2, 2024 19:52:33.103786945 CEST49739443192.168.2.4184.28.90.27
                                                                                  Oct 2, 2024 19:52:33.133780956 CEST49739443192.168.2.4184.28.90.27
                                                                                  Oct 2, 2024 19:52:33.175446987 CEST44349739184.28.90.27192.168.2.4
                                                                                  Oct 2, 2024 19:52:33.325459003 CEST44349739184.28.90.27192.168.2.4
                                                                                  Oct 2, 2024 19:52:33.325500965 CEST44349739184.28.90.27192.168.2.4
                                                                                  Oct 2, 2024 19:52:33.325686932 CEST49739443192.168.2.4184.28.90.27
                                                                                  Oct 2, 2024 19:52:33.325686932 CEST49739443192.168.2.4184.28.90.27
                                                                                  Oct 2, 2024 19:52:33.325772047 CEST49739443192.168.2.4184.28.90.27
                                                                                  Oct 2, 2024 19:52:33.325810909 CEST44349739184.28.90.27192.168.2.4
                                                                                  Oct 2, 2024 19:52:33.359236956 CEST49740443192.168.2.4184.28.90.27
                                                                                  Oct 2, 2024 19:52:33.359271049 CEST44349740184.28.90.27192.168.2.4
                                                                                  Oct 2, 2024 19:52:33.359349966 CEST49740443192.168.2.4184.28.90.27
                                                                                  Oct 2, 2024 19:52:33.359627962 CEST49740443192.168.2.4184.28.90.27
                                                                                  Oct 2, 2024 19:52:33.359647036 CEST44349740184.28.90.27192.168.2.4
                                                                                  Oct 2, 2024 19:52:34.025509119 CEST44349740184.28.90.27192.168.2.4
                                                                                  Oct 2, 2024 19:52:34.025618076 CEST49740443192.168.2.4184.28.90.27
                                                                                  Oct 2, 2024 19:52:34.072777987 CEST49740443192.168.2.4184.28.90.27
                                                                                  Oct 2, 2024 19:52:34.072798014 CEST44349740184.28.90.27192.168.2.4
                                                                                  Oct 2, 2024 19:52:34.073128939 CEST44349740184.28.90.27192.168.2.4
                                                                                  Oct 2, 2024 19:52:34.074131966 CEST49740443192.168.2.4184.28.90.27
                                                                                  Oct 2, 2024 19:52:34.119398117 CEST44349740184.28.90.27192.168.2.4
                                                                                  Oct 2, 2024 19:52:34.309127092 CEST44349740184.28.90.27192.168.2.4
                                                                                  Oct 2, 2024 19:52:34.309284925 CEST44349740184.28.90.27192.168.2.4
                                                                                  Oct 2, 2024 19:52:34.309415102 CEST49740443192.168.2.4184.28.90.27
                                                                                  Oct 2, 2024 19:52:34.310084105 CEST49740443192.168.2.4184.28.90.27
                                                                                  Oct 2, 2024 19:52:34.310084105 CEST49740443192.168.2.4184.28.90.27
                                                                                  Oct 2, 2024 19:52:34.310106993 CEST44349740184.28.90.27192.168.2.4
                                                                                  Oct 2, 2024 19:52:34.310117960 CEST44349740184.28.90.27192.168.2.4
                                                                                  Oct 2, 2024 19:52:38.864891052 CEST49743443192.168.2.423.203.104.175
                                                                                  Oct 2, 2024 19:52:38.864974976 CEST4434974323.203.104.175192.168.2.4
                                                                                  Oct 2, 2024 19:52:38.865067959 CEST49743443192.168.2.423.203.104.175
                                                                                  Oct 2, 2024 19:52:38.865207911 CEST49743443192.168.2.423.203.104.175
                                                                                  Oct 2, 2024 19:52:38.865259886 CEST4434974323.203.104.175192.168.2.4
                                                                                  Oct 2, 2024 19:52:38.938105106 CEST49744443192.168.2.420.114.59.183
                                                                                  Oct 2, 2024 19:52:38.938183069 CEST4434974420.114.59.183192.168.2.4
                                                                                  Oct 2, 2024 19:52:38.938258886 CEST49744443192.168.2.420.114.59.183
                                                                                  Oct 2, 2024 19:52:38.939582109 CEST49744443192.168.2.420.114.59.183
                                                                                  Oct 2, 2024 19:52:38.939620018 CEST4434974420.114.59.183192.168.2.4
                                                                                  Oct 2, 2024 19:52:39.486207008 CEST4434974323.203.104.175192.168.2.4
                                                                                  Oct 2, 2024 19:52:39.486579895 CEST49743443192.168.2.423.203.104.175
                                                                                  Oct 2, 2024 19:52:39.486639023 CEST4434974323.203.104.175192.168.2.4
                                                                                  Oct 2, 2024 19:52:39.488114119 CEST4434974323.203.104.175192.168.2.4
                                                                                  Oct 2, 2024 19:52:39.488178968 CEST49743443192.168.2.423.203.104.175
                                                                                  Oct 2, 2024 19:52:39.490119934 CEST49743443192.168.2.423.203.104.175
                                                                                  Oct 2, 2024 19:52:39.490212917 CEST4434974323.203.104.175192.168.2.4
                                                                                  Oct 2, 2024 19:52:39.490324020 CEST49743443192.168.2.423.203.104.175
                                                                                  Oct 2, 2024 19:52:39.532912970 CEST49743443192.168.2.423.203.104.175
                                                                                  Oct 2, 2024 19:52:39.532934904 CEST4434974323.203.104.175192.168.2.4
                                                                                  Oct 2, 2024 19:52:39.579783916 CEST49743443192.168.2.423.203.104.175
                                                                                  Oct 2, 2024 19:52:39.593988895 CEST4434974323.203.104.175192.168.2.4
                                                                                  Oct 2, 2024 19:52:39.594120026 CEST4434974323.203.104.175192.168.2.4
                                                                                  Oct 2, 2024 19:52:39.594180107 CEST49743443192.168.2.423.203.104.175
                                                                                  Oct 2, 2024 19:52:39.594440937 CEST49743443192.168.2.423.203.104.175
                                                                                  Oct 2, 2024 19:52:39.594472885 CEST4434974323.203.104.175192.168.2.4
                                                                                  Oct 2, 2024 19:52:39.594496965 CEST49743443192.168.2.423.203.104.175
                                                                                  Oct 2, 2024 19:52:39.594522953 CEST49743443192.168.2.423.203.104.175
                                                                                  Oct 2, 2024 19:52:39.741298914 CEST4434974420.114.59.183192.168.2.4
                                                                                  Oct 2, 2024 19:52:39.741364002 CEST49744443192.168.2.420.114.59.183
                                                                                  Oct 2, 2024 19:52:39.743805885 CEST49744443192.168.2.420.114.59.183
                                                                                  Oct 2, 2024 19:52:39.743817091 CEST4434974420.114.59.183192.168.2.4
                                                                                  Oct 2, 2024 19:52:39.744210005 CEST4434974420.114.59.183192.168.2.4
                                                                                  Oct 2, 2024 19:52:39.798597097 CEST49744443192.168.2.420.114.59.183
                                                                                  Oct 2, 2024 19:52:40.466290951 CEST49744443192.168.2.420.114.59.183
                                                                                  Oct 2, 2024 19:52:40.507442951 CEST4434974420.114.59.183192.168.2.4
                                                                                  Oct 2, 2024 19:52:40.725512028 CEST4434974420.114.59.183192.168.2.4
                                                                                  Oct 2, 2024 19:52:40.725579977 CEST4434974420.114.59.183192.168.2.4
                                                                                  Oct 2, 2024 19:52:40.725588083 CEST4434974420.114.59.183192.168.2.4
                                                                                  Oct 2, 2024 19:52:40.725713968 CEST4434974420.114.59.183192.168.2.4
                                                                                  Oct 2, 2024 19:52:40.725739956 CEST4434974420.114.59.183192.168.2.4
                                                                                  Oct 2, 2024 19:52:40.725750923 CEST4434974420.114.59.183192.168.2.4
                                                                                  Oct 2, 2024 19:52:40.725986004 CEST49744443192.168.2.420.114.59.183
                                                                                  Oct 2, 2024 19:52:40.726027012 CEST4434974420.114.59.183192.168.2.4
                                                                                  Oct 2, 2024 19:52:40.726058960 CEST4434974420.114.59.183192.168.2.4
                                                                                  Oct 2, 2024 19:52:40.726160049 CEST4434974420.114.59.183192.168.2.4
                                                                                  Oct 2, 2024 19:52:40.726208925 CEST49744443192.168.2.420.114.59.183
                                                                                  Oct 2, 2024 19:52:40.726243973 CEST49744443192.168.2.420.114.59.183
                                                                                  Oct 2, 2024 19:52:41.205506086 CEST49744443192.168.2.420.114.59.183
                                                                                  Oct 2, 2024 19:52:41.205538988 CEST4434974420.114.59.183192.168.2.4
                                                                                  Oct 2, 2024 19:52:41.205563068 CEST49744443192.168.2.420.114.59.183
                                                                                  Oct 2, 2024 19:52:41.205571890 CEST4434974420.114.59.183192.168.2.4
                                                                                  Oct 2, 2024 19:52:52.116461039 CEST49752443192.168.2.418.173.205.62
                                                                                  Oct 2, 2024 19:52:52.116549969 CEST4434975218.173.205.62192.168.2.4
                                                                                  Oct 2, 2024 19:52:52.116630077 CEST49752443192.168.2.418.173.205.62
                                                                                  Oct 2, 2024 19:52:52.117872000 CEST49752443192.168.2.418.173.205.62
                                                                                  Oct 2, 2024 19:52:52.117948055 CEST4434975218.173.205.62192.168.2.4
                                                                                  Oct 2, 2024 19:52:52.872103930 CEST4434975218.173.205.62192.168.2.4
                                                                                  Oct 2, 2024 19:52:52.872338057 CEST49752443192.168.2.418.173.205.62
                                                                                  Oct 2, 2024 19:52:52.872397900 CEST4434975218.173.205.62192.168.2.4
                                                                                  Oct 2, 2024 19:52:52.873847961 CEST4434975218.173.205.62192.168.2.4
                                                                                  Oct 2, 2024 19:52:52.873944998 CEST49752443192.168.2.418.173.205.62
                                                                                  Oct 2, 2024 19:52:52.874638081 CEST49752443192.168.2.418.173.205.62
                                                                                  Oct 2, 2024 19:52:52.874780893 CEST49752443192.168.2.418.173.205.62
                                                                                  Oct 2, 2024 19:52:52.874794960 CEST4434975218.173.205.62192.168.2.4
                                                                                  Oct 2, 2024 19:52:52.874919891 CEST4434975218.173.205.62192.168.2.4
                                                                                  Oct 2, 2024 19:52:52.914810896 CEST49752443192.168.2.418.173.205.62
                                                                                  Oct 2, 2024 19:52:52.914832115 CEST4434975218.173.205.62192.168.2.4
                                                                                  Oct 2, 2024 19:52:52.963181973 CEST49752443192.168.2.418.173.205.62
                                                                                  Oct 2, 2024 19:52:53.354691029 CEST4434975218.173.205.62192.168.2.4
                                                                                  Oct 2, 2024 19:52:53.354716063 CEST4434975218.173.205.62192.168.2.4
                                                                                  Oct 2, 2024 19:52:53.354743958 CEST4434975218.173.205.62192.168.2.4
                                                                                  Oct 2, 2024 19:52:53.354895115 CEST4434975218.173.205.62192.168.2.4
                                                                                  Oct 2, 2024 19:52:53.354918957 CEST49752443192.168.2.418.173.205.62
                                                                                  Oct 2, 2024 19:52:53.354991913 CEST49752443192.168.2.418.173.205.62
                                                                                  Oct 2, 2024 19:52:53.356132984 CEST49752443192.168.2.418.173.205.62
                                                                                  Oct 2, 2024 19:52:53.356199026 CEST4434975218.173.205.62192.168.2.4
                                                                                  Oct 2, 2024 19:52:53.393409014 CEST49755443192.168.2.4217.115.114.114
                                                                                  Oct 2, 2024 19:52:53.393457890 CEST44349755217.115.114.114192.168.2.4
                                                                                  Oct 2, 2024 19:52:53.393707037 CEST49755443192.168.2.4217.115.114.114
                                                                                  Oct 2, 2024 19:52:53.393764019 CEST49755443192.168.2.4217.115.114.114
                                                                                  Oct 2, 2024 19:52:53.393779039 CEST44349755217.115.114.114192.168.2.4
                                                                                  Oct 2, 2024 19:52:54.194492102 CEST44349755217.115.114.114192.168.2.4
                                                                                  Oct 2, 2024 19:52:54.194794893 CEST49755443192.168.2.4217.115.114.114
                                                                                  Oct 2, 2024 19:52:54.194828987 CEST44349755217.115.114.114192.168.2.4
                                                                                  Oct 2, 2024 19:52:54.196510077 CEST44349755217.115.114.114192.168.2.4
                                                                                  Oct 2, 2024 19:52:54.196599960 CEST49755443192.168.2.4217.115.114.114
                                                                                  Oct 2, 2024 19:52:54.198762894 CEST49755443192.168.2.4217.115.114.114
                                                                                  Oct 2, 2024 19:52:54.198868036 CEST44349755217.115.114.114192.168.2.4
                                                                                  Oct 2, 2024 19:52:54.198980093 CEST49755443192.168.2.4217.115.114.114
                                                                                  Oct 2, 2024 19:52:54.199001074 CEST44349755217.115.114.114192.168.2.4
                                                                                  Oct 2, 2024 19:52:54.238876104 CEST49755443192.168.2.4217.115.114.114
                                                                                  Oct 2, 2024 19:52:54.609555006 CEST44349755217.115.114.114192.168.2.4
                                                                                  Oct 2, 2024 19:52:54.611840010 CEST44349755217.115.114.114192.168.2.4
                                                                                  Oct 2, 2024 19:52:54.611923933 CEST49755443192.168.2.4217.115.114.114
                                                                                  Oct 2, 2024 19:52:54.614845037 CEST49755443192.168.2.4217.115.114.114
                                                                                  Oct 2, 2024 19:52:54.614866972 CEST44349755217.115.114.114192.168.2.4
                                                                                  Oct 2, 2024 19:52:54.658958912 CEST49757443192.168.2.4217.115.114.114
                                                                                  Oct 2, 2024 19:52:54.659060001 CEST44349757217.115.114.114192.168.2.4
                                                                                  Oct 2, 2024 19:52:54.659151077 CEST49757443192.168.2.4217.115.114.114
                                                                                  Oct 2, 2024 19:52:54.659342051 CEST49757443192.168.2.4217.115.114.114
                                                                                  Oct 2, 2024 19:52:54.659367085 CEST44349757217.115.114.114192.168.2.4
                                                                                  Oct 2, 2024 19:52:55.357754946 CEST44349757217.115.114.114192.168.2.4
                                                                                  Oct 2, 2024 19:52:55.358195066 CEST49757443192.168.2.4217.115.114.114
                                                                                  Oct 2, 2024 19:52:55.358258009 CEST44349757217.115.114.114192.168.2.4
                                                                                  Oct 2, 2024 19:52:55.359458923 CEST44349757217.115.114.114192.168.2.4
                                                                                  Oct 2, 2024 19:52:55.359793901 CEST49757443192.168.2.4217.115.114.114
                                                                                  Oct 2, 2024 19:52:55.359972000 CEST44349757217.115.114.114192.168.2.4
                                                                                  Oct 2, 2024 19:52:55.360043049 CEST49757443192.168.2.4217.115.114.114
                                                                                  Oct 2, 2024 19:52:55.403424978 CEST44349757217.115.114.114192.168.2.4
                                                                                  Oct 2, 2024 19:52:55.670417070 CEST44349757217.115.114.114192.168.2.4
                                                                                  Oct 2, 2024 19:52:55.670588017 CEST44349757217.115.114.114192.168.2.4
                                                                                  Oct 2, 2024 19:52:55.670902014 CEST49757443192.168.2.4217.115.114.114
                                                                                  Oct 2, 2024 19:52:55.672090054 CEST49757443192.168.2.4217.115.114.114
                                                                                  Oct 2, 2024 19:52:55.672133923 CEST44349757217.115.114.114192.168.2.4
                                                                                  Oct 2, 2024 19:52:57.083703995 CEST49758443192.168.2.4142.250.185.100
                                                                                  Oct 2, 2024 19:52:57.083754063 CEST44349758142.250.185.100192.168.2.4
                                                                                  Oct 2, 2024 19:52:57.084023952 CEST49758443192.168.2.4142.250.185.100
                                                                                  Oct 2, 2024 19:52:57.084023952 CEST49758443192.168.2.4142.250.185.100
                                                                                  Oct 2, 2024 19:52:57.084090948 CEST44349758142.250.185.100192.168.2.4
                                                                                  Oct 2, 2024 19:52:57.157190084 CEST6124553192.168.2.41.1.1.1
                                                                                  Oct 2, 2024 19:52:57.162261009 CEST53612451.1.1.1192.168.2.4
                                                                                  Oct 2, 2024 19:52:57.162390947 CEST6124553192.168.2.41.1.1.1
                                                                                  Oct 2, 2024 19:52:57.162390947 CEST6124553192.168.2.41.1.1.1
                                                                                  Oct 2, 2024 19:52:57.167464972 CEST53612451.1.1.1192.168.2.4
                                                                                  Oct 2, 2024 19:52:57.604465961 CEST53612451.1.1.1192.168.2.4
                                                                                  Oct 2, 2024 19:52:57.605525017 CEST6124553192.168.2.41.1.1.1
                                                                                  Oct 2, 2024 19:52:57.611069918 CEST53612451.1.1.1192.168.2.4
                                                                                  Oct 2, 2024 19:52:57.611258984 CEST6124553192.168.2.41.1.1.1
                                                                                  Oct 2, 2024 19:52:57.748852015 CEST44349758142.250.185.100192.168.2.4
                                                                                  Oct 2, 2024 19:52:57.749243975 CEST49758443192.168.2.4142.250.185.100
                                                                                  Oct 2, 2024 19:52:57.749265909 CEST44349758142.250.185.100192.168.2.4
                                                                                  Oct 2, 2024 19:52:57.750916958 CEST44349758142.250.185.100192.168.2.4
                                                                                  Oct 2, 2024 19:52:57.750992060 CEST49758443192.168.2.4142.250.185.100
                                                                                  Oct 2, 2024 19:52:57.752047062 CEST49758443192.168.2.4142.250.185.100
                                                                                  Oct 2, 2024 19:52:57.752130985 CEST44349758142.250.185.100192.168.2.4
                                                                                  Oct 2, 2024 19:52:57.805018902 CEST49758443192.168.2.4142.250.185.100
                                                                                  Oct 2, 2024 19:52:57.805037022 CEST44349758142.250.185.100192.168.2.4
                                                                                  Oct 2, 2024 19:52:57.851890087 CEST49758443192.168.2.4142.250.185.100
                                                                                  Oct 2, 2024 19:53:07.635965109 CEST44349758142.250.185.100192.168.2.4
                                                                                  Oct 2, 2024 19:53:07.636089087 CEST44349758142.250.185.100192.168.2.4
                                                                                  Oct 2, 2024 19:53:07.636147976 CEST49758443192.168.2.4142.250.185.100
                                                                                  Oct 2, 2024 19:53:08.260025978 CEST49758443192.168.2.4142.250.185.100
                                                                                  Oct 2, 2024 19:53:08.260060072 CEST44349758142.250.185.100192.168.2.4
                                                                                  Oct 2, 2024 19:53:17.590647936 CEST61253443192.168.2.420.114.59.183
                                                                                  Oct 2, 2024 19:53:17.590739012 CEST4436125320.114.59.183192.168.2.4
                                                                                  Oct 2, 2024 19:53:17.590837002 CEST61253443192.168.2.420.114.59.183
                                                                                  Oct 2, 2024 19:53:17.591176033 CEST61253443192.168.2.420.114.59.183
                                                                                  Oct 2, 2024 19:53:17.591213942 CEST4436125320.114.59.183192.168.2.4
                                                                                  Oct 2, 2024 19:53:18.384922028 CEST4436125320.114.59.183192.168.2.4
                                                                                  Oct 2, 2024 19:53:18.385277987 CEST61253443192.168.2.420.114.59.183
                                                                                  Oct 2, 2024 19:53:18.388892889 CEST61253443192.168.2.420.114.59.183
                                                                                  Oct 2, 2024 19:53:18.388946056 CEST4436125320.114.59.183192.168.2.4
                                                                                  Oct 2, 2024 19:53:18.389369011 CEST4436125320.114.59.183192.168.2.4
                                                                                  Oct 2, 2024 19:53:18.395771027 CEST61253443192.168.2.420.114.59.183
                                                                                  Oct 2, 2024 19:53:18.443442106 CEST4436125320.114.59.183192.168.2.4
                                                                                  Oct 2, 2024 19:53:18.718439102 CEST4436125320.114.59.183192.168.2.4
                                                                                  Oct 2, 2024 19:53:18.718497038 CEST4436125320.114.59.183192.168.2.4
                                                                                  Oct 2, 2024 19:53:18.718539000 CEST4436125320.114.59.183192.168.2.4
                                                                                  Oct 2, 2024 19:53:18.718714952 CEST61253443192.168.2.420.114.59.183
                                                                                  Oct 2, 2024 19:53:18.718781948 CEST4436125320.114.59.183192.168.2.4
                                                                                  Oct 2, 2024 19:53:18.718826056 CEST4436125320.114.59.183192.168.2.4
                                                                                  Oct 2, 2024 19:53:18.718868017 CEST61253443192.168.2.420.114.59.183
                                                                                  Oct 2, 2024 19:53:18.718884945 CEST4436125320.114.59.183192.168.2.4
                                                                                  Oct 2, 2024 19:53:18.718919039 CEST61253443192.168.2.420.114.59.183
                                                                                  Oct 2, 2024 19:53:18.718959093 CEST61253443192.168.2.420.114.59.183
                                                                                  Oct 2, 2024 19:53:18.718972921 CEST4436125320.114.59.183192.168.2.4
                                                                                  Oct 2, 2024 19:53:18.718998909 CEST4436125320.114.59.183192.168.2.4
                                                                                  Oct 2, 2024 19:53:18.719055891 CEST61253443192.168.2.420.114.59.183
                                                                                  Oct 2, 2024 19:53:18.723881960 CEST61253443192.168.2.420.114.59.183
                                                                                  Oct 2, 2024 19:53:18.723911047 CEST4436125320.114.59.183192.168.2.4
                                                                                  Oct 2, 2024 19:53:18.723959923 CEST61253443192.168.2.420.114.59.183
                                                                                  Oct 2, 2024 19:53:18.723974943 CEST4436125320.114.59.183192.168.2.4
                                                                                  Oct 2, 2024 19:53:56.668165922 CEST61255443192.168.2.4142.250.185.100
                                                                                  Oct 2, 2024 19:53:56.668282032 CEST44361255142.250.185.100192.168.2.4
                                                                                  Oct 2, 2024 19:53:56.668802977 CEST61255443192.168.2.4142.250.185.100
                                                                                  Oct 2, 2024 19:53:56.669523001 CEST61255443192.168.2.4142.250.185.100
                                                                                  Oct 2, 2024 19:53:56.669631004 CEST44361255142.250.185.100192.168.2.4
                                                                                  Oct 2, 2024 19:53:57.319056034 CEST44361255142.250.185.100192.168.2.4
                                                                                  Oct 2, 2024 19:53:57.319864988 CEST61255443192.168.2.4142.250.185.100
                                                                                  Oct 2, 2024 19:53:57.319945097 CEST44361255142.250.185.100192.168.2.4
                                                                                  Oct 2, 2024 19:53:57.321168900 CEST44361255142.250.185.100192.168.2.4
                                                                                  Oct 2, 2024 19:53:57.321765900 CEST61255443192.168.2.4142.250.185.100
                                                                                  Oct 2, 2024 19:53:57.322143078 CEST44361255142.250.185.100192.168.2.4
                                                                                  Oct 2, 2024 19:53:57.368436098 CEST61255443192.168.2.4142.250.185.100
                                                                                  Oct 2, 2024 19:54:07.245765924 CEST44361255142.250.185.100192.168.2.4
                                                                                  Oct 2, 2024 19:54:07.245939970 CEST44361255142.250.185.100192.168.2.4
                                                                                  Oct 2, 2024 19:54:07.246119976 CEST61255443192.168.2.4142.250.185.100
                                                                                  Oct 2, 2024 19:54:08.265064001 CEST61255443192.168.2.4142.250.185.100
                                                                                  Oct 2, 2024 19:54:08.265146971 CEST44361255142.250.185.100192.168.2.4

                                                                                  UDP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Oct 2, 2024 19:52:38.465616941 CEST5508153192.168.2.41.1.1.1
                                                                                  Oct 2, 2024 19:52:44.828365088 CEST138138192.168.2.4192.168.2.255
                                                                                  Oct 2, 2024 19:52:52.076915979 CEST53553011.1.1.1192.168.2.4
                                                                                  Oct 2, 2024 19:52:52.077403069 CEST5989853192.168.2.41.1.1.1
                                                                                  Oct 2, 2024 19:52:52.077543020 CEST5293153192.168.2.41.1.1.1
                                                                                  Oct 2, 2024 19:52:52.084429979 CEST53598981.1.1.1192.168.2.4
                                                                                  Oct 2, 2024 19:52:52.095078945 CEST53529311.1.1.1192.168.2.4
                                                                                  Oct 2, 2024 19:52:52.125418901 CEST53509611.1.1.1192.168.2.4
                                                                                  Oct 2, 2024 19:52:53.099248886 CEST53515231.1.1.1192.168.2.4
                                                                                  Oct 2, 2024 19:52:53.363035917 CEST5606553192.168.2.41.1.1.1
                                                                                  Oct 2, 2024 19:52:53.363348961 CEST6450353192.168.2.41.1.1.1
                                                                                  Oct 2, 2024 19:52:53.392182112 CEST53645031.1.1.1192.168.2.4
                                                                                  Oct 2, 2024 19:52:53.392848015 CEST53560651.1.1.1192.168.2.4
                                                                                  Oct 2, 2024 19:52:56.602639914 CEST4971653192.168.2.41.1.1.1
                                                                                  Oct 2, 2024 19:52:56.602742910 CEST6299153192.168.2.41.1.1.1
                                                                                  Oct 2, 2024 19:52:57.082344055 CEST53497161.1.1.1192.168.2.4
                                                                                  Oct 2, 2024 19:52:57.082443953 CEST53629911.1.1.1192.168.2.4
                                                                                  Oct 2, 2024 19:52:57.156584978 CEST53629181.1.1.1192.168.2.4
                                                                                  Oct 2, 2024 19:53:04.313962936 CEST53622321.1.1.1192.168.2.4
                                                                                  Oct 2, 2024 19:53:51.823376894 CEST53557501.1.1.1192.168.2.4

                                                                                  DNS Queries

                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                  Oct 2, 2024 19:52:38.465616941 CEST192.168.2.41.1.1.10xb705Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                                                                                  Oct 2, 2024 19:52:52.077403069 CEST192.168.2.41.1.1.10x8371Standard query (0)docsend.comA (IP address)IN (0x0001)false
                                                                                  Oct 2, 2024 19:52:52.077543020 CEST192.168.2.41.1.1.10xc9c6Standard query (0)docsend.com65IN (0x0001)false
                                                                                  Oct 2, 2024 19:52:53.363035917 CEST192.168.2.41.1.1.10xacd8Standard query (0)dianemccabe.comA (IP address)IN (0x0001)false
                                                                                  Oct 2, 2024 19:52:53.363348961 CEST192.168.2.41.1.1.10xb09dStandard query (0)dianemccabe.com65IN (0x0001)false
                                                                                  Oct 2, 2024 19:52:56.602639914 CEST192.168.2.41.1.1.10x7fefStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                  Oct 2, 2024 19:52:56.602742910 CEST192.168.2.41.1.1.10xc572Standard query (0)www.google.com65IN (0x0001)false

                                                                                  DNS Answers

                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                  Oct 2, 2024 19:52:38.475445986 CEST1.1.1.1192.168.2.40xb705No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                  Oct 2, 2024 19:52:39.151161909 CEST1.1.1.1192.168.2.40x1626No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                  Oct 2, 2024 19:52:39.151161909 CEST1.1.1.1192.168.2.40x1626No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                  Oct 2, 2024 19:52:52.084429979 CEST1.1.1.1192.168.2.40x8371No error (0)docsend.com18.173.205.62A (IP address)IN (0x0001)false
                                                                                  Oct 2, 2024 19:52:52.084429979 CEST1.1.1.1192.168.2.40x8371No error (0)docsend.com18.173.205.79A (IP address)IN (0x0001)false
                                                                                  Oct 2, 2024 19:52:52.084429979 CEST1.1.1.1192.168.2.40x8371No error (0)docsend.com18.173.205.86A (IP address)IN (0x0001)false
                                                                                  Oct 2, 2024 19:52:52.084429979 CEST1.1.1.1192.168.2.40x8371No error (0)docsend.com18.173.205.125A (IP address)IN (0x0001)false
                                                                                  Oct 2, 2024 19:52:53.392848015 CEST1.1.1.1192.168.2.40xacd8No error (0)dianemccabe.com217.115.114.114A (IP address)IN (0x0001)false
                                                                                  Oct 2, 2024 19:52:57.082344055 CEST1.1.1.1192.168.2.40x7fefNo error (0)www.google.com142.250.185.100A (IP address)IN (0x0001)false
                                                                                  Oct 2, 2024 19:52:57.082443953 CEST1.1.1.1192.168.2.40xc572No error (0)www.google.com65IN (0x0001)false

                                                                                  HTTP Request Dependency Graph

                                                                                  • fs.microsoft.com
                                                                                  • armmf.adobe.com
                                                                                  • slscr.update.microsoft.com
                                                                                  • docsend.com
                                                                                  • dianemccabe.com
                                                                                  • https:

                                                                                  HTTPS Proxied Packets

                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  0192.168.2.449739184.28.90.27443
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-10-02 17:52:33 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                                  Connection: Keep-Alive
                                                                                  Accept: */*
                                                                                  Accept-Encoding: identity
                                                                                  User-Agent: Microsoft BITS/7.8
                                                                                  Host: fs.microsoft.com
                                                                                  2024-10-02 17:52:33 UTC466INHTTP/1.1 200 OK
                                                                                  Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                  Content-Type: application/octet-stream
                                                                                  ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                  Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                  Server: ECAcc (lpl/EF06)
                                                                                  X-CID: 11
                                                                                  X-Ms-ApiVersion: Distribute 1.2
                                                                                  X-Ms-Region: prod-neu-z1
                                                                                  Cache-Control: public, max-age=82397
                                                                                  Date: Wed, 02 Oct 2024 17:52:33 GMT
                                                                                  Connection: close
                                                                                  X-CID: 2


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  1192.168.2.449740184.28.90.27443
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-10-02 17:52:34 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                                  Connection: Keep-Alive
                                                                                  Accept: */*
                                                                                  Accept-Encoding: identity
                                                                                  If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                                  Range: bytes=0-2147483646
                                                                                  User-Agent: Microsoft BITS/7.8
                                                                                  Host: fs.microsoft.com
                                                                                  2024-10-02 17:52:34 UTC514INHTTP/1.1 200 OK
                                                                                  ApiVersion: Distribute 1.1
                                                                                  Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                  Content-Type: application/octet-stream
                                                                                  ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                  Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                  Server: ECAcc (lpl/EF06)
                                                                                  X-CID: 11
                                                                                  X-Ms-ApiVersion: Distribute 1.2
                                                                                  X-Ms-Region: prod-weu-z1
                                                                                  Cache-Control: public, max-age=82340
                                                                                  Date: Wed, 02 Oct 2024 17:52:34 GMT
                                                                                  Content-Length: 55
                                                                                  Connection: close
                                                                                  X-CID: 2
                                                                                  2024-10-02 17:52:34 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                                  Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  2192.168.2.44974323.203.104.1754437244C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-10-02 17:52:39 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                                                                                  Host: armmf.adobe.com
                                                                                  Connection: keep-alive
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                                                                                  Sec-Fetch-Site: same-origin
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  If-None-Match: "78-5faa31cce96da"
                                                                                  If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                                                                                  2024-10-02 17:52:39 UTC198INHTTP/1.1 304 Not Modified
                                                                                  Content-Type: text/plain; charset=UTF-8
                                                                                  Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                                                                                  ETag: "78-5faa31cce96da"
                                                                                  Date: Wed, 02 Oct 2024 17:52:39 GMT
                                                                                  Connection: close


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  3192.168.2.44974420.114.59.183443
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-10-02 17:52:40 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=a8eGsHWKylSgLdw&MD=MbhUNfdD HTTP/1.1
                                                                                  Connection: Keep-Alive
                                                                                  Accept: */*
                                                                                  User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                  Host: slscr.update.microsoft.com
                                                                                  2024-10-02 17:52:40 UTC560INHTTP/1.1 200 OK
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  Content-Type: application/octet-stream
                                                                                  Expires: -1
                                                                                  Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                  ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                  MS-CorrelationId: c3ad9129-b5ef-4af9-804c-6c32826d85b0
                                                                                  MS-RequestId: 09d9acfd-b804-48ef-aacb-fa3ec548b754
                                                                                  MS-CV: Ew5e5aeCKkqkaMe+.0
                                                                                  X-Microsoft-SLSClientCache: 2880
                                                                                  Content-Disposition: attachment; filename=environment.cab
                                                                                  X-Content-Type-Options: nosniff
                                                                                  Date: Wed, 02 Oct 2024 17:52:40 GMT
                                                                                  Connection: close
                                                                                  Content-Length: 24490
                                                                                  2024-10-02 17:52:40 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                  Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                  2024-10-02 17:52:40 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                  Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  4192.168.2.44975218.173.205.624431868C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-10-02 17:52:52 UTC675OUTGET /view/6bkxyed8jn8y29xw HTTP/1.1
                                                                                  Host: docsend.com
                                                                                  Connection: keep-alive
                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                  sec-ch-ua-mobile: ?0
                                                                                  sec-ch-ua-platform: "Windows"
                                                                                  Upgrade-Insecure-Requests: 1
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: navigate
                                                                                  Sec-Fetch-User: ?1
                                                                                  Sec-Fetch-Dest: document
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  2024-10-02 17:52:53 UTC5860INHTTP/1.1 302 Found
                                                                                  Content-Type: text/html; charset=utf-8
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Server: Cowboy
                                                                                  Date: Wed, 02 Oct 2024 17:52:53 GMT
                                                                                  Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1727891573&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=wE%2B3BXy6MxcoD%2Fub6tHVjHOAA5O7oTfO9lPw%2BiSt%2BL8%3D"}]}
                                                                                  Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1727891573&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=wE%2B3BXy6MxcoD%2Fub6tHVjHOAA5O7oTfO9lPw%2BiSt%2BL8%3D
                                                                                  Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
                                                                                  Via: 1.1 vegur, 1.1 b9b04d42286133992b582a519d8da04e.cloudfront.net (CloudFront)
                                                                                  X-Frame-Options: DENY
                                                                                  X-Content-Type-Options: nosniff
                                                                                  Location: https://dianemccabe.com/n/?c3Y9bzM2NV8xX25vbSZyYW5kPVR6WXpVMjQ9JnVpZD1VU0VSMjMwOTIwMjRVMzMwOTIzMjU=N0123N[EMAIL]
                                                                                  Cache-Control: no-cache
                                                                                  Content-Security-Policy: connect-src 'self' blob: https://assets.docsend.com https://d1ng9lshxk6v9w.cloudfront.net https://*.previews.dropboxusercontent.com/*/p.m3u8 https://*.dropboxusercontent.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://*.intercomcdn.com https://uploads.intercomusercontent.com https://sessions.bugsnag.com https://notify.bugsnag.com https://featuregates.org https://events.statsigapi.net https://browser-intake-datadoghq.com https://browser-intake-us3-datadoghq.com https://browser-intake-us5-datadoghq.com https://*.kissmetrics.com https://*.kissmetrics.io https://api.segment.io https://cdn.segment.com https://events.statsigapi.net/v1/rgstr https://statsigapi.net/v1/sdk_exception https://*.id.opendns.com https://www.googl [TRUNCATED]
                                                                                  Set-Cookie: _v_=Y52WaBiQtMFyfqthOsTHoTKFmOIV6eH6x95hMr4RMmN7WDXHR2WKGjCGQ9kOdeR2aL9NxdAACYVX3pMRt6dp1uJU21h%2BdLMhaBmDY%2Bs7ZkbAXBLhhQ%3D%3D--FqtNnXVGUDHCuwIz--m%2FkK3BNiTw48K3o9yOVS7A%3D%3D; domain=.docsend.com; path=/; expires=Thu, 02 Oct 2025 17:52:53 GMT; SameSite=None; secure
                                                                                  Set-Cookie: _us_=eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaEpJZzkyYVdWM1pXUWdaRzlqQmpvR1JWUT0iLCJleHAiOm51bGwsInB1ciI6ImNvb2tpZS5fdXNfIn19--0a19c6dc51d459746e8b01d901655a78795a6225; domain=.docsend.com; path=/; expires=Sun, 02 Oct 2044 17:52:53 GMT; SameSite=None; secure
                                                                                  Set-Cookie: _dss_=0544c993c857d3a871cb919906638699; domain=.docsend.com; path=/; secure; HttpOnly; SameSite=None
                                                                                  X-Request-Id: 64fc3579-ac73-4e7d-b170-291fcfb339ce
                                                                                  X-Runtime: 0.099302
                                                                                  Vary: Accept-Encoding, Origin
                                                                                  Strict-Transport-Security: max-age=31556952; includeSubDomains; preload
                                                                                  X-Cache: Miss from cloudfront
                                                                                  X-Amz-Cf-Pop: FRA56-P12
                                                                                  X-Amz-Cf-Id: pFkGT3ZsYtN_prVXEQvewPxuoO4YhEU2Gu99Yo88zJxwaa-cuIgdMQ==
                                                                                  2024-10-02 17:52:53 UTC184INData Raw: 62 32 0d 0a 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 59 6f 75 20 61 72 65 20 62 65 69 6e 67 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 69 61 6e 65 6d 63 63 61 62 65 2e 63 6f 6d 2f 6e 2f 3f 63 33 59 39 62 7a 4d 32 4e 56 38 78 58 32 35 76 62 53 5a 79 59 57 35 6b 50 56 52 36 57 58 70 56 4d 6a 51 39 4a 6e 56 70 5a 44 31 56 55 30 56 53 4d 6a 4d 77 4f 54 49 77 4d 6a 52 56 4d 7a 4d 77 4f 54 49 7a 4d 6a 55 3d 4e 30 31 32 33 4e 5b 45 4d 41 49 4c 5d 22 3e 72 65 64 69 72 65 63 74 65 64 3c 2f 61 3e 2e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: b2<html><body>You are being <a href="https://dianemccabe.com/n/?c3Y9bzM2NV8xX25vbSZyYW5kPVR6WXpVMjQ9JnVpZD1VU0VSMjMwOTIwMjRVMzMwOTIzMjU=N0123N[EMAIL]">redirected</a>.</body></html>
                                                                                  2024-10-02 17:52:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  5192.168.2.449755217.115.114.1144431868C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-10-02 17:52:54 UTC746OUTGET /n/?c3Y9bzM2NV8xX25vbSZyYW5kPVR6WXpVMjQ9JnVpZD1VU0VSMjMwOTIwMjRVMzMwOTIzMjU=N0123N[EMAIL] HTTP/1.1
                                                                                  Host: dianemccabe.com
                                                                                  Connection: keep-alive
                                                                                  Upgrade-Insecure-Requests: 1
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: navigate
                                                                                  Sec-Fetch-User: ?1
                                                                                  Sec-Fetch-Dest: document
                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                  sec-ch-ua-mobile: ?0
                                                                                  sec-ch-ua-platform: "Windows"
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  2024-10-02 17:52:54 UTC159INHTTP/1.1 200 OK
                                                                                  Date: Wed, 02 Oct 2024 17:52:54 GMT
                                                                                  Server: Apache
                                                                                  Connection: close
                                                                                  Transfer-Encoding: chunked
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  2024-10-02 17:52:54 UTC6INData Raw: 31 0d 0a 0a 0d 0a
                                                                                  Data Ascii: 1
                                                                                  2024-10-02 17:52:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  6192.168.2.449757217.115.114.1144431868C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-10-02 17:52:55 UTC674OUTGET /favicon.ico HTTP/1.1
                                                                                  Host: dianemccabe.com
                                                                                  Connection: keep-alive
                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                  sec-ch-ua-mobile: ?0
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                  sec-ch-ua-platform: "Windows"
                                                                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                  Sec-Fetch-Site: same-origin
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: image
                                                                                  Referer: https://dianemccabe.com/n/?c3Y9bzM2NV8xX25vbSZyYW5kPVR6WXpVMjQ9JnVpZD1VU0VSMjMwOTIwMjRVMzMwOTIzMjU=N0123N[EMAIL]
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  2024-10-02 17:52:55 UTC164INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 02 Oct 2024 17:52:55 GMT
                                                                                  Server: Apache
                                                                                  Content-Length: 315
                                                                                  Connection: close
                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                  2024-10-02 17:52:55 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  7192.168.2.46125320.114.59.183443
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-10-02 17:53:18 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=a8eGsHWKylSgLdw&MD=MbhUNfdD HTTP/1.1
                                                                                  Connection: Keep-Alive
                                                                                  Accept: */*
                                                                                  User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                  Host: slscr.update.microsoft.com
                                                                                  2024-10-02 17:53:18 UTC560INHTTP/1.1 200 OK
                                                                                  Cache-Control: no-cache
                                                                                  Pragma: no-cache
                                                                                  Content-Type: application/octet-stream
                                                                                  Expires: -1
                                                                                  Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                  ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                                  MS-CorrelationId: 3e09da25-f704-4557-b56d-a914b40d758a
                                                                                  MS-RequestId: aa2e6c95-e8f6-4e2d-8760-7dafdbe0250b
                                                                                  MS-CV: KkHlVbSbmUisjBJR.0
                                                                                  X-Microsoft-SLSClientCache: 1440
                                                                                  Content-Disposition: attachment; filename=environment.cab
                                                                                  X-Content-Type-Options: nosniff
                                                                                  Date: Wed, 02 Oct 2024 17:53:18 GMT
                                                                                  Connection: close
                                                                                  Content-Length: 30005
                                                                                  2024-10-02 17:53:18 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                                  Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                                  2024-10-02 17:53:18 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                                  Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                                  Statistics

                                                                                  CPU Usage

                                                                                  Click to jump to process

                                                                                  Memory Usage

                                                                                  Click to jump to process

                                                                                  High Level Behavior Distribution

                                                                                  Click to dive into process behavior distribution

                                                                                  Behavior

                                                                                  Click to jump to process

                                                                                  System Behavior

                                                                                  General

                                                                                  Target ID:0
                                                                                  Start time:13:52:24
                                                                                  Start date:02/10/2024
                                                                                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Visix Digital Signage.pdf"
                                                                                  Imagebase:0x7ff6bc1b0000
                                                                                  File size:5'641'176 bytes
                                                                                  MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:1
                                                                                  Start time:13:52:25
                                                                                  Start date:02/10/2024
                                                                                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                                                                  Imagebase:0x7ff74bb60000
                                                                                  File size:3'581'912 bytes
                                                                                  MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:3
                                                                                  Start time:13:52:25
                                                                                  Start date:02/10/2024
                                                                                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1628,i,3762446524523621955,14140293356470645305,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                                                  Imagebase:0x7ff74bb60000
                                                                                  File size:3'581'912 bytes
                                                                                  MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:9
                                                                                  Start time:13:52:49
                                                                                  Start date:02/10/2024
                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://docsend.com/view/6bkxyed8jn8y29xw"
                                                                                  Imagebase:0x7ff76e190000
                                                                                  File size:3'242'272 bytes
                                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:false

                                                                                  General

                                                                                  Target ID:10
                                                                                  Start time:13:52:51
                                                                                  Start date:02/10/2024
                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=2004,i,9085540079256255740,3480827009133672095,262144 /prefetch:8
                                                                                  Imagebase:0x7ff76e190000
                                                                                  File size:3'242'272 bytes
                                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:false

                                                                                  Disassembly

                                                                                  No disassembly