Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
scan1738761_rsalinas@wcctxlaw.com.pdf

Overview

General Information

Sample name:scan1738761_rsalinas@wcctxlaw.com.pdf
Analysis ID:1544776
MD5:5ab5da2e4761df42f12379ea4b7fa516
SHA1:732c13dbb607d721b17f10e98d3fdfae176aa8a1
SHA256:79efbf5820200a6ae39dcfc8ab774bbbb5a291095e1daf0edc090079a6e35c73

Detection

HTMLPhisher
Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected HtmlPhish54
AI detected landing page (webpage, office document or email)
AI detected suspicious URL
Phishing site detected (based on favicon image match)
Phishing site detected (based on image similarity)
HTML body contains low number of good links
HTML page contains hidden javascript code
HTML page contains obfuscated script src
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • Acrobat.exe (PID: 5316 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\scan1738761_rsalinas@wcctxlaw.com.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6812 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7080 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1564 --field-trial-handle=1380,i,15601222788256969841,12118080085819300759,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • chrome.exe (PID: 6512 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://secure.adnxs.com/clktrb?id=273568&redir=https://bluemarlinsmarine.com/?yentvuvm&qrc=rsalinas@wcctxlaw.com MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 5488 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1928,i,13231410723714603743,7428996741244498370,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
0.4.id.script.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
    0.13.i.script.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      Phishing

      barindex
      Yara detected HtmlPhish54
      Source: Yara matchFile source: 0.4.id.script.csv, type: HTML
      Source: Yara matchFile source: 0.13.i.script.csv, type: HTML
      Phishing site detected (based on favicon image match)
      Source: https://hgbllc.net/?2t2086mac=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1yc2FsaW5hcyU0MHdjY3R4bGF3LmNvbSZjbGllbnQtcmVxdWVzdC1pZD03OThiOGExYy1lOWJkLTY3MGUtYjAyMC0xMjA3NmU2OTAwN2EmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NjU4MTk2MDExOTE0NjU1LjI1MGYxZTQ3LWNlMGMtNGQ1Yy05ZGEzLTI4ODYxZTU0MzYyMCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUtHZEFXWUtDLU5SREptaWtsUkliQk04dml6ZTMzMnRsRG9QcDBIRGlGcllCYWFBa1FFeG9tZWl5Ukk4TWZ2RlNBWXhmaVV4Y1UzTzJCQVlNM25IRnZSNHIzUHJhYjV2N1ZYcTQxM3FjZnZ1YVNzMTdSY1BYZVQ0YmFsUDBqNV8=&sso_reload=trueMatcher: Template: microsoft matched with high similarity
      Source: https://hgbllc.netMatcher: Template: microsoft matched with high similarity
      Phishing site detected (based on image similarity)
      Source: https://hgbllc.net/?2t2086mac=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1yc2FsaW5hcyU0MHdjY3R4bGF3LmNvbSZjbGllbnQtcmVxdWVzdC1pZD03OThiOGExYy1lOWJkLTY3MGUtYjAyMC0xMjA3NmU2OTAwN2EmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NjU4MTk2MDExOTE0NjU1LjI1MGYxZTQ3LWNlMGMtNGQ1Yy05ZGEzLTI4ODYxZTU0MzYyMCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUtHZEFXWUtDLU5SREptaWtsUkliQk04dml6ZTMzMnRsRG9QcDBIRGlGcllCYWFBa1FFeG9tZWl5Ukk4TWZ2RlNBWXhmaVV4Y1UzTzJCQVlNM25IRnZSNHIzUHJhYjV2N1ZYcTQxM3FjZnZ1YVNzMTdSY1BYZVQ0YmFsUDBqNV8=&sso_reload=trueMatcher: Found strong image similarity, brand: MICROSOFT
      Source: https://hgbllc.net/?2t2086mac=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1yc2FsaW5hcyU0MHdjY3R4bGF3LmNvbSZjbGllbnQtcmVxdWVzdC1pZD03OThiOGExYy1lOWJkLTY3MGUtYjAyMC0xMjA3NmU2OTAwN2EmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NjU4MTk2MDExOTE0NjU1LjI1MGYxZTQ3LWNlMGMtNGQ1Yy05ZGEzLTI4ODYxZTU0MzYyMCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUtHZEFXWUtDLU5SREptaWtsUkliQk04dml6ZTMzMnRsRG9QcDBIRGlGcllCYWFBa1FFeG9tZWl5Ukk4TWZ2RlNBWXhmaVV4Y1UzTzJCQVlNM25IRnZSNHIzUHJhYjV2N1ZYcTQxM3FjZnZ1YVNzMTdSY1BYZVQ0YmFsUDBqNV8=&sso_reload=trueHTTP Parser: Number of links: 0
      Source: https://hgbllc.net/?2t2086mac=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1yc2FsaW5hcyU0MHdjY3R4bGF3LmNvbSZjbGllbnQtcmVxdWVzdC1pZD03OThiOGExYy1lOWJkLTY3MGUtYjAyMC0xMjA3NmU2OTAwN2EmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NjU4MTk2MDExOTE0NjU1LjI1MGYxZTQ3LWNlMGMtNGQ1Yy05ZGEzLTI4ODYxZTU0MzYyMCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUtHZEFXWUtDLU5SREptaWtsUkliQk04dml6ZTMzMnRsRG9QcDBIRGlGcllCYWFBa1FFeG9tZWl5Ukk4TWZ2RlNBWXhmaVV4Y1UzTzJCQVlNM25IRnZSNHIzUHJhYjV2N1ZYcTQxM3FjZnZ1YVNzMTdSY1BYZVQ0YmFsUDBqNV8=HTTP Parser: Base64 decoded: function c(){if(!document.querySelector(".b") || !document.querySelector(".g")){document.head.appendChild(Object.assign(document.createElement("div"),{classList:["b"]}));document.documentElement.style.filter="hue-rotate(4deg)";document.head.appendChild(Ob...
      Source: https://hgbllc.net/?2t2086mac=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
      Source: https://hgbllc.net/?2t2086mac=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
      Source: https://hgbllc.net/?2t2086mac=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
      Source: https://hgbllc.net/?2t2086mac=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1yc2FsaW5hcyU0MHdjY3R4bGF3LmNvbSZjbGllbnQtcmVxdWVzdC1pZD03OThiOGExYy1lOWJkLTY3MGUtYjAyMC0xMjA3NmU2OTAwN2EmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NjU4MTk2MDExOTE0NjU1LjI1MGYxZTQ3LWNlMGMtNGQ1Yy05ZGEzLTI4ODYxZTU0MzYyMCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUtHZEFXWUtDLU5SREptaWtsUkliQk04dml6ZTMzMnRsRG9QcDBIRGlGcllCYWFBa1FFeG9tZWl5Ukk4TWZ2RlNBWXhmaVV4Y1UzTzJCQVlNM25IRnZSNHIzUHJhYjV2N1ZYcTQxM3FjZnZ1YVNzMTdSY1BYZVQ0YmFsUDBqNV8=&sso_reload=trueHTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
      Source: https://hgbllc.net/?2t2086mac=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1yc2FsaW5hcyU0MHdjY3R4bGF3LmNvbSZjbGllbnQtcmVxdWVzdC1pZD03OThiOGExYy1lOWJkLTY3MGUtYjAyMC0xMjA3NmU2OTAwN2EmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NjU4MTk2MDExOTE0NjU1LjI1MGYxZTQ3LWNlMGMtNGQ1Yy05ZGEzLTI4ODYxZTU0MzYyMCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUtHZEFXWUtDLU5SREptaWtsUkliQk04dml6ZTMzMnRsRG9QcDBIRGlGcllCYWFBa1FFeG9tZWl5Ukk4TWZ2RlNBWXhmaVV4Y1UzTzJCQVlNM25IRnZSNHIzUHJhYjV2N1ZYcTQxM3FjZnZ1YVNzMTdSY1BYZVQ0YmFsUDBqNV8=&sso_reload=trueHTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
      Source: https://bluemarlinsmarine.com/?yentvuvm=39c8f539f9b611afdf985b6c03334d8462c205395920295750560b887b0d149e030ea724e7393dcf12e144a98533a2670105061f783748a4da430a424b2a7049&qrc=rsalinas%40wcctxlaw.comHTTP Parser: No favicon
      Source: https://hgbllc.net/?2t2086mac=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1yc2FsaW5hcyU0MHdjY3R4bGF3LmNvbSZjbGllbnQtcmVxdWVzdC1pZD03OThiOGExYy1lOWJkLTY3MGUtYjAyMC0xMjA3NmU2OTAwN2EmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NjU4MTk2MDExOTE0NjU1LjI1MGYxZTQ3LWNlMGMtNGQ1Yy05ZGEzLTI4ODYxZTU0MzYyMCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUtHZEFXWUtDLU5SREptaWtsUkliQk04dml6ZTMzMnRsRG9QcDBIRGlGcllCYWFBa1FFeG9tZWl5Ukk4TWZ2RlNBWXhmaVV4Y1UzTzJCQVlNM25IRnZSNHIzUHJhYjV2N1ZYcTQxM3FjZnZ1YVNzMTdSY1BYZVQ0YmFsUDBqNV8=HTTP Parser: No favicon
      Source: https://hgbllc.net/?2t2086mac=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1yc2FsaW5hcyU0MHdjY3R4bGF3LmNvbSZjbGllbnQtcmVxdWVzdC1pZD03OThiOGExYy1lOWJkLTY3MGUtYjAyMC0xMjA3NmU2OTAwN2EmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NjU4MTk2MDExOTE0NjU1LjI1MGYxZTQ3LWNlMGMtNGQ1Yy05ZGEzLTI4ODYxZTU0MzYyMCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUtHZEFXWUtDLU5SREptaWtsUkliQk04dml6ZTMzMnRsRG9QcDBIRGlGcllCYWFBa1FFeG9tZWl5Ukk4TWZ2RlNBWXhmaVV4Y1UzTzJCQVlNM25IRnZSNHIzUHJhYjV2N1ZYcTQxM3FjZnZ1YVNzMTdSY1BYZVQ0YmFsUDBqNV8=&sso_reload=trueHTTP Parser: No favicon
      Source: https://hgbllc.net/?2t2086mac=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1yc2FsaW5hcyU0MHdjY3R4bGF3LmNvbSZjbGllbnQtcmVxdWVzdC1pZD03OThiOGExYy1lOWJkLTY3MGUtYjAyMC0xMjA3NmU2OTAwN2EmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NjU4MTk2MDExOTE0NjU1LjI1MGYxZTQ3LWNlMGMtNGQ1Yy05ZGEzLTI4ODYxZTU0MzYyMCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUtHZEFXWUtDLU5SREptaWtsUkliQk04dml6ZTMzMnRsRG9QcDBIRGlGcllCYWFBa1FFeG9tZWl5Ukk4TWZ2RlNBWXhmaVV4Y1UzTzJCQVlNM25IRnZSNHIzUHJhYjV2N1ZYcTQxM3FjZnZ1YVNzMTdSY1BYZVQ0YmFsUDBqNV8=&sso_reload=trueHTTP Parser: No favicon
      Source: https://hgbllc.net/?2t2086mac=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1yc2FsaW5hcyU0MHdjY3R4bGF3LmNvbSZjbGllbnQtcmVxdWVzdC1pZD03OThiOGExYy1lOWJkLTY3MGUtYjAyMC0xMjA3NmU2OTAwN2EmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NjU4MTk2MDExOTE0NjU1LjI1MGYxZTQ3LWNlMGMtNGQ1Yy05ZGEzLTI4ODYxZTU0MzYyMCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUtHZEFXWUtDLU5SREptaWtsUkliQk04dml6ZTMzMnRsRG9QcDBIRGlGcllCYWFBa1FFeG9tZWl5Ukk4TWZ2RlNBWXhmaVV4Y1UzTzJCQVlNM25IRnZSNHIzUHJhYjV2N1ZYcTQxM3FjZnZ1YVNzMTdSY1BYZVQ0YmFsUDBqNV8=&sso_reload=trueHTTP Parser: No favicon
      Source: https://hgbllc.net/?2t2086mac=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1yc2FsaW5hcyU0MHdjY3R4bGF3LmNvbSZjbGllbnQtcmVxdWVzdC1pZD03OThiOGExYy1lOWJkLTY3MGUtYjAyMC0xMjA3NmU2OTAwN2EmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NjU4MTk2MDExOTE0NjU1LjI1MGYxZTQ3LWNlMGMtNGQ1Yy05ZGEzLTI4ODYxZTU0MzYyMCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUtHZEFXWUtDLU5SREptaWtsUkliQk04dml6ZTMzMnRsRG9QcDBIRGlGcllCYWFBa1FFeG9tZWl5Ukk4TWZ2RlNBWXhmaVV4Y1UzTzJCQVlNM25IRnZSNHIzUHJhYjV2N1ZYcTQxM3FjZnZ1YVNzMTdSY1BYZVQ0YmFsUDBqNV8=&sso_reload=trueHTTP Parser: No <meta name="author".. found
      Source: https://hgbllc.net/?2t2086mac=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1yc2FsaW5hcyU0MHdjY3R4bGF3LmNvbSZjbGllbnQtcmVxdWVzdC1pZD03OThiOGExYy1lOWJkLTY3MGUtYjAyMC0xMjA3NmU2OTAwN2EmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NjU4MTk2MDExOTE0NjU1LjI1MGYxZTQ3LWNlMGMtNGQ1Yy05ZGEzLTI4ODYxZTU0MzYyMCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUtHZEFXWUtDLU5SREptaWtsUkliQk04dml6ZTMzMnRsRG9QcDBIRGlGcllCYWFBa1FFeG9tZWl5Ukk4TWZ2RlNBWXhmaVV4Y1UzTzJCQVlNM25IRnZSNHIzUHJhYjV2N1ZYcTQxM3FjZnZ1YVNzMTdSY1BYZVQ0YmFsUDBqNV8=&sso_reload=trueHTTP Parser: No <meta name="author".. found
      Source: https://hgbllc.net/?2t2086mac=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1yc2FsaW5hcyU0MHdjY3R4bGF3LmNvbSZjbGllbnQtcmVxdWVzdC1pZD03OThiOGExYy1lOWJkLTY3MGUtYjAyMC0xMjA3NmU2OTAwN2EmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NjU4MTk2MDExOTE0NjU1LjI1MGYxZTQ3LWNlMGMtNGQ1Yy05ZGEzLTI4ODYxZTU0MzYyMCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUtHZEFXWUtDLU5SREptaWtsUkliQk04dml6ZTMzMnRsRG9QcDBIRGlGcllCYWFBa1FFeG9tZWl5Ukk4TWZ2RlNBWXhmaVV4Y1UzTzJCQVlNM25IRnZSNHIzUHJhYjV2N1ZYcTQxM3FjZnZ1YVNzMTdSY1BYZVQ0YmFsUDBqNV8=&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
      Source: https://hgbllc.net/?2t2086mac=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1yc2FsaW5hcyU0MHdjY3R4bGF3LmNvbSZjbGllbnQtcmVxdWVzdC1pZD03OThiOGExYy1lOWJkLTY3MGUtYjAyMC0xMjA3NmU2OTAwN2EmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NjU4MTk2MDExOTE0NjU1LjI1MGYxZTQ3LWNlMGMtNGQ1Yy05ZGEzLTI4ODYxZTU0MzYyMCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUtHZEFXWUtDLU5SREptaWtsUkliQk04dml6ZTMzMnRsRG9QcDBIRGlGcllCYWFBa1FFeG9tZWl5Ukk4TWZ2RlNBWXhmaVV4Y1UzTzJCQVlNM25IRnZSNHIzUHJhYjV2N1ZYcTQxM3FjZnZ1YVNzMTdSY1BYZVQ0YmFsUDBqNV8=&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49707 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49711 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49724 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49787 version: TLS 1.2
      Source: chrome.exeMemory has grown: Private usage: 1MB later: 26MB
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficDNS traffic detected: DNS query: secure.adnxs.com
      Source: global trafficDNS traffic detected: DNS query: bluemarlinsmarine.com
      Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
      Source: global trafficDNS traffic detected: DNS query: www.google.com
      Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
      Source: global trafficDNS traffic detected: DNS query: hgbllc.net
      Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauth.net
      Source: global trafficDNS traffic detected: DNS query: outlook.office365.com
      Source: global trafficDNS traffic detected: DNS query: r4.res.office365.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
      Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
      Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
      Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
      Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
      Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
      Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
      Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
      Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
      Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
      Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
      Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
      Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
      Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
      Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
      Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
      Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49707 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49711 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49724 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49787 version: TLS 1.2
      Source: classification engineClassification label: mal64.phis.winPDF@36/67@23/205
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\11e0faf7-ec2d-4c4d-9665-6c88be47232c
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeFile created: C:\Users\user\AppData\Local\Temp\acrocef_low\d15ccf4e-78bf-441d-b51a-be60a816743f.tmp
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
      Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\scan1738761_rsalinas@wcctxlaw.com.pdf"
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1564 --field-trial-handle=1380,i,15601222788256969841,12118080085819300759,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://secure.adnxs.com/clktrb?id=273568&redir=https://bluemarlinsmarine.com/?yentvuvm&qrc=rsalinas@wcctxlaw.com
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1928,i,13231410723714603743,7428996741244498370,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
      Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1564 --field-trial-handle=1380,i,15601222788256969841,12118080085819300759,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 95A79FAC198ACFFD1C1FD9FC756D557C
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1928,i,13231410723714603743,7428996741244498370,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: scan1738761_rsalinas@wcctxlaw.com.pdfInitial sample: PDF keyword /JS count = 0
      Source: scan1738761_rsalinas@wcctxlaw.com.pdfInitial sample: PDF keyword /JavaScript count = 0
      Source: scan1738761_rsalinas@wcctxlaw.com.pdfInitial sample: PDF keyword /EmbeddedFile count = 0

      Persistence and Installation Behavior

      barindex
      AI detected landing page (webpage, office document or email)
      Source: PDF documentLLM: PDF document contains QR code
      AI detected suspicious URL
      Source: EmailJoeBoxAI: AI detected Brand spoofing attempt in URL: URL: https://hgbllc.net/?2t2086mac=aHR0c
      Source: EmailJoeBoxAI: AI detected suspicious URL: URL: https://hgbllc.net/?2t2086mac=aHR0c
      Source: EmailJoeBoxAI: AI detected Brand spoofing attempt in URL: URL: https://hgbllc.net/?2t2086mac=aHR0c
      Source: EmailJoeBoxAI: AI detected suspicious URL: URL: https://hgbllc.net/?2t2086mac=aHR0c
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformation

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire Infrastructure1
      Drive-by Compromise      		Windows Management Instrumentation2
      Browser Extensions      		1
      Process Injection      		1
      Masquerading      		OS Credential Dumping1
      Process Discovery      		Remote ServicesData from Local System2
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/Job1
      Registry Run Keys / Startup Folder      		1
      Registry Run Keys / Startup Folder      		1
      Process Injection      		LSASS Memory1
      System Information Discovery      		Remote Desktop ProtocolData from Removable Media1
      Non-Application Layer Protocol      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
      Extra Window Memory Injection      		1
      Extra Window Memory Injection      		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
      Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      No Antivirus matches

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      challenges.cloudflare.com
      		104.18.94.41
      		truefalse
        		unknown
        hgbllc.net
        		89.185.80.20
        		truetrue
          		unknown
          sni1gl.wpc.omegacdn.net
          		152.199.21.175
          		truefalse
            		unknown
            www.google.com
            		142.250.184.228
            		truefalse
              		unknown
              bluemarlinsmarine.com
              		89.185.80.20
              		truefalse
                		unknown
                s-part-0039.t-0009.t-msedge.net
                		13.107.246.67
                		truefalse
                  		unknown
                  ib.anycast.adnxs.com
                  		37.252.171.53
                  		truefalse
                    		unknown
                    FRA-efz.ms-acdc.office.com
                    		52.98.179.210
                    		truefalse
                      		unknown
                      default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
                      		84.201.210.37
                      		truefalse
                        		unknown
                        x1.i.lencr.org
                        		unknown
                        		unknownfalse
                          		unknown
                          r4.res.office365.com
                          		unknown
                          		unknownfalse
                            		unknown
                            aadcdn.msftauth.net
                            		unknown
                            		unknownfalse
                              		unknown
                              secure.adnxs.com
                              		unknown
                              		unknownfalse
                                		unknown
                                outlook.office365.com
                                		unknown
                                		unknownfalse
                                  		unknown

                                  Contacted URLs

                                  NameMaliciousAntivirus DetectionReputation
                                  https://bluemarlinsmarine.com/?yentvuvm=39c8f539f9b611afdf985b6c03334d8462c205395920295750560b887b0d149e030ea724e7393dcf12e144a98533a2670105061f783748a4da430a424b2a7049&qrc=rsalinas%40wcctxlaw.comfalse
                                    		unknown

                                    World Map of Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public IPs

                                    IPDomainCountryFlagASNASN NameMalicious
                                    52.98.179.210
                                    		FRA-efz.ms-acdc.office.comUnited States
                                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                    1.1.1.1
                                    		unknownAustralia
                                    		13335CLOUDFLARENETUSfalse
                                    74.125.133.84
                                    		unknownUnited States
                                    		15169GOOGLEUSfalse
                                    172.217.16.206
                                    		unknownUnited States
                                    		15169GOOGLEUSfalse
                                    184.28.88.176
                                    		unknownUnited States
                                    		16625AKAMAI-ASUSfalse
                                    13.107.246.67
                                    		s-part-0039.t-0009.t-msedge.netUnited States
                                    		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                    142.250.186.163
                                    		unknownUnited States
                                    		15169GOOGLEUSfalse
                                    104.18.94.41
                                    		challenges.cloudflare.comUnited States
                                    		13335CLOUDFLARENETUSfalse
                                    104.18.95.41
                                    		unknownUnited States
                                    		13335CLOUDFLARENETUSfalse
                                    89.185.80.20
                                    		hgbllc.netRussian Federation
                                    		41757OLIMP-SVYAZ-ASRUtrue
                                    2.23.197.184
                                    		unknownEuropean Union
                                    		1273CWVodafoneGroupPLCEUfalse
                                    93.184.221.240
                                    		unknownEuropean Union
                                    		15133EDGECASTUSfalse
                                    20.190.160.17
                                    		unknownUnited States
                                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                    239.255.255.250
                                    		unknownReserved
                                    		unknownunknownfalse
                                    142.250.185.131
                                    		unknownUnited States
                                    		15169GOOGLEUSfalse
                                    34.193.227.236
                                    		unknownUnited States
                                    		14618AMAZON-AESUSfalse
                                    142.250.184.228
                                    		www.google.comUnited States
                                    		15169GOOGLEUSfalse
                                    23.38.98.111
                                    		unknownUnited States
                                    		16625AKAMAI-ASUSfalse
                                    172.217.18.110
                                    		unknownUnited States
                                    		15169GOOGLEUSfalse
                                    37.252.171.53
                                    		ib.anycast.adnxs.comEuropean Union
                                    		29990ASN-APPNEXUSfalse
                                    172.64.41.3
                                    		unknownUnited States
                                    		13335CLOUDFLARENETUSfalse

                                    Private

                                    IP
                                    192.168.2.16

                                    General Information

                                    Joe Sandbox version:41.0.0 Charoite
                                    Analysis ID:1544776
                                    Start date and time:2024-10-29 18:25:38 +01:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:18
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • EGA enabled
                                    Analysis Mode:stream
                                    Analysis stop reason:Timeout
                                    Sample name:scan1738761_rsalinas@wcctxlaw.com.pdf
                                    Detection:MAL
                                    Classification:mal64.phis.winPDF@36/67@23/205
                                    Cookbook Comments:
                                    • Found application associated with file extension: .pdf

                                    Warnings

                                    • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
                                    • Excluded IPs from analysis (whitelisted): 2.19.126.137, 142.250.185.131, 172.217.16.206, 74.125.133.84, 184.28.88.176, 34.104.35.123, 34.193.227.236, 18.207.85.246, 54.144.73.197, 107.22.247.231, 172.64.41.3, 162.159.61.3, 2.23.197.184, 88.221.168.141, 93.184.221.240, 2.19.126.149, 2.19.126.143
                                    • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
                                    • Not all processes where analyzed, report is missing behavior information
                                    • VT rate limit hit for: scan1738761_rsalinas@wcctxlaw.com.pdf

                                    LLM Input / Output

                                    InputOutput
                                    URL: PDF document Model: claude-3-haiku-20240307
                                    ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Please use your smartphone camera to scan the QRcode below to access the documents.",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": true,
  "has_visible_qrcode": true
}
                                    URL: PDF document Model: claude-3-haiku-20240307
                                    ```json
{
  "brands": [
    "Microsoft Corporation"
  ]
}
                                    URL: https://bluemarlinsmarine.com/?yentvuvm=39c8f539f9b611afdf985b6c03334d8462c205395920295750560b887b0d149e030ea724e7393dcf12e144a98533a2670105061f783748a4da430a424b2a7049&qrc=rsalinas%40wcctxlaw.com Model: claude-3-haiku-20240307
                                    ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Please stand by, while we are checking if the site connection is secure",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": true,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                                    URL: Model: claude-3-5-sonnet-latest
                                    {
    "typosquatting": false,
    "unusual_query_string": true,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": true,
    "redirection": false,
    "contains_email_address": true,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}
                                    URL: URL: https://bluemarlinsmarine.com/?yentvuvm=39c8f539f9b611afdf985b6c03334d8462c205395920295750560b887b0d149e030ea724e7393dcf12e144a98533a2670105061f783748a4da430a424b2a7049&qrc=rsalinas%40wcctxlaw.com
                                    URL: https://bluemarlinsmarine.com/?yentvuvm=39c8f539f9b611afdf985b6c03334d8462c205395920295750560b887b0d149e030ea724e7393dcf12e144a98533a2670105061f783748a4da430a424b2a7049&qrc=rsalinas%40wcctxlaw.com Model: claude-3-haiku-20240307
                                    ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Please stand by, while we are checking if the site connection is secure",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": true,
  "has_visible_qrcode": false
}
                                    URL: https://bluemarlinsmarine.com/?yentvuvm=39c8f539f9b611afdf985b6c03334d8462c205395920295750560b887b0d149e030ea724e7393dcf12e144a98533a2670105061f783748a4da430a424b2a7049&qrc=rsalinas%40wcctxlaw.com Model: claude-3-haiku-20240307
                                    ```json
{
  "brands": [
    "Cloudflare"
  ]
}
                                    URL: https://bluemarlinsmarine.com/?yentvuvm=39c8f539f9b611afdf985b6c03334d8462c205395920295750560b887b0d149e030ea724e7393dcf12e144a98533a2670105061f783748a4da430a424b2a7049&qrc=rsalinas%40wcctxlaw.com Model: claude-3-haiku-20240307
                                    ```json
{
  "brands": [
    "Performance & Security"
  ]
}
                                    URL: Model: claude-3-5-sonnet-latest
                                    {
    "typosquatting": false,
    "unusual_query_string": true,
    "suspicious_tld": true,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": true,
    "redirection": true,
    "contains_email_address": true,
    "known_domain": false,
    "brand_spoofing_attempt": true,
    "third_party_hosting": true
}
                                    URL: URL: https://hgbllc.net/?2t2086mac=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1yc2FsaW5hcyU0MHdjY3R4bGF3LmNvbSZjbGllbnQtcmVxdWVzdC1pZD03OThiOGExYy1lOWJkLTY3MGUtYjAyMC0xMjA3NmU2OTAwN2EmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NjU4MTk2MDExOTE0NjU1LjI1MGYxZTQ3LWNlMGMtNGQ1Yy05ZGEzLTI4ODYxZTU0MzYyMCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUtHZEFXWUtDLU5SREptaWtsUkliQk04dml6ZTMzMnRsRG9QcDBIRGlGcllCYWFBa1FFeG9tZWl5Ukk4TWZ2RlNBWXhmaVV4Y1UzTzJCQVlNM25IRnZSNHIzUHJhYjV2N1ZYcTQxM3FjZnZ1YVNzMTdSY1BYZVQ0YmFsUDBqNV8=
                                    URL: https://hgbllc.net/?2t2086mac=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlP Model: claude-3-haiku-20240307
                                    ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Tired of seeing this? Rename your personal Microsoft account.",
  "prominent_button_name": "Sign in with another account",
  "text_input_field_labels": [
    "Work or school account",
    "Personal account"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                                    URL: Model: claude-3-5-sonnet-latest
                                    {
    "typosquatting": false,
    "unusual_query_string": true,
    "suspicious_tld": true,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": true,
    "redirection": true,
    "contains_email_address": true,
    "known_domain": false,
    "brand_spoofing_attempt": true,
    "third_party_hosting": true
}
                                    URL: URL: https://hgbllc.net/?2t2086mac=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1yc2FsaW5hcyU0MHdjY3R4bGF3LmNvbSZjbGllbnQtcmVxdWVzdC1pZD03OThiOGExYy1lOWJkLTY3MGUtYjAyMC0xMjA3NmU2OTAwN2EmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NjU4MTk2MDExOTE0NjU1LjI1MGYxZTQ3LWNlMGMtNGQ1Yy05ZGEzLTI4ODYxZTU0MzYyMCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUtHZEFXWUtDLU5SREptaWtsUkliQk04dml6ZTMzMnRsRG9QcDBIRGlGcllCYWFBa1FFeG9tZWl5Ukk4TWZ2RlNBWXhmaVV4Y1UzTzJCQVlNM25IRnZSNHIzUHJhYjV2N1ZYcTQxM3FjZnZ1YVNzMTdSY1BYZVQ0YmFsUDBqNV8=&sso_reload=true
                                    URL: https://hgbllc.net/?2t2086mac=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlP Model: claude-3-haiku-20240307
                                    ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Tired of seeing this? Rename your personal Microsoft account.",
  "prominent_button_name": "Sign in with another account",
  "text_input_field_labels": [
    "Work or school account",
    "Personal account"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                                    URL: https://hgbllc.net/?2t2086mac=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlP Model: claude-3-haiku-20240307
                                    ```json
{
  "brands": [
    "Microsoft"
  ]
}
                                    URL: https://hgbllc.net/?2t2086mac=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlP Model: claude-3-haiku-20240307
                                    ```json
{
  "brands": [
    "Microsoft"
  ]
}
                                    URL: https://hgbllc.net/?2t2086mac=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlP Model: claude-3-haiku-20240307
                                    ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Tired of seeing this? Rename your personal Microsoft account.",
  "prominent_button_name": "Sign in with another account",
  "text_input_field_labels": [
    "Work or school account",
    "Personal account"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                                    URL: https://hgbllc.net/?2t2086mac=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlP Model: claude-3-haiku-20240307
                                    ```json
{
  "brands": [
    "Microsoft"
  ]
}
                                    URL: Model: claude-3-5-sonnet-latest
                                    {
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}
                                    URL: URL: https://hgbllc.net

                                    Created / dropped Files

                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                    File Type:ASCII text
                                    Category:dropped
                                    Size (bytes):290
                                    Entropy (8bit):5.202991997377518
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:88D2F8B8EBF7F7B044D97A508A7A3206
                                    SHA1:8ABD066EEE6F60633903D7907C0FE244160336E2
                                    SHA-256:E1628774D70ABE6ABEDA6DD3FB00277B9BC0C4747BCC166AEDC9D006A49507E3
                                    SHA-512:BC39DAB0137A8B643B5D1795B95D1872A95D6172CA3B50606EF85C89BF9388FA47534DDE1F638279AE75E9672542FD6D2B802150831CBE79D86D8EEEDC3FF45F
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:2024/10/29-13:26:11.392 1a98 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/29-13:26:11.395 1a98 Recovering log #3.2024/10/29-13:26:11.396 1a98 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                    File Type:ASCII text
                                    Category:dropped
                                    Size (bytes):334
                                    Entropy (8bit):5.167443890820576
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:7D2F7BF5C53009659A5EBCB0E841B768
                                    SHA1:47B5539A52759707C5AF629AE72A75F0CD10053D
                                    SHA-256:E645FD05B5D848FF0B6B5C2D52ED30E6C2B11ACCF4E5E9655515C690AF61FC4D
                                    SHA-512:621623E4853AC0D8878111C14297AC8C71F15CA1553D8B84F3F5325C3F0397BFB0E2911663096272AB92C517AF1C993F2D4E42031E7FFC5A3D6A075D29F3BBAA
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:2024/10/29-13:26:11.281 1be4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/29-13:26:11.287 1be4 Recovering log #3.2024/10/29-13:26:11.288 1be4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\4f977b8b-ac9e-47d1-8337-334bf4f37bfe.tmp

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                    File Type:JSON data
                                    Category:modified
                                    Size (bytes):403
                                    Entropy (8bit):4.953858338552356
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:4C313FE514B5F4E7E89329630909F8DC
                                    SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                                    SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                                    SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\50996a5c-3988-4f31-adf3-4f5776fed0b5.tmp

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):403
                                    Entropy (8bit):4.9845169629238795
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:FAF3AC43979D56058A33717B2E6658CD
                                    SHA1:25980CD08038633F5E8DD37663FF4375DA97CA51
                                    SHA-256:ACF4F1FCCB0847DD8A7123175909D7C9E6F3D23E5457D94BA1C92CDD626344DF
                                    SHA-512:DB9BD522D10B8C6A4E8F8392F20417BD5148D4D1EE3E98DA13D96C3EF063EEEC909959EC3BAED4E9FDC8105F7D1B6F72D01D4B8AD43E58BD5A9235016E15B40F
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374782777087917","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":238704},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):0
                                    Entropy (8bit):0.0
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:4C313FE514B5F4E7E89329630909F8DC
                                    SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                                    SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                                    SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF5fe2e0.TMP (copy)

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):0
                                    Entropy (8bit):0.0
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:4C313FE514B5F4E7E89329630909F8DC
                                    SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                                    SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                                    SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):4099
                                    Entropy (8bit):5.226591464711226
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:7AE602FD0B8073B6D58208BFA772182E
                                    SHA1:3E2C34B718E0A2FE4F1091816B84D083706DC129
                                    SHA-256:E1FECA1C6268DCFCC97C2639A5A60AC82CAB9FD19E211240B3DB0C6D90422F5F
                                    SHA-512:696783E8E36F0B98302CC3B295B40A3B60D4995435E5F83E4280D9B67A2FB77287F1FD7894A5C9595ED12478DD1EE0B520BC0F6001371DED2DA24EE4F7649D49
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                    File Type:ASCII text
                                    Category:dropped
                                    Size (bytes):322
                                    Entropy (8bit):5.147864255217131
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:0C032AB0B0F7DE68FB98249C2C516AEA
                                    SHA1:6794F1583ACFC540DFB70D734FBE6E94822F191D
                                    SHA-256:DC04B382EDB3D0451EE54F30069729D76EA7FB0247DDB3E1111AC381BB3371D2
                                    SHA-512:29FBC50D0E40E35E7B23066248D56FBE887DE280847807FD757363D51EAA98FACF841077CB6CD44BD12830732CF68458120E78B34BA662845228FDAAA41B6F28
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:2024/10/29-13:26:11.430 1be4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/29-13:26:11.431 1be4 Recovering log #3.2024/10/29-13:26:11.433 1be4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241029172615Z-171.bmp

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                                    Category:dropped
                                    Size (bytes):65110
                                    Entropy (8bit):0.6383570235423172
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:A386063196038B218119B1204F311641
                                    SHA1:FAC548765BEE350E3C828FF85AF48042EE823500
                                    SHA-256:9440DD78C4F76BC2ACEC3E9F6287F3317503D954F847DC17D30F4C605B99E723
                                    SHA-512:161775F56058DD8FE22FE25F41BA458CE4FEFFF514B843E40FC134EC9BFDAE7815348B918E1BC39D348142980C921FB1C5551876D894E02A2B4C5B54478D8E7C
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                                    Category:dropped
                                    Size (bytes):57344
                                    Entropy (8bit):3.291927920232006
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
                                    SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
                                    SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
                                    SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:SQLite Rollback Journal
                                    Category:dropped
                                    Size (bytes):16928
                                    Entropy (8bit):1.2145522081892972
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:F71D51AB61980D5F0BDAD156E1078A08
                                    SHA1:5EAAE6A13273E42DFA1306B072F193D06324821B
                                    SHA-256:17DE6E091CC7CCC50993174BB66800A2C44F523B8F07F9233FB87F22172A85BE
                                    SHA-512:98ED940776117F8633F0DCA659835A96BE40245F49142F48AEBF9478E9FCB332D7EC6CF8EC8EF3E3EBBC3EF0756675A7C5FB8C328CF4F75AD0D0F0F3363E14A4
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:.... .c........M........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                    File Type:Certificate, Version=3
                                    Category:dropped
                                    Size (bytes):1391
                                    Entropy (8bit):7.705940075877404
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                    SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                    SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                    SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                    File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                    Category:dropped
                                    Size (bytes):71954
                                    Entropy (8bit):7.996617769952133
                                    Encrypted:true
                                    SSDEEP:
                                    MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                    SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                    SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                    SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):192
                                    Entropy (8bit):2.7647458239154146
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:52E503E5D4A25F59FE9167B31A7F4BFA
                                    SHA1:14C238B58DA9FCE808737662E5DA17025F3D2B87
                                    SHA-256:7FCB8A350C2C0DA92EC211D7865FB4D99BE4B56C6AE8E518354023A9652F0DF4
                                    SHA-512:9E104878AE2E80FA459799E383897BD9B287FD30460BBFF93FEB8F1640301878749FCEBD10F2EBC63EA275161AE1B3342BB41CD226A8735715CA1A696408C537
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:p...... ........Q.S.'*..(....................................................... ..........W....5*..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                    File Type:data
                                    Category:modified
                                    Size (bytes):328
                                    Entropy (8bit):3.150184159866505
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:841DB0C3136345433B17223B6331279A
                                    SHA1:0E97201C8A422E1F23FBC094F31F678806CCBC65
                                    SHA-256:7275B5A10B7E5C109F99FFA08D973EECC42549D7C6F7CBB5295C66AE92829BE2
                                    SHA-512:3D6804D20F056AD3D2152852C7038E4D0AB6005D2C2D8AFEEAC09135DAC9B97FC9C5AA1011ACA3D50134AA27205F70125F7928D473CD6EE9F2694BBEDF161399
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:p...... ...........'*..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):295
                                    Entropy (8bit):5.3683287814841885
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:12F1EC42675F9670E69A0AE4357CC2DB
                                    SHA1:DB9514F78CF2D8A18C0C1E60A783D1FD831F0FBD
                                    SHA-256:783CD3EFA4D3A356EE610DCF5F21298EDB670BAD7E033A1E62AB8D35242A94E1
                                    SHA-512:A61379927209907FF1814A4BA23C0F3A430A9E571E3173F1B5ED51594AB0B4B14C510C4AABDFD46856433DDF7E7A2977DB930B7C1668BD4700FA8572A8A7D046
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:{"analyticsData":{"responseGUID":"f93a5ea8-d073-42e5-8480-9a1df528d521","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730401802432,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):294
                                    Entropy (8bit):5.316516839761178
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:3782B7C8F1D48E4B9332ED750D3A3ACE
                                    SHA1:2A52E2297463D67ED215027E5CAA0BCF3BFFED6A
                                    SHA-256:06366B3FA5D678BA23C33863BFDAA7EAA266621ADF38FB0F7E80421A6FF5592C
                                    SHA-512:59871B4259FDA3721E0821CC88DF2853B12BF601EFE58562D047C8272B80DF30F0B4DCA1DFB507382259771FD288F8BBA362BCDD1D815B44E8BAEDA50CFAC5D1
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:{"analyticsData":{"responseGUID":"f93a5ea8-d073-42e5-8480-9a1df528d521","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730401802432,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):294
                                    Entropy (8bit):5.296003408898581
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:CE760975FE8CCCE64847700D4771E6F5
                                    SHA1:6B76409DEC2A5E98CA2D57B18F9AECF185A03B2A
                                    SHA-256:CA7B5C9548781B02093A5FBD39C0077DD7B49FD8F58F072CB22E8F70E2938D00
                                    SHA-512:866AB9F653CD261610BE0880488CAB11A6F0D695BC573DC03DD17B0C78A2CCB5FF89939EC8A525B7FCFA9A89217AE3A4AC04AB914EA8BD3F9F9DCA236F148D72
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:{"analyticsData":{"responseGUID":"f93a5ea8-d073-42e5-8480-9a1df528d521","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730401802432,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):285
                                    Entropy (8bit):5.356883194617008
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:14D5E83827C99782B4EDE710BDC19363
                                    SHA1:3AC076DADF77E3005EB07492DE209C4798819C5A
                                    SHA-256:B93DF3C95E2C2020A11BFA7202AC4AEDBCD0E9BFAFEF2310579A1C50DDBA7B7F
                                    SHA-512:6B90259B52E2BB7D41C028309560C83BD56199365B57843B662D0DED39E998C7690D28A159D43C30E4F4F8A61001DAA58347E060ADA22294CB2C7A8FE04D2A89
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:{"analyticsData":{"responseGUID":"f93a5ea8-d073-42e5-8480-9a1df528d521","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730401802432,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):1055
                                    Entropy (8bit):5.660339280038152
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:130920EB5855A149CA0494F3C555AD29
                                    SHA1:8E75E60477A9F01176C824826922AAF77DB4CFE2
                                    SHA-256:EC38A0396159EDED23585427411D6F2D23B06FBA07AC12EAD8A129D1952CEF6E
                                    SHA-512:0D5CEFA645D9DFBB11674280D37332601283CFDEB1AFE6D23118F0FA143701CA7B29C4AEE7B849DB1E107BE6B3B3F6B90863D1F3ADD94C2BF4B0474BD14B1577
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:{"analyticsData":{"responseGUID":"f93a5ea8-d073-42e5-8480-9a1df528d521","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730401802432,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_1","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"eb1a4bce-8215-46f1-b44c-154b21a85d60","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingScheme":tr

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):1050
                                    Entropy (8bit):5.654101968376564
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:ED6AB65B504063CEC719BACC4888D159
                                    SHA1:E72446ED69572F38199B9F189AA24F8C0E8E14EE
                                    SHA-256:E0E425977DAD1BA0FF68EBCAB8B5189B19576A288FCFDC886B666ED62101989D
                                    SHA-512:2CEA8770772D453A974E96FDD9D359B779988B8A8DA8D1BB8444EC87487CAD0BDB7177615BEE682BDA910053660EA722146B2BAD734A980DE65332B35476D155
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:{"analyticsData":{"responseGUID":"f93a5ea8-d073-42e5-8480-9a1df528d521","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730401802432,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):292
                                    Entropy (8bit):5.306156175518575
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:632650A1DB8AB4185017B8A0FBB4F1E3
                                    SHA1:8808EF1322022B8EB9D2A8B6B7E1F0AF5D7FA1C2
                                    SHA-256:913D63F5B29128AF44024B160A52C1838BC08393E1ABB585F3080F8FBCA48167
                                    SHA-512:5AA1B22786958FD70111FA8037B9399C1685D33F7BC8AD018B49F1D567DD656AC0747C878405A7D07629333B622C7E2BC154A3A93E75B47BD48C5DDC73BC7E60
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:{"analyticsData":{"responseGUID":"f93a5ea8-d073-42e5-8480-9a1df528d521","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730401802432,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):1038
                                    Entropy (8bit):5.646883617313706
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:FE1C71E11243441F1C817150819B1529
                                    SHA1:86E060DF91C93AA5F61FAFF25A48B8D848D7E632
                                    SHA-256:AE05A1CC05E2337CE5422B471A33DC44546470AF971BC097FDC8B219B1CE9B99
                                    SHA-512:64FE16674DA5CDB22FBB53551352A1AA713F24A072FAFBE51116862BAA7F84C9CB13B296DC47E1CE7095F9C26C0571B55474022E1B36321FC1D29058BA4FCA03
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:{"analyticsData":{"responseGUID":"f93a5ea8-d073-42e5-8480-9a1df528d521","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730401802432,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):1164
                                    Entropy (8bit):5.698757639766506
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:0E9EF0FCF0D95B212E7D14789782F580
                                    SHA1:69B907C0E8B8C81FE8A9413967A7F3B8B54A0ADF
                                    SHA-256:653B6CBE4BCA2B71D4D4AC6A77650D0C2364A111E60BF414ADBD0240E6B65804
                                    SHA-512:7E7E468AC8AA94313D1966E1D69AA95550D08907697FF396DBE2F653A07FF2B8977AC6328D7275EDAB30EFF69DEB0EBA7DB027BAD560176D863B25EF69839873
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:{"analyticsData":{"responseGUID":"f93a5ea8-d073-42e5-8480-9a1df528d521","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730401802432,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):289
                                    Entropy (8bit):5.308481304953843
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:C6B05E9714CC6456C742A44EEC470964
                                    SHA1:0BA602E3018FD2F5B4626A5E3725CBE8E5B78961
                                    SHA-256:3B0DD5F30CB55DF3CED4E609D0811F83B72BE063870B4AE8AFB1E3B61744CC3A
                                    SHA-512:3FC3596F38E880158C8283E7B6562C8B7693DA27CB39F79B5E5853847CFBEDA62888BC4EE60031820EB15D9918F1BECA14419607E4A1859DB95E38C6F34CB083
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:{"analyticsData":{"responseGUID":"f93a5ea8-d073-42e5-8480-9a1df528d521","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730401802432,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):1395
                                    Entropy (8bit):5.774729286193082
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:3A565D67158B2B7A6F2FDE38B89F5B66
                                    SHA1:89C4D8B123BDF6AD52E2DAA26F56D09EB7A8F066
                                    SHA-256:A84E77D09CCF838C9C3C27BDAF1297CCD434723A96AB7427652B0428053152A0
                                    SHA-512:BA116180836E3FE22034B4628B3A8585AF9D849039B7A95C55AEEEFA1CDACA64CF31EB188AAF17005CE1FC0439BC346DE895CE1538DC6F9A0871A26E844C772C
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:{"analyticsData":{"responseGUID":"f93a5ea8-d073-42e5-8480-9a1df528d521","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730401802432,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):291
                                    Entropy (8bit):5.29197011187201
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:D9DEF15791D63933F0990056BB22CAF1
                                    SHA1:F90DA1C11A81607FD4992C04938C19590DC781B9
                                    SHA-256:41BBE4C7A33658A035CC4B11B5366257A1B37D2B902386CBACFEF90A31F3B984
                                    SHA-512:0679A42C8F3D21DD3CF9844E37637AEE81C824092A2DE4D8034482093874C7A7153C3DE06B41FCB731E8A6EF0A4D4B7B78EB3D9B746E05E49F1F35DB3797F8C4
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:{"analyticsData":{"responseGUID":"f93a5ea8-d073-42e5-8480-9a1df528d521","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730401802432,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):287
                                    Entropy (8bit):5.2957646916986265
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:723792A309D3A26E8B0023D00E8B0593
                                    SHA1:04ECBAB1C4FDF2CA0F0011EBCB3FD56A2AE26E69
                                    SHA-256:F16C521170A174110EC5EBA101B4B41917B8C98F3EC59254CAB1301394833C5B
                                    SHA-512:6B816A901CEFA6C93FA2500A1DB5C07A5AC34F41EBA4EACF42EE224CF0A92F533630D6DEDC501D63AE3C36C29DBC4CCC98D54E03DD231FEAC3DC982EFA47C4CB
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:{"analyticsData":{"responseGUID":"f93a5ea8-d073-42e5-8480-9a1df528d521","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730401802432,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):1026
                                    Entropy (8bit):5.630845999151043
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:DB94C05269740A8F3F902C1D65322FD2
                                    SHA1:40B8168CBCB47501E30CDE2B9A93C8E2AC0382C7
                                    SHA-256:C1C38D256A40A626D590680EEF65B97848C6B54A190A519E479E3AA34833A202
                                    SHA-512:A8D68BBED444FF471AB486167577AB6A09AC5AF6E83B25487953243CDFB986FEF13A347C91262F3F1EBE1FCDFBA728D8070B3F5AE527A78FD4FCFAA4F9B8276E
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:{"analyticsData":{"responseGUID":"f93a5ea8-d073-42e5-8480-9a1df528d521","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730401802432,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_0","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"6291f52b-6cb0-4d31-bc46-37ce85e9eb25","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1751323379000,"s

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):286
                                    Entropy (8bit):5.270290925083881
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:4A9E32602699E09B3B78934433400A26
                                    SHA1:643DD63BE8F428EA8919AC54900F13DD914E90E3
                                    SHA-256:2B5FE57CE0511DB1CF10C95C150FB044D24F4235181E4B4123BE2E4B065CF797
                                    SHA-512:B2D6EB3031425F2FB491504A5C6F71464F594960322D36881FEFC6AD3456FE93B561FDA0E6993CDF3F02F10713636F0605AE94A736813B37188E077EC74CD38B
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:{"analyticsData":{"responseGUID":"f93a5ea8-d073-42e5-8480-9a1df528d521","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730401802432,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):782
                                    Entropy (8bit):5.366837131822207
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:FA2E4C1AD52005C5C67B88F8E80BD352
                                    SHA1:321966386DC6CB0214A9599D9770DBAAAB1E478B
                                    SHA-256:17C7E31053FF80CFD2942A73290321019994246EDE99BF029C4C48613FB001EE
                                    SHA-512:200F05357F75F997FC8823E267DAA4EE70145991814C741CA44588CD0D2A5805FEF2C06A9BA715F789BE429F08408AC3D0A03E968816BEEE7C5F2371B62D9ADF
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:{"analyticsData":{"responseGUID":"f93a5ea8-d073-42e5-8480-9a1df528d521","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730401802432,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1730222777465}}}}

                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):2818
                                    Entropy (8bit):5.107855918763911
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:CD0578488141B228AEF1A4C97FB6A371
                                    SHA1:72FF1801F0E362D2879977740EEE454A78395DDF
                                    SHA-256:CB839B5B8A5D8E6F9870096CBBBC66A913495E3313807181113AA3F88E761F19
                                    SHA-512:3885734F0672EBEB62382EFF9CF8638F4E517FD4DD329A1C92D6A2158328FCF728DBC7143DF8A25347623DBEFBB4697DB2BCEF4E417A6BA161230CF5B6D74990
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"68d71950fa8250bed786fcb352ce569a","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1730222777000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"fcd74896a8045116d86e2533613c4f07","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1026,"ts":1730222777000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"54cd8e9d5e939a8126d0540dd195a747","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1730222777000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"14543ef58f0a25b1c6151da0cfd73070","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1055,"ts":1730222777000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"d394e5700e0c119de05e341ca3fc4076","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1730222777000},{"id":"Edit_InApp_Aug2020","info":{"dg":"e32b49c92e7476c42ec5b4a98827658b","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

                                    C:\Users\user\AppData\Local\Temp\MSIed661.LOG

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):246
                                    Entropy (8bit):3.5290539708135844
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:C6911F592A0FACB12A56A7A1E721548F
                                    SHA1:F0D0EE4D1B1E8E80D03683C25DE443E8F969618C
                                    SHA-256:C3E17B5B163ADC1267DCC2E222FB6C7698A8308D99D241E367AB51018D8052EE
                                    SHA-512:8172BEEDC6330C5401691FE2810E3AD23CDA175DA318A60164EAAA9EE3BF5E3F4A9891832821EB2FDFB4D346A42BA3B2EAC1A39C2A059F8B4E7CC2A6B856775F
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.9./.1.0./.2.0.2.4. . .1.3.:.2.6.:.1.8. .=.=.=.....

                                    C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):29752
                                    Entropy (8bit):5.419344102654075
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:EBA9C7F59F05B33156DAC4A61C862DBA
                                    SHA1:821ECAD5A91CE50853B207A5F7DB1484D9BC6C90
                                    SHA-256:EED4BA9D2527BFE97453AB096BC0CC90451C809C1B3BF46909F9AA9F936251EA
                                    SHA-512:A1DC7E589CB34ED1FE2A07D5B98407A89041D9F1A22AA765F75CBF913E65B8E12386B2D16A88F1063C8B475FDA159D095B1FD5F5843F7266F6FEF43D0EB6E9E3
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

                                    C:\Users\user\AppData\Local\Temp\acrocef_low\0567f49f-b366-4233-a838-9470da337277.tmp

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                    Category:dropped
                                    Size (bytes):758601
                                    Entropy (8bit):7.98639316555857
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:3A49135134665364308390AC398006F1
                                    SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                    SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                    SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                    C:\Users\user\AppData\Local\Temp\acrocef_low\4237a250-3d5c-4ea1-a8a3-141b82e319cb.tmp

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                    Category:dropped
                                    Size (bytes):1407294
                                    Entropy (8bit):7.97605879016224
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                                    SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                                    SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                                    SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                    C:\Users\user\AppData\Local\Temp\acrocef_low\c498e6ca-eba9-427b-af82-32734c3100dd.tmp

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                    Category:dropped
                                    Size (bytes):386528
                                    Entropy (8bit):7.9736851559892425
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                    SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                    SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                    SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                    C:\Users\user\AppData\Local\Temp\acrocef_low\d15ccf4e-78bf-441d-b51a-be60a816743f.tmp

                                    Download File
                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                    Category:dropped
                                    Size (bytes):1419751
                                    Entropy (8bit):7.976496077007677
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:E787F9888A1628BE8234F19E8EE26D68
                                    SHA1:44D5180C06ADBBDAADDBCE350CE4DEC997CD83E5
                                    SHA-256:3A09F3799148DA49F039A35AEDD22F368FB35B8D6022C4691C10606F704DAF80
                                    SHA-512:EE9B602898706CC0F33AA570E29A79A58ED748E1B738D74DF0C8C8DF193E23421B47AC8C862623ED774289D94FA90662A4CC436B80479D6420433D81752E9CA9
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 16:26:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                    Category:dropped
                                    Size (bytes):2673
                                    Entropy (8bit):3.986901800736219
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:3F920DA9A4BF300FE07CD9DCC078CAFE
                                    SHA1:DA88A03C95D87A5DAD9E3672CF1D7E4D4EBECFE4
                                    SHA-256:E28AB91B058AD09D3F73981815F85E06BE72CA61A6274BAAC6968D139D705EFA
                                    SHA-512:8AA07263C99C8EE722B973093368EEB701BB9AF3765C84E695D1B038FB13AB31F924F95F4E34BB53BC400DA84EBFA2CA5E315FD53D6D635900E171245988F063
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:L..................F.@.. ...$+.,.....`.'*..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I]Y:.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]YF.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]YF.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]YF............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V]YH............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..........._X.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 16:26:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                    Category:dropped
                                    Size (bytes):2675
                                    Entropy (8bit):4.003512329214694
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:3C8BDF1C76FF61FEDC5A9D5007D86CC6
                                    SHA1:D1C2FA651DDC47663ED3995F807758850C3D05F9
                                    SHA-256:32CE539BB4E76517CE4414D0BA8D2207B551FC37E33ECB877F0E53FD3D645EF4
                                    SHA-512:7ACEE5312C9FEFE21230F5AE86863D8B7BD3D36FB3EE37741772CE9DB7D9E1CB86F57C0E536ABE22818971B3281B029E9B08A9D81E035A84FECBEF42D2867012
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:L..................F.@.. ...$+.,.......'*..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I]Y:.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]YF.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]YF.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]YF............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V]YH............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..........._X.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                    Category:dropped
                                    Size (bytes):2689
                                    Entropy (8bit):4.011122915627418
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:8D607A601E50C8B052E820DCE05572D1
                                    SHA1:7081C8BE2B14884CDDC67924F84D4106B707336B
                                    SHA-256:DCA09595D6B0850951B1BFF9DD9635DF6AB9AB76D43686084974C86B0054BCA0
                                    SHA-512:FF2665220EAB256BED27123F757E71AC72117AAA22DD3E663A75C0D7E03475B6760416DFABB12AF0CB0542448600495B7D1B72BDDADFB43F319B994F75410FFB
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I]Y:.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]YF.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]YF.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]YF............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..........._X.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 16:26:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                    Category:dropped
                                    Size (bytes):2677
                                    Entropy (8bit):4.002138457227708
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:A106E9C583EF891958751BFEA882520E
                                    SHA1:C1459043394545126DD8AABDC6C4B4A31D081254
                                    SHA-256:19DFF264B5A60FDD467B6973C47DFB955A4E2311AF8BAE5281A3803A538EE542
                                    SHA-512:9E2D0045E0A0007E9324FE7E62B50455E0B457D95F7FCD4FB28234686E798A18AE5F43B53881705408493856C603CCF7B5DBB918FAE1BD87036DDD8293BE34D4
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:L..................F.@.. ...$+.,.......'*..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I]Y:.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]YF.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]YF.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]YF............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V]YH............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..........._X.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 16:26:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                    Category:dropped
                                    Size (bytes):2677
                                    Entropy (8bit):3.989361485782627
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:A47309116CFCE2ECD66ED3AADA1862B5
                                    SHA1:4AD0DFB118593F01A2C40C6B2A95489E32C589ED
                                    SHA-256:9BD779ACA5E11035A894FCF0A522232583D68793BCFD609A478933B0F49FCDB7
                                    SHA-512:EEF3A240009A394C9779F5899747B38014A6F50B3ABEF24D592929FC0844D547503C93B76E48D2CFA9C67DE83F8C95252CC397A7C2A0465BE155B602FDB921C1
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:L..................F.@.. ...$+.,....8m.'*..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I]Y:.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]YF.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]YF.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]YF............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V]YH............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..........._X.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 16:26:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                    Category:dropped
                                    Size (bytes):2679
                                    Entropy (8bit):3.9993059453934796
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:4D88CA43BE18BC6513D0E72EEDFF2F1E
                                    SHA1:E97A33CDE21411A471C492CA21A05041EE27133A
                                    SHA-256:8D1B129EE5782CB08EC4DEA2458615A0D93123A85AE1BBE5BC802B5DED7BC26D
                                    SHA-512:D74CCCA9A974AE268488DCBA8154ED49A4B2295825BF716512C1886F6DCCEAEB327C09D2C958BA6D2F9B119455078C26895E4FB952A023A7EAC8A974D2E087B2
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:L..................F.@.. ...$+.,.....<.'*..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I]Y:.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]YF.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]YF.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]YF............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V]YH............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..........._X.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                    Chrome Cache Entry: 177

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.2.9], baseline, precision 8, 50x28, components 3
                                    Category:downloaded
                                    Size (bytes):987
                                    Entropy (8bit):6.922003634904799
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:E58AAFC980614A9CD7796BEA7B5EA8F0
                                    SHA1:D4CAC92DCDE0CAF7C571E6D791101DA94FDBD2CA
                                    SHA-256:8B34A475187302935336BF43A2BF2A4E0ADB9A1E87953EA51F6FCF0EF52A4A1D
                                    SHA-512:2DAC06596A11263DF1CFAB03EDA26D0A67B9A4C3BAA6FB6129CDBF0A157C648F5B0F5859B5CA689EFDF80F946BF4D854BA2B2C66877C5CE3897D72148741FCC9
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://hgbllc.net/aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg
                                    Preview:......JFIF.....H.H.....fExif..MM.*.................>...........F.(...........1.........N.......H.......H....paint.net 4.2.9....C....................................................................C.........................................................................2..!............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......[.4..lz.....K.S..p.>.9.r9j..'.\.qrW..mo...X9ZV<./x...EX...m.Prj..A.EtG...K..mr....Lc.T.*8...nlY.V.{6...*R...]..(.y...)^.5V.IVO.W.B.19.R\...f.U.....'..S:..k.6..*).f.n._3*....}.y.8.EusH..y.`.mA...W.}...bL..:..b.<f..(lH#R....v._...........9N~S..

                                    Chrome Cache Entry: 178

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (47531)
                                    Category:downloaded
                                    Size (bytes):47532
                                    Entropy (8bit):5.399631966931825
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:808A57CAE0B6FEE71F46EFDDED44B348
                                    SHA1:DD570A24C8BDA1B391AA1DDEA6004125818E579A
                                    SHA-256:5B75AC6F98994352699841DFFA6E562725EBBD0005C539946AD3625EC550EB0F
                                    SHA-512:3F06DFBFDEDE9BB4270EB1BBBE29FFBDB6E19DC0AA8234E1A2B92D84F0737555031231965151EFC386510193343985BCEC63062484BBD8EC0540A94A0109B765
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://challenges.cloudflare.com/turnstile/v0/g/f2bbd6738e15/api.js
                                    Preview:"use strict";(function(){function Wt(e,r,n,o,c,l,h){try{var p=e[l](h),f=p.value}catch(s){n(s);return}p.done?r(f):Promise.resolve(f).then(o,c)}function Ht(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var l=e.apply(r,n);function h(f){Wt(l,o,c,h,p,"next",f)}function p(f){Wt(l,o,c,h,p,"throw",f)}h(void 0)})}}function V(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):V(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Ar(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

                                    Chrome Cache Entry: 179

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (65536), with no line terminators
                                    Category:downloaded
                                    Size (bytes):232394
                                    Entropy (8bit):5.54543362321178
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:AF8D946B64D139A380CF3A1C27BDBEB0
                                    SHA1:C76845B6FFEAF14450795C550260EB618ABD60AB
                                    SHA-256:37619B16288166CC76403F0B7DF6586349B2D5628DE00D5850C815D019B17904
                                    SHA-512:C5CFB514F993310676E834C8A5477576BD57C82A8665387F9909BA0D4C3C2DE693E738ACAA74E7B4CA20894EA2FEEA5CF9A2428767D03FE1DE9C84538FDC3EE9
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://r4.res.office365.com/owa/prem/15.20.8093.32/resources/styles/0/boot.worldwide.mouse.css
                                    Preview:.feedbackList{-webkit-animation-duration:.17s;-moz-animation-duration:.17s;animation-duration:.17s;-webkit-animation-name:feedbackListFrames;-moz-animation-name:feedbackListFrames;animation-name:feedbackListFrames;-webkit-animation-fill-mode:both;-moz-animation-fill-mode:both;animation-fill-mode:both}@-webkit-keyframes feedbackListFrames{from{-webkit-transform:scale(1,1);transform:scale(1,1);-webkit-animation-timing-function:cubic-bezier(.33,0,.67,1);animation-timing-function:cubic-bezier(.33,0,.67,1)}to{-webkit-transform:scale(1.03,1.03);transform:scale(1.03,1.03)}}@-moz-keyframes feedbackListFrames{from{-moz-transform:scale(1,1);transform:scale(1,1);-moz-animation-timing-function:cubic-bezier(.33,0,.67,1);animation-timing-function:cubic-bezier(.33,0,.67,1)}to{-moz-transform:scale(1.03,1.03);transform:scale(1.03,1.03)}}@keyframes feedbackListFrames{from{-webkit-transform:scale(1,1);-moz-transform:scale(1,1);transform:scale(1,1);-webkit-animation-timing-function:cubic-bezier(.33,0,.67,

                                    Chrome Cache Entry: 180

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:PNG image data, 342 x 72, 8-bit/color RGBA, non-interlaced
                                    Category:downloaded
                                    Size (bytes):5139
                                    Entropy (8bit):7.865234009830226
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:8B36337037CFF88C3DF203BB73D58E41
                                    SHA1:1ADA36FA207B8B96B2A5F55078BFE2A97ACEAD0E
                                    SHA-256:E4E1E65871749D18AEA150643C07E0AAB2057DA057C6C57EC1C3C43580E1C898
                                    SHA-512:97D8CC97C4577631D8D58C0D9276EE55E4B80128080220F77E01E45385C20FE55D208122A8DFA5DADCB87543B1BC291B98DBBA44E8A2BA90D17C638C15D48793
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://hgbllc.net/aadcdn.msauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png
                                    Preview:.PNG........IHDR...V...H.............tEXtSoftware.Adobe ImageReadyq.e<...%iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 21.0 (Macintosh)" xmpMM:InstanceID="xmp.iid:DB120779422011EA9888910153D3A5E6" xmpMM:DocumentID="xmp.did:DB12077A422011EA9888910153D3A5E6"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:DB120777422011EA9888910153D3A5E6" stRef:documentID="xmp.did:DB120778422011EA9888910153D3A5E6"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>P.WI....IDATx..]]l.......(.5.K0P..0...E.qT..J X)F.(5X....J.}(m.R5.Q...RUEUPU~.....qp@.b......L...k.m"0......"c.3

                                    Chrome Cache Entry: 181

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:GIF image data, version 89a, 352 x 3
                                    Category:dropped
                                    Size (bytes):2672
                                    Entropy (8bit):6.640973516071413
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:166DE53471265253AB3A456DEFE6DA23
                                    SHA1:17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D
                                    SHA-256:A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
                                    SHA-512:80978C1D262BC225A8BA1758DF546E27B5BE8D84CBCF7E6044910E5E05E04AFFEFEC3C0DA0818145EB8A917E1A8D90F4BAC833B64A1F6DE97AD3D5FC80A02308
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:GIF89a`............!..NETSCAPE2.0.....!.......,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....0.............<....[.\K8j.tr.g..!.......,....3............^;.*..\UK.]\.%.V.c...!.......,....7........`....lo...[.a..*Rw~i...!.......,....;........h.....l.G-.[K.,_XA]..'g..!.......,....?........i.....g....Z.}..)..u...F..!.......,....C...............P.,nt^.i....Xq...i..!.......,....F...........{^b....n.y..i...\C.-...!.......,....H..............R...o....h.xV!.z#...!.......,"...L.............r.jY..w~aP(.......[i...!.......,(...N.............r....w.aP.j.'.)Y..S..!.......,....H.........`......hew..9`.%z.xVeS..!.......,5...A.........`...\m.Vmtzw.}.d.%...Q..!.......,9...=.........h......3S..s.-W8m...Q..!.......,A...5.........h.....N...:..!..U..!.......,H.............h....M.x...f.i.4..!.......,O...'.........i...tp......(..!.......,X.............j...@.x....!.......,].............j..L..3em..!.......,e.............`......!.......,n..............{i..!..

                                    Chrome Cache Entry: 182

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
                                    Category:downloaded
                                    Size (bytes):1435
                                    Entropy (8bit):7.8613342322590265
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:9F368BC4580FED907775F31C6B26D6CF
                                    SHA1:E393A40B3E337F43057EEE3DE189F197AB056451
                                    SHA-256:7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
                                    SHA-512:0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://hgbllc.net/aadcdn.msauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
                                    Preview:...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.|..~.|{~...b{8...zv.....8|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g*.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dg*N.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f*;.....Zhrr.,.U....6.Y....+Zd.*R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

                                    Chrome Cache Entry: 183

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:PNG image data, 30 x 97, 8-bit/color RGB, non-interlaced
                                    Category:dropped
                                    Size (bytes):61
                                    Entropy (8bit):4.022997040570905
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:C27FAF712DED80ACE26D18F8FE012433
                                    SHA1:C3AAE9F1A25F5C3BECF669F0EF3E7C8A8CE8153D
                                    SHA-256:6412ECDEA3DF07A1C461224D3ADCFE59FE895F5FE895C10B884C1DF86A40C37C
                                    SHA-512:4F28EDCD052D98C6F6B9F27178C27A97AF4903D3552CF1DC434D5E4DA85AB2C69420A7668A5A61AA2ACA87F56C35CFFE2D3E855CE9E4DA56117B56B487BFB8EA
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:.PNG........IHDR.......a.....N&......IDAT.....$.....IEND.B`.

                                    Chrome Cache Entry: 184

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1378
                                    Category:dropped
                                    Size (bytes):628
                                    Entropy (8bit):7.6610853322771
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:6F68E9881DF18F8E251AB57D5786239B
                                    SHA1:C0F7A01A288752833390FC330995F25488BCE8EC
                                    SHA-256:B33E30351B2F4EF67D53D2C6DBE189A4D572425037E4F1264A0190DC4A820845
                                    SHA-512:B33DFF67480DF940FA0565B231E02F26840DCB5135A4A2FF3C310AA062D3D4B456FA9C8C6E2BC59EC76B515EA1B36D574A5701771BCEE7CEE97B99EF60A803C6
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:..........m.Mo.0.....]%F..6...rX.;..&i..].&HZ...#%...B..4.W$.....>....v8...f....g.O/.3k....ms.o....m...a8.......u..4>.]....r~8...%.....x.m.y].....u.>..7....l.]....i..fC.[O..z.)..r..........g!(.+....4.P9.0@.......R.......^q.I[..7.....Q;...6.N....a.d.%....:...6FE.}.......}s.`LV..Q.U. 8..}..y.&..I..a.\.8%..kgoo.Q6...>.5.8..!.....".t9].v.B) `.G6.V.E\..AJQU.7...J.oS.*........*.*@......l.....{.r..KP@......9YD..U......&..:..d......+/...(..:.S_...S......n..z.a...,.,&VB......eJR)...R.H3])>....9O.........KDi.O..#...-?D.1*..N.p....h.#.Z.[/..!.h..$..S..Phdqd....}.....E>g..q5..J.T......u.....i.b...

                                    Chrome Cache Entry: 186

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:JPEG image data, baseline, precision 8, 1920x1080, components 3
                                    Category:downloaded
                                    Size (bytes):17453
                                    Entropy (8bit):3.890509953257612
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:7916A894EBDE7D29C2CC29B267F1299F
                                    SHA1:78345CA08F9E2C3C2CC9B318950791B349211296
                                    SHA-256:D8F5AB3E00202FD3B45BE1ACD95D677B137064001E171BC79B06826D98F1E1D3
                                    SHA-512:2180ABE47FBF76E2E0608AB3A4659C1B7AB027004298D81960DC575CC2E912ECCA8C131C6413EBBF46D2AAA90E392EB00E37AED7A79CDC0AC71BA78D828A84C7
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://hgbllc.net/aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg
                                    Preview:.....Phttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about=""/> </rdf:RDF> </x:xmpmeta>

                                    Chrome Cache Entry: 187

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text
                                    Category:dropped
                                    Size (bytes):689017
                                    Entropy (8bit):4.210697599646938
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:3E89AE909C6A8D8C56396830471F3373
                                    SHA1:2632F95A5BE7E4C589402BF76E800A8151CD036B
                                    SHA-256:6665CA6A09F770C6679556EB86CF4234C8BDB0271049620E03199B34B4A16099
                                    SHA-512:E7DBE4E95D58F48A0C8E3ED1F489DCF8FBF39C3DB27889813B43EE95454DECA2816AC1E195E61A844CC9351E04F97AFA271B37CAB3FC522809CE2BE85CC1B8F0
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:.!(function (e) {. function n(n) {. for (var t, i, o = n[0], r = n[1], s = 0, c = []; s < o.length; s++). (i = o[s]),. Object.prototype.hasOwnProperty.call(a, i) && a[i] && c.push(a[i][0]),. (a[i] = 0);. for (t in r) Object.prototype.hasOwnProperty.call(r, t) && (e[t] = r[t]);. for (d && d(n); c.length; ) c.shift()();. }. var t,. i = {},. a = { 22: 0 };. function o(n) {. if (i[n]) return i[n].exports;. var t = (i[n] = { i: n, l: !1, exports: {} });. return e[n].call(t.exports, t, t.exports, o), (t.l = !0), t.exports;. }. Function.prototype.bind ||. ((t = Array.prototype.slice),. (Function.prototype.bind = function (e) {. if ("function" != typeof this). throw new TypeError(. "Function.prototype.bind - what is trying to be bound is not callable". );. var n = t.call(arguments, 1),. i = n.length,. a = this,. o = function () {},. r = function () {. return (.

                                    Chrome Cache Entry: 189

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators
                                    Category:downloaded
                                    Size (bytes):662286
                                    Entropy (8bit):5.315860951951661
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:12204899D75FC019689A92ED57559B94
                                    SHA1:CCF6271C6565495B18C1CED2F7273D5875DBFB1F
                                    SHA-256:39DAFD5ACA286717D9515F24CF9BE0C594DFD1DDF746E6973B1CE5DE8B2DD21B
                                    SHA-512:AA397E6ABD4C54538E42CCEDA8E3AA64ACE76E50B231499C20E88CF09270AECD704565BC9BD3B27D90429965A0233F99F27697F66829734FF02511BD096CF030
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://r4.res.office365.com/owa/prem/15.20.8093.32/scripts/boot.worldwide.2.mouse.js
                                    Preview:.window.scriptsLoaded = window.scriptsLoaded || {}; window.scriptProcessStart = window.scriptProcessStart || {}; window.scriptProcessStart['boot.worldwide.2.mouse.js'] = (new Date()).getTime();.._y.lC=function(){};_y.lC.registerInterface("_y.lC");_y.jw=function(){};_y.jw.registerInterface("_y.jw");_y.lA=function(){};_y.lA.registerInterface("_y.lA");var IDelayedSendEvent=function(){};IDelayedSendEvent.registerInterface("IDelayedSendEvent");var IIsShowingComposeInReadingPaneEvent=function(){};IIsShowingComposeInReadingPaneEvent.registerInterface("IIsShowingComposeInReadingPaneEvent");var ISendFailedO365Event=function(){};ISendFailedO365Event.registerInterface("ISendFailedO365Event");var ISendFailureRemoveO365Event=function(){};ISendFailureRemoveO365Event.registerInterface("ISendFailureRemoveO365Event");_y.gw=function(){};_y.gw.registerInterface("_y.gw");_y.iB=function(){};_y.iB.registerInterface("_y.iB");_y.ih=function(){};_y.ih.registerInterface("_y.ih");_y.jy=function(){};_y.jy.regis

                                    Chrome Cache Entry: 190

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113378
                                    Category:downloaded
                                    Size (bytes):20400
                                    Entropy (8bit):7.980289584022803
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:F0DE9A98DBDFA8C02742CE6D92FB2524
                                    SHA1:CDEC682AEB9E39EDCCC2374DAB26F04DB754A8B5
                                    SHA-256:FAF4294F27A542B0F9EA2A7CB2711529AB027CD84A5F5BADFAE752100855E6BE
                                    SHA-512:856FC9AB199997E69A9487372BC0083564F7115B3E0678CF1D542B9864E9A88D5FFB85697FD93538DC9439071E3BCD4B8BCCBFC610E1A45DE104D6362D8ADCD9
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://hgbllc.net/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_nin8k2ycrbzww8zl5vxkaq2.css
                                    Preview:...........}k..6..w...R..J.H=GSI..x.9...}T*.....)Q..f<...~.F.h..x..{+.-.....h..n....</v.ev......W.,.bU..rW.I...0x...C..2...6]..W_......../x.........~.z.}.|.#x......Ag*O.|XgU...4 .^'U...mP.A.].Z.U.!..Y.......:.ve.?.!..d.N...xJ...mR......0.@p...lKr/...E.-. .....|l.4.o.i.......L.iF..T{.n....2....VEY.y=..=..T+V./.b....\....7.sH.w{.h.....!.."F.k.!.......d...mS.rh.&G.../..h&..RE"!.A/.......A....L...8.q.M...t[...R...>.6;R..^.Vu..9.[F........>A.:HT}w]......2........p......'T.^]}.^..yJ>.<..pq..h.|..j....j.x..-...c...f...=".)..U.X'.M..l.]ZVtl\.I..}.0.~B0Y'.N...E.4.Xd..e...a.........."..9+d.&..l.$E..R.u.g.Q..w&...~I. .y..D.4;..'.."-.....b...)k.n.M...,3J.z_..&2f.h;.&.R.y..P..X.....\P....*.r...B.$........<....H5.M.."'#.6mQl..mQ5.=.\...O.....^..jM..u*.F..Oh.lNI..j..T..u...I..._........{.\...{..._|..={O..z..>......x..5Q.D7?{...^...^.......o.=.z......v......z.C...Gtw...0!..M@....^...^.x..G....W...{...)..y.<c3...^>{......7._..'d__...;R.

                                    Chrome Cache Entry: 194

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 379
                                    Category:downloaded
                                    Size (bytes):254
                                    Entropy (8bit):7.066074991728423
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:847A4212B99B9076EE39328B24CD30AF
                                    SHA1:73F15078CF1D396485F644A79B6E25EF0637685D
                                    SHA-256:29DC0C26C372805325EB7EB926769E832A60B47BEF96A66436EC3EC05CD6128E
                                    SHA-512:9AF77E9ED8BD9A39A47F36AAC2D01B5AF5D56C04CD933427DF95CC80904D7EE7AC3F7F9443D8AEF236CC84FB4DC4CC335AF0BF8F9BC0C13D720187096D149220
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://hgbllc.net/aadcdn.msauth.net/~/shared/1.0/content/images/picker_account_msa_2d8f86059be176833897099ee6ddedeb.svg
                                    Preview:..........mP.n. ...D.xY0.\..{. 7...y.F!.....T..Y.Y..n...q^.[O}..w.SJ.j..3.....%)....x.f.K}..}\.=E.D....!.n.......Ma..G.=+.%.w..WX...9.A...........X...V...bOB&2.H....15{.fT...V-.#..m..f...V2<...~....l%4.....Ie.TL69.....vW.....v.3.v.O..}..{...

                                    Chrome Cache Entry: 196

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:GIF image data, version 89a, 352 x 3
                                    Category:downloaded
                                    Size (bytes):3620
                                    Entropy (8bit):6.867828878374734
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:B540A8E518037192E32C4FE58BF2DBAB
                                    SHA1:3047C1DB97B86F6981E0AD2F96AF40CDF43511AF
                                    SHA-256:8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
                                    SHA-512:E3612D9E6809EC192F6E2D035290B730871C269A267115E4A5515CADB7E6E14E3DD4290A35ABAA8D14CF1FA3924DC76E11926AC341E0F6F372E9FC5434B546E5
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://hgbllc.net/aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif
                                    Preview:GIF89a`.........iii!.......!.&Edited with ezgif.com online GIF maker.!..NETSCAPE2.0.....,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....`.....9..i....Q4......H..j.=.k9-5_..........j7..({.........!.......,....`.....9.......trV.......H....`.[.q6......>.. .CZ.&!.....M...!.......,....`.....8..........:......H..jJ..U..6_....../.el...q.)...*..!.......,....`.....9.....i..l.go.....H..*".U...f......._......5......n..!.......,....`.....:..i......./.....H...5%.kE/5.........In.a..@&3.....J...!.......,....`.....9.......kr.j.....H..*.-.{Im5c..............@&.........!.......,....`.....9.........j..q....H...].&..\.5.........8..S..........!.......,....`.....9.......3q.g..5....H...:u..............Al..x.q.........!.......,....`.....9......\.F....z....H...zX...ov.........h3N.x4......j..!.......,....`.....9........Q.:......H....y..^...1.........n.!.F......E...!.......,....`.....8.........i,......H....*_.21.I.........%...

                                    Chrome Cache Entry: 197

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                                    Category:downloaded
                                    Size (bytes):17174
                                    Entropy (8bit):2.9129715116732746
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:12E3DAC858061D088023B2BD48E2FA96
                                    SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                                    SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                                    SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://hgbllc.net/aadcdn.msauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
                                    Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

                                    Chrome Cache Entry: 198

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (59783), with CRLF line terminators
                                    Category:downloaded
                                    Size (bytes):663451
                                    Entropy (8bit):5.3635307555313165
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:761CE9E68C8D14F49B8BF1A0257B69D6
                                    SHA1:8CF5D714D35EFFA54F3686065CB62CCE028E2C77
                                    SHA-256:BEAA65AD34340E61E9E701458E2CCFF8F9073FDEBBC3593A2C7EC8AFEACB69C1
                                    SHA-512:CEC948666FBA0F56D3DA27A931033C3A581C9C00FEC4D3DDCF41324525B5B5321AE3AB89581ECC7F497DE85EF684AB277C8A2DB393D526416CEB76C91A1B9263
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://r4.res.office365.com/owa/prem/15.20.8093.32/scripts/boot.worldwide.0.mouse.js
                                    Preview:.window.scriptsLoaded = window.scriptsLoaded || {}; window.scriptProcessStart = window.scriptProcessStart || {}; window.scriptProcessStart['boot.worldwide.0.mouse.js'] = (new Date()).getTime();../* Empty file */;Function.__typeName="Function";Function.__class=!0;Function.createCallback=function(n,t){return function(){var r=arguments.length;if(r>0){for(var u=[],i=0;i<r;i++)u[i]=arguments[i];u[r]=t;return n.apply(this,u)}return n.call(this,t)}};Function.prototype.bind=Function.prototype.bind||function(n){if(typeof this!="function")throw new TypeError("bind(): we can only bind to functions");var u=Array.prototype.slice.call(arguments,1),r=this,t=function(){},i=function(){return r.apply(this instanceof t?this:n,u.concat(Array.prototype.slice.call(arguments)))};this.prototype&&(t.prototype=this.prototype);i.prototype=new t;return i};Function.createDelegate=function(n,t){return function(){return t.apply(n,arguments)}};Function.emptyFunction=Function.emptyMethod=function(){};Error.__typeNam

                                    Chrome Cache Entry: 199

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:HTML document, ASCII text, with very long lines (3450), with CRLF line terminators
                                    Category:downloaded
                                    Size (bytes):3452
                                    Entropy (8bit):5.117912766689607
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:CB06E9A552B197D5C0EA600B431A3407
                                    SHA1:04E167433F2F1038C78F387F8A166BB6542C2008
                                    SHA-256:1F4EDBD2416E15BD82E61BA1A8E5558D44C4E914536B1B07712181BF57934021
                                    SHA-512:1B4A3919E442EE4D2F30AE29B1C70DF7274E5428BCB6B3EDD84DCB92D60A0D6BDD9FA6D9DDE8EAB341FF4C12DE00A50858BF1FC5B6135B71E9E177F5A9ED34B9
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://login.live.com/Me.htm?v=3
                                    Preview:<script type="text/javascript">!function(t,e){for(var s in e)t[s]=e[s]}(this,function(t){function e(n){if(s[n])return s[n].exports;var i=s[n]={exports:{},id:n,loaded:!1};return t[n].call(i.exports,i,i.exports,e),i.loaded=!0,i.exports}var s={};return e.m=t,e.c=s,e.p="",e(0)}([function(t,e){function s(t){for(var e=f[S],s=0,n=e.length;s<n;++s)if(e[s]===t)return!0;return!1}function n(t){if(!t)return null;for(var e=t+"=",s=document.cookie.split(";"),n=0,i=s.length;n<i;n++){var a=s[n].replace(/^\s*(\w+)\s*=\s*/,"$1=").replace(/(\s+$)/,"");if(0===a.indexOf(e))return a.substring(e.length)}return null}function i(t,e,s){if(t)for(var n=t.split(":"),i=null,a=0,r=n.length;a<r;++a){var c=null,S=n[a].split("$");if(0===a&&(i=parseInt(S.shift()),!i))return;var l=S.length;if(l>=1){var p=o(i,S[0]);if(!p||s[p])continue;c={signInName:p,idp:"msa",isSignedIn:!0}}if(l>=3&&(c.firstName=o(i,S[1]),c.lastName=o(i,S[2])),l>=4){var f=S[3],d=f.split("|");c.otherHashedAliases=d}if(l>=5){var h=parseInt(S[4],16);h&&(c.

                                    Chrome Cache Entry: 202

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (994), with no line terminators
                                    Category:downloaded
                                    Size (bytes):994
                                    Entropy (8bit):4.934955158256183
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:E2110B813F02736A4726197271108119
                                    SHA1:D7AC10CC425A7B67BF16DDA0AAEF1FEB00A79857
                                    SHA-256:6D1BE7ED96DD494447F348986317FAF64728CCF788BE551F2A621B31DDC929AC
                                    SHA-512:E79CF6DB777D62690DB9C975B5494085C82E771936DB614AF9C75DB7CE4B6CA0A224B7DFB858437EF1E33C6026D772BE9DBBB064828DB382A4703CB34ECEF1CF
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://r4.res.office365.com/owa/prem/15.20.8093.32/resources/images/0/sprite1.mouse.css
                                    Preview:.image-loading_blackbg-gif{background:url('loading_blackbg.gif');width:16px;height:16px}.image-loading_whitebg-gif{background:url('loading_whitebg.gif');width:16px;height:16px}.image-thinking16_blue-gif{background:url('thinking16_blue.gif');width:16px;height:16px}.image-thinking16_grey-gif{background:url('thinking16_grey.gif');width:16px;height:16px}.image-thinking16_white-gif{background:url('thinking16_white.gif');width:16px;height:16px}.image-thinking24-gif{background:url('thinking24.gif');width:24px;height:24px}.image-thinking32_blue-gif{background:url('thinking32_blue.gif');width:32px;height:32px}.image-thinking32_grey-gif{background:url('thinking32_grey.gif');width:32px;height:32px}.image-thinking32_white-gif{background:url('thinking32_white.gif');width:32px;height:32px}.image-clear1x1-gif{width:1px;height:1px;background:url('sprite1.mouse.png') -0 -0}.csimg{padding:0;border:none;background-repeat:no-repeat;-webkit-touch-callout:none}span.csimg{-ms-high-contrast-adjust:none}

                                    Chrome Cache Entry: 206

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators
                                    Category:downloaded
                                    Size (bytes):660449
                                    Entropy (8bit):5.4121922690110535
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:D9E3D2CE0228D2A5079478AAE5759698
                                    SHA1:412F45951C6AEDA5F3DF2C52533171FC7BDD5961
                                    SHA-256:7041D585609800051E4F451792AEC2B8BD06A4F2D29ED6F5AD8841AAE5107502
                                    SHA-512:06700C65BEF4002EBFBFF9D856C12E8D71F408BACA2D2103DDE1C28319B6BD3859FA9D289D8AEB6DD484E802040F6EE537F31F97B4B60A6B120A6882C992207A
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://r4.res.office365.com/owa/prem/15.20.8093.32/scripts/boot.worldwide.3.mouse.js
                                    Preview:.window.scriptsLoaded = window.scriptsLoaded || {}; window.scriptProcessStart = window.scriptProcessStart || {}; window.scriptProcessStart['boot.worldwide.3.mouse.js'] = (new Date()).getTime();..;_n.a.jR=function(n){return n.dS()};_n.a.jZ=function(n){return n.eh()};_n.a.jP=function(n){return n.cC()};_n.a.jQ=function(n){return n.ca()};_n.a.hZ=function(n){return n.dO};_n.a.jU=function(n){return n.ed()};_n.a.jT=function(n){return n.ea()};_n.a.kb=function(n){return n.ej()};_n.a.hM=function(n){return 300};_n.a.fh=function(n){return n.V};_n.a.jV=function(n){return n.bI()};_n.a.ie=function(n){return n.mh()};_n.a.km=function(n){return n.bl()};_n.a.ka=function(n){return n.ei()};_n.a.ko=function(n){return n.cV()};_n.a.eX=function(n){return _y.E.isInstanceOfType(n)?n.y:null};_n.a.jN=function(n){return n.c()};_n.a.gm=function(n){return n.b()};_n.a.jM=function(n){return n.b()};_n.a.ib=function(n){return n.jM()};_n.a.iq=function(n){return n.bG};_n.a.iX=function(n){return _n.V.isInstanceOfType(n)?n

                                    Chrome Cache Entry: 207

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:downloaded
                                    Size (bytes):22
                                    Entropy (8bit):3.6978458230844122
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:6AAB5444A217195068E4B25509BC0C50
                                    SHA1:7B22EAF7EAA9B7E1F664A0632D3894D406FE7933
                                    SHA-256:FC5525D427BFA27792D3A87411BE241C047D07F07C18E2FC36BF00B1C2E33D07
                                    SHA-512:AA5F66638B142B5E6D1D008F2934530C7AAD2F7F19128CA24609825D0DACFFD25A77591BFD7FB1D225BE2FA77CABCE837E0741326C1AC622C244D51E6FAFB303
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://bluemarlinsmarine.com/favicon.ico
                                    Preview:<h1>Access Denied</h1>

                                    Chrome Cache Entry: 209

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (46599)
                                    Category:downloaded
                                    Size (bytes):142366
                                    Entropy (8bit):5.430527334505536
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:D41292FB5FE06E69388227D75F1E3D70
                                    SHA1:AD5DE9B4868E71D28FCDA8432A9AAF60800273E7
                                    SHA-256:E0A9709623E6E5AB375684153F54E5721D102C08008F6F4B8CCEE9BFF176056F
                                    SHA-512:10EAC79E4FB90D68CFAEE9D4243BE9CF5CC9710ECE392C2AC6C42CE12F57596A5D56C01F3CA6AB8D87D36B28094322C9C663DB71F630A4709834FC9F5D0D6DCB
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://hgbllc.net/aadcdn.msftauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js
                                    Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */!function(e){function t(t){for(var n,r,i=t[0],a=t[1],s=0,u=[];s<i.length;s++)

                                    Chrome Cache Entry: 211

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:PNG image data, 600 x 1, 8-bit/color RGBA, non-interlaced
                                    Category:downloaded
                                    Size (bytes):132
                                    Entropy (8bit):4.945787382366693
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:3EDA15637AFEAC6078F56C9DCC9BBDB8
                                    SHA1:97B900884183CB8CF99BA069EEDC280C599C1B74
                                    SHA-256:68C66D144855BA2BC8B8BEE88BB266047367708C1E281A21B9D729B1FBD23429
                                    SHA-512:06B21827589FCAF63B085DB2D662737B24A39A697FF9138BDF188408647C3E90784B355F2B8390160CA487992C033CE735599271EE35873E1941812AB6C34B52
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://r4.res.office365.com/owa/prem/15.20.8093.32/resources/images/0/sprite1.mouse.png
                                    Preview:.PNG........IHDR...X..........x......sRGB.........gAMA......a.....pHYs..........o.d....IDATHK..1......Om.O ...j.a...\BW....IEND.B`.

                                    Chrome Cache Entry: 212

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators
                                    Category:downloaded
                                    Size (bytes):659798
                                    Entropy (8bit):5.352921769071548
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:9786D38346567E5E93C7D03B06E3EA2D
                                    SHA1:23EF8C59C5C9AA5290865933B29C9C56AB62E3B0
                                    SHA-256:263307E3FE285C85CB77CF5BA69092531CE07B7641BF316EF496DCB5733AF76C
                                    SHA-512:4962CDF483281AB39D339A7DA105A88ADDB9C210C9E36EA5E36611D7135D19FEC8B3C9DBA3E97ABB36D580F194F1860813071FD6CBEDE85D3E88952D099D6805
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://r4.res.office365.com/owa/prem/15.20.8093.32/scripts/boot.worldwide.1.mouse.js
                                    Preview:.window.scriptsLoaded = window.scriptsLoaded || {}; window.scriptProcessStart = window.scriptProcessStart || {}; window.scriptProcessStart['boot.worldwide.1.mouse.js'] = (new Date()).getTime();..;_a.d.G=function(n,t){this.b=n;this.a=t};_a.d.G.prototype={b:0,a:0};_a.fo=function(n){this.s=n};_a.fo.prototype={s:null,t:null,i:function(){return this.s.currentTarget},e:function(){return this.t?this.t.x:this.s.pageX},f:function(){return this.t?this.t.y:this.s.pageY},o:function(){return this.s.relatedTarget},b:function(){return this.s.target},n:function(){return this.s.timeStamp||+new Date},a:function(){var n=this.s.which;!n&&_a.o.a().K&&this.s.type==="keypress"&&(n=this.u());return n},u:function(){return this.s.keyCode},m:function(){return this.s.originalEvent},j:function(){return this.s.type},k:function(){return this.s.originalEvent.touches},q:function(){return this.s.isDefaultPrevented()},g:function(){return this.s.shiftKey},h:function(){return _j.G.a().P?this.s.metaKey:this.s.ctrlKey},l:

                                    Chrome Cache Entry: 214

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
                                    Category:dropped
                                    Size (bytes):61
                                    Entropy (8bit):3.990210155325004
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:9246CCA8FC3C00F50035F28E9F6B7F7D
                                    SHA1:3AA538440F70873B574F40CD793060F53EC17A5D
                                    SHA-256:C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
                                    SHA-512:A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

                                    Static File Info

                                    General

                                    File type:PDF document, version 1.7, 0 pages
                                    Entropy (8bit):7.860166397086181
                                    TrID:
                                    • Adobe Portable Document Format (5005/1) 100.00%
                                    File name:scan1738761_rsalinas@wcctxlaw.com.pdf
                                    File size:14'632 bytes
                                    MD5:5ab5da2e4761df42f12379ea4b7fa516
                                    SHA1:732c13dbb607d721b17f10e98d3fdfae176aa8a1
                                    SHA256:79efbf5820200a6ae39dcfc8ab774bbbb5a291095e1daf0edc090079a6e35c73
                                    SHA512:a902dca6b9ff03eb623523b2917b1f005c911538606e9fd6abfd8de05a3443f648a85343a9ff682a77e00ddd68da957221e43ecc62d3fd0f4e02e55e63c762fa
                                    SSDEEP:384:w0x/FcIANS9esuCjWTSvQcSEEZtw40ULUIAUON:w0pF5ANS9UCaTEQFE6l8
                                    TLSH:B362BEAA921D65A4E4D3CC8414A73A4B089D33C3F9C438F57AFB058876B5013F6C7AB6
                                    File Content Preview:%PDF-1.7.1 0 obj.<< /Type /Catalog./Outlines 2 0 R./Pages 3 0 R >>.endobj.2 0 obj.<< /Type /Outlines /Count 0 >>.endobj.3 0 obj.<< /Type /Pages./Kids [6 0 R.]./Count 1./Resources <<./ProcSet 4 0 R./Font << ./F1 8 0 R./F2 9 0 R.>>./XObject << ./I1 10 0 R./

                                    File Icon

                                    Icon Hash:62cc8caeb29e8ae0

                                    Static PDF Info

                                    General

                                    Header:%PDF-1.7
                                    Total Entropy:7.860166
                                    Total Bytes:14632
                                    Stream Entropy:7.924423
                                    Stream Bytes:12854
                                    Entropy outside Streams:5.109814
                                    Bytes outside Streams:1778
                                    Number of EOF found:1
                                    Bytes after EOF:

                                    Keywords Statistics

                                    NameCount
                                    obj11
                                    endobj11
                                    stream3
                                    endstream3
                                    xref1
                                    trailer1
                                    startxref1
                                    /Page1
                                    /Encrypt0
                                    /ObjStm0
                                    /URI0
                                    /JS0
                                    /JavaScript0
                                    /AA0
                                    /OpenAction0
                                    /AcroForm0
                                    /JBIG2Decode0
                                    /RichMedia0
                                    /Launch0
                                    /EmbeddedFile0

                                    Image Streams

                                    IDDHASHMD5Preview
                                    102a3995db69e9c2d612ff6a5e2d13275114a6d536875e1786
                                    1160d0d071622420295e0b5270926ada186855cb4a37181882