Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
plumsail-form-2024216-105537.pdf

Overview

General Information

Sample name:plumsail-form-2024216-105537.pdf
Analysis ID:1417184
MD5:5dcc8013846aee3e0487cf46f2115db5
SHA1:a4658e047c70295253df988eff249b1d24e633b3
SHA256:8b8afec2d2937699e8cc80f359204e1a23619fe0d81a3e57985033d22a2139a9
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Document contains embedded VBA macros
Document misses a certain OLE stream usually present in this Microsoft Office document type
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 7420 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\plumsail-form-2024216-105537.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 7592 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7780 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2080 --field-trial-handle=1568,i,9319185107332236108,1686675044157375733,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • chrome.exe (PID: 8692 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://plumsailforms.blob.core.windows.net/9a82efd0-7ed8-4446-8eeb-7f9b67b5f5d3/4bf2c103-b239-4062-bed8-c7f971eee861/bf1155fb-d125-45ec-9a84-5e69a12a60b7/ab6eaf35-7053238.jpg" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 8868 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1988,i,11069634344130637693,6430874663071058120,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: Joe Sandbox ViewIP Address: 23.48.8.182 23.48.8.182
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: unknownTCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.48.8.182
Source: unknownTCP traffic detected without corresponding DNS query: 23.48.8.182
Source: unknownTCP traffic detected without corresponding DNS query: 23.48.8.182
Source: unknownTCP traffic detected without corresponding DNS query: 23.48.8.182
Source: unknownTCP traffic detected without corresponding DNS query: 23.48.8.182
Source: unknownTCP traffic detected without corresponding DNS query: 23.48.8.182
Source: unknownTCP traffic detected without corresponding DNS query: 23.48.8.182
Source: unknownTCP traffic detected without corresponding DNS query: 23.48.8.182
Source: unknownTCP traffic detected without corresponding DNS query: 23.48.8.182
Source: unknownTCP traffic detected without corresponding DNS query: 23.48.8.182
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=7KB8u3pc83uspSA&MD=gmVuXcTn HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=7KB8u3pc83uspSA&MD=gmVuXcTn HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: unknownDNS traffic detected: queries for: www.google.com
Source: plumsail-form-2024216-105537.pdfString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: plumsail-form-2024216-105537.pdfString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.htmlhttp://www.apache.org/licenses/LICENSE-2.0.html
Source: plumsail-form-2024216-105537.pdfString found in binary or memory: http://www.telerik.com
Source: plumsail-form-2024216-105537.pdfString found in binary or memory: http://www.telerik.comhttp://www.telerik.comhttp://www.telerik.comhttp://www.telerik.comApache
Source: plumsail-form-2024216-105537.pdfString found in binary or memory: https://plumsailforms.blob.core.windows.net/9a82efd0-7ed8-4446-8eeb-7f9b67b5f5d3/4bf2c103-b239-4062-
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownHTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: chromecache_222.10.drOLE indicator, VBA macros: true
Source: chromecache_223.10.drOLE indicator, VBA macros: true
Source: chromecache_222.10.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: chromecache_223.10.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: classification engineClassification label: clean2.winPDF@38/51@2/4
Source: plumsail-form-2024216-105537.pdfInitial sample: https://plumsailforms.blob.core.windows.net/9a82efd0-7ed8-4446-8eeb-7f9b67b5f5d3/4bf2c103-b239-4062-bed8-c7f971eee861/bf1155fb-d125-45ec-9a84-5e69a12a60b7/ab6eaf35-7053238.jpg
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-03-28 18-34-09-907.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\plumsail-form-2024216-105537.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2080 --field-trial-handle=1568,i,9319185107332236108,1686675044157375733,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://plumsailforms.blob.core.windows.net/9a82efd0-7ed8-4446-8eeb-7f9b67b5f5d3/4bf2c103-b239-4062-bed8-c7f971eee861/bf1155fb-d125-45ec-9a84-5e69a12a60b7/ab6eaf35-7053238.jpg"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1988,i,11069634344130637693,6430874663071058120,262144 /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2080 --field-trial-handle=1568,i,9319185107332236108,1686675044157375733,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1988,i,11069634344130637693,6430874663071058120,262144 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: plumsail-form-2024216-105537.pdfInitial sample: PDF keyword /JS count = 0
Source: plumsail-form-2024216-105537.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: plumsail-form-2024216-105537.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		1
Spearphishing Link		Windows Management Instrumentation1
Scripting		1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1417184 Sample: plumsail-form-2024216-105537.pdf Startdate: 28/03/2024 Architecture: WINDOWS Score: 2 6 chrome.exe 1 2->6         started        9 Acrobat.exe 20 81 2->9         started        dnsIp3 21 192.168.2.4, 138, 443, 49738 unknown unknown 6->21 23 239.255.255.250 unknown Reserved 6->23 11 chrome.exe 6->11         started        14 AcroCEF.exe 104 9->14         started        process4 dnsIp5 25 www.google.com 142.250.31.99, 443, 49753, 49762 GOOGLEUS United States 11->25 16 AcroCEF.exe 2 14->16         started        process6 dnsIp7 19 23.48.8.182, 443, 49740 AKAMAI-ASN1EU United States 16->19

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.telerik.comhttp://www.telerik.comhttp://www.telerik.comhttp://www.telerik.comApache0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
142.250.31.99
truefalse
    		high

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://www.telerik.complumsail-form-2024216-105537.pdffalse
      		high
      http://www.apache.org/licenses/LICENSE-2.0.htmlhttp://www.apache.org/licenses/LICENSE-2.0.htmlplumsail-form-2024216-105537.pdffalse
        		high
        http://www.apache.org/licenses/LICENSE-2.0.htmlplumsail-form-2024216-105537.pdffalse
          		high
          http://www.telerik.comhttp://www.telerik.comhttp://www.telerik.comhttp://www.telerik.comApacheplumsail-form-2024216-105537.pdffalse
          • Avira URL Cloud: safe
          		unknown

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          142.250.31.99
          		www.google.comUnited States
          		15169GOOGLEUSfalse
          23.48.8.182
          		unknownUnited States
          		20940AKAMAI-ASN1EUfalse
          239.255.255.250
          		unknownReserved
          		unknownunknownfalse

          Private

          IP
          192.168.2.4

          General Information

          Joe Sandbox version:40.0.0 Tourmaline
          Analysis ID:1417184
          Start date and time:2024-03-28 18:33:21 +01:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 5m 27s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:defaultwindowspdfcookbook.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:17
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Sample name:plumsail-form-2024216-105537.pdf
          Detection:CLEAN
          Classification:clean2.winPDF@38/51@2/4
          EGA Information:Failed
          HCA Information:
          • Successful, ratio: 100%
          • Number of executed functions: 0
          • Number of non-executed functions: 0
          Cookbook Comments:
          • Found application associated with file extension: .pdf
          • Found PDF document
          • Close Viewer

          Warnings

          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, MoUsoCoreWorker.exe, WmiPrvSE.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 23.221.240.182, 3.219.243.226, 52.6.155.20, 3.233.129.217, 52.22.41.97, 23.53.35.81, 23.53.35.72, 172.64.41.3, 162.159.61.3, 23.215.0.6, 192.229.211.108, 142.251.167.94, 20.60.145.4, 172.253.63.113, 172.253.63.102, 172.253.63.101, 172.253.63.100, 172.253.63.138, 172.253.63.139, 142.251.16.84, 34.104.35.123, 23.53.35.74, 172.253.62.95, 142.251.167.95, 172.253.115.95, 142.250.31.95, 172.253.63.95, 142.251.111.95, 142.251.16.95, 142.251.163.95, 172.253.122.95, 23.53.35.68, 23.53.35.75, 23.53.35.80, 23.53.35.70, 23.53.35.69, 172.253.122.94, 142.251.111.102, 142.251.111.101, 142.251.111.100, 142.251.111.139, 142.251.111.113, 142.251.111.138
          • Excluded domains from analysis (whitelisted): plumsailforms.blob.core.windows.net, blob.db4prdstr10a.store.core.windows.net, clients1.google.com, e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, clientservices.googleapis.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, clients.l.google.com, geo2.adobe.com, optimizationguide-pa.googleapis.com
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtSetInformationFile calls found.
          • VT rate limit hit for: plumsail-form-2024216-105537.pdf

          Simulations

          Behavior and APIs

          No simulations

          Joe Sandbox View / Context

          IPs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          23.48.8.182PO_OCF 408.xlsGet hashmaliciousUnknownBrowse
            http://tand6000.dk/files/files/zizami.pdfGet hashmaliciousPDFPhishBrowse
              https://www.colortrac.com/netapp/Get hashmaliciousUnknownBrowse
                passportscan.htaGet hashmaliciousXWorm, zgRATBrowse
                  Commissions_open_20231004_Commissions_open_20231004pdf.exeGet hashmaliciousUnknownBrowse
                    PAGAMENTO_COMMISSIONI_MBS_Settembre_MGpdf.exeGet hashmaliciousUnknownBrowse
                      Factura_FVR23041255_Factura_FVR23041255pdf.exeGet hashmaliciousUnknownBrowse
                        Ordine_Frode_1027797000003171_Ordine_Frode_1027797000003171pdf.exeGet hashmaliciousUnknownBrowse
                          Commissions_BEL6_20231004_Commissions_BEL6_20231004pdf.exeGet hashmaliciousUnknownBrowse
                            Certificazione_Partecipazione_Corso_AML_IT15318pdf.exeGet hashmaliciousUnknownBrowse
                              239.255.255.250http://www.free-pdf-creator.comGet hashmaliciousUnknownBrowse
                                https://www.joesandbox.com/+Get hashmaliciousUnknownBrowse
                                  http://ww1.streamm4u.wsGet hashmaliciousUnknownBrowse
                                    https://blee58.com/bl/ax/l?user=kenrod@me.comGet hashmaliciousHTMLPhisherBrowse
                                      http://pirnx.us.comGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                        https://www.rewardgateway.com/Get hashmaliciousHTMLPhisherBrowse
                                          https://content.amac.us/?m=ff1Z8iQrULAL24m6HV3KXgLVd6tjSdDrf&r=https://www.lcrhtrk.com/LSK646/3M7TGPW/?sub1=4956Get hashmaliciousUnknownBrowse
                                            http://www.rewardgateway.comGet hashmaliciousHTMLPhisherBrowse
                                              Receipt of your email to Peak Plan ID rvwh0kc6Management .msgGet hashmaliciousUnknownBrowse
                                                https://www.rewardgateway.com/Get hashmaliciousHTMLPhisherBrowse

                                                  Domains

                                                  No context

                                                  ASNs

                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  AKAMAI-ASN1EUbrzffc2GOs.elfGet hashmaliciousMiraiBrowse
                                                  • 104.79.250.64
                                                  https://airispharma1-my.sharepoint.com/:o:/g/personal/anagaraj_airispharma_com/EvmEpKGsyxtGnlrgsjVRxi4BOj2g3uhzHgNY6tXqx6wp5g?e=JtdJfIGet hashmaliciousHTMLPhisherBrowse
                                                  • 184.28.130.71
                                                  https://mmsinconline-my.sharepoint.com/:b:/p/mamundson/EZ0kVsuFb_RJlwEzXHeEJ1gBaR0hj3PwWMy3ECS1r80Lcg?e=96yHrOGet hashmaliciousUnknownBrowse
                                                  • 23.12.146.141
                                                  https://colourlyrics.com/fe/KtHc5ruvtRkZFoArrtthaJsvCmg3Rb7X4JToP666Ry87hz3e3rFuRJGAPKBcoBZjAZJZK4pouqXoieozb8x97ijrpxmdxNfsxaBCR2nGFdZnrhtCVLagarbeJ5bjm2rcgeCmZPnkCo2NqoSFB3o6MQGet hashmaliciousUnknownBrowse
                                                  • 23.62.230.207
                                                  I_ REF _ Due Debt 25_03_2024.msgGet hashmaliciousHTMLPhisherBrowse
                                                  • 23.199.63.178
                                                  101206 - 24595 - Nymc - 401K - Audit - Change Report 9(Rev) + 10 + 11 + 12-882755.docxGet hashmaliciousUnknownBrowse
                                                  • 23.207.202.10
                                                  https://accedi.91-92-243-23.cprapid.com/ING/Get hashmaliciousUnknownBrowse
                                                  • 23.222.79.50
                                                  http://l.e.vca.com/rts/go2.aspx?h=170052&tp=i-1NGB-HM-3Pj-PvtZD-1n-RvBTg-1c-GQqHE-l9gB3rmiJb-1aWCvD&x=kcp.silsbeekia.info#am9hbmh1dHNvbkB1c21ldHJvYmFuay5jb20=%2Fleadlink%2F5707702298738688%2Fju.baswin%40equityforgrowth.co.uk%2FFNAME%3ATim%2FLNAME%3ABaldwin%2F%3Futm_source%3DEmail%2BMarketing%26utm_medium%3Demail%2Bcampaign%26utm_term%3DDigital%2Bsoftware%2Bjust%2Bfound%2Ban%2Bexcellent%2Bcurator%26utm_content%3Demail%2Bclick%2Bthrough%26utm_campaign%3DDigital%2BEntrepreneur%2BNewsletter%2BIntro%2B50Get hashmaliciousHTMLPhisherBrowse
                                                  • 23.12.144.110
                                                  https://www.msn.com/en-us/weather/forecast/in-Des-Moines,IA?loc=eyJsIjoiRGVzIE1vaW5lcyIsInIiOiJJQSIsImMiOiJVbml0ZWQgU3RhdGVzIiwiaSI6IlVTIiwidCI6MSwiZyI6ImVuLXVzIiwieCI6Ii05My42MjAzMzg0Mzk5NDE0IiwieSI6IjQxLjU4ODc5MDg5MzU1NDY5In0%3D&weadegreetype=FGet hashmaliciousUnknownBrowse
                                                  • 23.212.154.48
                                                  phish_alert_sp2_2.0.0.0.emlGet hashmaliciousHTMLPhisherBrowse
                                                  • 23.222.79.200

                                                  JA3 Fingerprints

                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  28a2c9bd18a11de089ef85a160da29e4http://www.free-pdf-creator.comGet hashmaliciousUnknownBrowse
                                                  • 23.221.242.90
                                                  • 13.85.23.86
                                                  • 40.68.123.157
                                                  https://blee58.com/bl/ax/l?user=kenrod@me.comGet hashmaliciousHTMLPhisherBrowse
                                                  • 23.221.242.90
                                                  • 13.85.23.86
                                                  • 40.68.123.157
                                                  https://content.amac.us/?m=ff1Z8iQrULAL24m6HV3KXgLVd6tjSdDrf&r=https://www.lcrhtrk.com/LSK646/3M7TGPW/?sub1=4956Get hashmaliciousUnknownBrowse
                                                  • 23.221.242.90
                                                  • 13.85.23.86
                                                  • 40.68.123.157
                                                  Receipt of your email to Peak Plan ID rvwh0kc6Management .msgGet hashmaliciousUnknownBrowse
                                                  • 23.221.242.90
                                                  • 13.85.23.86
                                                  • 40.68.123.157
                                                  securedoc_20240328T081124.htmlGet hashmaliciousUnknownBrowse
                                                  • 23.221.242.90
                                                  • 13.85.23.86
                                                  • 40.68.123.157
                                                  https://credit-bittrex.com/creditorGet hashmaliciousPhisherBrowse
                                                  • 23.221.242.90
                                                  • 13.85.23.86
                                                  • 40.68.123.157
                                                  https://gcv.microsoft.us/kgRWagmalJGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                  • 23.221.242.90
                                                  • 13.85.23.86
                                                  • 40.68.123.157
                                                  https://gcv.microsoft.us/kgRWagmalJGet hashmaliciousUnknownBrowse
                                                  • 23.221.242.90
                                                  • 13.85.23.86
                                                  • 40.68.123.157
                                                  You've Been Sent A Secure Document.emlGet hashmaliciousHTMLPhisherBrowse
                                                  • 23.221.242.90
                                                  • 13.85.23.86
                                                  • 40.68.123.157
                                                  Voice_766.htmlGet hashmaliciousUnknownBrowse
                                                  • 23.221.242.90
                                                  • 13.85.23.86
                                                  • 40.68.123.157

                                                  Dropped Files

                                                  No context

                                                  Created / dropped Files

                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                  File Type:ASCII text
                                                  Category:dropped
                                                  Size (bytes):292
                                                  Entropy (8bit):5.258613521033568
                                                  Encrypted:false
                                                  SSDEEP:6:FInSVq2Pwkn2nKuAl9OmbnIFUt88IBgZmw+8IBIkwOwkn2nKuAl9OmbjLJ:fvYfHAahFUt8c/+c5JfHAaSJ
                                                  MD5:1B2578A7AF5F0524F632E214446D02C4
                                                  SHA1:452401F5745786CBCA11F8A8C10EBB2C2ADBBDA7
                                                  SHA-256:E18D5765BFB01ABFDDB8AABA191D41FCD69D9E5B7F078B688E7C4960B2BB6AC4
                                                  SHA-512:0ED4284A4750F1DF112DDCA1D111BB59A81B8D0EBF8F6109FBBE788BD7AE4B1B17D7080CE0BA6E0852D6B0C9F25BD515AA1BB3DC6167A3284D13AD77CFDAACBE
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:2024/03/28-18:34:07.693 1dc4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/03/28-18:34:07.694 1dc4 Recovering log #3.2024/03/28-18:34:07.694 1dc4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                  File Type:ASCII text
                                                  Category:dropped
                                                  Size (bytes):292
                                                  Entropy (8bit):5.258613521033568
                                                  Encrypted:false
                                                  SSDEEP:6:FInSVq2Pwkn2nKuAl9OmbnIFUt88IBgZmw+8IBIkwOwkn2nKuAl9OmbjLJ:fvYfHAahFUt8c/+c5JfHAaSJ
                                                  MD5:1B2578A7AF5F0524F632E214446D02C4
                                                  SHA1:452401F5745786CBCA11F8A8C10EBB2C2ADBBDA7
                                                  SHA-256:E18D5765BFB01ABFDDB8AABA191D41FCD69D9E5B7F078B688E7C4960B2BB6AC4
                                                  SHA-512:0ED4284A4750F1DF112DDCA1D111BB59A81B8D0EBF8F6109FBBE788BD7AE4B1B17D7080CE0BA6E0852D6B0C9F25BD515AA1BB3DC6167A3284D13AD77CFDAACBE
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:2024/03/28-18:34:07.693 1dc4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/03/28-18:34:07.694 1dc4 Recovering log #3.2024/03/28-18:34:07.694 1dc4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                  File Type:ASCII text
                                                  Category:dropped
                                                  Size (bytes):336
                                                  Entropy (8bit):5.181051674955949
                                                  Encrypted:false
                                                  SSDEEP:6:FIeM+q2Pwkn2nKuAl9Ombzo2jMGIFUt88IamZmw+8IapMVkwOwkn2nKuAl9Ombzz:pM+vYfHAa8uFUt8z/+OMV5JfHAa8RJ
                                                  MD5:2D1CBE32BFB2C6A94D69ADB83EC5F54F
                                                  SHA1:0B7A82C55D5FECA2E3DD5381AC986C085111DD0E
                                                  SHA-256:54798DD62821EB04DB3BDAD81281B1C17842B318DC3AE27625D3A1145D6015D2
                                                  SHA-512:60CAC5D491E268828FEC3C7B5B9F591B4F9175A081EB9845485D2C1230DDC66D53F6788290E38E76B2E15EE4467C61F18124BA8D46C09F1EE929FAAF00571186
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:2024/03/28-18:34:07.726 1e8c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/03/28-18:34:07.728 1e8c Recovering log #3.2024/03/28-18:34:07.728 1e8c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                  File Type:ASCII text
                                                  Category:dropped
                                                  Size (bytes):336
                                                  Entropy (8bit):5.181051674955949
                                                  Encrypted:false
                                                  SSDEEP:6:FIeM+q2Pwkn2nKuAl9Ombzo2jMGIFUt88IamZmw+8IapMVkwOwkn2nKuAl9Ombzz:pM+vYfHAa8uFUt8z/+OMV5JfHAa8RJ
                                                  MD5:2D1CBE32BFB2C6A94D69ADB83EC5F54F
                                                  SHA1:0B7A82C55D5FECA2E3DD5381AC986C085111DD0E
                                                  SHA-256:54798DD62821EB04DB3BDAD81281B1C17842B318DC3AE27625D3A1145D6015D2
                                                  SHA-512:60CAC5D491E268828FEC3C7B5B9F591B4F9175A081EB9845485D2C1230DDC66D53F6788290E38E76B2E15EE4467C61F18124BA8D46C09F1EE929FAAF00571186
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:2024/03/28-18:34:07.726 1e8c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/03/28-18:34:07.728 1e8c Recovering log #3.2024/03/28-18:34:07.728 1e8c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                  File Type:JSON data
                                                  Category:dropped
                                                  Size (bytes):474
                                                  Entropy (8bit):4.970893298425387
                                                  Encrypted:false
                                                  SSDEEP:12:YH/um3RA8sqZbOxsBdOg2HTfcaq3QYiubInP7E4T3y:Y2sRdswdMHK3QYhbG7nby
                                                  MD5:C0FBBAEDE3DB0B1C8CE7AE19B5D0A844
                                                  SHA1:CE1C80D7C22C39446FA412E591D0099B8DAB4CE2
                                                  SHA-256:5DA33143A52F030BF5D1F094291CB7D17A47A8E0AF9FC284F5B75DDD4D600C1E
                                                  SHA-512:047E84AC2CCB34122ABBEC695CAB17D7CA29746CA549DCF05EAA6EC5C00C617B22CF73CC43AC499DE3C1C98634E156162E31D9D18FD04FFBDA78D710B3EACF9A
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13356207259629628","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":97195},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\f807316a-24e9-472d-9427-4e9d251125e9.tmp

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                  File Type:JSON data
                                                  Category:dropped
                                                  Size (bytes):474
                                                  Entropy (8bit):4.970893298425387
                                                  Encrypted:false
                                                  SSDEEP:12:YH/um3RA8sqZbOxsBdOg2HTfcaq3QYiubInP7E4T3y:Y2sRdswdMHK3QYhbG7nby
                                                  MD5:C0FBBAEDE3DB0B1C8CE7AE19B5D0A844
                                                  SHA1:CE1C80D7C22C39446FA412E591D0099B8DAB4CE2
                                                  SHA-256:5DA33143A52F030BF5D1F094291CB7D17A47A8E0AF9FC284F5B75DDD4D600C1E
                                                  SHA-512:047E84AC2CCB34122ABBEC695CAB17D7CA29746CA549DCF05EAA6EC5C00C617B22CF73CC43AC499DE3C1C98634E156162E31D9D18FD04FFBDA78D710B3EACF9A
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13356207259629628","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":97195},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):4730
                                                  Entropy (8bit):5.2493628050754415
                                                  Encrypted:false
                                                  SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7E9lGZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goP
                                                  MD5:85AFB58CF568F3E7C38016DA4F701DB3
                                                  SHA1:0CCC5D90D696DD0A1C1611E873AA540FCC97C5C6
                                                  SHA-256:EA2BD75BB932808F2DCBBD27099786A9B87609633B0A651A882F26FE246CC7F4
                                                  SHA-512:0B92BBF2EEB6BBC60307E1F15626C83BE7EC67AB3DAB72D63249A93626CECE7CF9C921B90CC5AF9F2767D12EA444F2DD00B9EF0B90749B9788DF72E4F0169AD8
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                  File Type:ASCII text
                                                  Category:dropped
                                                  Size (bytes):324
                                                  Entropy (8bit):5.139576717120166
                                                  Encrypted:false
                                                  SSDEEP:6:FI3M+q2Pwkn2nKuAl9OmbzNMxIFUt88IJZmw+8IhMVkwOwkn2nKuAl9OmbzNMFLJ:4M+vYfHAa8jFUt8H/+/MV5JfHAa84J
                                                  MD5:93A2859A99E0C1DA219F154F05D4AD8B
                                                  SHA1:84D368ECB34AF57D209B2D244C4C570FBF33DE2E
                                                  SHA-256:719464A71C1BDFC8E497C1A3BE0E92662828939530361DC01189BF590678F15C
                                                  SHA-512:C3904C1F9356E69BDB52E8BD56F53E0F208ABCB8266CF426D9D9BD32B9A7C00A9E6C817B8E01DBC7EED3B72388257186854878ACF9B2E80E15FCB6820748E9C2
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:2024/03/28-18:34:08.333 1e8c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/03/28-18:34:08.338 1e8c Recovering log #3.2024/03/28-18:34:08.339 1e8c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                  File Type:ASCII text
                                                  Category:dropped
                                                  Size (bytes):324
                                                  Entropy (8bit):5.139576717120166
                                                  Encrypted:false
                                                  SSDEEP:6:FI3M+q2Pwkn2nKuAl9OmbzNMxIFUt88IJZmw+8IhMVkwOwkn2nKuAl9OmbzNMFLJ:4M+vYfHAa8jFUt8H/+/MV5JfHAa84J
                                                  MD5:93A2859A99E0C1DA219F154F05D4AD8B
                                                  SHA1:84D368ECB34AF57D209B2D244C4C570FBF33DE2E
                                                  SHA-256:719464A71C1BDFC8E497C1A3BE0E92662828939530361DC01189BF590678F15C
                                                  SHA-512:C3904C1F9356E69BDB52E8BD56F53E0F208ABCB8266CF426D9D9BD32B9A7C00A9E6C817B8E01DBC7EED3B72388257186854878ACF9B2E80E15FCB6820748E9C2
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:2024/03/28-18:34:08.333 1e8c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/03/28-18:34:08.338 1e8c Recovering log #3.2024/03/28-18:34:08.339 1e8c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240328173411Z-160.bmp

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:PC bitmap, Windows 3.x format, 164 x -120 x 32, cbSize 78774, bits offset 54
                                                  Category:dropped
                                                  Size (bytes):78774
                                                  Entropy (8bit):2.190715229690316
                                                  Encrypted:false
                                                  SSDEEP:48:2NJkp6KWGUkqh2jGOfz3HQAX8YH////////////////////////////////////7:2sWw4KGS11+ju
                                                  MD5:8040E7F1C91D18520E4B8F9FFC0F80F0
                                                  SHA1:5972B0F725506D16E79BEC9B6BBFDA8E1D872E53
                                                  SHA-256:E672460F19B7F6FFFC4BA25743652EE241AE42F575A7628246F4EC6F1283175A
                                                  SHA-512:2A1D63FC35EB973856DF63B3690B21CFD5E490E5F288621CB0D46D4D50669947AE6CE670D19FE30CDD859FB33A72B009F85CDFF51469158DE90452EDECD73410
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:BM.3......6...(............. .........................))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).))).)))...............................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                                                  Category:dropped
                                                  Size (bytes):86016
                                                  Entropy (8bit):4.445399757954869
                                                  Encrypted:false
                                                  SSDEEP:384:yezci5tIiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rvs3OazzU89UTTgUL
                                                  MD5:E87B7A54F07CDA2ACE28B40094278C0E
                                                  SHA1:2BFE63B4559FE7B79E6F55C4825A199FE98C30AF
                                                  SHA-256:6F60C538AD4C544B66DB6E561FC401A71E628996F60338E3F4ADE01909D81C03
                                                  SHA-512:3F1FFB08448501EF8702CE4759E14FDFCD71DF6AE5FB18B97ED7422F3F9BFFCDBBFC6D259434F9E9B3F9833FAAD03817190590C507E5CBDDFC741BF0DF6C2D65
                                                  Malicious:false
                                                  Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:SQLite Rollback Journal
                                                  Category:dropped
                                                  Size (bytes):8720
                                                  Entropy (8bit):3.777387007071694
                                                  Encrypted:false
                                                  SSDEEP:48:7MXp/E2ioyVwioy9oWoy1Cwoy1kKOioy1noy1AYoy1Wioy1hioybioyyoy1noy1Y:7cpjuwFHXKQDJb9IVXEBodRBkq
                                                  MD5:33E750CBA4C3CA19E20644C476663670
                                                  SHA1:DB7860976F0D50D27E8DE0D2478B1404187A45BB
                                                  SHA-256:60AD4240E3334C5236CF0015CE4881F91294D4CF7A315E1474F58084F197B8A1
                                                  SHA-512:C513917ADE13E764CF3F05095C9B784EEB7F7D279D1D92A91D9D2DCAAD0AE8D45BD340057A1FC858780D807CA2CF8B8562A5030C2A83E2ACD896E88985F6575E
                                                  Malicious:false
                                                  Preview:.... .c........r...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:PostScript document text
                                                  Category:dropped
                                                  Size (bytes):1233
                                                  Entropy (8bit):5.233980037532449
                                                  Encrypted:false
                                                  SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                  MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                  SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                  SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                  SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                  Malicious:false
                                                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7504

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:PostScript document text
                                                  Category:dropped
                                                  Size (bytes):1233
                                                  Entropy (8bit):5.233980037532449
                                                  Encrypted:false
                                                  SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                  MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                  SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                  SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                  SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                  Malicious:false
                                                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:PostScript document text
                                                  Category:dropped
                                                  Size (bytes):1233
                                                  Entropy (8bit):5.233980037532449
                                                  Encrypted:false
                                                  SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                  MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                  SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                  SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                  SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                  Malicious:false
                                                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:PostScript document text
                                                  Category:dropped
                                                  Size (bytes):10880
                                                  Entropy (8bit):5.214360287289079
                                                  Encrypted:false
                                                  SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                                                  MD5:B60EE534029885BD6DECA42D1263BDC0
                                                  SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                                  SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                                  SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                                  Malicious:false
                                                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.7504

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:PostScript document text
                                                  Category:dropped
                                                  Size (bytes):10880
                                                  Entropy (8bit):5.214360287289079
                                                  Encrypted:false
                                                  SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                                                  MD5:B60EE534029885BD6DECA42D1263BDC0
                                                  SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                                  SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                                  SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                                  Malicious:false
                                                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):244540
                                                  Entropy (8bit):3.3415042960460593
                                                  Encrypted:false
                                                  SSDEEP:1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwggErRo+RQn:yPClJ/3AYvYwgrFo+RQn
                                                  MD5:758B42992DDFC41CB5E57069C621B54A
                                                  SHA1:D0C28AF6CF1BD2208DA97DEDE57F6C78CEC98DCD
                                                  SHA-256:55DF75758DD6CA825ED2DC9380EDC8469351191308C34CACFC44205197ABD25D
                                                  SHA-512:437918372167A402005A728DCBBEF7B3A9580B794AD6A948A435C9D57C1672ACC1B7376E2A09113B66600EF5049D23625174256565BC639125A2F2BD07928926
                                                  Malicious:false
                                                  Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:JSON data
                                                  Category:dropped
                                                  Size (bytes):295
                                                  Entropy (8bit):5.360989926855193
                                                  Encrypted:false
                                                  SSDEEP:6:YEQXJ2HXBWdFNSm3IM8kVoZcg1vRcR0YT3ieoAvJM3g98kUwPeUkwRe9:YvXKXBINSm4blZc0vISVGMbLUkee9
                                                  MD5:9DEC2CAD4B4F7302F25060391848986A
                                                  SHA1:74CD5A71185C93E1761C7C1E999D61465896E389
                                                  SHA-256:0869815CD5EEFECE31EB83C2BE2539D0136905D95A6B6822A758F593A913C001
                                                  SHA-512:F9D557730B8E4567415382085DB00C5C5C1CE552B976C51B6319A187E1FC8FA4B244B5B82E51E295E9C5E0F5004897652AF84C3968035473D0714AB40875C355
                                                  Malicious:false
                                                  Preview:{"analyticsData":{"responseGUID":"638a4a30-f47d-448f-ad9c-b3f109efee2e","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711825378030,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:JSON data
                                                  Category:dropped
                                                  Size (bytes):294
                                                  Entropy (8bit):5.305998721195993
                                                  Encrypted:false
                                                  SSDEEP:6:YEQXJ2HXBWdFNSm3IM8kVoZcg1vRcR0YT3ieoAvJfBoTfXpnrPeUkwRe9:YvXKXBINSm4blZc0vISVGWTfXcUkee9
                                                  MD5:A847F6D176ACF9557D07099D7AD6FD1E
                                                  SHA1:CF4CD96A7B4391A48415ED14FE65174361443593
                                                  SHA-256:07BB80EC0FAFC172B6692707978091C23821B5FC664C4B23AB32B497EF41B223
                                                  SHA-512:4D56593442E74FACDF1BE0D2EEB6C7C80446D4A2FEA9D0E8E62957D0CC75ECD5540D713ED86B1812818F41C61213735D7A76A18C1A951389D93877CE48F8DE73
                                                  Malicious:false
                                                  Preview:{"analyticsData":{"responseGUID":"638a4a30-f47d-448f-ad9c-b3f109efee2e","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711825378030,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:JSON data
                                                  Category:dropped
                                                  Size (bytes):294
                                                  Entropy (8bit):5.285524904270026
                                                  Encrypted:false
                                                  SSDEEP:6:YEQXJ2HXBWdFNSm3IM8kVoZcg1vRcR0YT3ieoAvJfBD2G6UpnrPeUkwRe9:YvXKXBINSm4blZc0vISVGR22cUkee9
                                                  MD5:F5D86DA588102E47743716AF3AA442F3
                                                  SHA1:3214F54CAE4B5BC44A0F41BB9868D4D335628A66
                                                  SHA-256:D25A30615181E845618F9F0C84D37F70AD09202456B28987790ECFC5961FEE56
                                                  SHA-512:16FBEBF689775010C4AD7EC8781252E9D1E006F577D127A5D90E905BD3385722E68C77F449B9ABF9D8938C79C6491EA8AE3B16371430417904DA57F6F7E95BA5
                                                  Malicious:false
                                                  Preview:{"analyticsData":{"responseGUID":"638a4a30-f47d-448f-ad9c-b3f109efee2e","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711825378030,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:JSON data
                                                  Category:dropped
                                                  Size (bytes):285
                                                  Entropy (8bit):5.347917153770982
                                                  Encrypted:false
                                                  SSDEEP:6:YEQXJ2HXBWdFNSm3IM8kVoZcg1vRcR0YT3ieoAvJfPmwrPeUkwRe9:YvXKXBINSm4blZc0vISVGH56Ukee9
                                                  MD5:1CC162D7DEB4898DD9ADD6295DFDEB9D
                                                  SHA1:E1DAFCE3FEEBA985BFF30AC3B1150CAE3204E62C
                                                  SHA-256:4D9A7C3F8122C3A6F20D4FC5507366B777B7B27FD9341CF6734D9D40CC9203CE
                                                  SHA-512:CDA84BA50372DC026E25340AD13B7CC5B0B8F9CEA51AA06AAE786A114EEC85185F69DAA704DA1E32BF6F3BB7E16A66B970812DDB266E60479CB940687532F356
                                                  Malicious:false
                                                  Preview:{"analyticsData":{"responseGUID":"638a4a30-f47d-448f-ad9c-b3f109efee2e","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711825378030,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:JSON data
                                                  Category:dropped
                                                  Size (bytes):292
                                                  Entropy (8bit):5.303906429436708
                                                  Encrypted:false
                                                  SSDEEP:6:YEQXJ2HXBWdFNSm3IM8kVoZcg1vRcR0YT3ieoAvJfJWCtMdPeUkwRe9:YvXKXBINSm4blZc0vISVGBS8Ukee9
                                                  MD5:82DCD178B633B46E3BF7C3317D2D60ED
                                                  SHA1:E36D65225D36BD93DA46F9A8FD5805CB98385F85
                                                  SHA-256:F3120B85E6880E44192DB80792D2FC77236708BDB13609DD600E22360F04A217
                                                  SHA-512:D045E4F745A0C3420CF75AA1A86D1FDD6649A476E166C1861EFE5BE64EA1857336FCB7D0C8DB9381E1F9FB96A219D2B850044697DF1F6782424C605DC852AF5F
                                                  Malicious:false
                                                  Preview:{"analyticsData":{"responseGUID":"638a4a30-f47d-448f-ad9c-b3f109efee2e","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711825378030,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:JSON data
                                                  Category:dropped
                                                  Size (bytes):289
                                                  Entropy (8bit):5.291769973543644
                                                  Encrypted:false
                                                  SSDEEP:6:YEQXJ2HXBWdFNSm3IM8kVoZcg1vRcR0YT3ieoAvJf8dPeUkwRe9:YvXKXBINSm4blZc0vISVGU8Ukee9
                                                  MD5:D19E40ED01A9CE4D16131261300E8847
                                                  SHA1:025C63C8F744CD09FD0FA42629E6D08E84503E7A
                                                  SHA-256:A0E1407DA4212FB91EDF12D4785FECBD2054FCA4E8A5E0E1301A874A13DD7B8D
                                                  SHA-512:5E87A76D0E73F114A32C60D8116EACB6ED4D10B288FC1EAF15F09290A4AE3F3346A3ECFB810EFF9D6B3B13DD01E7412DE1CFE1112F76A2DE8B768EEB1D7FD202
                                                  Malicious:false
                                                  Preview:{"analyticsData":{"responseGUID":"638a4a30-f47d-448f-ad9c-b3f109efee2e","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711825378030,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:JSON data
                                                  Category:dropped
                                                  Size (bytes):292
                                                  Entropy (8bit):5.29551117795293
                                                  Encrypted:false
                                                  SSDEEP:6:YEQXJ2HXBWdFNSm3IM8kVoZcg1vRcR0YT3ieoAvJfQ1rPeUkwRe9:YvXKXBINSm4blZc0vISVGY16Ukee9
                                                  MD5:552BB8B37327EBDC9BCE8ED9DAF7369E
                                                  SHA1:DA7E1848049C1E15225BF840C3927020E9331312
                                                  SHA-256:F848D7517C4EE2112EE41D08435BE08B00FF9C809FC8A26D6772DB7886E63BF0
                                                  SHA-512:84CFDB0A013D76CCE076D97EC73F0CC8EC06F1D6BA98A29EC4039B51CF7EF94422D00BE63EFC4AC3698F1D83655C595D925D97DF944F9626BF89CFA357C5743C
                                                  Malicious:false
                                                  Preview:{"analyticsData":{"responseGUID":"638a4a30-f47d-448f-ad9c-b3f109efee2e","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711825378030,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:JSON data
                                                  Category:dropped
                                                  Size (bytes):289
                                                  Entropy (8bit):5.300573019814744
                                                  Encrypted:false
                                                  SSDEEP:6:YEQXJ2HXBWdFNSm3IM8kVoZcg1vRcR0YT3ieoAvJfFldPeUkwRe9:YvXKXBINSm4blZc0vISVGz8Ukee9
                                                  MD5:B7A6D3924CDE339FDA2E0644FE102561
                                                  SHA1:A252AD87AA8DB790AF25EF2B9930DB3FE389BE68
                                                  SHA-256:67619CC601EF4FA02FED1249DA17529557FDC3B8E3C72AC2402E9BA56DE11D7C
                                                  SHA-512:B3A46CD5F86D5ED05337349F9C038518B3D60214293B0BEF455B4C8E2610C96E021EB06795AD5E6CA164DC35584AD3EA8C7B52A657CA20D6CF4583EB34CD5F1D
                                                  Malicious:false
                                                  Preview:{"analyticsData":{"responseGUID":"638a4a30-f47d-448f-ad9c-b3f109efee2e","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711825378030,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:JSON data
                                                  Category:dropped
                                                  Size (bytes):295
                                                  Entropy (8bit):5.316165457111728
                                                  Encrypted:false
                                                  SSDEEP:6:YEQXJ2HXBWdFNSm3IM8kVoZcg1vRcR0YT3ieoAvJfzdPeUkwRe9:YvXKXBINSm4blZc0vISVGb8Ukee9
                                                  MD5:78DB70132DCD89344968C8981810B78B
                                                  SHA1:6DFEF3458E95B690EF0BC880142DC2A537AA4D45
                                                  SHA-256:A84CB029FBCEDBD98D9465296A03EB8AB4024DC7DA06952113205A725F8A3A4E
                                                  SHA-512:C6A1CBC1960BC062A6B9D05B9D95D034D5603A68D887E5FAB42AFAC802C2D513875A90927339C32E0EFE6FEA5BCBC0A553E9EE5C1F79C76A4EB3F95AB11087FF
                                                  Malicious:false
                                                  Preview:{"analyticsData":{"responseGUID":"638a4a30-f47d-448f-ad9c-b3f109efee2e","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711825378030,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:JSON data
                                                  Category:dropped
                                                  Size (bytes):289
                                                  Entropy (8bit):5.297020279546036
                                                  Encrypted:false
                                                  SSDEEP:6:YEQXJ2HXBWdFNSm3IM8kVoZcg1vRcR0YT3ieoAvJfYdPeUkwRe9:YvXKXBINSm4blZc0vISVGg8Ukee9
                                                  MD5:144B8D58646FF00B4483A324B4C9B7EA
                                                  SHA1:7EC2E428D22469CFE5F0739500B9E56CB570D4A1
                                                  SHA-256:B6AAB863C32B14761B559F67A140F02FBA7798D61989ADC7B7693C8698A89014
                                                  SHA-512:CB0BBB295433D010D1FC47930255659037DF09EF2FE2B5CA4FED9188862F3BDE9F43EED1D1D9339C072AB4D33B65F861825B0C2505C91F50435AD90077808BF4
                                                  Malicious:false
                                                  Preview:{"analyticsData":{"responseGUID":"638a4a30-f47d-448f-ad9c-b3f109efee2e","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711825378030,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:JSON data
                                                  Category:dropped
                                                  Size (bytes):1395
                                                  Entropy (8bit):5.777868416004961
                                                  Encrypted:false
                                                  SSDEEP:24:Yv6XBI4lzvbMrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJN2H:YvEI4JYHgDv3W2aYQfgB5OUupHrQ9FJU
                                                  MD5:D0C751A36D77BFA3CB1F60327D0401DE
                                                  SHA1:4780BE1E55EDDAB386D0136B504BA6870D7A2DBC
                                                  SHA-256:F4355CCE5AFB2A53E641DDED197B7A4E1A4D720B2399EF83B417B46E1F7C0707
                                                  SHA-512:6B616E872496D7350A284B3649A6994DDE97DC084D3EF50D27D6F4F02B38A66BE9651D657A38D9CDFBB9B983F1242E23E43FEAD45D9189B01D0115F6FA1AC6DF
                                                  Malicious:false
                                                  Preview:{"analyticsData":{"responseGUID":"638a4a30-f47d-448f-ad9c-b3f109efee2e","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711825378030,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:JSON data
                                                  Category:dropped
                                                  Size (bytes):291
                                                  Entropy (8bit):5.280587856398277
                                                  Encrypted:false
                                                  SSDEEP:6:YEQXJ2HXBWdFNSm3IM8kVoZcg1vRcR0YT3ieoAvJfbPtdPeUkwRe9:YvXKXBINSm4blZc0vISVGDV8Ukee9
                                                  MD5:190700F18FA4575C4E8A27FAC65BBAB5
                                                  SHA1:A57C4342D3307398343EF7A0E16929ADC8DCFD66
                                                  SHA-256:6A7BC26C37C74EE924BDD0A9CC9429E00BA712919E50C5849853A71B91F07A86
                                                  SHA-512:D50CF6BC8743E7436B11E83EA40D9B4B95335AE8B47049AEB7B6ECB11651A3D2C953E42EF0EA5B286081D9FCD1192DB90699B31030942126FCCFA005554B649E
                                                  Malicious:false
                                                  Preview:{"analyticsData":{"responseGUID":"638a4a30-f47d-448f-ad9c-b3f109efee2e","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711825378030,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:JSON data
                                                  Category:dropped
                                                  Size (bytes):287
                                                  Entropy (8bit):5.285493930840592
                                                  Encrypted:false
                                                  SSDEEP:6:YEQXJ2HXBWdFNSm3IM8kVoZcg1vRcR0YT3ieoAvJf21rPeUkwRe9:YvXKXBINSm4blZc0vISVG+16Ukee9
                                                  MD5:59A50746BCBE992753A7BBB1CB2D4943
                                                  SHA1:04704A1EBDA37477B87759CC7FA0153B4D09E2D3
                                                  SHA-256:E1BFC3AA1CB6E99D641036E39DB322FABBD77EC3D383B627F21E440F3571B6D1
                                                  SHA-512:506C2D6F2089624692C0F1153475482DFB769B1A866408B48574D1C0B4CFF5D4D99BC5094271D5487FE38DEA5509176BEF5C8A4D4FDD214FE7B90545B27F3835
                                                  Malicious:false
                                                  Preview:{"analyticsData":{"responseGUID":"638a4a30-f47d-448f-ad9c-b3f109efee2e","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711825378030,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:JSON data
                                                  Category:dropped
                                                  Size (bytes):289
                                                  Entropy (8bit):5.304395745389351
                                                  Encrypted:false
                                                  SSDEEP:6:YEQXJ2HXBWdFNSm3IM8kVoZcg1vRcR0YT3ieoAvJfbpatdPeUkwRe9:YvXKXBINSm4blZc0vISVGVat8Ukee9
                                                  MD5:DF1F0A051B0FF68A9207CF57658ADE47
                                                  SHA1:C234B67DF6A566B97B561AAA06ACC116F9FE191A
                                                  SHA-256:65E557069152788F60D8E38626B3F8540139E022943B0A75843284AB8D1C5244
                                                  SHA-512:4A54F60491F72E9C358EAC88BB588DA43EC055EE98AF480E2B24B40B4ACAD13F4BD866E88F76C565257F3D77014310B80019D49128EC01EBAE7E7910CBA86786
                                                  Malicious:false
                                                  Preview:{"analyticsData":{"responseGUID":"638a4a30-f47d-448f-ad9c-b3f109efee2e","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711825378030,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:JSON data
                                                  Category:dropped
                                                  Size (bytes):286
                                                  Entropy (8bit):5.2613749249843815
                                                  Encrypted:false
                                                  SSDEEP:6:YEQXJ2HXBWdFNSm3IM8kVoZcg1vRcR0YT3ieoAvJfshHHrPeUkwRe9:YvXKXBINSm4blZc0vISVGUUUkee9
                                                  MD5:D38C1BC8B72DE1A3235C1849034214C1
                                                  SHA1:CA5D43AEC3A03418BC754CDF75D3076053D785BD
                                                  SHA-256:11BF37E3A17CFBD467857BC785252F84DD20FEF3E79FFD2FBD295956C89EC6C1
                                                  SHA-512:5C1289CCD04BC1596ECBA7C34200F33F0C0840F958F5F0BFADEA39AA503E0222EE77D185D8B9C6A63991AB86037A6F0E5D22C949CF6D71D335EFECBBD4954379
                                                  Malicious:false
                                                  Preview:{"analyticsData":{"responseGUID":"638a4a30-f47d-448f-ad9c-b3f109efee2e","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711825378030,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:JSON data
                                                  Category:dropped
                                                  Size (bytes):782
                                                  Entropy (8bit):5.368050193928987
                                                  Encrypted:false
                                                  SSDEEP:12:YvXKXBINSm4blZc0vISVGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWi:Yv6XBI4lzvbx168CgEXX5kcIfANhnH
                                                  MD5:B2F3C7A7DB7D9B006B305823B86AAB5F
                                                  SHA1:9D9AB65C41A3D95BBB894B661986CBC1783E8C16
                                                  SHA-256:2FC6E6548207EB4A8639ED00636C6E5A9089460FEB4233105CCB1490F179E018
                                                  SHA-512:C37A43855C4BD59F05A6279EC54FA77F464F9DCF6DB494B5D9021A684AED3D24807A42426ED00B3FF1F7624390F2EC2AD8CDEEEBB197CB46A8D243A9A3565413
                                                  Malicious:false
                                                  Preview:{"analyticsData":{"responseGUID":"638a4a30-f47d-448f-ad9c-b3f109efee2e","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711825378030,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1711647253064}}}}

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):4
                                                  Entropy (8bit):0.8112781244591328
                                                  Encrypted:false
                                                  SSDEEP:3:e:e
                                                  MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                  SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                  SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                  SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                  Malicious:false
                                                  Preview:....

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:JSON data
                                                  Category:dropped
                                                  Size (bytes):2813
                                                  Entropy (8bit):5.142977201613747
                                                  Encrypted:false
                                                  SSDEEP:48:YNNGNeHAT4Dd0OoyErDBI7VIKPyCIxWIeFGn++J9eG2i:gNzHAT4J0OoXPBIBISyCIXeFGdeG2i
                                                  MD5:91D74E63791E80B4072E679AAE864D16
                                                  SHA1:084E0C5465C024A09966BC22987333DE558670F1
                                                  SHA-256:6A12B216DCB8806070672EE0B602416E583C2C59177342712FB21A2917115CAD
                                                  SHA-512:FDFD6FB856CBFE61B1F1119B23C0DE8CE9F77F3B3C39C64BC0D9C16A045E530E617B44CAF198F51049B5619744AC4582F39B9ACC319E0A4DC21A920CD26725E0
                                                  Malicious:false
                                                  Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"908f54830e35b5ebad86385db88e9d62","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1711647252000},{"id":"Edit_InApp_Aug2020","info":{"dg":"54f58b989d743febbcb640d1c3370ce4","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1711647252000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"18d5a79e7c95167933d5a501112363d3","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1711647252000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"04a312969b7bcf4589d7cf7c4af47d4d","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1711647252000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"eb1112ab546ce767092efad404f0e539","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1711647252000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"21caf02b89905f2bbbcdd3a1b8b6a879","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1711647252000},{

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                                                  Category:dropped
                                                  Size (bytes):12288
                                                  Entropy (8bit):1.1878281182056798
                                                  Encrypted:false
                                                  SSDEEP:48:TGufl2GL7msEHUUUUUUUULSvR9H9vxFGiDIAEkGVvpv:lNVmswUUUUUUUUL+FGSItj
                                                  MD5:E987584D670665558741D9F5E54E1339
                                                  SHA1:205D27B8C61F145E9B657BE047038F4A18D5104F
                                                  SHA-256:D07AA2FC82E5E6816D80761C3F1AA8D07ADDFFF4BB09DEEE942ED85D3E30ECB8
                                                  SHA-512:92C0C522EFA45086BC39070144CE7374A9CB594F9D22F783C9CC4ACA86782C4541AFAF6E2234D0AC574E1865E57983D2326E7EA4A11FCE08EDDE1EDFCCB7805C
                                                  Malicious:false
                                                  Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:SQLite Rollback Journal
                                                  Category:dropped
                                                  Size (bytes):8720
                                                  Entropy (8bit):1.6067331522522614
                                                  Encrypted:false
                                                  SSDEEP:48:7MvKUUUUUUUUUUfvR9H9vxFGiDIAEkGVvrqFl2GL7msz:79UUUUUUUUUUXFGSIt9KVmsz
                                                  MD5:FBCE7476C2E8777CCD3D21A4A88D09E9
                                                  SHA1:0A101083CEC9F69CFE88A252BCEB0A61414036DE
                                                  SHA-256:68881A59291E7EAC839B2B4E7AC5CEBFE01A8FD8F7D77027D54B6F5A8C88E461
                                                  SHA-512:90A8784C013425883771A3E2D91358FBB3034FF7102A5B3E0B7B44FDE57E976F52845795A6F5002F5843767E27AEFF5DDD28A526FC289A16FF419CCED6818FB9
                                                  Malicious:false
                                                  Preview:.... .c......:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):66726
                                                  Entropy (8bit):5.392739213842091
                                                  Encrypted:false
                                                  SSDEEP:768:RNOpblrU6TBH44ADKZEgzjvB6lrNzAK/qZNaWDVuBnJxLGYyu:6a6TZ44ADEzjp6lrNzAmhJFGK
                                                  MD5:F5E00D6EC30843EEB5ECB117DA0172BE
                                                  SHA1:A2F9D5A4B23480F12CF8A90A2FDEB21E70F7A72B
                                                  SHA-256:B7E3A1856B76B9EC4DD8696E7AE2E8615A32D5B78CAF79E2FD7D1F8597E396BC
                                                  SHA-512:7D8E46F6E9DEF533CCF76909E2C1C3CB333565CFA8030199F0B9C12275B127A2E5194B4C7492CC695F67E4BD022641100753F157C91BE7D6876B15719D031522
                                                  Malicious:false
                                                  Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

                                                  C:\Users\user\AppData\Local\Temp\MSIfd7a0.LOG

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):246
                                                  Entropy (8bit):3.534010397435022
                                                  Encrypted:false
                                                  SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8rFFElDDH:Qw946cPbiOxDlbYnuRKCEvH
                                                  MD5:F322F3DC8C33B112896792E7B7EC1DC5
                                                  SHA1:22CEAEBC767CA3D82A6F79C65B5BF70ACB92FEC5
                                                  SHA-256:DB9E647513F8D725267C35E00181A6AF9F4618CC2027C629E55D2F98FDA52779
                                                  SHA-512:E3C65B4E70AEAFFCD74121C683D1044383DD61CE7341DEED27D8A4A51EFFCC53C872C0CCDE5F6558A0331F62F2BE142889F2645E5CE6189D56F58D0763532E85
                                                  Malicious:false
                                                  Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.8./.0.3./.2.0.2.4. . .1.8.:.3.4.:.1.5. .=.=.=.....

                                                  C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-03-28 18-34-09-907.log

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:ASCII text, with very long lines (393)
                                                  Category:dropped
                                                  Size (bytes):16525
                                                  Entropy (8bit):5.345946398610936
                                                  Encrypted:false
                                                  SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
                                                  MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
                                                  SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
                                                  SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
                                                  SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
                                                  Malicious:false
                                                  Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

                                                  C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):16603
                                                  Entropy (8bit):5.3907576178032235
                                                  Encrypted:false
                                                  SSDEEP:384:3CknselWdc6SNNyBD1IxLfGSRAfp9R7iJ9/5t/H+vy28vkPF42mSbSbqgCybkMIc:TZx
                                                  MD5:657626F64BB68200B239799E16A83A2C
                                                  SHA1:32FE78D40A4A67B176D0059E6BF20CC36A3F932B
                                                  SHA-256:1AEDBB0CA0DC06963F158EC1222E483B2A090F045C88A72B3B6CD500D74AE955
                                                  SHA-512:64A928AAB296253C040269475C7D2105DD5CA147F9D2DDF9461795AC8A0800472D9D7671CF7152E63A4FD542EE348A2D125D8372E6369358F4A54829FBBF6B52
                                                  Malicious:false
                                                  Preview:SessionID=8c6592d2-5cf4-42ab-a296-767f142ba850.1711647249924 Timestamp=2024-03-28T18:34:09:924+0100 ThreadID=7584 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=8c6592d2-5cf4-42ab-a296-767f142ba850.1711647249924 Timestamp=2024-03-28T18:34:09:928+0100 ThreadID=7584 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=8c6592d2-5cf4-42ab-a296-767f142ba850.1711647249924 Timestamp=2024-03-28T18:34:09:928+0100 ThreadID=7584 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=8c6592d2-5cf4-42ab-a296-767f142ba850.1711647249924 Timestamp=2024-03-28T18:34:09:928+0100 ThreadID=7584 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=8c6592d2-5cf4-42ab-a296-767f142ba850.1711647249924 Timestamp=2024-03-28T18:34:09:928+0100 ThreadID=7584 Component=ngl-lib_NglAppLib Description="SetConf

                                                  C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):29845
                                                  Entropy (8bit):5.396383227685945
                                                  Encrypted:false
                                                  SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rP:j
                                                  MD5:1AE2DC65D4C019000A53EC20ED7354EB
                                                  SHA1:1949188E3F9D3D99E81E1EAEA011DFE7EB0A3F69
                                                  SHA-256:ABD130B6AE6FEAEF3B4FECF3143A51E1D46D4EEB8F7C340AADA4B086E4BAD515
                                                  SHA-512:C5AF18F84E731F8A670D9ECDB817D5318DEC2F1291E203FDEAD495C79C2F931FEDF586B190E0E34483659CF483DC0FE394C440DB3F581C4AA5DD6B2231A2E8C9
                                                  Malicious:false
                                                  Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

                                                  C:\Users\user\AppData\Local\Temp\acrocef_low\722b8d8d-8a6d-495c-93de-d8251577ee21.tmp

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                                  Category:dropped
                                                  Size (bytes):758601
                                                  Entropy (8bit):7.98639316555857
                                                  Encrypted:false
                                                  SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                                  MD5:3A49135134665364308390AC398006F1
                                                  SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                                  SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                                  SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                                  Malicious:false
                                                  Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                                  C:\Users\user\AppData\Local\Temp\acrocef_low\7bc0f47e-c93c-44f3-8e2b-e34bdb2f525c.tmp

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                                  Category:dropped
                                                  Size (bytes):1419751
                                                  Entropy (8bit):7.976496077007677
                                                  Encrypted:false
                                                  SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
                                                  MD5:18E3D04537AF72FDBEB3760B2D10C80E
                                                  SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
                                                  SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
                                                  SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
                                                  Malicious:false
                                                  Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                  C:\Users\user\AppData\Local\Temp\acrocef_low\b5e2a5f1-a437-4ddf-94d7-507705f552a7.tmp

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                  Category:dropped
                                                  Size (bytes):386528
                                                  Entropy (8bit):7.9736851559892425
                                                  Encrypted:false
                                                  SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                                  MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                                  SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                                  SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                                  SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                                  Malicious:false
                                                  Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                                  C:\Users\user\AppData\Local\Temp\acrocef_low\f3231f0a-e875-449b-be7f-3a812f395143.tmp

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                                  Category:dropped
                                                  Size (bytes):1407294
                                                  Entropy (8bit):7.97605879016224
                                                  Encrypted:false
                                                  SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                                                  MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                                                  SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                                                  SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                                                  SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                                                  Malicious:false
                                                  Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                  Chrome Cache Entry: 222

                                                  Download File
                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text
                                                  Category:downloaded
                                                  Size (bytes):215
                                                  Entropy (8bit):5.289884096889609
                                                  Encrypted:false
                                                  SSDEEP:6:JiMVBdgqZjZWtMfgRTH1mf+gMRIVfLMU5Ag6n:MMHdVBZWyUTKJnjLF6
                                                  MD5:6E01BACA7ECA43CD9F6FB21AAB6819D4
                                                  SHA1:6E3AFE20451247C1D1D9B6AF036941CD8E2EA622
                                                  SHA-256:80D9D0909B82F774521C36D35D71ED54D45B79FC9545391E031609F76BBB97AC
                                                  SHA-512:5EB0E3019A92D1FA0E470521692D2FB8B59B316478A69276363E2B2924ADD1923971085E5299BA0B0F1369881D9881EFEF61BECBED575F97013A1FDB972AAE2B
                                                  Malicious:false
                                                  URL:https://plumsailforms.blob.core.windows.net/favicon.ico
                                                  Preview:.<?xml version="1.0" encoding="utf-8"?><Error><Code>BlobNotFound</Code><Message>The specified blob does not exist..RequestId:4ff6dd1e-901e-0012-3a36-8102ed000000.Time:2024-03-28T17:34:34.8531041Z</Message></Error>

                                                  Chrome Cache Entry: 223

                                                  Download File
                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text
                                                  Category:downloaded
                                                  Size (bytes):215
                                                  Entropy (8bit):5.355338313451104
                                                  Encrypted:false
                                                  SSDEEP:6:JiMVBdgqZjZWtMfgRTH1hphxRIVfaWg6n:MMHdVBZWyUTSSn6
                                                  MD5:0DFD1EF54F01D07467D05C4E3E56FC08
                                                  SHA1:A548C16336A0AD3481AE721F386BB84005255DEE
                                                  SHA-256:7EFA5306FE51FE2A29414174D46950F223AA6E5B42817A654694D85CA5F473E5
                                                  SHA-512:ABDA153BBD69D8E4EF2126F6D02C817D89AE959C64786990F6CE30333408C8D2310EDF941B07390E13ACD647578B6CB18501874D1EB79AECD1112341247AFA96
                                                  Malicious:false
                                                  URL:https://plumsailforms.blob.core.windows.net/9a82efd0-7ed8-4446-8eeb-7f9b67b5f5d3/4bf2c103-b239-4062-bed8-c7f971eee861/bf1155fb-d125-45ec-9a84-5e69a12a60b7/ab6eaf35-7053238.jpg
                                                  Preview:.<?xml version="1.0" encoding="utf-8"?><Error><Code>BlobNotFound</Code><Message>The specified blob does not exist..RequestId:2bf5463b-301e-0050-4a36-8129f9000000.Time:2024-03-28T17:34:34.5988324Z</Message></Error>

                                                  Static File Info

                                                  General

                                                  File type:PDF document, version 1.4, 1 pages
                                                  Entropy (8bit):3.311574831005607
                                                  TrID:
                                                  • Adobe Portable Document Format (5005/1) 100.00%
                                                  File name:plumsail-form-2024216-105537.pdf
                                                  File size:141'193 bytes
                                                  MD5:5dcc8013846aee3e0487cf46f2115db5
                                                  SHA1:a4658e047c70295253df988eff249b1d24e633b3
                                                  SHA256:8b8afec2d2937699e8cc80f359204e1a23619fe0d81a3e57985033d22a2139a9
                                                  SHA512:6781de5c4672393d819786746e529c22d888b176e961edf7ca294d079a8a5f7eea6e55d84dd0cd708ede311683d40bfb917038d41bc4653533a414d9e3edd206
                                                  SSDEEP:768:3VhmOvl9Tvg18MladEhk6GNw2tuWddlmI6m0TYsaSQavB4TcPDzHGQ5OnyfyB1ex:ZerWX/q54wnBmyfyBECNs
                                                  TLSH:0FD3D668F3E4C594F95B92F0ACF572784A37BC23CF60C12E62697B1E1B70A09E911395
                                                  File Content Preview:%PDF-1.4.%.......1 0 obj <<. /Type /Catalog. /Pages 2 0 R.>> endobj..2 0 obj <<. /Type /Pages. /Kids [ 5 0 R ]. /Count 1.>> endobj..3 0 obj <<. /Producer (...K.e.n.d.o. .U.I. .P.D.F. .G.e.n.e.r.a.t.o.r). /Title (..). /Author (..). /Subject (..).

                                                  File Icon

                                                  Icon Hash:62cc8caeb29e8ae0

                                                  Static PDF Info

                                                  General

                                                  Header:%PDF-1.4
                                                  Total Entropy:3.311575
                                                  Total Bytes:141193
                                                  Stream Entropy:3.164925
                                                  Stream Bytes:136387
                                                  Entropy outside Streams:5.058246
                                                  Bytes outside Streams:4806
                                                  Number of EOF found:1
                                                  Bytes after EOF:

                                                  Keywords Statistics

                                                  NameCount
                                                  obj23
                                                  endobj23
                                                  stream9
                                                  endstream9
                                                  xref1
                                                  trailer1
                                                  startxref1
                                                  /Page1
                                                  /Encrypt0
                                                  /ObjStm0
                                                  /URI2
                                                  /JS0
                                                  /JavaScript0
                                                  /AA0
                                                  /OpenAction0
                                                  /AcroForm0
                                                  /JBIG2Decode0
                                                  /RichMedia0
                                                  /Launch0
                                                  /EmbeddedFile0

                                                  Network Behavior

                                                  Network Port Distribution

                                                  TCP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Mar 28, 2024 18:34:03.895726919 CET49678443192.168.2.4104.46.162.224
                                                  Mar 28, 2024 18:34:04.130101919 CET49675443192.168.2.4173.222.162.32
                                                  Mar 28, 2024 18:34:13.745831966 CET49675443192.168.2.4173.222.162.32
                                                  Mar 28, 2024 18:34:14.573474884 CET49738443192.168.2.423.221.242.90
                                                  Mar 28, 2024 18:34:14.573514938 CET4434973823.221.242.90192.168.2.4
                                                  Mar 28, 2024 18:34:14.573620081 CET49738443192.168.2.423.221.242.90
                                                  Mar 28, 2024 18:34:14.574995041 CET49738443192.168.2.423.221.242.90
                                                  Mar 28, 2024 18:34:14.575006962 CET4434973823.221.242.90192.168.2.4
                                                  Mar 28, 2024 18:34:14.945465088 CET4434973823.221.242.90192.168.2.4
                                                  Mar 28, 2024 18:34:14.945544004 CET49738443192.168.2.423.221.242.90
                                                  Mar 28, 2024 18:34:14.949431896 CET49738443192.168.2.423.221.242.90
                                                  Mar 28, 2024 18:34:14.949443102 CET4434973823.221.242.90192.168.2.4
                                                  Mar 28, 2024 18:34:14.949748993 CET4434973823.221.242.90192.168.2.4
                                                  Mar 28, 2024 18:34:14.992394924 CET49738443192.168.2.423.221.242.90
                                                  Mar 28, 2024 18:34:15.024791002 CET49738443192.168.2.423.221.242.90
                                                  Mar 28, 2024 18:34:15.072237968 CET4434973823.221.242.90192.168.2.4
                                                  Mar 28, 2024 18:34:15.333054066 CET4434973823.221.242.90192.168.2.4
                                                  Mar 28, 2024 18:34:15.333159924 CET4434973823.221.242.90192.168.2.4
                                                  Mar 28, 2024 18:34:15.333211899 CET49738443192.168.2.423.221.242.90
                                                  Mar 28, 2024 18:34:15.361419916 CET49738443192.168.2.423.221.242.90
                                                  Mar 28, 2024 18:34:15.361449003 CET4434973823.221.242.90192.168.2.4
                                                  Mar 28, 2024 18:34:15.361465931 CET49738443192.168.2.423.221.242.90
                                                  Mar 28, 2024 18:34:15.361471891 CET4434973823.221.242.90192.168.2.4
                                                  Mar 28, 2024 18:34:15.573077917 CET49739443192.168.2.423.221.242.90
                                                  Mar 28, 2024 18:34:15.573112965 CET4434973923.221.242.90192.168.2.4
                                                  Mar 28, 2024 18:34:15.573189974 CET49739443192.168.2.423.221.242.90
                                                  Mar 28, 2024 18:34:15.573529005 CET49739443192.168.2.423.221.242.90
                                                  Mar 28, 2024 18:34:15.573544979 CET4434973923.221.242.90192.168.2.4
                                                  Mar 28, 2024 18:34:15.919190884 CET4434973923.221.242.90192.168.2.4
                                                  Mar 28, 2024 18:34:15.919271946 CET49739443192.168.2.423.221.242.90
                                                  Mar 28, 2024 18:34:15.920454025 CET49739443192.168.2.423.221.242.90
                                                  Mar 28, 2024 18:34:15.920465946 CET4434973923.221.242.90192.168.2.4
                                                  Mar 28, 2024 18:34:15.920696020 CET4434973923.221.242.90192.168.2.4
                                                  Mar 28, 2024 18:34:15.921885967 CET49739443192.168.2.423.221.242.90
                                                  Mar 28, 2024 18:34:15.964241982 CET4434973923.221.242.90192.168.2.4
                                                  Mar 28, 2024 18:34:16.260437965 CET4434973923.221.242.90192.168.2.4
                                                  Mar 28, 2024 18:34:16.260502100 CET4434973923.221.242.90192.168.2.4
                                                  Mar 28, 2024 18:34:16.261251926 CET49739443192.168.2.423.221.242.90
                                                  Mar 28, 2024 18:34:16.261307001 CET49739443192.168.2.423.221.242.90
                                                  Mar 28, 2024 18:34:16.261322021 CET4434973923.221.242.90192.168.2.4
                                                  Mar 28, 2024 18:34:16.261353016 CET49739443192.168.2.423.221.242.90
                                                  Mar 28, 2024 18:34:16.261358023 CET4434973923.221.242.90192.168.2.4
                                                  Mar 28, 2024 18:34:20.647372007 CET49740443192.168.2.423.48.8.182
                                                  Mar 28, 2024 18:34:20.647416115 CET4434974023.48.8.182192.168.2.4
                                                  Mar 28, 2024 18:34:20.647475958 CET49740443192.168.2.423.48.8.182
                                                  Mar 28, 2024 18:34:20.648087025 CET49740443192.168.2.423.48.8.182
                                                  Mar 28, 2024 18:34:20.648097992 CET4434974023.48.8.182192.168.2.4
                                                  Mar 28, 2024 18:34:21.172374010 CET4434974023.48.8.182192.168.2.4
                                                  Mar 28, 2024 18:34:21.172813892 CET49740443192.168.2.423.48.8.182
                                                  Mar 28, 2024 18:34:21.172836065 CET4434974023.48.8.182192.168.2.4
                                                  Mar 28, 2024 18:34:21.173707008 CET4434974023.48.8.182192.168.2.4
                                                  Mar 28, 2024 18:34:21.173779011 CET49740443192.168.2.423.48.8.182
                                                  Mar 28, 2024 18:34:21.175869942 CET49740443192.168.2.423.48.8.182
                                                  Mar 28, 2024 18:34:21.175926924 CET4434974023.48.8.182192.168.2.4
                                                  Mar 28, 2024 18:34:21.176145077 CET49740443192.168.2.423.48.8.182
                                                  Mar 28, 2024 18:34:21.176151991 CET4434974023.48.8.182192.168.2.4
                                                  Mar 28, 2024 18:34:21.218456030 CET49740443192.168.2.423.48.8.182
                                                  Mar 28, 2024 18:34:21.350526094 CET4434974023.48.8.182192.168.2.4
                                                  Mar 28, 2024 18:34:21.350651026 CET4434974023.48.8.182192.168.2.4
                                                  Mar 28, 2024 18:34:21.350742102 CET49740443192.168.2.423.48.8.182
                                                  Mar 28, 2024 18:34:21.351196051 CET49740443192.168.2.423.48.8.182
                                                  Mar 28, 2024 18:34:21.351207972 CET4434974023.48.8.182192.168.2.4
                                                  Mar 28, 2024 18:34:26.403685093 CET49741443192.168.2.413.85.23.86
                                                  Mar 28, 2024 18:34:26.403719902 CET4434974113.85.23.86192.168.2.4
                                                  Mar 28, 2024 18:34:26.403932095 CET49741443192.168.2.413.85.23.86
                                                  Mar 28, 2024 18:34:26.404985905 CET49741443192.168.2.413.85.23.86
                                                  Mar 28, 2024 18:34:26.404998064 CET4434974113.85.23.86192.168.2.4
                                                  Mar 28, 2024 18:34:26.831734896 CET4434974113.85.23.86192.168.2.4
                                                  Mar 28, 2024 18:34:26.831819057 CET49741443192.168.2.413.85.23.86
                                                  Mar 28, 2024 18:34:26.835611105 CET49741443192.168.2.413.85.23.86
                                                  Mar 28, 2024 18:34:26.835622072 CET4434974113.85.23.86192.168.2.4
                                                  Mar 28, 2024 18:34:26.835860968 CET4434974113.85.23.86192.168.2.4
                                                  Mar 28, 2024 18:34:26.890460968 CET49741443192.168.2.413.85.23.86
                                                  Mar 28, 2024 18:34:27.364085913 CET49741443192.168.2.413.85.23.86
                                                  Mar 28, 2024 18:34:27.408237934 CET4434974113.85.23.86192.168.2.4
                                                  Mar 28, 2024 18:34:27.636539936 CET4434974113.85.23.86192.168.2.4
                                                  Mar 28, 2024 18:34:27.636571884 CET4434974113.85.23.86192.168.2.4
                                                  Mar 28, 2024 18:34:27.636578083 CET4434974113.85.23.86192.168.2.4
                                                  Mar 28, 2024 18:34:27.636596918 CET4434974113.85.23.86192.168.2.4
                                                  Mar 28, 2024 18:34:27.636604071 CET4434974113.85.23.86192.168.2.4
                                                  Mar 28, 2024 18:34:27.636605978 CET4434974113.85.23.86192.168.2.4
                                                  Mar 28, 2024 18:34:27.636641979 CET49741443192.168.2.413.85.23.86
                                                  Mar 28, 2024 18:34:27.636666059 CET4434974113.85.23.86192.168.2.4
                                                  Mar 28, 2024 18:34:27.636748075 CET49741443192.168.2.413.85.23.86
                                                  Mar 28, 2024 18:34:27.637077093 CET4434974113.85.23.86192.168.2.4
                                                  Mar 28, 2024 18:34:27.637125015 CET49741443192.168.2.413.85.23.86
                                                  Mar 28, 2024 18:34:27.637129068 CET4434974113.85.23.86192.168.2.4
                                                  Mar 28, 2024 18:34:27.637145042 CET4434974113.85.23.86192.168.2.4
                                                  Mar 28, 2024 18:34:27.637160063 CET49741443192.168.2.413.85.23.86
                                                  Mar 28, 2024 18:34:27.637187958 CET49741443192.168.2.413.85.23.86
                                                  Mar 28, 2024 18:34:28.063647032 CET49741443192.168.2.413.85.23.86
                                                  Mar 28, 2024 18:34:28.063672066 CET4434974113.85.23.86192.168.2.4
                                                  Mar 28, 2024 18:34:28.063683987 CET49741443192.168.2.413.85.23.86
                                                  Mar 28, 2024 18:34:28.063689947 CET4434974113.85.23.86192.168.2.4
                                                  Mar 28, 2024 18:34:38.289587021 CET49753443192.168.2.4142.250.31.99
                                                  Mar 28, 2024 18:34:38.289616108 CET44349753142.250.31.99192.168.2.4
                                                  Mar 28, 2024 18:34:38.289706945 CET49753443192.168.2.4142.250.31.99
                                                  Mar 28, 2024 18:34:38.289969921 CET49753443192.168.2.4142.250.31.99
                                                  Mar 28, 2024 18:34:38.289980888 CET44349753142.250.31.99192.168.2.4
                                                  Mar 28, 2024 18:34:38.500761986 CET44349753142.250.31.99192.168.2.4
                                                  Mar 28, 2024 18:34:38.501355886 CET49753443192.168.2.4142.250.31.99
                                                  Mar 28, 2024 18:34:38.501388073 CET44349753142.250.31.99192.168.2.4
                                                  Mar 28, 2024 18:34:38.502548933 CET44349753142.250.31.99192.168.2.4
                                                  Mar 28, 2024 18:34:38.502626896 CET49753443192.168.2.4142.250.31.99
                                                  Mar 28, 2024 18:34:38.504065037 CET49753443192.168.2.4142.250.31.99
                                                  Mar 28, 2024 18:34:38.504138947 CET44349753142.250.31.99192.168.2.4
                                                  Mar 28, 2024 18:34:38.550803900 CET49753443192.168.2.4142.250.31.99
                                                  Mar 28, 2024 18:34:38.550862074 CET44349753142.250.31.99192.168.2.4
                                                  Mar 28, 2024 18:34:38.597613096 CET49753443192.168.2.4142.250.31.99
                                                  Mar 28, 2024 18:34:48.504724979 CET44349753142.250.31.99192.168.2.4
                                                  Mar 28, 2024 18:34:48.504791021 CET44349753142.250.31.99192.168.2.4
                                                  Mar 28, 2024 18:34:48.504833937 CET49753443192.168.2.4142.250.31.99
                                                  Mar 28, 2024 18:34:50.101217985 CET49753443192.168.2.4142.250.31.99
                                                  Mar 28, 2024 18:34:50.101244926 CET44349753142.250.31.99192.168.2.4
                                                  Mar 28, 2024 18:35:04.661608934 CET49760443192.168.2.440.68.123.157
                                                  Mar 28, 2024 18:35:04.661653996 CET4434976040.68.123.157192.168.2.4
                                                  Mar 28, 2024 18:35:04.661761045 CET49760443192.168.2.440.68.123.157
                                                  Mar 28, 2024 18:35:04.662199020 CET49760443192.168.2.440.68.123.157
                                                  Mar 28, 2024 18:35:04.662213087 CET4434976040.68.123.157192.168.2.4
                                                  Mar 28, 2024 18:35:05.225887060 CET4434976040.68.123.157192.168.2.4
                                                  Mar 28, 2024 18:35:05.225965023 CET49760443192.168.2.440.68.123.157
                                                  Mar 28, 2024 18:35:05.233962059 CET49760443192.168.2.440.68.123.157
                                                  Mar 28, 2024 18:35:05.233980894 CET4434976040.68.123.157192.168.2.4
                                                  Mar 28, 2024 18:35:05.234251022 CET4434976040.68.123.157192.168.2.4
                                                  Mar 28, 2024 18:35:05.254347086 CET49760443192.168.2.440.68.123.157
                                                  Mar 28, 2024 18:35:05.300235033 CET4434976040.68.123.157192.168.2.4
                                                  Mar 28, 2024 18:35:05.777653933 CET4434976040.68.123.157192.168.2.4
                                                  Mar 28, 2024 18:35:05.777686119 CET4434976040.68.123.157192.168.2.4
                                                  Mar 28, 2024 18:35:05.777700901 CET4434976040.68.123.157192.168.2.4
                                                  Mar 28, 2024 18:35:05.777910948 CET49760443192.168.2.440.68.123.157
                                                  Mar 28, 2024 18:35:05.777910948 CET49760443192.168.2.440.68.123.157
                                                  Mar 28, 2024 18:35:05.777937889 CET4434976040.68.123.157192.168.2.4
                                                  Mar 28, 2024 18:35:05.777954102 CET4434976040.68.123.157192.168.2.4
                                                  Mar 28, 2024 18:35:05.778023005 CET49760443192.168.2.440.68.123.157
                                                  Mar 28, 2024 18:35:05.783989906 CET49760443192.168.2.440.68.123.157
                                                  Mar 28, 2024 18:35:05.784017086 CET4434976040.68.123.157192.168.2.4
                                                  Mar 28, 2024 18:35:05.784034967 CET49760443192.168.2.440.68.123.157
                                                  Mar 28, 2024 18:35:05.784041882 CET4434976040.68.123.157192.168.2.4
                                                  Mar 28, 2024 18:35:38.255150080 CET49762443192.168.2.4142.250.31.99
                                                  Mar 28, 2024 18:35:38.255177975 CET44349762142.250.31.99192.168.2.4
                                                  Mar 28, 2024 18:35:38.255264997 CET49762443192.168.2.4142.250.31.99
                                                  Mar 28, 2024 18:35:38.255511999 CET49762443192.168.2.4142.250.31.99
                                                  Mar 28, 2024 18:35:38.255526066 CET44349762142.250.31.99192.168.2.4
                                                  Mar 28, 2024 18:35:38.461357117 CET44349762142.250.31.99192.168.2.4
                                                  Mar 28, 2024 18:35:38.461635113 CET49762443192.168.2.4142.250.31.99
                                                  Mar 28, 2024 18:35:38.461643934 CET44349762142.250.31.99192.168.2.4
                                                  Mar 28, 2024 18:35:38.461930037 CET44349762142.250.31.99192.168.2.4
                                                  Mar 28, 2024 18:35:38.462210894 CET49762443192.168.2.4142.250.31.99
                                                  Mar 28, 2024 18:35:38.462261915 CET44349762142.250.31.99192.168.2.4
                                                  Mar 28, 2024 18:35:38.503845930 CET49762443192.168.2.4142.250.31.99
                                                  Mar 28, 2024 18:35:48.461894989 CET44349762142.250.31.99192.168.2.4
                                                  Mar 28, 2024 18:35:48.461978912 CET44349762142.250.31.99192.168.2.4
                                                  Mar 28, 2024 18:35:48.462102890 CET49762443192.168.2.4142.250.31.99
                                                  Mar 28, 2024 18:35:50.093050003 CET49762443192.168.2.4142.250.31.99
                                                  Mar 28, 2024 18:35:50.093080044 CET44349762142.250.31.99192.168.2.4

                                                  UDP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Mar 28, 2024 18:34:33.957648993 CET53521321.1.1.1192.168.2.4
                                                  Mar 28, 2024 18:34:34.003199100 CET53624961.1.1.1192.168.2.4
                                                  Mar 28, 2024 18:34:34.421705008 CET138138192.168.2.4192.168.2.255
                                                  Mar 28, 2024 18:34:34.632281065 CET53654221.1.1.1192.168.2.4
                                                  Mar 28, 2024 18:34:38.192764997 CET5511553192.168.2.41.1.1.1
                                                  Mar 28, 2024 18:34:38.192939997 CET5476853192.168.2.41.1.1.1
                                                  Mar 28, 2024 18:34:38.288434029 CET53551151.1.1.1192.168.2.4
                                                  Mar 28, 2024 18:34:38.288592100 CET53547681.1.1.1192.168.2.4
                                                  Mar 28, 2024 18:34:46.184149981 CET53639271.1.1.1192.168.2.4
                                                  Mar 28, 2024 18:34:51.602005005 CET53549841.1.1.1192.168.2.4
                                                  Mar 28, 2024 18:35:10.539973021 CET53557581.1.1.1192.168.2.4
                                                  Mar 28, 2024 18:35:32.992832899 CET53551991.1.1.1192.168.2.4
                                                  Mar 28, 2024 18:35:33.573429108 CET53512621.1.1.1192.168.2.4
                                                  Mar 28, 2024 18:36:02.160866022 CET53552471.1.1.1192.168.2.4
                                                  Mar 28, 2024 18:36:46.126981974 CET53640301.1.1.1192.168.2.4

                                                  DNS Queries

                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                  Mar 28, 2024 18:34:38.192764997 CET192.168.2.41.1.1.10x134bStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                  Mar 28, 2024 18:34:38.192939997 CET192.168.2.41.1.1.10xf5b8Standard query (0)www.google.com65IN (0x0001)false

                                                  DNS Answers

                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                  Mar 28, 2024 18:34:38.288434029 CET1.1.1.1192.168.2.40x134bNo error (0)www.google.com142.250.31.99A (IP address)IN (0x0001)false
                                                  Mar 28, 2024 18:34:38.288434029 CET1.1.1.1192.168.2.40x134bNo error (0)www.google.com142.250.31.106A (IP address)IN (0x0001)false
                                                  Mar 28, 2024 18:34:38.288434029 CET1.1.1.1192.168.2.40x134bNo error (0)www.google.com142.250.31.147A (IP address)IN (0x0001)false
                                                  Mar 28, 2024 18:34:38.288434029 CET1.1.1.1192.168.2.40x134bNo error (0)www.google.com142.250.31.104A (IP address)IN (0x0001)false
                                                  Mar 28, 2024 18:34:38.288434029 CET1.1.1.1192.168.2.40x134bNo error (0)www.google.com142.250.31.103A (IP address)IN (0x0001)false
                                                  Mar 28, 2024 18:34:38.288434029 CET1.1.1.1192.168.2.40x134bNo error (0)www.google.com142.250.31.105A (IP address)IN (0x0001)false
                                                  Mar 28, 2024 18:34:38.288592100 CET1.1.1.1192.168.2.40xf5b8No error (0)www.google.com65IN (0x0001)false

                                                  HTTP Request Dependency Graph

                                                  • fs.microsoft.com
                                                  • armmf.adobe.com
                                                  • slscr.update.microsoft.com

                                                  HTTPS Proxied Packets

                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  0192.168.2.44973823.221.242.90443
                                                  TimestampBytes transferredDirectionData
                                                  2024-03-28 17:34:15 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Accept: */*
                                                  Accept-Encoding: identity
                                                  User-Agent: Microsoft BITS/7.8
                                                  Host: fs.microsoft.com
                                                  2024-03-28 17:34:15 UTC468INHTTP/1.1 200 OK
                                                  Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                  Content-Type: application/octet-stream
                                                  ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                  Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                  Server: ECAcc (chd/073D)
                                                  X-CID: 11
                                                  X-Ms-ApiVersion: Distribute 1.2
                                                  X-Ms-Region: prod-eus2-z1
                                                  Cache-Control: public, max-age=221354
                                                  Date: Thu, 28 Mar 2024 17:34:15 GMT
                                                  Connection: close
                                                  X-CID: 2


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  1192.168.2.44973923.221.242.90443
                                                  TimestampBytes transferredDirectionData
                                                  2024-03-28 17:34:15 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Accept: */*
                                                  Accept-Encoding: identity
                                                  If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                  Range: bytes=0-2147483646
                                                  User-Agent: Microsoft BITS/7.8
                                                  Host: fs.microsoft.com
                                                  2024-03-28 17:34:16 UTC774INHTTP/1.1 200 OK
                                                  Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                  ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                  ApiVersion: Distribute 1.1
                                                  Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                  X-CID: 7
                                                  X-CCC: US
                                                  X-Azure-Ref-OriginShield: Ref A: 8BFC17DD061B46CAAD2B2AEB7B19C3D8 Ref B: CH1AA2040901011 Ref C: 2023-07-21T06:04:00Z
                                                  X-MSEdge-Ref: Ref A: 1421F39FA7224BE199CC2F2C3DD24574 Ref B: CHI30EDGE0415 Ref C: 2023-07-21T06:04:00Z
                                                  Content-Type: application/octet-stream
                                                  X-Azure-Ref: 0DMGnYgAAAACXaXykPZuVRq4aV6pCkeO8U0pDRURHRTAzMTgAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm
                                                  Cache-Control: public, max-age=221333
                                                  Date: Thu, 28 Mar 2024 17:34:16 GMT
                                                  Content-Length: 55
                                                  Connection: close
                                                  X-CID: 2
                                                  2024-03-28 17:34:16 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                  Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  2192.168.2.44974023.48.8.1824437780C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                  TimestampBytes transferredDirectionData
                                                  2024-03-28 17:34:21 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                                                  Host: armmf.adobe.com
                                                  Connection: keep-alive
                                                  Accept-Language: en-US,en;q=0.9
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                                                  Sec-Fetch-Site: same-origin
                                                  Sec-Fetch-Mode: no-cors
                                                  Sec-Fetch-Dest: empty
                                                  Accept-Encoding: gzip, deflate, br
                                                  If-None-Match: "78-5faa31cce96da"
                                                  If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                                                  2024-03-28 17:34:21 UTC198INHTTP/1.1 304 Not Modified
                                                  Content-Type: text/plain; charset=UTF-8
                                                  Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                                                  ETag: "78-5faa31cce96da"
                                                  Date: Thu, 28 Mar 2024 17:34:21 GMT
                                                  Connection: close


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  3192.168.2.44974113.85.23.86443
                                                  TimestampBytes transferredDirectionData
                                                  2024-03-28 17:34:27 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=7KB8u3pc83uspSA&MD=gmVuXcTn HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Accept: */*
                                                  User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                  Host: slscr.update.microsoft.com
                                                  2024-03-28 17:34:27 UTC560INHTTP/1.1 200 OK
                                                  Cache-Control: no-cache
                                                  Pragma: no-cache
                                                  Content-Type: application/octet-stream
                                                  Expires: -1
                                                  Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                  ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                  MS-CorrelationId: 1aa4dde4-ff96-4665-9213-25f0b200cad2
                                                  MS-RequestId: 2a180925-3dce-4793-a384-da3d8dbbf1e1
                                                  MS-CV: AL09Ey/XqEWUR8GU.0
                                                  X-Microsoft-SLSClientCache: 2880
                                                  Content-Disposition: attachment; filename=environment.cab
                                                  X-Content-Type-Options: nosniff
                                                  Date: Thu, 28 Mar 2024 17:34:27 GMT
                                                  Connection: close
                                                  Content-Length: 24490
                                                  2024-03-28 17:34:27 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                  Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                  2024-03-28 17:34:27 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                  Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  4192.168.2.44976040.68.123.157443
                                                  TimestampBytes transferredDirectionData
                                                  2024-03-28 17:35:05 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=7KB8u3pc83uspSA&MD=gmVuXcTn HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Accept: */*
                                                  User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                  Host: slscr.update.microsoft.com
                                                  2024-03-28 17:35:05 UTC560INHTTP/1.1 200 OK
                                                  Cache-Control: no-cache
                                                  Pragma: no-cache
                                                  Content-Type: application/octet-stream
                                                  Expires: -1
                                                  Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                  ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"
                                                  MS-CorrelationId: f3f35ab3-118a-4e52-8990-a7427c9cc525
                                                  MS-RequestId: 36756367-a0e6-4f6f-b1a9-6a4d15526827
                                                  MS-CV: YYeVeCF1SEqmVAjn.0
                                                  X-Microsoft-SLSClientCache: 2160
                                                  Content-Disposition: attachment; filename=environment.cab
                                                  X-Content-Type-Options: nosniff
                                                  Date: Thu, 28 Mar 2024 17:35:05 GMT
                                                  Connection: close
                                                  Content-Length: 25457
                                                  2024-03-28 17:35:05 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92
                                                  Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
                                                  2024-03-28 17:35:05 UTC9633INData Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a
                                                  Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq


                                                  Statistics

                                                  CPU Usage

                                                  Click to jump to process

                                                  Memory Usage

                                                  Click to jump to process

                                                  High Level Behavior Distribution

                                                  Click to dive into process behavior distribution

                                                  Behavior

                                                  Click to jump to process

                                                  System Behavior

                                                  General

                                                  Target ID:0
                                                  Start time:18:34:06
                                                  Start date:28/03/2024
                                                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\plumsail-form-2024216-105537.pdf"
                                                  Imagebase:0x7ff6bc1b0000
                                                  File size:5'641'176 bytes
                                                  MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:moderate
                                                  Has exited:true

                                                  General

                                                  Target ID:1
                                                  Start time:18:34:07
                                                  Start date:28/03/2024
                                                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                                  Imagebase:0x7ff74bb60000
                                                  File size:3'581'912 bytes
                                                  MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:moderate
                                                  Has exited:true

                                                  General

                                                  Target ID:3
                                                  Start time:18:34:07
                                                  Start date:28/03/2024
                                                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2080 --field-trial-handle=1568,i,9319185107332236108,1686675044157375733,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                  Imagebase:0x7ff74bb60000
                                                  File size:3'581'912 bytes
                                                  MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:moderate
                                                  Has exited:true

                                                  General

                                                  Target ID:9
                                                  Start time:18:34:31
                                                  Start date:28/03/2024
                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://plumsailforms.blob.core.windows.net/9a82efd0-7ed8-4446-8eeb-7f9b67b5f5d3/4bf2c103-b239-4062-bed8-c7f971eee861/bf1155fb-d125-45ec-9a84-5e69a12a60b7/ab6eaf35-7053238.jpg"
                                                  Imagebase:0x7ff76e190000
                                                  File size:3'242'272 bytes
                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:false

                                                  General

                                                  Target ID:10
                                                  Start time:18:34:32
                                                  Start date:28/03/2024
                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1988,i,11069634344130637693,6430874663071058120,262144 /prefetch:8
                                                  Imagebase:0x7ff76e190000
                                                  File size:3'242'272 bytes
                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:false

                                                  Disassembly

                                                  No disassembly