Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SIGNED!.pdf

Overview

General Information

Sample name:SIGNED!.pdf
Analysis ID:1596695
MD5:1082f5091a4547b47af5508e998f54c6
SHA1:8d1ea39b043b6f51d8e9514e087db380fb04abb1
SHA256:859a3ba09d1fd884fb23fb18c0ddd3ca94a4f9177a917dc8399ca6fd00f43ed2
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Suspicious PDF detected (based on various text indicators)
Detected non-DNS traffic on DNS port
IP address seen in connection with other malware

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 7316 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\SIGNED!.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 7536 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7728 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1668,i,12082452304793903470,8295887645304676423,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • chrome.exe (PID: 6828 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://plumberdenison.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVJrVm1jWGc9JnVpZD1VU0VSMTYwMTIwMjVVMzkwMTE2NTU" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 2648 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2024,i,13734563391823083010,5420562679766661642,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: SIGNED!.pdfVirustotal: Detection: 8%Perma Link

Phishing

barindex
Suspicious PDF detected (based on various text indicators)
Source: Adobe Acrobat PDFOCR Text: SharePoint DOWNLOAD DOCUMENT HERE C) Microsoft 2025
Source: global trafficTCP traffic: 192.168.2.7:63970 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.7:64408 -> 1.1.1.1:53
Source: Joe Sandbox ViewIP Address: 23.209.209.135 23.209.209.135
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 20.101.57.9
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /o/?c3Y9bzM2NV8xX25vbSZyYW5kPVJrVm1jWGc9JnVpZD1VU0VSMTYwMTIwMjVVMzkwMTE2NTU HTTP/1.1Host: plumberdenison.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: plumberdenison.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://plumberdenison.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVJrVm1jWGc9JnVpZD1VU0VSMTYwMTIwMjVVMzkwMTE2NTUAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: plumberdenison.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: plumberdenison.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: 77EC63BDA74BD0D0E0426DC8F80085060.3.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.3.drString found in binary or memory: http://x1.i.lencr.org/
Source: ReaderMessages.1.drString found in binary or memory: https://www.adobe.co
Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
Source: classification engineClassification label: mal52.phis.winPDF@40/54@7/7
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-01-22 05-18-55-478.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: ReaderMessages-journal.1.drBinary or memory string: CREATE TABLE GlobalState (LastSuccessfulSync DATE, HTTPModifiedDate DATE, FileLastModifiedDate DATE, TestPopulation VARCHAR(30), TestSegment VARCHAR(30), ProductName VARCHAR(30), ProductMajorVersion INTEGER, ProductMinorVersion INTEGER, LicenseState VARCHAR(15), Language VARCHAR(15), OEM VARCHAR(15), Channel VARCHAR(15) );
Source: SIGNED!.pdfVirustotal: Detection: 8%
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\SIGNED!.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1668,i,12082452304793903470,8295887645304676423,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://plumberdenison.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVJrVm1jWGc9JnVpZD1VU0VSMTYwMTIwMjVVMzkwMTE2NTU"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2024,i,13734563391823083010,5420562679766661642,262144 /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1668,i,12082452304793903470,8295887645304676423,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2024,i,13734563391823083010,5420562679766661642,262144 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: SIGNED!.pdfInitial sample: PDF keyword /JS count = 0
Source: SIGNED!.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: SIGNED!.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SIGNED!.pdf8%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://plumberdenison.com/favicon.ico0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		high
    e8652.dscx.akamaiedge.net
    		23.209.209.135
    		truefalse
      		high
      www.google.com
      		142.250.185.228
      		truefalse
        		high
        plumberdenison.com
        		72.167.140.51
        		truefalse
          		unknown
          x1.i.lencr.org
          		unknown
          		unknownfalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://plumberdenison.com/favicon.icofalse
            • Avira URL Cloud: safe
            		unknown
            https://plumberdenison.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVJrVm1jWGc9JnVpZD1VU0VSMTYwMTIwMjVVMzkwMTE2NTUfalse
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.3.drfalse
                		high
                https://www.adobe.coReaderMessages.1.drfalse
                  		high

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  142.250.185.228
                  		www.google.comUnited States
                  		15169GOOGLEUSfalse
                  72.167.140.51
                  		plumberdenison.comUnited States
                  		26496AS-26496-GO-DADDY-COM-LLCUSfalse
                  23.209.209.135
                  		e8652.dscx.akamaiedge.netUnited States
                  		23693TELKOMSEL-ASN-IDPTTelekomunikasiSelularIDfalse
                  239.255.255.250
                  		unknownReserved
                  		unknownunknownfalse

                  Private

                  IP
                  192.168.2.7
                  192.168.2.4
                  192.168.2.6

                  General Information

                  Joe Sandbox version:42.0.0 Malachite
                  Analysis ID:1596695
                  Start date and time:2025-01-22 11:17:52 +01:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 5m 45s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:defaultwindowspdfcookbook.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:19
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample name:SIGNED!.pdf
                  Detection:MAL
                  Classification:mal52.phis.winPDF@40/54@7/7
                  Cookbook Comments:
                  • Found application associated with file extension: .pdf
                  • Found PDF document
                  • Close Viewer

                  Warnings

                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, WmiPrvSE.exe, svchost.exe
                  • Excluded IPs from analysis (whitelisted): 184.28.88.176, 172.64.41.3, 162.159.61.3, 50.16.47.176, 18.213.11.84, 34.237.241.83, 54.224.241.105, 199.232.210.172, 2.19.11.117, 2.19.11.122, 172.217.16.195, 108.177.15.84, 142.250.185.206, 142.250.185.78, 142.250.185.238, 142.250.185.142, 142.250.186.106, 142.250.186.42, 216.58.206.74, 142.250.185.74, 142.250.184.234, 142.250.181.234, 216.58.212.170, 216.58.206.42, 172.217.23.106, 142.250.184.202, 142.250.185.138, 142.250.186.74, 142.250.186.138, 142.250.185.234, 142.250.185.202, 142.250.185.170, 142.250.186.78, 172.217.23.110, 216.58.206.46, 216.58.212.142, 142.250.186.99, 142.250.74.206, 172.217.18.14, 216.58.206.78, 172.217.16.206, 142.250.186.142, 142.251.32.110, 74.125.0.102, 13.107.246.45, 2.23.242.162, 52.149.20.212, 23.47.168.24
                  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, slscr.update.microsoft.com, clientservices.googleapis.com, time.windows.com, acroipm2.adobe.com, clients2.google.com, redirector.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, r1---sn-t0aekn7e.gvt1.com, wu-b-net.trafficmanager.net, optimizationguide-pa.googleapis.com, clients1.google.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, armmf.adobe.com, r1.sn-t0aekn7e.gvt1.com, clients.l.google.com, geo2.adobe.com
                  • Not all processes where analyzed, report is missing behavior information

                  Simulations

                  Behavior and APIs

                  TimeTypeDescription
                  05:19:00API Interceptor2x Sleep call for process: AcroCEF.exe modified

                  Joe Sandbox View / Context

                  IPs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  23.209.209.135331438022043626947.jsGet hashmaliciousStrela DownloaderBrowse
                  • x1.i.lencr.org/
                  https://na2.docusign.net/Signing/EmailStart.aspx?a=952db75a-b95d-4990-bad7-b8ca09b525c0&etti=24&acct=a5d48cc1-19dc-46b1-9d58-6ea237bb99fc&er=7ab9da16-aa14-42d2-a3ce-ce370796dec4Get hashmaliciousUnknownBrowse
                  • x1.c.lencr.org/
                  https://comms.cushwakedigital.com/collect/click.aspx?u=cWMxQVMxbjBMeVBFV29obXRTVTlhb0R2RS9pcDNhbnZmMEYyb1MzaWlDQmlIMnBhL0Q5ZThSdkVHRytETXJ5bW8vbFVHSyt2WkJHT0RZVVBXS1hLRkZsNmJnNktCaUZ6&rh=ff00de2d21471cd4df91b51f4c468245cab5fc53Get hashmaliciousUnknownBrowse
                  • x1.c.lencr.org/
                  Brewin-In-Service Agreement.pdfGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                  • x1.i.lencr.org/
                  Kodiak Hub Procurement Ltd Project portfolio 2025_2.pdfGet hashmaliciousUnknownBrowse
                  • x1.i.lencr.org/
                  82368468305205033.jsGet hashmaliciousStrela DownloaderBrowse
                  • x1.i.lencr.org/
                  https://cdn.btmessage.comGet hashmaliciousHTMLPhisherBrowse
                  • x1.c.lencr.org/
                  73451533787796517.jsGet hashmaliciousStrela DownloaderBrowse
                  • x1.i.lencr.org/
                  2303023591829519869.jsGet hashmaliciousStrela DownloaderBrowse
                  • x1.i.lencr.org/
                  7820319161178010558.jsGet hashmaliciousStrela DownloaderBrowse
                  • x1.i.lencr.org/
                  239.255.255.250https://norpor.shop/riiw2-1.mp4Get hashmaliciousUnknownBrowse
                    http://md-pass.comGet hashmaliciousUnknownBrowse
                      https://dnl.hb-fein.de/Get hashmaliciousUnknownBrowse
                        20252201_pdf.htmlGet hashmaliciousUnknownBrowse
                          http://www.nhtfxq.blogspot.ie/Get hashmaliciousPhisherBrowse
                            http://narod.ru//disk/10290564001/sm010%20.pdf.htmGet hashmaliciousHTMLPhisherBrowse
                              http://sahadayiz.com.tr/tec/les/K82cqkpomPEEC3lMMcYg4Gph6AcNsuj8uKaZh/anJvZmVAYmVsbHBvdHRlci5jb20uYXU=Get hashmaliciousHTMLPhisherBrowse
                                https://duskrise.shop/Get hashmaliciousUnknownBrowse
                                  test.htaGet hashmaliciousVidarBrowse
                                    tgeh_1.svgGet hashmaliciousUnknownBrowse

                                      Domains

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      e8652.dscx.akamaiedge.net331438022043626947.jsGet hashmaliciousStrela DownloaderBrowse
                                      • 23.209.209.135
                                      https://www.zeffy.com/en-US/ticketing/9792a5cc-964b-451c-a97d-176fd6d24206Get hashmaliciousHTMLPhisherBrowse
                                      • 2.23.197.184
                                      Brewin-In-Service Agreement.pdfGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                      • 23.209.209.135
                                      Kodiak Hub Procurement Ltd Project portfolio 2025_2.pdfGet hashmaliciousUnknownBrowse
                                      • 23.209.209.135
                                      82368468305205033.jsGet hashmaliciousStrela DownloaderBrowse
                                      • 23.209.209.135
                                      KINXXR6XUW.pdfGet hashmaliciousHTMLPhisherBrowse
                                      • 2.23.197.184
                                      73451533787796517.jsGet hashmaliciousStrela DownloaderBrowse
                                      • 23.209.209.135
                                      2303023591829519869.jsGet hashmaliciousStrela DownloaderBrowse
                                      • 23.209.209.135
                                      7820319161178010558.jsGet hashmaliciousStrela DownloaderBrowse
                                      • 23.209.209.135
                                      26817284322623526.jsGet hashmaliciousStrela DownloaderBrowse
                                      • 23.209.209.135
                                      bg.microsoft.map.fastly.netMSystem32.exeGet hashmaliciousNanocoreBrowse
                                      • 199.232.210.172
                                      Client.exeGet hashmaliciousAsyncRATBrowse
                                      • 199.232.214.172
                                      using python exe.exeGet hashmaliciousUnknownBrowse
                                      • 199.232.210.172
                                      using python exe.exeGet hashmaliciousUnknownBrowse
                                      • 199.232.214.172
                                      https://www.zeffy.com/en-US/ticketing/9792a5cc-964b-451c-a97d-176fd6d24206Get hashmaliciousHTMLPhisherBrowse
                                      • 199.232.214.172
                                      Or#U00e7amento.msiGet hashmaliciousAteraAgentBrowse
                                      • 199.232.210.172
                                      https://axa365.sharepoint.com/:u:/r/sites/AGO1/SBX590743/Midtermshare/CapGemini/ResQ%20x64.msi?csf=1&web=1&e=FgDuBXGet hashmaliciousUnknownBrowse
                                      • 199.232.210.172
                                      Setup.exeGet hashmaliciousUnknownBrowse
                                      • 199.232.210.172
                                      wse1951.exeGet hashmaliciousUnknownBrowse
                                      • 199.232.214.172
                                      wse1951.exeGet hashmaliciousUnknownBrowse
                                      • 199.232.210.172

                                      ASNs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      AS-26496-GO-DADDY-COM-LLCUShttp://drfloresdental.comGet hashmaliciousUnknownBrowse
                                      • 198.12.239.219
                                      https://circle.innovativecsportal.com/cL2QAwuf82oUn6oxR4S8IQKfqiEV2v1uB8rjaBTT+WEfz+dkUsA=Get hashmaliciousUnknownBrowse
                                      • 198.12.239.219
                                      codes.jsGet hashmaliciousAgentTeslaBrowse
                                      • 68.178.135.68
                                      https://sjsenersol.ae/clone/houseGet hashmaliciousUnknownBrowse
                                      • 208.109.224.243
                                      http://donnavanvleck.com/dist/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                      • 132.148.176.204
                                      file.exeGet hashmaliciousDBatLoaderBrowse
                                      • 166.62.27.188
                                      chrome.exeGet hashmaliciousUnknownBrowse
                                      • 166.62.28.147
                                      chrome.exeGet hashmaliciousUnknownBrowse
                                      • 166.62.28.147
                                      https://142.132.167.72.host.secureserver.netGet hashmaliciousUnknownBrowse
                                      • 72.167.132.142
                                      January-16-Reminder-2025.jsGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                      • 166.62.27.188
                                      TELKOMSEL-ASN-IDPTTelekomunikasiSelularID331438022043626947.jsGet hashmaliciousStrela DownloaderBrowse
                                      • 23.209.209.135
                                      Brewin-In-Service Agreement.pdfGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                      • 23.209.209.135
                                      Kodiak Hub Procurement Ltd Project portfolio 2025_2.pdfGet hashmaliciousUnknownBrowse
                                      • 23.209.209.135
                                      82368468305205033.jsGet hashmaliciousStrela DownloaderBrowse
                                      • 23.209.209.135
                                      73451533787796517.jsGet hashmaliciousStrela DownloaderBrowse
                                      • 23.209.209.135
                                      154.213.189.141-arm-2025-01-21T03_19_06.elfGet hashmaliciousMirai, MoobotBrowse
                                      • 182.7.150.151
                                      2303023591829519869.jsGet hashmaliciousStrela DownloaderBrowse
                                      • 23.209.209.135
                                      7820319161178010558.jsGet hashmaliciousStrela DownloaderBrowse
                                      • 23.209.209.135
                                      26817284322623526.jsGet hashmaliciousStrela DownloaderBrowse
                                      • 23.209.209.135
                                      Ccapetillo-Bonus Disbursment Sheet.pdfGet hashmaliciousUnknownBrowse
                                      • 23.209.209.135

                                      JA3 Fingerprints

                                      No context

                                      Dropped Files

                                      No context

                                      Created / dropped Files

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):300
                                      Entropy (8bit):5.20541490814627
                                      Encrypted:false
                                      SSDEEP:6:iOa+EqM+q2PcNwi2nKuAl9OmbnIFUtkMSZmwGM9MVkwOcNwi2nKuAl9OmbjLJ:7a+EqM+vLZHAahFUtkMS/GM9MV54ZHAR
                                      MD5:7A1C34127C81102E84BEF76A69D011DE
                                      SHA1:D55833874C35B238ED501CE17B237B9DC55ABD56
                                      SHA-256:68353440D47B0F0BE505FFF3A65268A3486832970D490B1FCCB5C1F624907D01
                                      SHA-512:4D93581F94551EA2791ACA170AE4F396F1C9ACC4E43D9601859F43394E46652D0E906057B6537870B205C9621C36C064F648A28BA1C879FE9F6303F5217B29B9
                                      Malicious:false
                                      Reputation:low
                                      Preview:2025/01/22-05:18:53.141 1d8c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/01/22-05:18:53.143 1d8c Recovering log #3.2025/01/22-05:18:53.143 1d8c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):300
                                      Entropy (8bit):5.20541490814627
                                      Encrypted:false
                                      SSDEEP:6:iOa+EqM+q2PcNwi2nKuAl9OmbnIFUtkMSZmwGM9MVkwOcNwi2nKuAl9OmbjLJ:7a+EqM+vLZHAahFUtkMS/GM9MV54ZHAR
                                      MD5:7A1C34127C81102E84BEF76A69D011DE
                                      SHA1:D55833874C35B238ED501CE17B237B9DC55ABD56
                                      SHA-256:68353440D47B0F0BE505FFF3A65268A3486832970D490B1FCCB5C1F624907D01
                                      SHA-512:4D93581F94551EA2791ACA170AE4F396F1C9ACC4E43D9601859F43394E46652D0E906057B6537870B205C9621C36C064F648A28BA1C879FE9F6303F5217B29B9
                                      Malicious:false
                                      Reputation:low
                                      Preview:2025/01/22-05:18:53.141 1d8c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/01/22-05:18:53.143 1d8c Recovering log #3.2025/01/22-05:18:53.143 1d8c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):344
                                      Entropy (8bit):5.156951488070106
                                      Encrypted:false
                                      SSDEEP:6:iOaTRq2PcNwi2nKuAl9Ombzo2jMGIFUtk6utZZmwG+PskwOcNwi2nKuAl9Ombzos:7aTRvLZHAa8uFUtk64Z/G+Ps54ZHAa8z
                                      MD5:A98DB358397736BDF6A61D9CFE251D11
                                      SHA1:32D6AFC92835262CCDB359729A3C03F46246EC9F
                                      SHA-256:B82E4D2D6F9EE56F4BFE7E7AF8EBD8039EF1BA16C7C99ACDFBBACE00E1B79405
                                      SHA-512:AD82E8563B4A3CF61A5A45FC755352D554CCCF9A427A9076EC7A61E8BF83D31FE327766D844DEF9E515476D886BE828C6468505E397DD0A5543731243C190830
                                      Malicious:false
                                      Reputation:low
                                      Preview:2025/01/22-05:18:53.178 1e50 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/01/22-05:18:53.180 1e50 Recovering log #3.2025/01/22-05:18:53.184 1e50 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):344
                                      Entropy (8bit):5.156951488070106
                                      Encrypted:false
                                      SSDEEP:6:iOaTRq2PcNwi2nKuAl9Ombzo2jMGIFUtk6utZZmwG+PskwOcNwi2nKuAl9Ombzos:7aTRvLZHAa8uFUtk64Z/G+Ps54ZHAa8z
                                      MD5:A98DB358397736BDF6A61D9CFE251D11
                                      SHA1:32D6AFC92835262CCDB359729A3C03F46246EC9F
                                      SHA-256:B82E4D2D6F9EE56F4BFE7E7AF8EBD8039EF1BA16C7C99ACDFBBACE00E1B79405
                                      SHA-512:AD82E8563B4A3CF61A5A45FC755352D554CCCF9A427A9076EC7A61E8BF83D31FE327766D844DEF9E515476D886BE828C6468505E397DD0A5543731243C190830
                                      Malicious:false
                                      Reputation:low
                                      Preview:2025/01/22-05:18:53.178 1e50 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/01/22-05:18:53.180 1e50 Recovering log #3.2025/01/22-05:18:53.184 1e50 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\51826126-f3ee-46af-8b8f-04c07d4259fe.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:JSON data
                                      Category:modified
                                      Size (bytes):475
                                      Entropy (8bit):4.969257720036079
                                      Encrypted:false
                                      SSDEEP:12:YH/um3RA8sqHysBdOg2HR1caq3QYiubSpDyP7E4T3y:Y2sRds2dMHW3QYhbSpDa7nby
                                      MD5:702CF39529F123650FA85C8BE7515844
                                      SHA1:C76C8277945CC22CA6B37ABFCECD0568E778A85A
                                      SHA-256:21AB48189E69E05352FF71D6C5B82A8EC50FBC0448EA2EBE8BDC788C9023BB56
                                      SHA-512:7A2C91D24194FCE3CAB1605173766861EDA8156822119E272BAA01EC25020C908382C1B6D8135E4DBC6C361EC7D425CE0BD181DF090AE59C72B00CC12C166BE3
                                      Malicious:false
                                      Reputation:low
                                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13382101145013687","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":141960},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):475
                                      Entropy (8bit):4.969814904260269
                                      Encrypted:false
                                      SSDEEP:12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4T3y:Y2sRdsRdMHSOL3QYhbSpDa7nby
                                      MD5:7BE9C8316EB1B7252CB363207744A145
                                      SHA1:57861355BE6541501AED40F896891579DCF473BF
                                      SHA-256:B8F7FC35C094B26B18BB46BB695F1D520904FF063398D86C5B06FD3E20F1881D
                                      SHA-512:2C7A056CDC3EF05D5E62822CC0BD835FA80CD06131CB76BF559B1D06F735A279C7DCEDE51F1E3A418596573CC960BAFAA038A45966E8007F671F7B6BFFD885DB
                                      Malicious:false
                                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341052428587673","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146366},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF39e375.TMP (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):475
                                      Entropy (8bit):4.969814904260269
                                      Encrypted:false
                                      SSDEEP:12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4T3y:Y2sRdsRdMHSOL3QYhbSpDa7nby
                                      MD5:7BE9C8316EB1B7252CB363207744A145
                                      SHA1:57861355BE6541501AED40F896891579DCF473BF
                                      SHA-256:B8F7FC35C094B26B18BB46BB695F1D520904FF063398D86C5B06FD3E20F1881D
                                      SHA-512:2C7A056CDC3EF05D5E62822CC0BD835FA80CD06131CB76BF559B1D06F735A279C7DCEDE51F1E3A418596573CC960BAFAA038A45966E8007F671F7B6BFFD885DB
                                      Malicious:false
                                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341052428587673","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146366},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\aa684cbd-39ab-45e2-88f8-71ee1454dab1.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):475
                                      Entropy (8bit):4.969814904260269
                                      Encrypted:false
                                      SSDEEP:12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4T3y:Y2sRdsRdMHSOL3QYhbSpDa7nby
                                      MD5:7BE9C8316EB1B7252CB363207744A145
                                      SHA1:57861355BE6541501AED40F896891579DCF473BF
                                      SHA-256:B8F7FC35C094B26B18BB46BB695F1D520904FF063398D86C5B06FD3E20F1881D
                                      SHA-512:2C7A056CDC3EF05D5E62822CC0BD835FA80CD06131CB76BF559B1D06F735A279C7DCEDE51F1E3A418596573CC960BAFAA038A45966E8007F671F7B6BFFD885DB
                                      Malicious:false
                                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341052428587673","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146366},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):4509
                                      Entropy (8bit):5.226051177458113
                                      Encrypted:false
                                      SSDEEP:96:CwNwpDGHqPySfkcr2smSX8I2OQCDh28wDtPdLvjPSLZ:CwNw1GHqPySfkcigoO3h28ytP1vjPQZ
                                      MD5:7AF98FBE220FE4CB1E55588A56BF7F39
                                      SHA1:140C58CAFD8D41BCB2845F9D24F23D5A3AD03A62
                                      SHA-256:0F82F489D4C1C38742CCE84157DA1F1C4DC56A265EF8C91F35289E4DAB97660F
                                      SHA-512:8EB830B4977AC76A93AEC7DA53646A4F4F6A32194D57DCA83846AF8FF88D1FE224EA944C3CC8BD645C5193217C2E48B2FEB908DA089BCBB5A4E1FAC538B01583
                                      Malicious:false
                                      Preview:*...#................version.1..namespace-.aw.o................next-map-id.1.Pnamespace-aa11265e_f35e_4e5d_85db_f163e1c0f691-https://rna-resource.acrobat.com/.0I.$.r................next-map-id.2.Snamespace-9a9aa6d6_c307_4dda_b6c0_dc91084c8e68-https://rna-v2-resource.acrobat.com/.1!...r................next-map-id.3.Snamespace-1fbd9dc5_70a3_4975_91b4_966e0915c27a-https://rna-v2-resource.acrobat.com/.2..N.o................next-map-id.4.Pnamespace-0e0aed8d_6d6f_4be0_b28f_8e02158bc792-https://rna-resource.acrobat.com/.3*.z.o................next-map-id.5.Pnamespace-52652c26_09c2_43f2_adf7_da56a1f00d32-https://rna-resource.acrobat.com/.4.{.^...............Pnamespace-aa11265e_f35e_4e5d_85db_f163e1c0f691-https://rna-resource.acrobat.com/.C..r................next-map-id.6.Snamespace-3a89c6b0_72b9_411a_9e44_fa247f34ac91-https://rna-v2-resource.acrobat.com/.5.q._r................next-map-id.7.Snamespace-02b23955_9103_42e0_ba64_3f8683969652-https://rna-v2-resource.acrobat.com/.6..d.o..............

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):332
                                      Entropy (8bit):5.205704728838779
                                      Encrypted:false
                                      SSDEEP:6:iOabtGq2PcNwi2nKuAl9OmbzNMxIFUtkZlFZZmwGrkwOcNwi2nKuAl9OmbzNMFLJ:7abtGvLZHAa8jFUtkn/Gr54ZHAa84J
                                      MD5:DEB0754AD2B027C2A2FD599AD98D65C9
                                      SHA1:2126743FFAC34153FE976C7C87AE9A3FDE6F4AC9
                                      SHA-256:604474C41D9D74A0A055A2A87DEB345F6F12440EA186EF03D12263808C44B10F
                                      SHA-512:00300D1E362D3F54F9CF89DA1AE4234C71B0298EC36B56D3F5557374CD43C0CF1461F22F3D59B07A0EB1ADBEBDF77FD495D768BBB664C3BFD59F415799252E35
                                      Malicious:false
                                      Preview:2025/01/22-05:18:53.649 1e50 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/01/22-05:18:53.665 1e50 Recovering log #3.2025/01/22-05:18:53.678 1e50 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):332
                                      Entropy (8bit):5.205704728838779
                                      Encrypted:false
                                      SSDEEP:6:iOabtGq2PcNwi2nKuAl9OmbzNMxIFUtkZlFZZmwGrkwOcNwi2nKuAl9OmbzNMFLJ:7abtGvLZHAa8jFUtkn/Gr54ZHAa84J
                                      MD5:DEB0754AD2B027C2A2FD599AD98D65C9
                                      SHA1:2126743FFAC34153FE976C7C87AE9A3FDE6F4AC9
                                      SHA-256:604474C41D9D74A0A055A2A87DEB345F6F12440EA186EF03D12263808C44B10F
                                      SHA-512:00300D1E362D3F54F9CF89DA1AE4234C71B0298EC36B56D3F5557374CD43C0CF1461F22F3D59B07A0EB1ADBEBDF77FD495D768BBB664C3BFD59F415799252E35
                                      Malicious:false
                                      Preview:2025/01/22-05:18:53.649 1e50 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/01/22-05:18:53.665 1e50 Recovering log #3.2025/01/22-05:18:53.678 1e50 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250122101857Z-169.bmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
                                      Category:dropped
                                      Size (bytes):71190
                                      Entropy (8bit):0.4901535586471527
                                      Encrypted:false
                                      SSDEEP:96:eQ9qF+fFFUFFFwWg2RTFFlsF23nq1N9Cp9rKRAIK:eQrM7O2pgAf
                                      MD5:C27B68F5EF565F0EA9F2663C451E16EA
                                      SHA1:162436E85E996ED4F4515E7331C8D87FAFB5786B
                                      SHA-256:A9B81A0BF75973F564D1B07310896638AAECE72353211B7BA384DD750925AD98
                                      SHA-512:EEDD0ECAE83B8ECFDFBFA655A160426134F12A0984E2C3F9A56A3174E8D32F6E9B13424D984FCC25896CB9E5ACD7DB7145DB693FBA71A8A677DB655426B0C45F
                                      Malicious:false
                                      Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                                      Category:dropped
                                      Size (bytes):86016
                                      Entropy (8bit):4.438719441249125
                                      Encrypted:false
                                      SSDEEP:384:yeaci5GEiBA7vEmzKNURFXoD1NC1SK0gkzPlrFzqFK/WY+lUTTcKqZ5bEmzVz:1IurVgazUpUTTGt
                                      MD5:27CC421157397AF20343AE601FE73FFF
                                      SHA1:DEA87971F0D469F9D7495113E5D00ACB41977481
                                      SHA-256:EBEE077A1A9E383A3DC7D0B5239764ECB1CC439AA777278B34411A8CE57E8CA7
                                      SHA-512:3E7EA5D9DE989AF06069641349E3C64CB29C53560585C660E3BE35FED8A840EA041D0EF4D90D7103FDFFE2BE6DFF3EC49D5450CAC48E154802D37FD33E474B83
                                      Malicious:false
                                      Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:SQLite Rollback Journal
                                      Category:dropped
                                      Size (bytes):8720
                                      Entropy (8bit):3.7737980260067725
                                      Encrypted:false
                                      SSDEEP:48:7Msp/E2ioyVtioy3DoWoy1CABoy1NKOioy1noy1AYoy1Wioy1hioybioyhoy1noQ:7vpjut0iAbXKQE4b9IVXEBodRBkq
                                      MD5:3B422852E2FA567DFFB61871F9286109
                                      SHA1:23CA06CBB0FAF8DC149F0A08C66487470C70D186
                                      SHA-256:394ECBAFDDCB6E97BF62F2D3F4EAD750FC630A58D63495D5CCA256F032FF1F09
                                      SHA-512:B5768983F7B4D520A3C6CE2019AA502D4CF9F0F29C0034DFC8C40BA6DB1EEAAE5A42271748CAC95E99D79936C0C288A8E1EECE7B7D2349176B06CC505677BF3B
                                      Malicious:false
                                      Preview:.... .c.....;.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:Certificate, Version=3
                                      Category:dropped
                                      Size (bytes):1391
                                      Entropy (8bit):7.705940075877404
                                      Encrypted:false
                                      SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                                      MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                      SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                      SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                      SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                      Malicious:false
                                      Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                      Category:dropped
                                      Size (bytes):71954
                                      Entropy (8bit):7.996617769952133
                                      Encrypted:true
                                      SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                      MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                      SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                      SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                      SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                      Malicious:false
                                      Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):192
                                      Entropy (8bit):2.7569015731729736
                                      Encrypted:false
                                      SSDEEP:3:kkFkls1O31fllXlE/HT8k7xlrtNNX8RolJuRdxLlGB9lQRYwpDdt:kK11OmT8yxpNMa8RdWBwRd
                                      MD5:9C550805DDE0F09F6DA8D647A042C588
                                      SHA1:7C52E9CB7F4421C17D6A9A90A187A80EFCF705C7
                                      SHA-256:A299369BE68EB668381F05E9E40C760E8FA53E932F7EAC8E74B4BB372D66F570
                                      SHA-512:272E32AA0587A628D99BE3A1096E62E6DC350DF579900194A174D43080F6D90D872DE4742262CF18A3E23A2F789BDBA968392B0DB2799D2CDC942653C88E30DB
                                      Malicious:false
                                      Preview:p...... ..........&..l..(....................................................... ..........W...................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:data
                                      Category:modified
                                      Size (bytes):328
                                      Entropy (8bit):3.234591379520365
                                      Encrypted:false
                                      SSDEEP:6:kKz7UbT9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:7A2DImsLNkPlE99SNxAhUe/3
                                      MD5:8DF883E04B3673F64D0659A245753DD3
                                      SHA1:D8A9021299EC4786BB4C714CEC3760C02CFD53D9
                                      SHA-256:1D1145B78D2487A6DC1D0E01B7D8F28CC9251D9E1741F899C0DE27127B4300E1
                                      SHA-512:B2FBCCD527C42D824E1CA7B51B514338F6548E9943E8DCD8FAEEDF7031719FBFCEC2A7E3CEFD391EA98458F03633A8151785F6B94772028004858FA8DBD03F4C
                                      Malicious:false
                                      Preview:p...... ..........^ .l..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:PostScript document text
                                      Category:dropped
                                      Size (bytes):1233
                                      Entropy (8bit):5.233980037532449
                                      Encrypted:false
                                      SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                      MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                      SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                      SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                      SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                      Malicious:false
                                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7372

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:PostScript document text
                                      Category:dropped
                                      Size (bytes):1233
                                      Entropy (8bit):5.233980037532449
                                      Encrypted:false
                                      SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                      MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                      SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                      SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                      SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                      Malicious:false
                                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:PostScript document text
                                      Category:dropped
                                      Size (bytes):1233
                                      Entropy (8bit):5.233980037532449
                                      Encrypted:false
                                      SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                      MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                      SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                      SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                      SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                      Malicious:false
                                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:PostScript document text
                                      Category:dropped
                                      Size (bytes):10880
                                      Entropy (8bit):5.214360287289079
                                      Encrypted:false
                                      SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                                      MD5:B60EE534029885BD6DECA42D1263BDC0
                                      SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                      SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                      SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                      Malicious:false
                                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.7372

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:PostScript document text
                                      Category:dropped
                                      Size (bytes):10880
                                      Entropy (8bit):5.214360287289079
                                      Encrypted:false
                                      SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                                      MD5:B60EE534029885BD6DECA42D1263BDC0
                                      SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                      SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                      SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                      Malicious:false
                                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):295
                                      Entropy (8bit):5.363032207069321
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXFgnICA51YWsGiIPEeOF0YuTzKoAvJM3g98kUwPeUkwRe9:YvXKXFgnSbsdTeOOTz5GMbLUkee9
                                      MD5:87645C8B4FD056B909A4E6E23D6AED4F
                                      SHA1:AD24DA405488A70745A3A382B3015F7FBC379C5E
                                      SHA-256:E5AD29395A7153D833C01395E9441E8D06B6073926AC220B8866B9B8F7EE8870
                                      SHA-512:BA07C47A8AA4BF6A34CA4BD9DB7B83D82A560B2E38F1990FD28501C4366BA83277E881D6C627C805290C2656275FB0BCDE80F4DB1A7C98911AE7B3115704466E
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"26a804fb-5dab-4eca-a3e3-d853e23b9328","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1737717257568,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):294
                                      Entropy (8bit):5.297641508153565
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXFgnICA51YWsGiIPEeOF0YuTzKoAvJfBoTfXpnrPeUkwRe9:YvXKXFgnSbsdTeOOTz5GWTfXcUkee9
                                      MD5:AFD2E089331E0D3FF7F177CBBD532619
                                      SHA1:D9FD5DB8CAE43895D3B1BD568A778997D3292C72
                                      SHA-256:0F783DEC33ED491F2E27979537AFAFEA9BE20CD7AA1ACACBE9B513DC277854E1
                                      SHA-512:3BD8BEA8446451EBBAA0AD841891EAF3A85CB7ACAB5533D33E0C54C2C0F5225E15177D497840D66550AF64351F9D6080B0AAA9099A3D6F475241259ECA4B9295
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"26a804fb-5dab-4eca-a3e3-d853e23b9328","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1737717257568,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):294
                                      Entropy (8bit):5.276909302068235
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXFgnICA51YWsGiIPEeOF0YuTzKoAvJfBD2G6UpnrPeUkwRe9:YvXKXFgnSbsdTeOOTz5GR22cUkee9
                                      MD5:C39060BE2B646FFEA5A0C88655FA6C00
                                      SHA1:F68B589A8DE50935D7344172198304EBD550A24D
                                      SHA-256:E4B094332B68E4E5255271188059A6A3787AE1036FAABD756F4299EC0B9C385D
                                      SHA-512:894D2F75AB4E8E9ECD435F2B8476546E517D51860C23EB14A2D4F20C650BCFD56A88AF8362B6A2A6BF4ACA6ACBE2610FAB9CCCEDB2D488EE9E59E1197A654188
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"26a804fb-5dab-4eca-a3e3-d853e23b9328","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1737717257568,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):285
                                      Entropy (8bit):5.3498988898996505
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXFgnICA51YWsGiIPEeOF0YuTzKoAvJfPmwrPeUkwRe9:YvXKXFgnSbsdTeOOTz5GH56Ukee9
                                      MD5:B7654C4B2ACC63A993B3199E8F691963
                                      SHA1:98F9B50A1961F644017596A7F06EC4DDDD6E354F
                                      SHA-256:5B1FC82E2C4E4A5934502F2054047B73FB7B0224E2FE86285CA1EB90849B7263
                                      SHA-512:65DB78E0A7A908B60EE94492F6466001911AC83DA43645A28AE5E048AC0F8A0AE1AB3D47ED76DB339E21C28B5E6F8793F24CEFB6986636AD2ABB147A9478457A
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"26a804fb-5dab-4eca-a3e3-d853e23b9328","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1737717257568,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):1123
                                      Entropy (8bit):5.686491507364068
                                      Encrypted:false
                                      SSDEEP:24:Yv6Xm+meO6epLgE9cQx8LennAvzBvkn0RCmK8czOCCSg:YvTeChgy6SAFv5Ah8cv/g
                                      MD5:4894605C667C75CA1C1BC1A5D250A1B0
                                      SHA1:7B7651D01E99E9830D5A8BC835B501B1D36531C7
                                      SHA-256:7DA83E4D101CBAEF8905519A52B8866D42C621CDE4696E7E603A6863DE108CB2
                                      SHA-512:4F72B0CAE9F5378E410933B00D26DC796E25A18215D2E6C94420DD0ECB27C792B56051731A8C706D80EA9674933F069D2AB00E339F7622C5663DF8D7A3F2B80C
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"26a804fb-5dab-4eca-a3e3-d853e23b9328","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1737717257568,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):289
                                      Entropy (8bit):5.283853883257157
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXFgnICA51YWsGiIPEeOF0YuTzKoAvJf8dPeUkwRe9:YvXKXFgnSbsdTeOOTz5GU8Ukee9
                                      MD5:B3B4E68AE79A09C50370F46ECCF7AECF
                                      SHA1:C0B68BA197C86FAE617AC19477BF4C533896B51A
                                      SHA-256:FABF0261510AB5D7A7044B866CBE394911806A457DC8F73C8D1BF833A5063DEF
                                      SHA-512:DB67E60C406B2FFDF8B32F24339AB99F163519899971E68273FC5F6EAF06BE4A967D43ACB874FD55ABD545DD3734AED21B48E9CAB787C35D8AE7AB654E34E21B
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"26a804fb-5dab-4eca-a3e3-d853e23b9328","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1737717257568,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):292
                                      Entropy (8bit):5.2882112030379265
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXFgnICA51YWsGiIPEeOF0YuTzKoAvJfQ1rPeUkwRe9:YvXKXFgnSbsdTeOOTz5GY16Ukee9
                                      MD5:397D597FB77D9460C034BD9FF2C8E4AB
                                      SHA1:4CAC5092BB603969FDEB6D8287412E6DA26BEF7F
                                      SHA-256:63D5067B80E3913613DFCFD6771C2072D8FBBF34D0BD2B0C6A97EEAD9AF56ACF
                                      SHA-512:527BB0E0FAC348937FF83E511E208B2B692A8DC39D32D05A4BB279468E7090A847F5762B0F25EE683B9A6A670EE99869EE5B76E0996EF002DF681F481A981366
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"26a804fb-5dab-4eca-a3e3-d853e23b9328","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1737717257568,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):289
                                      Entropy (8bit):5.3028150505301515
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXFgnICA51YWsGiIPEeOF0YuTzKoAvJfFldPeUkwRe9:YvXKXFgnSbsdTeOOTz5Gz8Ukee9
                                      MD5:00F3D355E2A2716C1150FB5F2CE5400E
                                      SHA1:10CD4FE9AE6C0B642D1390314824A11B62A02D0C
                                      SHA-256:765EA88AC0058D66F688DBC9FFD3D83EF1EA26D11B4DA54B878DE0857916D3C6
                                      SHA-512:176351978E6DF126989307F276FF2FB1CF5C86C537FDD19F450AB67387101D0E11F1DAD3FC00E1E11BA8AAEFAEEE2D0A2297180C152337FECB3ECAB06774CECE
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"26a804fb-5dab-4eca-a3e3-d853e23b9328","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1737717257568,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):295
                                      Entropy (8bit):5.309023285500166
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXFgnICA51YWsGiIPEeOF0YuTzKoAvJfzdPeUkwRe9:YvXKXFgnSbsdTeOOTz5Gb8Ukee9
                                      MD5:15DEB30B25B92B6CB67D2DE894C9CE7A
                                      SHA1:A5C87D4E4EBA68C7D5978B215BAA866EB2B6EED6
                                      SHA-256:DB53F3BD15270EFFD4C8C551F73C5554FE8837A63B49322E1875F693AD8C9294
                                      SHA-512:C953CA1414DF2FA03A9EA9A713650C106765F2F7E7EC8BD398334ABC3E00929460641AE7D66566D2757ACC1BEEE4E1BD96AA7B3F6AF5EDE8AC6D2009AA429DB3
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"26a804fb-5dab-4eca-a3e3-d853e23b9328","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1737717257568,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):289
                                      Entropy (8bit):5.2899926871150384
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXFgnICA51YWsGiIPEeOF0YuTzKoAvJfYdPeUkwRe9:YvXKXFgnSbsdTeOOTz5Gg8Ukee9
                                      MD5:0DA6336CB0999721F2CAC6C5E95258C7
                                      SHA1:C373EFB2697A181063993D68B3FB7E70B44FE5B0
                                      SHA-256:B6A094D66A46B47D72545DD627A19561F32C85FAC7BB27938B9C3E33E055F983
                                      SHA-512:911B933288753FAFE71B194ABA7ECBAABBF9FAFFACC02C6877AA42E7864309292A4E0F1C7FB7358357BE1E369FB1CE64F6FD1F4FCCC7CB98C933F8072BFA4347
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"26a804fb-5dab-4eca-a3e3-d853e23b9328","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1737717257568,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):284
                                      Entropy (8bit):5.27644822847237
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXFgnICA51YWsGiIPEeOF0YuTzKoAvJf+dPeUkwRe9:YvXKXFgnSbsdTeOOTz5G28Ukee9
                                      MD5:0F0EDDE76D05BFBD34430E740F5F38B8
                                      SHA1:059C46B30FA092CDCA9610F7466421B7F51DB6FD
                                      SHA-256:FCBE64BE3D24CB80A090DB5092045D0BE6EBB1EECEF09E82F53B7034017E3A3D
                                      SHA-512:6CF9B098BE4BB0B1E43375A696A3B4CEEF842A3A72D6C12F6FCE41CCB60B71B678B24923601E7AC993DCBC171C07675912C28D7A70C9A65A284C3CBAF67BA4EB
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"26a804fb-5dab-4eca-a3e3-d853e23b9328","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1737717257568,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):291
                                      Entropy (8bit):5.273608563571618
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXFgnICA51YWsGiIPEeOF0YuTzKoAvJfbPtdPeUkwRe9:YvXKXFgnSbsdTeOOTz5GDV8Ukee9
                                      MD5:35EF265C3BD6BD3AA78F2FA712B2DFC5
                                      SHA1:F8CE7C50A7EAEB04730953C520D9ABF62FD4F23A
                                      SHA-256:4E0734AB1AA8AA94E29C23F478E5EA7459429F32E560B7B4623DAE39326D27AD
                                      SHA-512:D10D605B06B443EAA37414B28DC4C226507C8EB55D607A0149816173730598B2F51A685669D8EFA4D3595DD5171B70579A36DF3C66A27381ADD17ADC46888D97
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"26a804fb-5dab-4eca-a3e3-d853e23b9328","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1737717257568,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):287
                                      Entropy (8bit):5.278696776806454
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXFgnICA51YWsGiIPEeOF0YuTzKoAvJf21rPeUkwRe9:YvXKXFgnSbsdTeOOTz5G+16Ukee9
                                      MD5:D8E44864A205CF0C22E649BD8F4B2885
                                      SHA1:C9FA71EED2AA6DB097D46413330D2F0AF45B4A79
                                      SHA-256:54107A336942BB9F757788DC8C52407A95E5B8120093D9DBDDE284B554AE6009
                                      SHA-512:AC3038FA56E86A4B7192F017D7550042BCAF4CA2A253D32493EDF24EBE33CCCF1550AE8700ACAD4F2335E4EF4D6E072E7996F6CC8B3B5C2FDDA13DADA1757563
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"26a804fb-5dab-4eca-a3e3-d853e23b9328","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1737717257568,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):1090
                                      Entropy (8bit):5.662335700478208
                                      Encrypted:false
                                      SSDEEP:24:Yv6Xm+meO6CamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSj1:YvTegBgkDMUJUAh8cvMj1
                                      MD5:7522EB4A1F87D6B376B56C6CF7AEFD3D
                                      SHA1:30DC300EEDCD6F66DFEA4B889D0E999EC1569E77
                                      SHA-256:68FD442B06C39690E800D2DAE5963946A2CEA6AB592A8CAE3F7A4BD04F054CF9
                                      SHA-512:BA0E0F257F1A241AA5D6292494C147ABFD9D8454A7D55281CD8262DF905C8B19F442554E80C2FF3064F76B4F125217719B9B9E8F6B33306C488284D3156826AA
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"26a804fb-5dab-4eca-a3e3-d853e23b9328","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1737717257568,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):286
                                      Entropy (8bit):5.2540079997207085
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXFgnICA51YWsGiIPEeOF0YuTzKoAvJfshHHrPeUkwRe9:YvXKXFgnSbsdTeOOTz5GUUUkee9
                                      MD5:267B0C9194A7C4F4324CF4F7FFCF39E3
                                      SHA1:592B33B07817A2EE611CA6E198C38E5DBFBCD8F5
                                      SHA-256:922AF33190FEF365607784879F9D108D1ED15E72F8BFE4DB799136824E513114
                                      SHA-512:FE4078AEE20C3278241594672912DA5D4DCC1666BB0F04BAEFE96A0001B87E7F2D33FDC630375110813C7E91E4B2CA774E4A51E84668189F1D341057EE83605B
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"26a804fb-5dab-4eca-a3e3-d853e23b9328","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1737717257568,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):282
                                      Entropy (8bit):5.275767245595689
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXFgnICA51YWsGiIPEeOF0YuTzKoAvJTqgFCrPeUkwRe9:YvXKXFgnSbsdTeOOTz5GTq16Ukee9
                                      MD5:E67C22D4694239FFAC8FAE8AC9DB67C7
                                      SHA1:DA455AD44B2968359A8E53C354993ECE20A1C437
                                      SHA-256:E48AE93EDF0260383AC6F02FD0F82E0103AB22ED7D6C4841E75BE51B4004925E
                                      SHA-512:0F43AABB5921B3D6FC8EC8E22878DDE7FE9D8ED6080D011DB8FC7CF89C5CBC4AA43C8FD7AC3782EA7309D7CFC73D393AB35DAC97147AEC67260F6BB6C8DB4AE3
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"26a804fb-5dab-4eca-a3e3-d853e23b9328","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1737717257568,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):4
                                      Entropy (8bit):0.8112781244591328
                                      Encrypted:false
                                      SSDEEP:3:e:e
                                      MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                      SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                      SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                      SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                      Malicious:false
                                      Preview:....

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):2814
                                      Entropy (8bit):5.131192359708444
                                      Encrypted:false
                                      SSDEEP:24:YjhEca4Fay/sAk0nn/R6jyEKO4WExOmr5jRUSj0SJB41YE2UvKUB2LSJDCVMD8pm:YjA+/R609HO4fUBBCM7q4I1/J1Yz9Us
                                      MD5:C3B0E5AFA20A7E408F67D781AF396353
                                      SHA1:A4D421FF18469DEE842ECA25B9C850048F0E1950
                                      SHA-256:412A1348CD8D08E7B2C093CB0DABE72C8463F399B0342153A3DEDB418E13F10F
                                      SHA-512:7F0B2E7475EF126FD93B3E302906523C25D1A5BE8A79E0F0A823CEB8EF05911024325E04F227C2D86F82CC509646139453434B1B1C63447896D928CB54BDC859
                                      Malicious:false
                                      Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"eb44574b1720aa682247dcba84f0d728","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1737541141000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"c1ac77c0013b0d49d69b34f95cd2de70","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1737541141000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"29046b7620747a364a64b3db49bb0f2f","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1737541141000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"5c001224f6be4beeb436ccb0044760a7","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1737541141000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"4008335971a3423118548bcf82ac8d45","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1737541141000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"75520497a0d695ad554926f2a77a18c1","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                                      Category:dropped
                                      Size (bytes):12288
                                      Entropy (8bit):1.4533096535355847
                                      Encrypted:false
                                      SSDEEP:48:TGufl2GL7msCvrBd6dHtbGIbPe0K3+fDy2dsdlv:lNVmsw3SHtbDbPe0K3+fDZdo
                                      MD5:673635DCBA056A1D6F831CB6BF75720E
                                      SHA1:20ED5FDE03528FD5BD91B5103FA6BBF82A199128
                                      SHA-256:27B933844A241CA1566A361C77FCE31B2A21BC94FC98271F7E3C796A3EEE9042
                                      SHA-512:BD10B2F07E0724D3C270FA8B10C0DC4D7197DA7E9314E1B0A4BA0198866BBE3B3C2CA3ECFAB48C0D82821DABCBA533A1829628288E6958308898EA33C647893D
                                      Malicious:false
                                      Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:SQLite Rollback Journal
                                      Category:dropped
                                      Size (bytes):8720
                                      Entropy (8bit):1.9575582864617314
                                      Encrypted:false
                                      SSDEEP:48:7M1rvrBd6dHtbGIbPe0K3+fDy2dso4qFl2GL7msq0:703SHtbDbPe0K3+fDZd2KVmsq0
                                      MD5:280CA7D807E3E2F58655DCC8C7A6C6E1
                                      SHA1:597FE2FB787E31CD2F3AA724005182A803263500
                                      SHA-256:4878F9E4FE3E3798AA30CD37C2ADDAB51A65DBCE468E89E15B1BAD42C0733435
                                      SHA-512:7ECA60B7A61F07D79C3376F0F2BCBE5E8123663C120519988FE8E98E7135DBB789D8B39C585E56865D40E18859818A3853FA72C8BA9899FC260F7715ADC3261D
                                      Malicious:false
                                      Preview:.... .c.....Q/](......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................v.../.././././....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):66726
                                      Entropy (8bit):5.392739213842091
                                      Encrypted:false
                                      SSDEEP:768:RNOpblrU6TBH44ADKZEgFM7GUOzygFIu2VlFbuR9tfDJYyu:6a6TZ44ADEFM7GLugWHVzqK
                                      MD5:BD4507E2E992C217F2836E69D0CD3BC0
                                      SHA1:F68B1EBD0EEC508A6532882FA9F0D333E513D265
                                      SHA-256:4DCF2730D02141F8FE177D6294E02573940D0F856A3A2056D25023E4CF1EC76F
                                      SHA-512:1F0B82F55CD6B4371EB5176CD9F41F1B6B55AA8A23F2D6BDC735ADC12202AE9F4F3FD52FDF9E661BFC7D38A7AB950FB180430197DF6F0BB046989187C62D5BEC
                                      Malicious:false
                                      Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

                                      C:\Users\user\AppData\Local\Temp\MSI99d63.LOG

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):246
                                      Entropy (8bit):3.4965336456103326
                                      Encrypted:false
                                      SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8UCl4fUGYlYH:Qw946cPbiOxDlbYnuRKFf2YH
                                      MD5:7721CA55CC04EFB45C53C191F621F650
                                      SHA1:97D96B6275E5D50B61A423B70F2941C7E43BFDAF
                                      SHA-256:5F90924D560832D89EEFD0430805B3F3652114BCC4C332EAF5F97686E0C96C57
                                      SHA-512:ABB3680F1D4DBA2837D9B3A311F7971CA332190CCAC7334FAEEEF55DEB211BB0D8C53F40E5C418DFD015F57E0D0A56474B5C230B8FB79B4C69DBE6377F38D43E
                                      Malicious:false
                                      Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.2./.0.1./.2.0.2.5. . .0.5.:.1.9.:.0.0. .=.=.=.....

                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-01-22 05-18-55-478.log

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:ASCII text, with very long lines (393)
                                      Category:dropped
                                      Size (bytes):16525
                                      Entropy (8bit):5.386483451061953
                                      Encrypted:false
                                      SSDEEP:384:A2+jkjVj8jujXj+jPjghjKj0jLjmF/FRFO7t75NsXNsbNsgNssNsNNsaNsliNsTY:AXg5IqTS7Mh+oXChrYhFiQHXiz1W60ID
                                      MD5:F49CA270724D610D1589E217EA78D6D1
                                      SHA1:22D43D4BB9BDC1D1DEA734399D2D71E264AA3DD3
                                      SHA-256:D2FFBB2EF8FCE09991C2EFAA91B6784497E8C55845807468A3385CF6029A2F8D
                                      SHA-512:181B42465DE41E298329CBEB80181CBAB77CFD1701DBA31E61B2180B483BC35E2EFAFFA14C98F1ED0EDDE67F997EE4219C5318CE846BB0116A908FB2EAB61D29
                                      Malicious:false
                                      Preview:SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:808+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="SetConfig:

                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):15114
                                      Entropy (8bit):5.358140486588795
                                      Encrypted:false
                                      SSDEEP:384:MONYDYqY7YVYEY1TYcYbY9YUYWYlbHKbqaBlqlG0s0w3H3T3C3535VeeeSeYMGME:MoK16KxoTNU8ftyrKeEA0jB3jSpnjDld
                                      MD5:735818933CE140189E4CAC8EE1E26AA6
                                      SHA1:EBF7573C70DABD4770867616FE9057DF0BB9CA8F
                                      SHA-256:A0F506DE60FDC5A2AD1E46EB88E78B63C95AC8B335A2604361A861C6C522B198
                                      SHA-512:6C3AC3C6F9CCD5A627EFC330C39F885A089A84A8B6E251B94F529C7F2BF1C1D7C28662828E067141FFFD3D27685B3183FCD290F3EEC0D4DEC743DEB2998A69F6
                                      Malicious:false
                                      Preview:SessionID=87771df2-46c8-4e9e-8bab-f890bec8b0bb.1737541135511 Timestamp=2025-01-22T05:18:55:511-0500 ThreadID=4716 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=87771df2-46c8-4e9e-8bab-f890bec8b0bb.1737541135511 Timestamp=2025-01-22T05:18:55:513-0500 ThreadID=4716 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=87771df2-46c8-4e9e-8bab-f890bec8b0bb.1737541135511 Timestamp=2025-01-22T05:18:55:513-0500 ThreadID=4716 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=87771df2-46c8-4e9e-8bab-f890bec8b0bb.1737541135511 Timestamp=2025-01-22T05:18:55:513-0500 ThreadID=4716 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=87771df2-46c8-4e9e-8bab-f890bec8b0bb.1737541135511 Timestamp=2025-01-22T05:18:55:513-0500 ThreadID=4716 Component=ngl-lib_NglAppLib Description="SetConf

                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):35721
                                      Entropy (8bit):5.409089757778665
                                      Encrypted:false
                                      SSDEEP:768:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gRldy0+AyxkHBDgRh9gRD:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gRF
                                      MD5:EF7C0C97F74CF84B216F735963F0D663
                                      SHA1:F744B3A0CC20232814958460F3C9E7570B0B3A3C
                                      SHA-256:EE8D2D5E958FFA9A92F2D1FEE7D542DEEB8C78998653B1C098496EC8B7403F0A
                                      SHA-512:8650DBB7C0EBAB466D71806C9426FD19CA58BACF0CE565E76F19AC0AA9163927E352742841D6656B3BB682BB23B12E3E4E42674C4A30A5E8E81C08625E4A3983
                                      Malicious:false
                                      Preview:05-10-2023 08:41:17:.---2---..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 08:41:17:.Closing File..05-10-

                                      C:\Users\user\AppData\Local\Temp\acrocef_low\3f02b986-ec5f-4848-a56b-3b1b4563ce84.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                      Category:dropped
                                      Size (bytes):758601
                                      Entropy (8bit):7.98639316555857
                                      Encrypted:false
                                      SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                      MD5:3A49135134665364308390AC398006F1
                                      SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                      SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                      SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                      Malicious:false
                                      Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                      C:\Users\user\AppData\Local\Temp\acrocef_low\51e15dc0-2f9a-48c4-91d8-c832f900b7a1.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                      Category:dropped
                                      Size (bytes):1407294
                                      Entropy (8bit):7.97605879016224
                                      Encrypted:false
                                      SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                                      MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                                      SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                                      SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                                      SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                                      Malicious:false
                                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                      C:\Users\user\AppData\Local\Temp\acrocef_low\71db7d9e-2d02-4c53-83eb-282fe0a40e58.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                      Category:dropped
                                      Size (bytes):386528
                                      Entropy (8bit):7.9736851559892425
                                      Encrypted:false
                                      SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                      MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                      SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                      SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                      SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                      Malicious:false
                                      Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                      C:\Users\user\AppData\Local\Temp\acrocef_low\ff514382-466d-478c-927a-3a356bcb5dfe.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                      Category:dropped
                                      Size (bytes):1419751
                                      Entropy (8bit):7.976496077007677
                                      Encrypted:false
                                      SSDEEP:24576:/xA7owWLkwYIGNPMGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLkwZGuGZn3mlind9i4ufFXpAXkru
                                      MD5:CA6B0D9F8DDC295DACE8157B69CA7CF6
                                      SHA1:6299B4A49AB28786E7BF75E1481D8011E6022AF4
                                      SHA-256:A933C727CE6547310A0D7DAD8704B0F16DB90E024218ACE2C39E46B8329409C7
                                      SHA-512:9F150CDA866D433BD595F23124E369D2B797A0CA76A69BA98D30DF462F0A95D13E3B0834887B5CD2A032A55161A0DC8BB30C16AA89663939D6DCF83FAC056D34
                                      Malicious:false
                                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                      Chrome Cache Entry: 196

                                      Download File
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:very short file (no magic)
                                      Category:downloaded
                                      Size (bytes):1
                                      Entropy (8bit):0.0
                                      Encrypted:false
                                      SSDEEP:3:v:v
                                      MD5:68B329DA9893E34099C7D8AD5CB9C940
                                      SHA1:ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC
                                      SHA-256:01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
                                      SHA-512:BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09
                                      Malicious:false
                                      URL:https://plumberdenison.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVJrVm1jWGc9JnVpZD1VU0VSMTYwMTIwMjVVMzkwMTE2NTU
                                      Preview:.

                                      Static File Info

                                      General

                                      File type:PDF document, version 1.7
                                      Entropy (8bit):7.920365324961788
                                      TrID:
                                      • Adobe Portable Document Format (5005/1) 100.00%
                                      File name:SIGNED!.pdf
                                      File size:49'343 bytes
                                      MD5:1082f5091a4547b47af5508e998f54c6
                                      SHA1:8d1ea39b043b6f51d8e9514e087db380fb04abb1
                                      SHA256:859a3ba09d1fd884fb23fb18c0ddd3ca94a4f9177a917dc8399ca6fd00f43ed2
                                      SHA512:aa762c4cc0d9cfcf2dddb8355522606ce728934ac46665db3aa867f7dd795b25039fa564dce9a5adbbb6c57db25653629b7905dbb5462d51d0ffbf0615b570e9
                                      SSDEEP:1536:wZioqmIcvAEtPSfjmtp+VgE43hGzvzDUPVxDXq:6iOIMY7mtkgEMKvzDyDXq
                                      TLSH:2B23F1BC5B48587EEDA9F975BCA30374ABB291B1F97C5D18AF34070A0A04E91C35067B
                                      File Content Preview:%PDF-1.7.%.....2 0 obj.<<./Type /Catalog./Pages 4 0 R./Lang (en)./StructTreeRoot 5 0 R./MarkInfo 6 0 R./Metadata 7 0 R./ViewerPreferences 8 0 R./AcroForm 9 0 R.>>.endobj.7 0 obj.<<./Type /Metadata./Subtype /XML./Filter /FlateDecode./Length 487.>>.stream..

                                      File Icon

                                      Icon Hash:62cc8caeb29e8ae0

                                      Static PDF Info

                                      General

                                      Header:%PDF-1.7
                                      Total Entropy:7.920365
                                      Total Bytes:49343
                                      Stream Entropy:7.919199
                                      Stream Bytes:48353
                                      Entropy outside Streams:5.246696
                                      Bytes outside Streams:990
                                      Number of EOF found:1
                                      Bytes after EOF:

                                      Keywords Statistics

                                      NameCount
                                      obj8
                                      endobj8
                                      stream6
                                      endstream6
                                      xref0
                                      trailer0
                                      startxref1
                                      /Page0
                                      /Encrypt0
                                      /ObjStm1
                                      /URI0
                                      /JS0
                                      /JavaScript0
                                      /AA0
                                      /OpenAction0
                                      /AcroForm1
                                      /JBIG2Decode0
                                      /RichMedia0
                                      /Launch0
                                      /EmbeddedFile0

                                      Image Streams

                                      IDDHASHMD5Preview
                                      3060676b00232b230c1f5857f782ffcb4e7b9d546fe9823810

                                      Network Behavior

                                      Network Port Distribution

                                      TCP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Jan 22, 2025 11:18:48.436834097 CET49677443192.168.2.720.50.201.200
                                      Jan 22, 2025 11:18:48.817694902 CET49677443192.168.2.720.50.201.200
                                      Jan 22, 2025 11:18:49.146009922 CET49671443192.168.2.7204.79.197.203
                                      Jan 22, 2025 11:18:49.567672014 CET49677443192.168.2.720.50.201.200
                                      Jan 22, 2025 11:18:51.067786932 CET49677443192.168.2.720.50.201.200
                                      Jan 22, 2025 11:18:53.693161964 CET49672443192.168.2.7104.98.116.138
                                      Jan 22, 2025 11:18:54.052030087 CET49677443192.168.2.720.50.201.200
                                      Jan 22, 2025 11:18:56.111435890 CET44349698104.98.116.138192.168.2.7
                                      Jan 22, 2025 11:18:56.111560106 CET49698443192.168.2.7104.98.116.138
                                      Jan 22, 2025 11:18:58.792824984 CET49671443192.168.2.7204.79.197.203
                                      Jan 22, 2025 11:19:00.016017914 CET49677443192.168.2.720.50.201.200
                                      Jan 22, 2025 11:19:01.659724951 CET4973980192.168.2.723.209.209.135
                                      Jan 22, 2025 11:19:01.664522886 CET804973923.209.209.135192.168.2.7
                                      Jan 22, 2025 11:19:01.664597034 CET4973980192.168.2.723.209.209.135
                                      Jan 22, 2025 11:19:01.664747953 CET4973980192.168.2.723.209.209.135
                                      Jan 22, 2025 11:19:01.669521093 CET804973923.209.209.135192.168.2.7
                                      Jan 22, 2025 11:19:02.300072908 CET804973923.209.209.135192.168.2.7
                                      Jan 22, 2025 11:19:02.300090075 CET804973923.209.209.135192.168.2.7
                                      Jan 22, 2025 11:19:02.300179958 CET4973980192.168.2.723.209.209.135
                                      Jan 22, 2025 11:19:11.928141117 CET49677443192.168.2.720.50.201.200
                                      Jan 22, 2025 11:19:22.681473017 CET49887443192.168.2.772.167.140.51
                                      Jan 22, 2025 11:19:22.681512117 CET4434988772.167.140.51192.168.2.7
                                      Jan 22, 2025 11:19:22.681591988 CET49887443192.168.2.772.167.140.51
                                      Jan 22, 2025 11:19:22.681885958 CET49887443192.168.2.772.167.140.51
                                      Jan 22, 2025 11:19:22.681900978 CET4434988772.167.140.51192.168.2.7
                                      Jan 22, 2025 11:19:23.310870886 CET4434988772.167.140.51192.168.2.7
                                      Jan 22, 2025 11:19:23.311115026 CET49887443192.168.2.772.167.140.51
                                      Jan 22, 2025 11:19:23.311151028 CET4434988772.167.140.51192.168.2.7
                                      Jan 22, 2025 11:19:23.312221050 CET4434988772.167.140.51192.168.2.7
                                      Jan 22, 2025 11:19:23.312279940 CET49887443192.168.2.772.167.140.51
                                      Jan 22, 2025 11:19:23.313385010 CET49887443192.168.2.772.167.140.51
                                      Jan 22, 2025 11:19:23.313467026 CET4434988772.167.140.51192.168.2.7
                                      Jan 22, 2025 11:19:23.313575983 CET49887443192.168.2.772.167.140.51
                                      Jan 22, 2025 11:19:23.313592911 CET4434988772.167.140.51192.168.2.7
                                      Jan 22, 2025 11:19:23.356609106 CET49887443192.168.2.772.167.140.51
                                      Jan 22, 2025 11:19:23.538477898 CET4973980192.168.2.723.209.209.135
                                      Jan 22, 2025 11:19:23.790379047 CET4434988772.167.140.51192.168.2.7
                                      Jan 22, 2025 11:19:23.790465117 CET4434988772.167.140.51192.168.2.7
                                      Jan 22, 2025 11:19:23.790513992 CET49887443192.168.2.772.167.140.51
                                      Jan 22, 2025 11:19:23.792203903 CET49887443192.168.2.772.167.140.51
                                      Jan 22, 2025 11:19:23.792228937 CET4434988772.167.140.51192.168.2.7
                                      Jan 22, 2025 11:19:23.839876890 CET49895443192.168.2.772.167.140.51
                                      Jan 22, 2025 11:19:23.839930058 CET4434989572.167.140.51192.168.2.7
                                      Jan 22, 2025 11:19:23.839998007 CET49895443192.168.2.772.167.140.51
                                      Jan 22, 2025 11:19:23.840248108 CET49895443192.168.2.772.167.140.51
                                      Jan 22, 2025 11:19:23.840264082 CET4434989572.167.140.51192.168.2.7
                                      Jan 22, 2025 11:19:24.447717905 CET4434989572.167.140.51192.168.2.7
                                      Jan 22, 2025 11:19:24.487339973 CET49895443192.168.2.772.167.140.51
                                      Jan 22, 2025 11:19:24.487370968 CET4434989572.167.140.51192.168.2.7
                                      Jan 22, 2025 11:19:24.487848997 CET4434989572.167.140.51192.168.2.7
                                      Jan 22, 2025 11:19:24.507642031 CET49895443192.168.2.772.167.140.51
                                      Jan 22, 2025 11:19:24.507792950 CET4434989572.167.140.51192.168.2.7
                                      Jan 22, 2025 11:19:24.507796049 CET49895443192.168.2.772.167.140.51
                                      Jan 22, 2025 11:19:24.553226948 CET49895443192.168.2.772.167.140.51
                                      Jan 22, 2025 11:19:24.553240061 CET4434989572.167.140.51192.168.2.7
                                      Jan 22, 2025 11:19:24.692555904 CET4434989572.167.140.51192.168.2.7
                                      Jan 22, 2025 11:19:24.692722082 CET4434989572.167.140.51192.168.2.7
                                      Jan 22, 2025 11:19:24.692790031 CET49895443192.168.2.772.167.140.51
                                      Jan 22, 2025 11:19:24.693223953 CET49895443192.168.2.772.167.140.51
                                      Jan 22, 2025 11:19:24.693243027 CET4434989572.167.140.51192.168.2.7
                                      Jan 22, 2025 11:19:24.693253994 CET49895443192.168.2.772.167.140.51
                                      Jan 22, 2025 11:19:24.693285942 CET49895443192.168.2.772.167.140.51
                                      Jan 22, 2025 11:19:25.000139952 CET49902443192.168.2.772.167.140.51
                                      Jan 22, 2025 11:19:25.000191927 CET4434990272.167.140.51192.168.2.7
                                      Jan 22, 2025 11:19:25.000253916 CET49902443192.168.2.772.167.140.51
                                      Jan 22, 2025 11:19:25.000489950 CET49902443192.168.2.772.167.140.51
                                      Jan 22, 2025 11:19:25.000508070 CET4434990272.167.140.51192.168.2.7
                                      Jan 22, 2025 11:19:25.599164963 CET4434990272.167.140.51192.168.2.7
                                      Jan 22, 2025 11:19:25.599529982 CET49902443192.168.2.772.167.140.51
                                      Jan 22, 2025 11:19:25.599555969 CET4434990272.167.140.51192.168.2.7
                                      Jan 22, 2025 11:19:25.601027966 CET4434990272.167.140.51192.168.2.7
                                      Jan 22, 2025 11:19:25.601105928 CET49902443192.168.2.772.167.140.51
                                      Jan 22, 2025 11:19:25.601424932 CET49902443192.168.2.772.167.140.51
                                      Jan 22, 2025 11:19:25.601505041 CET4434990272.167.140.51192.168.2.7
                                      Jan 22, 2025 11:19:25.601567984 CET49902443192.168.2.772.167.140.51
                                      Jan 22, 2025 11:19:25.601576090 CET4434990272.167.140.51192.168.2.7
                                      Jan 22, 2025 11:19:25.646986008 CET49902443192.168.2.772.167.140.51
                                      Jan 22, 2025 11:19:25.840684891 CET4434990272.167.140.51192.168.2.7
                                      Jan 22, 2025 11:19:25.840770006 CET4434990272.167.140.51192.168.2.7
                                      Jan 22, 2025 11:19:25.840821981 CET49902443192.168.2.772.167.140.51
                                      Jan 22, 2025 11:19:25.841231108 CET49902443192.168.2.772.167.140.51
                                      Jan 22, 2025 11:19:25.841253042 CET4434990272.167.140.51192.168.2.7
                                      Jan 22, 2025 11:19:26.702730894 CET49915443192.168.2.7142.250.185.228
                                      Jan 22, 2025 11:19:26.702801943 CET44349915142.250.185.228192.168.2.7
                                      Jan 22, 2025 11:19:26.702872992 CET49915443192.168.2.7142.250.185.228
                                      Jan 22, 2025 11:19:26.703098059 CET49915443192.168.2.7142.250.185.228
                                      Jan 22, 2025 11:19:26.703133106 CET44349915142.250.185.228192.168.2.7
                                      Jan 22, 2025 11:19:27.342905998 CET44349915142.250.185.228192.168.2.7
                                      Jan 22, 2025 11:19:27.343307972 CET49915443192.168.2.7142.250.185.228
                                      Jan 22, 2025 11:19:27.343389988 CET44349915142.250.185.228192.168.2.7
                                      Jan 22, 2025 11:19:27.344470024 CET44349915142.250.185.228192.168.2.7
                                      Jan 22, 2025 11:19:27.344589949 CET49915443192.168.2.7142.250.185.228
                                      Jan 22, 2025 11:19:27.345993996 CET49915443192.168.2.7142.250.185.228
                                      Jan 22, 2025 11:19:27.346272945 CET44349915142.250.185.228192.168.2.7
                                      Jan 22, 2025 11:19:27.397082090 CET49915443192.168.2.7142.250.185.228
                                      Jan 22, 2025 11:19:27.397160053 CET44349915142.250.185.228192.168.2.7
                                      Jan 22, 2025 11:19:27.443869114 CET49915443192.168.2.7142.250.185.228
                                      Jan 22, 2025 11:19:37.250689030 CET44349915142.250.185.228192.168.2.7
                                      Jan 22, 2025 11:19:37.250773907 CET44349915142.250.185.228192.168.2.7
                                      Jan 22, 2025 11:19:37.250837088 CET49915443192.168.2.7142.250.185.228
                                      Jan 22, 2025 11:19:37.916364908 CET49915443192.168.2.7142.250.185.228
                                      Jan 22, 2025 11:19:37.916454077 CET44349915142.250.185.228192.168.2.7
                                      Jan 22, 2025 11:20:26.756529093 CET49999443192.168.2.7142.250.185.228
                                      Jan 22, 2025 11:20:26.756588936 CET44349999142.250.185.228192.168.2.7
                                      Jan 22, 2025 11:20:26.756679058 CET49999443192.168.2.7142.250.185.228
                                      Jan 22, 2025 11:20:26.756917000 CET49999443192.168.2.7142.250.185.228
                                      Jan 22, 2025 11:20:26.756943941 CET44349999142.250.185.228192.168.2.7
                                      Jan 22, 2025 11:20:27.409348965 CET44349999142.250.185.228192.168.2.7
                                      Jan 22, 2025 11:20:27.409699917 CET49999443192.168.2.7142.250.185.228
                                      Jan 22, 2025 11:20:27.409713984 CET44349999142.250.185.228192.168.2.7
                                      Jan 22, 2025 11:20:27.410024881 CET44349999142.250.185.228192.168.2.7
                                      Jan 22, 2025 11:20:27.410387039 CET49999443192.168.2.7142.250.185.228
                                      Jan 22, 2025 11:20:27.410435915 CET44349999142.250.185.228192.168.2.7
                                      Jan 22, 2025 11:20:27.458477974 CET49999443192.168.2.7142.250.185.228
                                      Jan 22, 2025 11:20:37.327627897 CET44349999142.250.185.228192.168.2.7
                                      Jan 22, 2025 11:20:37.327718019 CET44349999142.250.185.228192.168.2.7
                                      Jan 22, 2025 11:20:37.327814102 CET49999443192.168.2.7142.250.185.228
                                      Jan 22, 2025 11:20:38.545464993 CET49999443192.168.2.7142.250.185.228
                                      Jan 22, 2025 11:20:38.545507908 CET44349999142.250.185.228192.168.2.7
                                      Jan 22, 2025 11:21:43.811157942 CET6440853192.168.2.71.1.1.1
                                      Jan 22, 2025 11:21:43.816047907 CET53644081.1.1.1192.168.2.7
                                      Jan 22, 2025 11:21:43.816135883 CET6440853192.168.2.71.1.1.1
                                      Jan 22, 2025 11:21:43.816214085 CET6440853192.168.2.71.1.1.1
                                      Jan 22, 2025 11:21:43.821049929 CET53644081.1.1.1192.168.2.7
                                      Jan 22, 2025 11:21:44.260468006 CET53644081.1.1.1192.168.2.7
                                      Jan 22, 2025 11:21:44.261363029 CET6440853192.168.2.71.1.1.1
                                      Jan 22, 2025 11:21:44.266515970 CET53644081.1.1.1192.168.2.7
                                      Jan 22, 2025 11:21:44.266673088 CET6440853192.168.2.71.1.1.1
                                      Jan 22, 2025 11:22:08.139255047 CET6397053192.168.2.71.1.1.1
                                      Jan 22, 2025 11:22:08.144227982 CET53639701.1.1.1192.168.2.7
                                      Jan 22, 2025 11:22:08.144304037 CET6397053192.168.2.71.1.1.1
                                      Jan 22, 2025 11:22:08.149245024 CET53639701.1.1.1192.168.2.7
                                      Jan 22, 2025 11:22:08.589584112 CET6397053192.168.2.71.1.1.1
                                      Jan 22, 2025 11:22:08.594836950 CET53639701.1.1.1192.168.2.7
                                      Jan 22, 2025 11:22:08.595012903 CET6397053192.168.2.71.1.1.1

                                      UDP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Jan 22, 2025 11:18:54.660676956 CET123123192.168.2.720.101.57.9
                                      Jan 22, 2025 11:18:55.206237078 CET12312320.101.57.9192.168.2.7
                                      Jan 22, 2025 11:19:01.647990942 CET5255753192.168.2.71.1.1.1
                                      Jan 22, 2025 11:19:01.655442953 CET53525571.1.1.1192.168.2.7
                                      Jan 22, 2025 11:19:22.171133995 CET53629781.1.1.1192.168.2.7
                                      Jan 22, 2025 11:19:22.317152023 CET5987753192.168.2.71.1.1.1
                                      Jan 22, 2025 11:19:22.317297935 CET5738853192.168.2.71.1.1.1
                                      Jan 22, 2025 11:19:22.324513912 CET53530091.1.1.1192.168.2.7
                                      Jan 22, 2025 11:19:22.617639065 CET53598771.1.1.1192.168.2.7
                                      Jan 22, 2025 11:19:22.768404007 CET53573881.1.1.1192.168.2.7
                                      Jan 22, 2025 11:19:23.344779968 CET53595621.1.1.1192.168.2.7
                                      Jan 22, 2025 11:19:24.697571993 CET5288753192.168.2.71.1.1.1
                                      Jan 22, 2025 11:19:24.697710037 CET6031053192.168.2.71.1.1.1
                                      Jan 22, 2025 11:19:24.999098063 CET53603101.1.1.1192.168.2.7
                                      Jan 22, 2025 11:19:24.999675989 CET53528871.1.1.1192.168.2.7
                                      Jan 22, 2025 11:19:26.694766045 CET5315053192.168.2.71.1.1.1
                                      Jan 22, 2025 11:19:26.694766045 CET5878253192.168.2.71.1.1.1
                                      Jan 22, 2025 11:19:26.701572895 CET53587821.1.1.1192.168.2.7
                                      Jan 22, 2025 11:19:26.701771975 CET53531501.1.1.1192.168.2.7
                                      Jan 22, 2025 11:19:35.091531992 CET53528271.1.1.1192.168.2.7
                                      Jan 22, 2025 11:19:40.263380051 CET53546751.1.1.1192.168.2.7
                                      Jan 22, 2025 11:19:48.839601994 CET138138192.168.2.7192.168.2.255
                                      Jan 22, 2025 11:19:59.170192003 CET53540241.1.1.1192.168.2.7
                                      Jan 22, 2025 11:20:22.157124996 CET53545851.1.1.1192.168.2.7
                                      Jan 22, 2025 11:20:22.374780893 CET53547061.1.1.1192.168.2.7
                                      Jan 22, 2025 11:20:52.604361057 CET53567031.1.1.1192.168.2.7
                                      Jan 22, 2025 11:21:38.733350992 CET53648631.1.1.1192.168.2.7
                                      Jan 22, 2025 11:21:43.810726881 CET53571381.1.1.1192.168.2.7
                                      Jan 22, 2025 11:22:08.138798952 CET53535111.1.1.1192.168.2.7

                                      ICMP Packets

                                      TimestampSource IPDest IPChecksumCodeType
                                      Jan 22, 2025 11:19:22.768486023 CET192.168.2.71.1.1.1c238(Port unreachable)Destination Unreachable

                                      DNS Queries

                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                      Jan 22, 2025 11:19:01.647990942 CET192.168.2.71.1.1.10x7587Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                                      Jan 22, 2025 11:19:22.317152023 CET192.168.2.71.1.1.10x7081Standard query (0)plumberdenison.comA (IP address)IN (0x0001)false
                                      Jan 22, 2025 11:19:22.317297935 CET192.168.2.71.1.1.10x928Standard query (0)plumberdenison.com65IN (0x0001)false
                                      Jan 22, 2025 11:19:24.697571993 CET192.168.2.71.1.1.10x41e0Standard query (0)plumberdenison.comA (IP address)IN (0x0001)false
                                      Jan 22, 2025 11:19:24.697710037 CET192.168.2.71.1.1.10xa6d2Standard query (0)plumberdenison.com65IN (0x0001)false
                                      Jan 22, 2025 11:19:26.694766045 CET192.168.2.71.1.1.10x8ebStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                      Jan 22, 2025 11:19:26.694766045 CET192.168.2.71.1.1.10x6149Standard query (0)www.google.com65IN (0x0001)false

                                      DNS Answers

                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                      Jan 22, 2025 11:19:01.655442953 CET1.1.1.1192.168.2.70x7587No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                      Jan 22, 2025 11:19:01.655442953 CET1.1.1.1192.168.2.70x7587No error (0)crl.root-x1.letsencrypt.org.edgekey.nete8652.dscx.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                                      Jan 22, 2025 11:19:01.655442953 CET1.1.1.1192.168.2.70x7587No error (0)e8652.dscx.akamaiedge.net23.209.209.135A (IP address)IN (0x0001)false
                                      Jan 22, 2025 11:19:02.349368095 CET1.1.1.1192.168.2.70x7216No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                      Jan 22, 2025 11:19:02.349368095 CET1.1.1.1192.168.2.70x7216No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                      Jan 22, 2025 11:19:22.617639065 CET1.1.1.1192.168.2.70x7081No error (0)plumberdenison.com72.167.140.51A (IP address)IN (0x0001)false
                                      Jan 22, 2025 11:19:24.999675989 CET1.1.1.1192.168.2.70x41e0No error (0)plumberdenison.com72.167.140.51A (IP address)IN (0x0001)false
                                      Jan 22, 2025 11:19:26.701572895 CET1.1.1.1192.168.2.70x6149No error (0)www.google.com65IN (0x0001)false
                                      Jan 22, 2025 11:19:26.701771975 CET1.1.1.1192.168.2.70x8ebNo error (0)www.google.com142.250.185.228A (IP address)IN (0x0001)false

                                      HTTP Request Dependency Graph

                                      • plumberdenison.com
                                      • https:
                                      • x1.i.lencr.org

                                      HTTP Packets

                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      0192.168.2.74973923.209.209.135807536C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      TimestampBytes transferredDirectionData
                                      Jan 22, 2025 11:19:01.664747953 CET115OUTGET / HTTP/1.1
                                      Connection: Keep-Alive
                                      Accept: */*
                                      User-Agent: Microsoft-CryptoAPI/10.0
                                      Host: x1.i.lencr.org
                                      Jan 22, 2025 11:19:02.300072908 CET1236INHTTP/1.1 200 OK
                                      Server: nginx
                                      Content-Type: application/pkix-cert
                                      Last-Modified: Fri, 04 Aug 2023 20:57:56 GMT
                                      ETag: "64cd6654-56f"
                                      Content-Disposition: attachment; filename="ISRG Root X1.der"
                                      Cache-Control: max-age=38110
                                      Expires: Wed, 22 Jan 2025 20:54:12 GMT
                                      Date: Wed, 22 Jan 2025 10:19:02 GMT
                                      Content-Length: 1391
                                      Connection: keep-alive
                                      Data Raw: 30 82 05 6b 30 82 03 53 a0 03 02 01 02 02 11 00 82 10 cf b0 d2 40 e3 59 44 63 e0 bb 63 82 8b 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 1e 17 0d 31 35 30 36 30 34 31 31 30 34 33 38 5a 17 0d 33 35 30 36 30 34 31 31 30 34 33 38 5a 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 ad e8 24 73 f4 14 37 f3 9b 9e 2b 57 28 1c 87 be dc b7 df 38 90 8c 6e 3c e6 57 a0 78 f7 75 c2 a2 fe f5 6a 6e f6 00 4f 28 db de 68 86 6c 44 93 b6 b1 63 fd 14 12 6b bf 1f d2 ea 31 9b 21 7e d1 33 [TRUNCATED]
                                      Data Ascii: 0k0S@YDcc0*H0O10UUS1)0'U Internet Security Research Group10UISRG Root X10150604110438Z350604110438Z0O10UUS1)0'U Internet Security Research Group10UISRG Root X10"0*H0$s7+W(8n<WxujnO(hlDck1!~3<Hy!KqiJffl~<p)"K~G|H#S8Oo.IWt/8{p!u0<cOK~w.{JL%p)S$J?aQcq.o[\4ylv;by/&676urI*Av5/(ldwnG7Y^hrA)>Y>&$ZL@F:Qn;}rxY>Qx/>{JKsP|Ctt0[q600\H;}`)A|;FH*vvj=8d+(B"']ypN:'Qnd3COB0@0U0U00UyY{sXn0*HUX
                                      Jan 22, 2025 11:19:02.300090075 CET509INData Raw: a9 bc b2 a8 50 d0 0c b1 d8 1a 69 20 27 29 08 ac 61 75 5c 8a 6e f8 82 e5 69 2f d5 f6 56 4b b9 b8 73 10 59 d3 21 97 7e e7 4c 71 fb b2 d2 60 ad 39 a8 0b ea 17 21 56 85 f1 50 0e 59 eb ce e0 59 e9 ba c9 15 ef 86 9d 8f 84 80 f6 e4 e9 91 90 dc 17 9b 62
                                      Data Ascii: Pi ')au\ni/VKsY!~Lq`9!VPYYbEf|o;'}~"+"4[XT&3L-<W,N;1"ss993#L<U)"k;W:pMMl]+NEJ&rj


                                      HTTPS Proxied Packets

                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      0192.168.2.74988772.167.140.514432648C:\Program Files\Google\Chrome\Application\chrome.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 10:19:23 UTC735OUTGET /o/?c3Y9bzM2NV8xX25vbSZyYW5kPVJrVm1jWGc9JnVpZD1VU0VSMTYwMTIwMjVVMzkwMTE2NTU HTTP/1.1
                                      Host: plumberdenison.com
                                      Connection: keep-alive
                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                      sec-ch-ua-mobile: ?0
                                      sec-ch-ua-platform: "Windows"
                                      Upgrade-Insecure-Requests: 1
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                      Sec-Fetch-Site: none
                                      Sec-Fetch-Mode: navigate
                                      Sec-Fetch-User: ?1
                                      Sec-Fetch-Dest: document
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      2025-01-22 10:19:23 UTC181INHTTP/1.1 200 OK
                                      Server: nginx
                                      Date: Wed, 22 Jan 2025 10:19:23 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Vary: Accept-Encoding
                                      2025-01-22 10:19:23 UTC11INData Raw: 31 0d 0a 0a 0d 0a 30 0d 0a 0d 0a
                                      Data Ascii: 10


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      1192.168.2.74989572.167.140.514432648C:\Program Files\Google\Chrome\Application\chrome.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 10:19:24 UTC666OUTGET /favicon.ico HTTP/1.1
                                      Host: plumberdenison.com
                                      Connection: keep-alive
                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                      sec-ch-ua-mobile: ?0
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                      sec-ch-ua-platform: "Windows"
                                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                      Sec-Fetch-Site: same-origin
                                      Sec-Fetch-Mode: no-cors
                                      Sec-Fetch-Dest: image
                                      Referer: https://plumberdenison.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVJrVm1jWGc9JnVpZD1VU0VSMTYwMTIwMjVVMzkwMTE2NTU
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      2025-01-22 10:19:24 UTC172INHTTP/1.1 200 OK
                                      Server: nginx
                                      Date: Wed, 22 Jan 2025 10:19:24 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Content-Length: 0
                                      Connection: close
                                      Vary: Accept-Encoding


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      2192.168.2.74990272.167.140.514432648C:\Program Files\Google\Chrome\Application\chrome.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-22 10:19:25 UTC353OUTGET /favicon.ico HTTP/1.1
                                      Host: plumberdenison.com
                                      Connection: keep-alive
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                      Accept: */*
                                      Sec-Fetch-Site: none
                                      Sec-Fetch-Mode: cors
                                      Sec-Fetch-Dest: empty
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      2025-01-22 10:19:25 UTC172INHTTP/1.1 200 OK
                                      Server: nginx
                                      Date: Wed, 22 Jan 2025 10:19:25 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Content-Length: 0
                                      Connection: close
                                      Vary: Accept-Encoding


                                      Statistics

                                      CPU Usage

                                      Click to jump to process

                                      Memory Usage

                                      Click to jump to process

                                      High Level Behavior Distribution

                                      Click to dive into process behavior distribution

                                      Behavior

                                      Click to jump to process

                                      System Behavior

                                      General

                                      Target ID:1
                                      Start time:05:18:52
                                      Start date:22/01/2025
                                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\SIGNED!.pdf"
                                      Imagebase:0x7ff702560000
                                      File size:5'641'176 bytes
                                      MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      General

                                      Target ID:3
                                      Start time:05:18:52
                                      Start date:22/01/2025
                                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                      Imagebase:0x7ff6c3ff0000
                                      File size:3'581'912 bytes
                                      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      General

                                      Target ID:5
                                      Start time:05:18:53
                                      Start date:22/01/2025
                                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1668,i,12082452304793903470,8295887645304676423,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                      Imagebase:0x7ff6c3ff0000
                                      File size:3'581'912 bytes
                                      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      General

                                      Target ID:11
                                      Start time:06:19:54
                                      Start date:22/01/2025
                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://plumberdenison.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVJrVm1jWGc9JnVpZD1VU0VSMTYwMTIwMjVVMzkwMTE2NTU"
                                      Imagebase:0x7ff6c4390000
                                      File size:3'242'272 bytes
                                      MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:false

                                      General

                                      Target ID:12
                                      Start time:06:19:56
                                      Start date:22/01/2025
                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2024,i,13734563391823083010,5420562679766661642,262144 /prefetch:8
                                      Imagebase:0x7ff6c4390000
                                      File size:3'242'272 bytes
                                      MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:false

                                      Disassembly

                                      No disassembly