Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Review-Report-Scannable.pdf

Overview

General Information

Sample name:Review-Report-Scannable.pdf
Analysis ID:1619445
MD5:8c9df2c3427ff815776a80e9c18cdb84
SHA1:dddfa84b0a8957b56cbb52d119464759b58edacc
SHA256:bb904ca6263b77a3ec186ba6d7765e3f7098fc74e1504d62bebf7aadbf768a20
Infos:

Detection

Score:52
Range:0 - 100
Confidence:100%

Signatures

AI detected landing page (webpage, office document or email)
Sigma detected: Malicious PowerShell Commandlets - ProcessCreation
Suspicious PDF detected (based on various text indicators)
Detected non-DNS traffic on DNS port
IP address seen in connection with other malware

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 7564 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Review-Report-Scannable.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 7740 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7940 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1512,i,9956858854306803330,8917847987877056085,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • chrome.exe (PID: 3720 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://zpr.io/xr2yxXN4DCYD MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 8220 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1988,i,6750101603013777856,15764434734045457411,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Malicious PowerShell Commandlets - ProcessCreation
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Review-Report-Scannable.pdf", CommandLine: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Review-Report-Scannable.pdf", CommandLine|base64offset|contains: , Image: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe, NewProcessName: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe, OriginalFileName: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Review-Report-Scannable.pdf", ProcessId: 7564, ProcessName: Acrobat.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected landing page (webpage, office document or email)
Source: PDF documentJoe Sandbox AI: PDF document contains QR code
Suspicious PDF detected (based on various text indicators)
Source: Adobe Acrobat PDFOCR Text: Chamberbenefits shared a file with you Scan QR Code with your Smartphone Camera to Access Document This link will work for only you on your computer.
Source: https://zpr.io/xr2yxXN4DCYDHTTP Parser: No favicon
Source: global trafficTCP traffic: 192.168.2.4:52556 -> 162.159.36.2:53
Source: Joe Sandbox ViewIP Address: 2.23.197.184 2.23.197.184
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /xr2yxXN4DCYD HTTP/1.1Host: zpr.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: zpr.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://zpr.io/xr2yxXN4DCYDAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: zpr.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: zpr.io
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: 171.39.242.20.in-addr.arpa
Source: 2D85F72862B55C4EADD9E66E06947F3D0.1.drString found in binary or memory: http://x1.i.lencr.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52829
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49672
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52829 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52709 -> 443
Source: classification engineClassification label: mal52.phis.winPDF@28/54@10/7
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-02-19 17-07-41-509.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Review-Report-Scannable.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1512,i,9956858854306803330,8917847987877056085,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://zpr.io/xr2yxXN4DCYD
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1988,i,6750101603013777856,15764434734045457411,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1512,i,9956858854306803330,8917847987877056085,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1988,i,6750101603013777856,15764434734045457411,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Review-Report-Scannable.pdfInitial sample: PDF keyword /JS count = 0
Source: Review-Report-Scannable.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: Review-Report-Scannable.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Review-Report-Scannable.pdf0%VirustotalBrowse
Review-Report-Scannable.pdf0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
e8652.dscx.akamaiedge.net
2.23.197.184
truefalse
    		high
    zpr.io
    		44.216.228.147
    		truefalse
      		high
      www.google.com
      		142.250.185.100
      		truefalse
        		high
        x1.i.lencr.org
        		unknown
        		unknownfalse
          		high
          171.39.242.20.in-addr.arpa
          		unknown
          		unknownfalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://zpr.io/favicon.icofalse
              		high
              https://zpr.io/xr2yxXN4DCYDfalse
                		high

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.1.drfalse
                  		high

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  142.250.186.36
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  142.250.185.100
                  		www.google.comUnited States
                  		15169GOOGLEUSfalse
                  100.27.146.46
                  		unknownUnited States
                  		14618AMAZON-AESUSfalse
                  44.216.228.147
                  		zpr.ioUnited States
                  		14618AMAZON-AESUSfalse
                  2.23.197.184
                  		e8652.dscx.akamaiedge.netEuropean Union
                  		1273CWVodafoneGroupPLCEUfalse
                  239.255.255.250
                  		unknownReserved
                  		unknownunknownfalse

                  Private

                  IP
                  192.168.2.4

                  General Information

                  Joe Sandbox version:42.0.0 Malachite
                  Analysis ID:1619445
                  Start date and time:2025-02-19 23:06:37 +01:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 5m 17s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:defaultwindowspdfcookbook.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:13
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample name:Review-Report-Scannable.pdf
                  Detection:MAL
                  Classification:mal52.phis.winPDF@28/54@10/7
                  Cookbook Comments:
                  • Found application associated with file extension: .pdf
                  • Found PDF document
                  • Close Viewer

                  Warnings

                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
                  • Excluded IPs from analysis (whitelisted): 2.19.104.203, 3.219.243.226, 52.6.155.20, 52.22.41.97, 3.233.129.217, 2.19.11.121, 2.19.11.122, 162.159.61.3, 172.64.41.3, 142.250.186.99, 216.58.206.78, 173.194.76.84, 216.58.212.142, 142.250.184.238, 199.232.214.172, 2.17.190.73, 142.250.185.110, 142.250.186.110, 142.250.186.174, 142.250.185.99, 142.250.185.174, 2.19.106.160, 20.109.210.53, 96.17.64.171, 20.242.39.171, 20.12.23.50, 13.107.246.45
                  • Excluded domains from analysis (whitelisted): clients1.google.com, e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, clientservices.googleapis.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, clients.l.google.com, geo2.adobe.com
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size getting too big, too many NtCreateFile calls found.

                  Simulations

                  Behavior and APIs

                  TimeTypeDescription
                  17:07:52API Interceptor1x Sleep call for process: AcroCEF.exe modified

                  QR Codes

                  SourceURL
                  Screenshothttps://zpr.io/xr2yxXN4DCYD
                  Screenshothttps://zpr.io/xr2yxXN4DCYD

                  Joe Sandbox View / Context

                  IPs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  2.23.197.184Moog__Review_202516370.pdfGet hashmaliciousUnknownBrowse
                  • x1.i.lencr.org/
                  Annual Business Assessment (955 KB).msgGet hashmaliciousUnknownBrowse
                  • x1.i.lencr.org/
                  Rockwool Employee-efile.pdfGet hashmaliciousUnknownBrowse
                  • x1.i.lencr.org/
                  maliciouspdf.pdfGet hashmaliciousUnknownBrowse
                  • x1.i.lencr.org/
                  0723Request.pdfGet hashmaliciousUnknownBrowse
                  • x1.i.lencr.org/
                  0723Request2.pdfGet hashmaliciousUnknownBrowse
                  • x1.i.lencr.org/
                  Signature_Required_685059704036125863132448255093837927707447788985385580pRnvURiyWINiZlIBYuMn.pdfGet hashmaliciousUnknownBrowse
                  • x1.i.lencr.org/
                  capcut-installer.exe.jsGet hashmaliciousUnknownBrowse
                  • x1.i.lencr.org/
                  Aaron Bentley_2025_Benefit_Distribution_2609.pdfGet hashmaliciousUnknownBrowse
                  • x1.i.lencr.org/
                  zHH1eSjWTK.exeGet hashmaliciousUnknownBrowse
                  • x1.i.lencr.org/
                  239.255.255.250https://thetollroads.com-fastrakwy.top/usGet hashmaliciousUnknownBrowse
                    http://cta.berlmember.comGet hashmaliciousUnknownBrowse
                      Fulcrumair- Insurance - Agreementfdp.pdfGet hashmaliciousHTMLPhisherBrowse
                        Shilton_Agreement-8401_Incensitive.docxGet hashmaliciousUnknownBrowse
                          https://link.shoppermeet.net/deep-link?clickid=01H1RW78ZQF6QB5RM2RB5KGV69&geo=us&ip=66.249.66.3&merchantid=108994&propertyid=417896&publisherkey=0f210dc9-c1ef-4153-bd53-8fb98995be03&subid=01GWHNP35ZW7N25QKXMEA9EHVQ&url=https:%2F%2F4L8bLJ1zQ4l1JyaJHaYR.brightnexst.ru%2Fpax6lf1%2F%23%23lap@tahltan.orgGet hashmaliciousUnknownBrowse
                            https://dl2.tlauncher.org/f.php?f=files%2FTLauncher-Installer-1.6.6.exeGet hashmaliciousUnknownBrowse
                              https://dl2.tlauncher.org/f.php?f=files%2FTLauncher-Installer-1.6.6.exeGet hashmaliciousUnknownBrowse
                                https://fortfieldglb.com/v/gbp.zipGet hashmaliciousLummaC StealerBrowse
                                  https://iknv44bab.cc.rs6.net/tn.jsp?f=001bQYYUdCAtnu-kYyOM60W9vgr4iqtsaCqPTNtZTVOHs1gbMYfgY0prPMMPSUaxX1i-stkOaoqAOZM9EPo2nyt8NvueFSSzR-RKccwNzS_voq_Coh9MJo00T7xWexFY7weU9fBWT7jPa_Vt7vc21VPzT3z_WRwf-NaI9i0Np2N_OE=&c=szcwij2KkWd1pBJghTGfIxMR_ZXqaEi_NMmZGyMJKhcnlw8LNplUfA==&ch=keK9Fu17bgNZit9wbd-PmBbwR3TsgZQ4NuoLv94CnTGg0RsE_duZRA==Get hashmaliciousUnknownBrowse
                                    https://korbtaylor.com/wp-admin/options-general.php?page=limit-login-attemptsGet hashmaliciousUnknownBrowse

                                      Domains

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      zpr.iohttps://zpr.io/2TketNc7MvtfGet hashmaliciousHTMLPhisherBrowse
                                      • 107.20.233.181
                                      https://decep.emlnk.com/lt.php?x=3DZy~GDKI3Gf5pJ-_g5NW.Vz2XEmjtL3jxYvYHM3UnPM5XSsyky.xuG-142imNf#user_email=amy_yang@amat.com&fname=Amy&lname=YangGet hashmaliciousUnknownBrowse
                                      • 35.169.17.235
                                      https://decep.emlnk.com/lt.php?x=3DZy~GDKI3Gf5pJ-_g5NW.Vz2XEmjtL3jxYvYHM3UnPM5XSsyky.xuG-142imNf#user_email=kseong@zendesk.com&fname=Kyong&lname=SeongGet hashmaliciousUnknownBrowse
                                      • 3.210.177.154
                                      http://zpr.io/Kv3PL3bahS66#/yl4Wu36827Bu431QZ961hL12343hL3105bG14HH36065Ve26730Ek67523jA69203Zh08983yN1415487657=Get hashmaliciousUnknownBrowse
                                      • 34.239.90.156
                                      http://7xv6.mjt.lu/lnk/AXMAAFFvlI0AAAAAAAAAA8Ye8moAAABKhgwAAAAAAAq7pgBnByOSeYt8cGpTTPaPBTAKJeV-UQAKnpI/1/EWmySlSHcyP6g54g0SDc-g/aHR0cHM6Ly9zbmlwLmx5L2V6NGxydwGet hashmaliciousUnknownBrowse
                                      • 44.222.54.177
                                      https://zpr.io/DuMYPyJ79qyMGet hashmaliciousPhisherBrowse
                                      • 54.82.42.206
                                      https://l4vm89ff.r.us-west-2.awstrack.me/L0/https:%2F%2Fsnip.ly%2FFedExx/1/010101917bbe6db8-0435991f-93dd-44cd-b7b8-51bfd5cf53c7-000000/HIvKUOwubES5gbenLtlgHO_SzP8=389Get hashmaliciousUnknownBrowse
                                      • 52.205.17.31
                                      https://zpr.io/D4Ds4BwNqbSqGet hashmaliciousHTMLPhisherBrowse
                                      • 54.221.79.189
                                      https://zpr.io/CCttTX8DkxHnGet hashmaliciousHTMLPhisherBrowse
                                      • 54.242.107.68
                                      https://zpr.io/gKq9ft87gpZSGet hashmaliciousHTMLPhisherBrowse
                                      • 34.234.243.234
                                      e8652.dscx.akamaiedge.netFulcrumair- Insurance - Agreementfdp.pdfGet hashmaliciousHTMLPhisherBrowse
                                      • 23.209.209.135
                                      https://www.icloud.com/attachment/?u=https%3A%2F%2Fcvws.icloud-content.com%2FB%2FAVjG_PNMYS3-EQrrqtec88lfyuAcAcZJ-X2kQx0XzVhj0bgezyOvue77%2F%24%7Bf%7D%3Fo%3DAjZOIINnUr_RGIbD_Icbgam8btmNxNgoTnnO-gHuSsTK%26v%3D1%26x%3D3%26a%3DCAoglu6aFygm4lmcA6xNzPbD54y7z9GNpUv9ffJGPfOvbaYSdhC2rdzz0TIYtr3Xx9syIgEAKgkC6AMA_x8xTiBSBF_K4BxaBK-57vtqJTNEgx6xLMhWGBhqyHEiAglN7ruZoGSElYPqM0jaAqRZk_QlLyxyJRQRc7O_B4ye7YWCwpBLU2AawdyofBeLiWCjxWnddvv6vulFwss%26e%3D1742564875%26fl%3D%26r%3DA6119B6F-E87E-45EF-84F4-AF90553209B9-1%26k%3D%24%7Buk%7D%26ckc%3Dcom.apple.largeattachment%26ckz%3D6B7EAEC9-C4E6-4020-898B-95FC4BFA156E%26p%3D125%26s%3Dph0Ck2lMpxev3AMIFvKS_qGyF-w&uk=oZPOnxX8bSHuHHADy2Qc_g&f=B1_Kapitel1.pdf.zip&sz=34834993Get hashmaliciousUnknownBrowse
                                      • 23.209.213.129
                                      Ebizcharge-BonusSupport-request-approved.pdfGet hashmaliciousUnknownBrowse
                                      • 23.209.213.129
                                      https://atstrack.com/customer-support/software.htmlGet hashmaliciousUnknownBrowse
                                      • 2.19.105.127
                                      file.ps1Get hashmaliciousPureLog Stealer, RHADAMANTHYS, zgRATBrowse
                                      • 104.76.201.34
                                      #U94f6#U884c#U8f6c#U8d26#U51ed#U8bc1.lnkGet hashmaliciousUnknownBrowse
                                      • 104.76.201.34
                                      i#U043en.pdfGet hashmaliciousScreenConnect ToolBrowse
                                      • 2.19.105.127
                                      Ymcaret W-2,Tax_Return.pdfGet hashmaliciousUnknownBrowse
                                      • 2.19.105.127
                                      Invisalert Solutions Revised Billing Proposal for 2025.pdfGet hashmaliciousUnknownBrowse
                                      • 23.209.213.129
                                      Moog__Review_202516370.pdfGet hashmaliciousUnknownBrowse
                                      • 2.23.197.184

                                      ASNs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      AMAZON-AESUSFulcrumair- Insurance - Agreementfdp.pdfGet hashmaliciousHTMLPhisherBrowse
                                      • 52.22.41.97
                                      http://www.antham.com/Get hashmaliciousUnknownBrowse
                                      • 3.218.126.44
                                      jade.m68k.elfGet hashmaliciousMiraiBrowse
                                      • 34.202.220.171
                                      zOmGwU7XTO.msiGet hashmaliciousUnknownBrowse
                                      • 44.219.5.236
                                      https://www.icloud.com/attachment/?u=https%3A%2F%2Fcvws.icloud-content.com%2FB%2FAVjG_PNMYS3-EQrrqtec88lfyuAcAcZJ-X2kQx0XzVhj0bgezyOvue77%2F%24%7Bf%7D%3Fo%3DAjZOIINnUr_RGIbD_Icbgam8btmNxNgoTnnO-gHuSsTK%26v%3D1%26x%3D3%26a%3DCAoglu6aFygm4lmcA6xNzPbD54y7z9GNpUv9ffJGPfOvbaYSdhC2rdzz0TIYtr3Xx9syIgEAKgkC6AMA_x8xTiBSBF_K4BxaBK-57vtqJTNEgx6xLMhWGBhqyHEiAglN7ruZoGSElYPqM0jaAqRZk_QlLyxyJRQRc7O_B4ye7YWCwpBLU2AawdyofBeLiWCjxWnddvv6vulFwss%26e%3D1742564875%26fl%3D%26r%3DA6119B6F-E87E-45EF-84F4-AF90553209B9-1%26k%3D%24%7Buk%7D%26ckc%3Dcom.apple.largeattachment%26ckz%3D6B7EAEC9-C4E6-4020-898B-95FC4BFA156E%26p%3D125%26s%3Dph0Ck2lMpxev3AMIFvKS_qGyF-w&uk=oZPOnxX8bSHuHHADy2Qc_g&f=B1_Kapitel1.pdf.zip&sz=34834993Get hashmaliciousUnknownBrowse
                                      • 52.22.41.97
                                      test1.htmlGet hashmaliciousUnknownBrowse
                                      • 52.54.51.73
                                      http://era.caGet hashmaliciousUnknownBrowse
                                      • 18.233.3.105
                                      Overdue Invoice.msgGet hashmaliciousUnknownBrowse
                                      • 54.163.169.242
                                      redline stealer.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                      • 44.221.84.105
                                      http://elcharrousa.comGet hashmaliciousUnknownBrowse
                                      • 54.196.208.134
                                      AMAZON-AESUSFulcrumair- Insurance - Agreementfdp.pdfGet hashmaliciousHTMLPhisherBrowse
                                      • 52.22.41.97
                                      http://www.antham.com/Get hashmaliciousUnknownBrowse
                                      • 3.218.126.44
                                      jade.m68k.elfGet hashmaliciousMiraiBrowse
                                      • 34.202.220.171
                                      zOmGwU7XTO.msiGet hashmaliciousUnknownBrowse
                                      • 44.219.5.236
                                      https://www.icloud.com/attachment/?u=https%3A%2F%2Fcvws.icloud-content.com%2FB%2FAVjG_PNMYS3-EQrrqtec88lfyuAcAcZJ-X2kQx0XzVhj0bgezyOvue77%2F%24%7Bf%7D%3Fo%3DAjZOIINnUr_RGIbD_Icbgam8btmNxNgoTnnO-gHuSsTK%26v%3D1%26x%3D3%26a%3DCAoglu6aFygm4lmcA6xNzPbD54y7z9GNpUv9ffJGPfOvbaYSdhC2rdzz0TIYtr3Xx9syIgEAKgkC6AMA_x8xTiBSBF_K4BxaBK-57vtqJTNEgx6xLMhWGBhqyHEiAglN7ruZoGSElYPqM0jaAqRZk_QlLyxyJRQRc7O_B4ye7YWCwpBLU2AawdyofBeLiWCjxWnddvv6vulFwss%26e%3D1742564875%26fl%3D%26r%3DA6119B6F-E87E-45EF-84F4-AF90553209B9-1%26k%3D%24%7Buk%7D%26ckc%3Dcom.apple.largeattachment%26ckz%3D6B7EAEC9-C4E6-4020-898B-95FC4BFA156E%26p%3D125%26s%3Dph0Ck2lMpxev3AMIFvKS_qGyF-w&uk=oZPOnxX8bSHuHHADy2Qc_g&f=B1_Kapitel1.pdf.zip&sz=34834993Get hashmaliciousUnknownBrowse
                                      • 52.22.41.97
                                      test1.htmlGet hashmaliciousUnknownBrowse
                                      • 52.54.51.73
                                      http://era.caGet hashmaliciousUnknownBrowse
                                      • 18.233.3.105
                                      Overdue Invoice.msgGet hashmaliciousUnknownBrowse
                                      • 54.163.169.242
                                      redline stealer.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                      • 44.221.84.105
                                      http://elcharrousa.comGet hashmaliciousUnknownBrowse
                                      • 54.196.208.134
                                      CWVodafoneGroupPLCEUMoog__Review_202516370.pdfGet hashmaliciousUnknownBrowse
                                      • 2.23.197.184
                                      res.mpsl.elfGet hashmaliciousUnknownBrowse
                                      • 195.10.5.135
                                      Annual Business Assessment (955 KB).msgGet hashmaliciousUnknownBrowse
                                      • 2.23.197.184
                                      https://app.botdoc.io/u/kq7rPbgpGet hashmaliciousHTMLPhisherBrowse
                                      • 2.23.197.184
                                      Owari.arm7.elfGet hashmaliciousMiraiBrowse
                                      • 166.63.200.45
                                      Ticket ResolvedZ2JWI9FK1U.htmGet hashmaliciousHTMLPhisherBrowse
                                      • 2.23.209.17
                                      nabsh4.elfGet hashmaliciousUnknownBrowse
                                      • 195.93.123.83
                                      nklarm5.elfGet hashmaliciousUnknownBrowse
                                      • 193.164.178.73
                                      Revised Carolina Cat Employee Handbook.pdfGet hashmaliciousHTMLPhisherBrowse
                                      • 2.23.197.184
                                      vigbbbiw3G.exeGet hashmaliciousUnknownBrowse
                                      • 2.23.209.17

                                      JA3 Fingerprints

                                      No context

                                      Dropped Files

                                      No context

                                      Created / dropped Files

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):292
                                      Entropy (8bit):5.201882935950185
                                      Encrypted:false
                                      SSDEEP:6:iOXBkjLUq2Pwkn2nKuAl9OmbnIFUtFBkjLE2hZmw7BkjLE27kwOwkn2nKuAl9Omt:7xkEvYfHAahFUtTkNh/lkN75JfHAaSJ
                                      MD5:EC0E1C43E40360C79F69FC97BBA7AACB
                                      SHA1:D2B8D821FB2163610A2FEE9661E76039F6184107
                                      SHA-256:60AF5AAC3E7FDCD555328C011C7EA08601DF2E98F4D9D62385D66792FCE223F0
                                      SHA-512:25F8193C04ADE27E2E8C1F77E6E873CBAB176BD8D1068E449B313528DCADB9453EC86AA1C2BB1BE4176FF924031C6F92EA3A3EBE4F86839029A3A0CA7A99DFAD
                                      Malicious:false
                                      Reputation:low
                                      Preview:2025/02/19-17:07:39.161 1e60 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/02/19-17:07:39.163 1e60 Recovering log #3.2025/02/19-17:07:39.163 1e60 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):292
                                      Entropy (8bit):5.201882935950185
                                      Encrypted:false
                                      SSDEEP:6:iOXBkjLUq2Pwkn2nKuAl9OmbnIFUtFBkjLE2hZmw7BkjLE27kwOwkn2nKuAl9Omt:7xkEvYfHAahFUtTkNh/lkN75JfHAaSJ
                                      MD5:EC0E1C43E40360C79F69FC97BBA7AACB
                                      SHA1:D2B8D821FB2163610A2FEE9661E76039F6184107
                                      SHA-256:60AF5AAC3E7FDCD555328C011C7EA08601DF2E98F4D9D62385D66792FCE223F0
                                      SHA-512:25F8193C04ADE27E2E8C1F77E6E873CBAB176BD8D1068E449B313528DCADB9453EC86AA1C2BB1BE4176FF924031C6F92EA3A3EBE4F86839029A3A0CA7A99DFAD
                                      Malicious:false
                                      Reputation:low
                                      Preview:2025/02/19-17:07:39.161 1e60 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/02/19-17:07:39.163 1e60 Recovering log #3.2025/02/19-17:07:39.163 1e60 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):336
                                      Entropy (8bit):5.2176979089783355
                                      Encrypted:false
                                      SSDEEP:6:iOXBkjLFCct+q2Pwkn2nKuAl9Ombzo2jMGIFUtFBkjLFQaJZmw7BkjLF8tVkwOwI:7xkxovYfHAa8uFUtTku4/lkmT5JfHAaU
                                      MD5:47AF8B4A635FC88A22A3BE2EFCE66DEB
                                      SHA1:E126288922D8DA715622FB08D93D4C6912788AF2
                                      SHA-256:95BE0336D7B1267C77D486F55616A697276AA2B8861A4881172CE995A8D7DBBC
                                      SHA-512:7C47BEBE20B1852B6CB1BDA8A4CEDDB7D0784D4AB2C7DCBB0D19757941DB6D5E5ED3EF04830CDF66A17F65DF83D3BCBE364CA5B87309FCF5B2568D9668A40016
                                      Malicious:false
                                      Reputation:low
                                      Preview:2025/02/19-17:07:39.193 1f28 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/02/19-17:07:39.195 1f28 Recovering log #3.2025/02/19-17:07:39.198 1f28 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):336
                                      Entropy (8bit):5.2176979089783355
                                      Encrypted:false
                                      SSDEEP:6:iOXBkjLFCct+q2Pwkn2nKuAl9Ombzo2jMGIFUtFBkjLFQaJZmw7BkjLF8tVkwOwI:7xkxovYfHAa8uFUtTku4/lkmT5JfHAaU
                                      MD5:47AF8B4A635FC88A22A3BE2EFCE66DEB
                                      SHA1:E126288922D8DA715622FB08D93D4C6912788AF2
                                      SHA-256:95BE0336D7B1267C77D486F55616A697276AA2B8861A4881172CE995A8D7DBBC
                                      SHA-512:7C47BEBE20B1852B6CB1BDA8A4CEDDB7D0784D4AB2C7DCBB0D19757941DB6D5E5ED3EF04830CDF66A17F65DF83D3BCBE364CA5B87309FCF5B2568D9668A40016
                                      Malicious:false
                                      Reputation:low
                                      Preview:2025/02/19-17:07:39.193 1f28 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/02/19-17:07:39.195 1f28 Recovering log #3.2025/02/19-17:07:39.198 1f28 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\983939bc-0844-4787-85d3-99ce7088a319.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:JSON data
                                      Category:modified
                                      Size (bytes):475
                                      Entropy (8bit):4.961305759039287
                                      Encrypted:false
                                      SSDEEP:12:YH/um3RA8sqD3hsBdOg2HAcaq3QYiubInP7E4T3y:Y2sRdsLdMHr3QYhbG7nby
                                      MD5:45834991A91E1D12161347FCABCB23BA
                                      SHA1:DFEDF422281E21851375B5564B8E09576189D233
                                      SHA-256:9C8326A2F3F6611F630D23C5C34BCE0E5ECF41F1BEEE3C43609D513130EF430C
                                      SHA-512:9E70EB2456E234CAA9BE6A46397F0DB08B05DAD43376E9634363F8248F28A092AD8C7FF72646F13FE107E81329B6C2C520F0240D83D0DA208DA17320D3E41E96
                                      Malicious:false
                                      Reputation:low
                                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13384562871845714","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":122968},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):475
                                      Entropy (8bit):4.961305759039287
                                      Encrypted:false
                                      SSDEEP:12:YH/um3RA8sqD3hsBdOg2HAcaq3QYiubInP7E4T3y:Y2sRdsLdMHr3QYhbG7nby
                                      MD5:45834991A91E1D12161347FCABCB23BA
                                      SHA1:DFEDF422281E21851375B5564B8E09576189D233
                                      SHA-256:9C8326A2F3F6611F630D23C5C34BCE0E5ECF41F1BEEE3C43609D513130EF430C
                                      SHA-512:9E70EB2456E234CAA9BE6A46397F0DB08B05DAD43376E9634363F8248F28A092AD8C7FF72646F13FE107E81329B6C2C520F0240D83D0DA208DA17320D3E41E96
                                      Malicious:false
                                      Reputation:low
                                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13384562871845714","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":122968},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):4730
                                      Entropy (8bit):5.257217840655848
                                      Encrypted:false
                                      SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7c+k/XnZ:etJCV4FiN/jTN/2r8Mta02fEhgO73go8
                                      MD5:82474187B5EF2684AE130576677AB392
                                      SHA1:4ADA213637F576AB4ED0829CDFDBABAA7C5FFC6F
                                      SHA-256:09D11F1EB7003C9800D715288FAEE20F6CE4ABDD574164F3F47A0F7DFCFCD67C
                                      SHA-512:F42CB53F55A5AD5A919E9111207F22248B926171CB197C66B45A777768B9AE51F9B4D1ABEF7ACB6CDC3562A4109A99153DAB4DF4E598ECBDC426F52CECCB8251
                                      Malicious:false
                                      Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):324
                                      Entropy (8bit):5.216817115729553
                                      Encrypted:false
                                      SSDEEP:6:iOXBkjLVcFI+q2Pwkn2nKuAl9OmbzNMxIFUtFBkjLBXZmw7BkjLB3VkwOwkn2nKA:7xkGHvYfHAa8jFUtTkRX/lkRF5JfHAab
                                      MD5:7BFCE1827753AE9825275DC320660B92
                                      SHA1:1C7E226E9D4962863C211F8A44D0ED06C1BC0D60
                                      SHA-256:BED1978827583C1A78EA0EB5DA8CD5EC174D0EE8E175BFC2F30D3A2587FFF6ED
                                      SHA-512:902B3A87EDB50A44E669C924B8CD407DAC7EA173B4EEBDB9E6C78A5AA997FD910716742819120297C6A710E799DC0E6749FD6A5F518055345908DA5FD5273615
                                      Malicious:false
                                      Preview:2025/02/19-17:07:39.379 1f28 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/02/19-17:07:39.380 1f28 Recovering log #3.2025/02/19-17:07:39.380 1f28 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):324
                                      Entropy (8bit):5.216817115729553
                                      Encrypted:false
                                      SSDEEP:6:iOXBkjLVcFI+q2Pwkn2nKuAl9OmbzNMxIFUtFBkjLBXZmw7BkjLB3VkwOwkn2nKA:7xkGHvYfHAa8jFUtTkRX/lkRF5JfHAab
                                      MD5:7BFCE1827753AE9825275DC320660B92
                                      SHA1:1C7E226E9D4962863C211F8A44D0ED06C1BC0D60
                                      SHA-256:BED1978827583C1A78EA0EB5DA8CD5EC174D0EE8E175BFC2F30D3A2587FFF6ED
                                      SHA-512:902B3A87EDB50A44E669C924B8CD407DAC7EA173B4EEBDB9E6C78A5AA997FD910716742819120297C6A710E799DC0E6749FD6A5F518055345908DA5FD5273615
                                      Malicious:false
                                      Preview:2025/02/19-17:07:39.379 1f28 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/02/19-17:07:39.380 1f28 Recovering log #3.2025/02/19-17:07:39.380 1f28 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250219220744Z-180.bmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                                      Category:dropped
                                      Size (bytes):65110
                                      Entropy (8bit):1.5177425042618682
                                      Encrypted:false
                                      SSDEEP:48:W3Q+cnX1XZ8XTdPXhmUX5ccpXLXzZ8Xw7XLXLXLX2XryX2XrtXLXz5pXLXLXLOUo:2cnXjYdJmUX5ccFi5XPFX+4qtc+BxZb
                                      MD5:BC74363AFAD62EE293EEE73A54600BE3
                                      SHA1:9E2DA5A3AFC998F7DAE232ECA9B61217B516BC07
                                      SHA-256:8E0F56BB4234ED99E5863A3A6E4AF651C518C00EA6B2D11673E574B16926FE19
                                      SHA-512:0D5356D6FE7B922354101F29187866FFBD6B6E0736A385766B418F361FE4A431018AD1E49DCCB8D71D7F7193ECFBBF1A562658612FCA9839D38A7731A4E25A89
                                      Malicious:false
                                      Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                                      Category:dropped
                                      Size (bytes):86016
                                      Entropy (8bit):4.444815481303798
                                      Encrypted:false
                                      SSDEEP:384:yezci5tWiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rZs3OazzU89UTTgUL
                                      MD5:1478697C95233F88049E8AF3CF7AD5AE
                                      SHA1:25399B9E7D69E034F52043B97D1F6569C6E23C25
                                      SHA-256:618534DD593922792EA1730283E233AAF85EF935EC41D6167D3EC96AA36E22C2
                                      SHA-512:6F5B4F9B8677DDCDBD7CB3CAD473D3D3D5E34B5BF9C377518D90ECF40F878269D612EB0F63EF03A0AA16A4C52C2033578AC12AA527B2D1C03652156D3B7BB241
                                      Malicious:false
                                      Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:SQLite Rollback Journal
                                      Category:dropped
                                      Size (bytes):8720
                                      Entropy (8bit):3.776393823035486
                                      Encrypted:false
                                      SSDEEP:48:7MQp/E2ioyVpioy9oWoy1Cwoy1BKOioy1noy1AYoy1Wioy1hioybioyxoy1noy1v:7vpjupFkXKQwNXb9IVXEBodRBk5
                                      MD5:D729B5177A6A93DECA4AE136F5573FD2
                                      SHA1:0A2F98DE351E7B60837F76993FF1C0FFB2594F11
                                      SHA-256:5FACBDFC2DCDB72965B15FDDF08E6597F0371B203F4D395A9ABBAA9A96EEC771
                                      SHA-512:98F8A2ACD9AEF7483CFEEE60D6B0B24C6838C1C9E835199F31310D6284226AEAB785BF3746B088137477FD4AB16490A84F269CC985CA615AA26812ACF4B81FF3
                                      Malicious:false
                                      Preview:.... .c......Y.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:Certificate, Version=3
                                      Category:dropped
                                      Size (bytes):1391
                                      Entropy (8bit):7.705940075877404
                                      Encrypted:false
                                      SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                                      MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                      SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                      SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                      SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                      Malicious:false
                                      Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):192
                                      Entropy (8bit):2.732136534099206
                                      Encrypted:false
                                      SSDEEP:3:kkFklLRTllXfllXlE/HT8kdll7/XNNX8RolJuRdxLlGB9lQRYwpDdt:kKs2T8S/7VNMa8RdWBwRd
                                      MD5:7EE58212F6D5872771123D0164BDF22A
                                      SHA1:1154D00C5035F72D26E4BE3F0187DD067709FC54
                                      SHA-256:3AB6031579AA2E62FED788D5DC367C36CF6816C70EF8E510EB23127C2F419A95
                                      SHA-512:30B5ED6C7C1D8518B1101ACD0BF3502040DB18E988EC7531BDB94F8FCAC7C32C2516E4F59FE256CE744A94381C29E0C1D23C8A835AE83E73688DE4A6014F828C
                                      Malicious:false
                                      Preview:p...... ..........1.....(....................................................... ..........W....rh..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:PostScript document text
                                      Category:dropped
                                      Size (bytes):1233
                                      Entropy (8bit):5.233980037532449
                                      Encrypted:false
                                      SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                      MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                      SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                      SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                      SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                      Malicious:false
                                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7652

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:PostScript document text
                                      Category:dropped
                                      Size (bytes):1233
                                      Entropy (8bit):5.233980037532449
                                      Encrypted:false
                                      SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                      MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                      SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                      SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                      SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                      Malicious:false
                                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:PostScript document text
                                      Category:dropped
                                      Size (bytes):1233
                                      Entropy (8bit):5.233980037532449
                                      Encrypted:false
                                      SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                      MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                      SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                      SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                      SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                      Malicious:false
                                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:PostScript document text
                                      Category:dropped
                                      Size (bytes):10880
                                      Entropy (8bit):5.214360287289079
                                      Encrypted:false
                                      SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                                      MD5:B60EE534029885BD6DECA42D1263BDC0
                                      SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                      SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                      SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                      Malicious:false
                                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.7652

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:PostScript document text
                                      Category:dropped
                                      Size (bytes):10880
                                      Entropy (8bit):5.214360287289079
                                      Encrypted:false
                                      SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                                      MD5:B60EE534029885BD6DECA42D1263BDC0
                                      SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                      SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                      SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                      Malicious:false
                                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):243196
                                      Entropy (8bit):3.3450692389394283
                                      Encrypted:false
                                      SSDEEP:1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
                                      MD5:F5567C4FF4AB049B696D3BE0DD72A793
                                      SHA1:EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
                                      SHA-256:D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
                                      SHA-512:E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
                                      Malicious:false
                                      Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):295
                                      Entropy (8bit):5.374710255616065
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXPEVP2HfAHVoZcg1vRcR0YULS4UPoAvJM3g98kUwPeUkwRe9:YvXKX22Ho2Zc0vFGwGMbLUkee9
                                      MD5:51A9D6630A311DAF6CBB1C44CAADE9EB
                                      SHA1:93D7E79B10A66FCE50637C78026B3319977DB464
                                      SHA-256:4928515F9DD1C8150F57EC49E75AC7E7EBE413D000A97A7EA2985FC1667F26B3
                                      SHA-512:2C6AAFEEFFF1522F300EBA65CF02276D590DB453648C3FBA03D638B3AFB1F230F54A15972E2F06C9C2DF3FB06D3139DC184D2825E144FD7B5565ECF2304099F1
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"8a07683d-94f5-49ca-98d2-8569c600711b","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1740177375611,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):294
                                      Entropy (8bit):5.327053824179525
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXPEVP2HfAHVoZcg1vRcR0YULS4UPoAvJfBoTfXpnrPeUkwRe9:YvXKX22Ho2Zc0vFGwGWTfXcUkee9
                                      MD5:EE2FE1BB9EC007F3AF9C6A9640749F00
                                      SHA1:117229C19AC686F67451A69D7E8976ECDA8AF8CC
                                      SHA-256:13B33CFFAAE6A62C770C9AF3359168AB0DAA33CA5C926CCB3FEE379981F61073
                                      SHA-512:61E68A3AC266CB1F450459A126AD0498F885532EAE30C5AD6B00E62BD9E0C94C5FC6BA34A8A79616FB29C129CC5977B377309C1F1569F8163ADB693CBB074B64
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"8a07683d-94f5-49ca-98d2-8569c600711b","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1740177375611,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):294
                                      Entropy (8bit):5.305006424178885
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXPEVP2HfAHVoZcg1vRcR0YULS4UPoAvJfBD2G6UpnrPeUkwRe9:YvXKX22Ho2Zc0vFGwGR22cUkee9
                                      MD5:AC427886D9317BBF254B30B6A8F1D01C
                                      SHA1:A3717DB505C83A5101985E10625084BA54443680
                                      SHA-256:7A9148E223DF10E60F23C6FE33F96594D733DE9C1B3ECE6496B57778C406E084
                                      SHA-512:6C04D28A2D96D26EE5E9FCC837A853278D76F8ECBF3B29CC976A3C5B5686EFD15F6D0D61606379A12BA5E8B2D76ACA0F561736BFB85065771B905EEB266A9CF2
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"8a07683d-94f5-49ca-98d2-8569c600711b","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1740177375611,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):285
                                      Entropy (8bit):5.362118897576097
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXPEVP2HfAHVoZcg1vRcR0YULS4UPoAvJfPmwrPeUkwRe9:YvXKX22Ho2Zc0vFGwGH56Ukee9
                                      MD5:FE71119E8B546C37913064219AFE4AE8
                                      SHA1:B5DAD09115E61EEDF98940ADA10DED1E622F8513
                                      SHA-256:5D80AA99B2A4DCC4C920EE5F7B114D7E00B89C0162072DD0F701EB1E9B82E662
                                      SHA-512:3EF6D5654D61A12AADDA45DB7558E3FCB5B0AF995EEE7C3BC3A035F62D0A52304F6F92A33EC19A13782FBBFE4998842F55E739C65CF18C432D2AE49B05720DF4
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"8a07683d-94f5-49ca-98d2-8569c600711b","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1740177375611,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):2159
                                      Entropy (8bit):5.844425835104711
                                      Encrypted:false
                                      SSDEEP:24:Yv6XHHo2zvF4pLgE+ZychPdhycR84bNvrISIedJ9HE7iniODneLKnlYMfNcfbpEj:Yvs94hgx7hy48Yk68OiOumNcCKOrkUAE
                                      MD5:57139438D6C1B4A19621F7B428FB26BC
                                      SHA1:B03D1E0421F546F6D2F6DF0CBB504C0D3C9DDA33
                                      SHA-256:6007BFB1D0B2E0C6ABD457869EEA849A6B3B0F12D09A1EE4F941BE1F685F115B
                                      SHA-512:510579BBFC08B98AC40705BF4A1FD6845F763D31E7BCCBDEE9EB171CBD18A525BD423053E870232C4328248F4E7069950A695F033B4150791D7974D2D4E5B739
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"8a07683d-94f5-49ca-98d2-8569c600711b","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1740177375611,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"98856_305509ActionBlock_1","campaignId":98856,"containerId":"1","controlGroupId":"","treatmentId":"af52e1bf-3783-40fd-b92d-17e341cad09e","variationId":"305509"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2NvbnZlcnQiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0xIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRXhwb3J0IFBERnMgdG8gTWljcm9zb2Z0XFxuV29yZCwgRXhjZWwsIGFuZCBQb3dlclBvaW50LiIsImN0YUxhYmVsIjpudWxsLCJjdGFCZWhhdmlvciI6bnVsbCwiY3RhVXJsIjpudWxsLCJjdGFV

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):289
                                      Entropy (8bit):5.309780148467524
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXPEVP2HfAHVoZcg1vRcR0YULS4UPoAvJf8dPeUkwRe9:YvXKX22Ho2Zc0vFGwGU8Ukee9
                                      MD5:17BD67D7B45AD43D1FAF4FA771F893AD
                                      SHA1:F699FF8E08A216C057602FCC3FB98855823EE675
                                      SHA-256:1F0615ABCB978CAA916916748349EBF7D2B45393A7743CCC806C5BFAF23ABEAA
                                      SHA-512:212CAE84235A6320282C025D89EC95FD5BDD8C6EE6F7FD2CF220E9096F4CB638D2F2B73DEBC2AFD6D11DB7E71506C96B21956901F1EDBC9550F59A7EAC8507F5
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"8a07683d-94f5-49ca-98d2-8569c600711b","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1740177375611,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):292
                                      Entropy (8bit):5.314180099891281
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXPEVP2HfAHVoZcg1vRcR0YULS4UPoAvJfQ1rPeUkwRe9:YvXKX22Ho2Zc0vFGwGY16Ukee9
                                      MD5:3A995DEC64759670811A86BA5AF9CA23
                                      SHA1:54A248BB3F4327F8D4E36767CF562404A71ACC44
                                      SHA-256:B1BAC044104F5979D76F844E888F7668047C22965F16D5A8C8D702C9C19B7F29
                                      SHA-512:0F35831101184CE0EFABDAEC392A284BB2A45D3D5CEFF15D7E96C9B149FA30ABF49E37F0B7BC2A375134CD4886FEDCB66F0F3DC3A22B767B1A638C8B6AA66804
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"8a07683d-94f5-49ca-98d2-8569c600711b","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1740177375611,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):2154
                                      Entropy (8bit):5.839264822814969
                                      Encrypted:false
                                      SSDEEP:48:Yvs9XogxWhN48lkuCiyAQzyODyHKOkQDcSmjWAAE:GZgEH4YkuJQO4JOkQoSmN
                                      MD5:05544D0841D70FFED7CADE75AC926A0A
                                      SHA1:3ABD8C4379514F05DB59762FF8F6A8E5FB77174E
                                      SHA-256:5A976265AA37EAF7DB7D8EC0B1F7CE2261F1F19AA7E2E1DF54951EF2B1E41F21
                                      SHA-512:16A6122A62D826F2AADDDBBD63CB03ADEA8C459C1E374E035C88331D8B86B56FC9B1581198E87A21F2131989DEC8BFA66FAFB43153085D79914016D7927AFC97
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"8a07683d-94f5-49ca-98d2-8569c600711b","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1740177375611,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"98856_305509ActionBlock_2","campaignId":98856,"containerId":"1","controlGroupId":"","treatmentId":"ac976190-e928-441b-966f-edceed16b659","variationId":"305509"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2VkaXQiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0xIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRWRpdCB0ZXh0LCBpbWFnZXMsIGFuZFxcbiAgaW5zZXJ0IG9yIGRlbGV0ZSBwYWdlcy4iLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwid

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):295
                                      Entropy (8bit):5.335694069160719
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXPEVP2HfAHVoZcg1vRcR0YULS4UPoAvJfzdPeUkwRe9:YvXKX22Ho2Zc0vFGwGb8Ukee9
                                      MD5:BE8379CE554D39C64F6A369B06F2A6A8
                                      SHA1:AA646C44DD773DA95E948062857216FCF05CCAD2
                                      SHA-256:5075C1FBF7F05E8C7830A8229A8DA6D1F1D2E976543A9462268005E79D2EBEBE
                                      SHA-512:3F1BD4AA7E3D656C7B568C4C29E8675BE877CABCC57763F086BFE26EC72469F535579FB965B713C3BAFCF57633664CFCDDD69CF254888DEFFF477E86D866F980
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"8a07683d-94f5-49ca-98d2-8569c600711b","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1740177375611,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):289
                                      Entropy (8bit):5.316676852382341
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXPEVP2HfAHVoZcg1vRcR0YULS4UPoAvJfYdPeUkwRe9:YvXKX22Ho2Zc0vFGwGg8Ukee9
                                      MD5:003B8E2C901BED66D733A786F3281A46
                                      SHA1:EF7C157F4B94443CD51BCD2C80F2FFC966610A36
                                      SHA-256:E9289E63D2BA19B5CFEF27390767593FA3E9CFF3F89D785AB6D1FC9023DD0580
                                      SHA-512:D88F7722707BB50742C949597B4DFD8FB01D8AFCE7770EEBCE59D56506A68A8AA2CE059660AEFA7E95ABD963E9F3496B87A0BC90DB077158C4A004F54B0B33F9
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"8a07683d-94f5-49ca-98d2-8569c600711b","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1740177375611,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):284
                                      Entropy (8bit):5.302703130228201
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXPEVP2HfAHVoZcg1vRcR0YULS4UPoAvJf+dPeUkwRe9:YvXKX22Ho2Zc0vFGwG28Ukee9
                                      MD5:D3AB94BD4416ADFB1B16DA2A460F5963
                                      SHA1:F43EAB58182201C572532B0F91070264AD7C0DC3
                                      SHA-256:DF7E8071A210D651860C304E03B1BEDB4DAD861AAE160FC89D84B44F35C32519
                                      SHA-512:FEC942867DAF6973D0DB13A785AEC01E195B2B7809E84E71E980B0A858AC6F29B754BE38C17E404A7BD85F8C5E69D3A112CBC414688A9414914123042035B2A0
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"8a07683d-94f5-49ca-98d2-8569c600711b","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1740177375611,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):291
                                      Entropy (8bit):5.300109332514057
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXPEVP2HfAHVoZcg1vRcR0YULS4UPoAvJfbPtdPeUkwRe9:YvXKX22Ho2Zc0vFGwGDV8Ukee9
                                      MD5:D17F4D70ED740989A0E97BC6A6BA1239
                                      SHA1:01C7598C4DF2251BA96444817B1CB263B214C020
                                      SHA-256:2402111E7C91F1DBEB798CAB20E751369560C4FF36E5A4D38AA7171E04C03E9C
                                      SHA-512:35D3DFA2E99774ED7A4A6DE791E7145D674903E890412652AAFC920D3E599ED23620F854DEB4137BB08B93B5D99588DE3A461E052A67A6F7D80B75BEF64DD236
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"8a07683d-94f5-49ca-98d2-8569c600711b","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1740177375611,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):287
                                      Entropy (8bit):5.304991617691608
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXPEVP2HfAHVoZcg1vRcR0YULS4UPoAvJf21rPeUkwRe9:YvXKX22Ho2Zc0vFGwG+16Ukee9
                                      MD5:16F31EDF64E9CD85BCEAFF7300BF227C
                                      SHA1:7E31AD4EFABCF4F95811EA9A2BFC792E356B14B0
                                      SHA-256:0FAF4DB15610AC383DCBCF73C59B8A69A138F565B024D3A66362695E0A83948D
                                      SHA-512:AE88CD948CB7436AFFE2EF070CE562CE49835C31855DDDA8237D0E19B87AD276E21D55EB9D6BCE9860D43EFE638303E491D46D285C38DCD9F77D0CB12F09E5E1
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"8a07683d-94f5-49ca-98d2-8569c600711b","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1740177375611,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):2046
                                      Entropy (8bit):5.843269109365727
                                      Encrypted:false
                                      SSDEEP:48:Yvs9qBgxnahG48jkuDwpphU8oIp0LyTnAE:GBgE84+k0w9UupKw
                                      MD5:85285CB39F985624DFA1924FB1D512EB
                                      SHA1:37F97840B9FAA5BCF53C8AC286292D87AD6B08CE
                                      SHA-256:7D34B43A05F7264D93C845F373D41A8CEBD3F25C92C207417FB8503EDF179F56
                                      SHA-512:B648485C53E838F17ACE1B9A28F1A16A302F6F09B1CFCDD93453B0AA6D0B6115989697D9D7C1A29772B0D205CAFA4AE1CD4E19D30F42FD407947799689E181E1
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"8a07683d-94f5-49ca-98d2-8569c600711b","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1740177375611,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"98856_305509ActionBlock_0","campaignId":98856,"containerId":"1","controlGroupId":"","treatmentId":"1f103c22-ed64-4898-b33f-705834e67da9","variationId":"305509"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL3NpZ24iLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0xIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRWFzaWx5IGZpbGwsIHNpZ24sIGFuZCBzZW5kIFBERnMuIiwiY3RhTGFiZWwiOm51bGwsImN0YUJlaGF2aW9yIjpudWxsLCJjdGFVcmwiOm51bGwsImN0YVVybFR5cGUiOm51bGwsInRyYWNraW5nSWQiOiJSR1MwM

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):286
                                      Entropy (8bit):5.280079300764959
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXPEVP2HfAHVoZcg1vRcR0YULS4UPoAvJfshHHrPeUkwRe9:YvXKX22Ho2Zc0vFGwGUUUkee9
                                      MD5:9FCAB31EF0AA6AEBAB57A5294292A9C8
                                      SHA1:C87E9C9964E48946D4A22152BACD7747E98393E8
                                      SHA-256:0345363C99BEFE852F3D44A471BF361276A9AA51DA5D25856E98478D5E95F6B0
                                      SHA-512:57196B2CC8848E83DFEB8566C7D770B0AF380DF2B46425CB3B410279331653CBB4F6155DDA87A26479A25BC2AB968D883DA1C859B14CA9F90D3747F191059305
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"8a07683d-94f5-49ca-98d2-8569c600711b","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1740177375611,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):282
                                      Entropy (8bit):5.28973176077165
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXPEVP2HfAHVoZcg1vRcR0YULS4UPoAvJTqgFCrPeUkwRe9:YvXKX22Ho2Zc0vFGwGTq16Ukee9
                                      MD5:BF01BD5EF0C113BCB179B344FCDDC7B1
                                      SHA1:F28A4E1C43C6AF906083B4A4711CE3926E8151A0
                                      SHA-256:126B408867E61777C02A04D625B23377F523C9FDAFC3835A763A863813A5E5DA
                                      SHA-512:B6591E5F490549A94E2C0396546187E199518B32D8D7C73668EC4E099496A512956B719D6F383106E49C08D96608B7B159033FF3B36AA8BB87384C659ED085FD
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"8a07683d-94f5-49ca-98d2-8569c600711b","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1740177375611,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):4
                                      Entropy (8bit):0.8112781244591328
                                      Encrypted:false
                                      SSDEEP:3:e:e
                                      MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                      SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                      SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                      SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                      Malicious:false
                                      Preview:....

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):2815
                                      Entropy (8bit):5.132542603109982
                                      Encrypted:false
                                      SSDEEP:48:YmiZwkLjWKPZOOrdmbdEq802TSBIph9aWH5Y:HiZwkLvROOrUd8SBiJZY
                                      MD5:660ECD917B351394342F334266D1FCBE
                                      SHA1:8189DD5B7153732E97381F575B5345CE60F2416E
                                      SHA-256:349BD4B7AC39318BED8D02AAA5066B98C7F4EA5EB384EB9F744A4F9ED6300E1C
                                      SHA-512:94273CF5E0EEAF3AE1E87B1781E524FA161F8212BC71839C1BC613F41E50A4D617FFA5ECB64D8DF60DDF45A512F13DE2A3C2C069FD7850728694E36048025252
                                      Malicious:false
                                      Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"da36ab2bc5e49adc1e97f78797a76829","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1740002865000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"906290fb0c35e3bf586b67e65a65a9cc","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":2046,"ts":1740002865000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"f39decc3f87698daf78e8a8bbf10bf3f","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":2159,"ts":1740002865000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"6acaaf985e98e34939ecdfe6346ae934","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":2154,"ts":1740002865000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"75abace4b6076583c88689b187d2c59b","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1740002865000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"38b62477eeec2d99cf1bdb71728cc7d9","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file",

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                                      Category:dropped
                                      Size (bytes):12288
                                      Entropy (8bit):1.1885755372722975
                                      Encrypted:false
                                      SSDEEP:48:TGufl2GL7msEHUUUUUUUUW6ySvR9H9vxFGiDIAEkGVvpa60:lNVmswUUUUUUUUW6y+FGSItW60
                                      MD5:9B1186D8304C83B7C04665BF8438BDA0
                                      SHA1:427557BFD2388BDB72BD01F93AF3FC146AE6484F
                                      SHA-256:C4CEA0C9EF572FDEFA0D0D376C222464474900FA9AEF7429C24355311B58A061
                                      SHA-512:B8B8877F716E3ED394641D94C5879569CA3475A88CC4C7E4089CE2108CD75BBEB179440023E12B7F5057F16FE7A16825644C3605DB161547B92974417AC76BC7
                                      Malicious:false
                                      Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:SQLite Rollback Journal
                                      Category:dropped
                                      Size (bytes):8720
                                      Entropy (8bit):1.6048058452945033
                                      Encrypted:false
                                      SSDEEP:48:7MIKUUUUUUUUUUW6gvR9H9vxFGiDIAEkGVvEqFl2GL7msb:78UUUUUUUUUUW6YFGSItOKVmsb
                                      MD5:155C4D8C7AE701F31140A8A27E71BBAF
                                      SHA1:A4D0BC1B1427CDC678B9C337854F19D86AF54F90
                                      SHA-256:6B09EBE647AAA164D7069A0318B9C56C2589F73C58BF75F3EE1F3CB1FBAB6EFD
                                      SHA-512:7147CB9F8FA20B92C43E741E27B7CDD4EE5E87520EF243F6EC13DA74318B5EA77856DBE0CAD9B2DBCD324C1E532B295CC322A0E772D5F828F9D35351346D244F
                                      Malicious:false
                                      Preview:.... .c.......[.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):66726
                                      Entropy (8bit):5.392739213842091
                                      Encrypted:false
                                      SSDEEP:768:RNOpblrU6TBH44ADKZEgLctW2IXay1YsEjgXyEcpr1SZ55Pk2Yyu:6a6TZ44ADELcE2IX/Ysm1A/rK
                                      MD5:D9636B77626C8CE55C5AEA70A70C2057
                                      SHA1:0E8B268C3D638D3067E94EC5AC2D71A726A05A7E
                                      SHA-256:D1A54A6D81CBCD0222327B81EC38AC236704181AD235A5550F4130A1C02F66A9
                                      SHA-512:E0EF7492CF2301FE6A8852B7A5386DDCC91AEB383BD3D1F239AF630D0C02615859A5D5D247BDF601C1D83C6C2CBFD7E30FB66AF727702A9961814EE62D19D077
                                      Malicious:false
                                      Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

                                      C:\Users\user\AppData\Local\Temp\MSId3426.LOG

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):246
                                      Entropy (8bit):3.5278731006694652
                                      Encrypted:false
                                      SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8m44lEvuw:Qw946cPbiOxDlbYnuRK6Jvb
                                      MD5:543B19E2BBED9F132CEEAE0DB3592178
                                      SHA1:DE6ACD9EC17857B169374BD3653AEE6BDE87E7E7
                                      SHA-256:7B94E31AC2374EE5750922BB288DCDE00022B84C8ACD172EF6F17086CF62E509
                                      SHA-512:882CF505D4E7E1D3332F1EDA1FEE3539D91E8422C09E770E271042C2CAB80A678A09497A21711BA94BE3013208F48579E700510189B1BBC36A2CAE91ADC46125
                                      Malicious:false
                                      Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.9./.0.2./.2.0.2.5. . .1.7.:.0.7.:.4.8. .=.=.=.....

                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-02-19 17-07-41-509.log

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:ASCII text, with very long lines (393)
                                      Category:dropped
                                      Size (bytes):16525
                                      Entropy (8bit):5.345946398610936
                                      Encrypted:false
                                      SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
                                      MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
                                      SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
                                      SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
                                      SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
                                      Malicious:false
                                      Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):15114
                                      Entropy (8bit):5.329462597900008
                                      Encrypted:false
                                      SSDEEP:384:a3LmjXa+2mtG7V99rV4N7tCrrsHWw+uZVSGoCqIxEiqoS1LpR+3yXIXCPl4ppGeG:Biz
                                      MD5:8AFB631E337878BACFCB07C2470AC123
                                      SHA1:6D1707E149248AA7966E7162F63C3F7D76A3DC2C
                                      SHA-256:AD598B1E7DB3E825259FE4A14469DC7267C121556B0584347BEEE76F1AB7A5D9
                                      SHA-512:48706C4B6AC6B947F9815C43AF3FF4DDE077D90F7CFE655C7BEBA5028FC4F54A16343B7AEA2E65941EBE389119F04C90DF51D794BCC901333024F893364C2427
                                      Malicious:false
                                      Preview:SessionID=d885d4e9-d8aa-4a04-8abd-2dbe5ae32b82.1740002861532 Timestamp=2025-02-19T17:07:41:532-0500 ThreadID=1396 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=d885d4e9-d8aa-4a04-8abd-2dbe5ae32b82.1740002861532 Timestamp=2025-02-19T17:07:41:533-0500 ThreadID=1396 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=d885d4e9-d8aa-4a04-8abd-2dbe5ae32b82.1740002861532 Timestamp=2025-02-19T17:07:41:533-0500 ThreadID=1396 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=d885d4e9-d8aa-4a04-8abd-2dbe5ae32b82.1740002861532 Timestamp=2025-02-19T17:07:41:533-0500 ThreadID=1396 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=d885d4e9-d8aa-4a04-8abd-2dbe5ae32b82.1740002861532 Timestamp=2025-02-19T17:07:41:533-0500 ThreadID=1396 Component=ngl-lib_NglAppLib Description="SetConf

                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):29752
                                      Entropy (8bit):5.389813834738508
                                      Encrypted:false
                                      SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rR:V
                                      MD5:73C87BB7FC1AE561D81BED40771A8972
                                      SHA1:20A6749D8F4CE603013FF797C364D23300903EBA
                                      SHA-256:3C7A1CE7C722F144D67FEB82D3F4FC0E0364D2E5267EE1B244984840676D9634
                                      SHA-512:AE237BA0111DA29DD52F83AF1FA2448CB3B7C622223EACE971A511E9BC264650AA99951BBCF214899FA36FA58262AE287C421C37469B5729D4878B1908179C07
                                      Malicious:false
                                      Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

                                      C:\Users\user\AppData\Local\Temp\acrocef_low\456c9bf6-7112-42a0-b10f-d0e7f9bc2b09.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                      Category:dropped
                                      Size (bytes):386528
                                      Entropy (8bit):7.9736851559892425
                                      Encrypted:false
                                      SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                      MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                      SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                      SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                      SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                      Malicious:false
                                      Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                      C:\Users\user\AppData\Local\Temp\acrocef_low\5a2b9178-7d11-4fef-8d69-eab4b79aac50.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                      Category:dropped
                                      Size (bytes):1419751
                                      Entropy (8bit):7.976496077007677
                                      Encrypted:false
                                      SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
                                      MD5:18E3D04537AF72FDBEB3760B2D10C80E
                                      SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
                                      SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
                                      SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
                                      Malicious:false
                                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                      C:\Users\user\AppData\Local\Temp\acrocef_low\75441d06-fd1a-4983-b97f-3c0a376c727d.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                      Category:dropped
                                      Size (bytes):758601
                                      Entropy (8bit):7.98639316555857
                                      Encrypted:false
                                      SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                      MD5:3A49135134665364308390AC398006F1
                                      SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                      SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                      SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                      Malicious:false
                                      Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                      C:\Users\user\AppData\Local\Temp\acrocef_low\a4b4be60-2318-4469-9dd2-d7fffb851551.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                      Category:dropped
                                      Size (bytes):1407294
                                      Entropy (8bit):7.97605879016224
                                      Encrypted:false
                                      SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                                      MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                                      SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                                      SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                                      SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                                      Malicious:false
                                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                      Chrome Cache Entry: 171

                                      Download File
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:JSON data
                                      Category:downloaded
                                      Size (bytes):31
                                      Entropy (8bit):4.018081793978685
                                      Encrypted:false
                                      SSDEEP:3:YAdJMMKFDn:YAdkn
                                      MD5:9C9365047C3A61FD94A14B9270F6C663
                                      SHA1:E062CDBB7AB530CB950563C19A9A805A01A9ABA5
                                      SHA-256:2E1A34D210E6E390601D59040118AF53666E0E004DC885760370D7925AEB3964
                                      SHA-512:0A502EE3BAC35BC07F69CF73FB609B4C236B6538E1ACB45826E05E0B626A4E28DCD5F4679F0C9C73FFA9C0E8AB22FF433A708D8EFB83B4CB385F66A65F31BB4A
                                      Malicious:false
                                      URL:https://zpr.io/favicon.ico
                                      Preview:{"error":"no link found! :-("}.

                                      Chrome Cache Entry: 172

                                      Download File
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:JSON data
                                      Category:downloaded
                                      Size (bytes):31
                                      Entropy (8bit):4.018081793978685
                                      Encrypted:false
                                      SSDEEP:3:YAdJMMKFDn:YAdkn
                                      MD5:9C9365047C3A61FD94A14B9270F6C663
                                      SHA1:E062CDBB7AB530CB950563C19A9A805A01A9ABA5
                                      SHA-256:2E1A34D210E6E390601D59040118AF53666E0E004DC885760370D7925AEB3964
                                      SHA-512:0A502EE3BAC35BC07F69CF73FB609B4C236B6538E1ACB45826E05E0B626A4E28DCD5F4679F0C9C73FFA9C0E8AB22FF433A708D8EFB83B4CB385F66A65F31BB4A
                                      Malicious:false
                                      URL:https://zpr.io/xr2yxXN4DCYD
                                      Preview:{"error":"no link found! :-("}.

                                      Chrome Cache Entry: 173

                                      Download File
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):31
                                      Entropy (8bit):4.018081793978685
                                      Encrypted:false
                                      SSDEEP:3:YAdJMMKFDn:YAdkn
                                      MD5:9C9365047C3A61FD94A14B9270F6C663
                                      SHA1:E062CDBB7AB530CB950563C19A9A805A01A9ABA5
                                      SHA-256:2E1A34D210E6E390601D59040118AF53666E0E004DC885760370D7925AEB3964
                                      SHA-512:0A502EE3BAC35BC07F69CF73FB609B4C236B6538E1ACB45826E05E0B626A4E28DCD5F4679F0C9C73FFA9C0E8AB22FF433A708D8EFB83B4CB385F66A65F31BB4A
                                      Malicious:false
                                      Preview:{"error":"no link found! :-("}.

                                      Static File Info

                                      General

                                      File type:PDF document, version 1.7, 0 pages
                                      Entropy (8bit):7.513304907240447
                                      TrID:
                                      • Adobe Portable Document Format (5005/1) 100.00%
                                      File name:Review-Report-Scannable.pdf
                                      File size:6'124 bytes
                                      MD5:8c9df2c3427ff815776a80e9c18cdb84
                                      SHA1:dddfa84b0a8957b56cbb52d119464759b58edacc
                                      SHA256:bb904ca6263b77a3ec186ba6d7765e3f7098fc74e1504d62bebf7aadbf768a20
                                      SHA512:1985463b06935d4cde1cca18c8900173cb4d4054dbec69954aa76b74164e81c2a50660f060306fee3e3ccb28666d83f2dbfd4230cb03718281dc2dcd7f154484
                                      SSDEEP:96:BvHBy4rdszeXumH4PYYWHtcavI1t55ZzyT55AzU+qPXXAYLMWCqEaKwpEUfPoAE:7A4FbHthvGKTfusX1MvqEaKwpEUfPoAE
                                      TLSH:CDC13B1EF69E4C85C8938CCDC92E74CA565D794256CCA9FB20246D8F6844E28F212F9F
                                      File Content Preview:%PDF-1.7.1 0 obj.<< /Type /Catalog./Outlines 2 0 R./Pages 3 0 R >>.endobj.2 0 obj.<< /Type /Outlines /Count 0 >>.endobj.3 0 obj.<< /Type /Pages./Kids [6 0 R.]./Count 1./Resources <<./ProcSet 4 0 R./Font << ./F1 8 0 R./F2 9 0 R./F3 10 0 R.>>./XObject << ./

                                      File Icon

                                      Icon Hash:62cc8caeb29e8ae0

                                      Static PDF Info

                                      General

                                      Header:%PDF-1.7
                                      Total Entropy:7.513305
                                      Total Bytes:6124
                                      Stream Entropy:7.839224
                                      Stream Bytes:4204
                                      Entropy outside Streams:5.121605
                                      Bytes outside Streams:1920
                                      Number of EOF found:1
                                      Bytes after EOF:

                                      Keywords Statistics

                                      NameCount
                                      obj12
                                      endobj12
                                      stream3
                                      endstream3
                                      xref1
                                      trailer1
                                      startxref1
                                      /Page1
                                      /Encrypt0
                                      /ObjStm0
                                      /URI0
                                      /JS0
                                      /JavaScript0
                                      /AA0
                                      /OpenAction0
                                      /AcroForm0
                                      /JBIG2Decode0
                                      /RichMedia0
                                      /Launch0
                                      /EmbeddedFile0

                                      Image Streams

                                      IDDHASHMD5Preview
                                      11005a00adad005400a80af8bca9efbe5583e9bd5f1769847d
                                      12007172e4231c5940101b133627f852c5f7e3af7e532cbf28

                                      Network Behavior

                                      Network Port Distribution

                                      TCP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Feb 19, 2025 23:07:45.312720060 CET49740443192.168.2.444.216.228.147
                                      Feb 19, 2025 23:07:45.312730074 CET4434974044.216.228.147192.168.2.4
                                      Feb 19, 2025 23:07:45.312882900 CET49740443192.168.2.444.216.228.147
                                      Feb 19, 2025 23:07:45.313787937 CET49740443192.168.2.444.216.228.147
                                      Feb 19, 2025 23:07:45.313807011 CET4434974044.216.228.147192.168.2.4
                                      Feb 19, 2025 23:07:45.995677948 CET4434974044.216.228.147192.168.2.4
                                      Feb 19, 2025 23:07:45.996273994 CET49740443192.168.2.444.216.228.147
                                      Feb 19, 2025 23:07:45.996285915 CET4434974044.216.228.147192.168.2.4
                                      Feb 19, 2025 23:07:45.997325897 CET4434974044.216.228.147192.168.2.4
                                      Feb 19, 2025 23:07:45.997380972 CET49740443192.168.2.444.216.228.147
                                      Feb 19, 2025 23:07:45.999494076 CET49740443192.168.2.444.216.228.147
                                      Feb 19, 2025 23:07:45.999555111 CET4434974044.216.228.147192.168.2.4
                                      Feb 19, 2025 23:07:45.999630928 CET49740443192.168.2.444.216.228.147
                                      Feb 19, 2025 23:07:45.999639034 CET4434974044.216.228.147192.168.2.4
                                      Feb 19, 2025 23:07:46.048648119 CET49740443192.168.2.444.216.228.147
                                      Feb 19, 2025 23:07:46.111581087 CET4434974044.216.228.147192.168.2.4
                                      Feb 19, 2025 23:07:46.111773968 CET4434974044.216.228.147192.168.2.4
                                      Feb 19, 2025 23:07:46.111819983 CET49740443192.168.2.444.216.228.147
                                      Feb 19, 2025 23:07:46.116209030 CET49740443192.168.2.444.216.228.147
                                      Feb 19, 2025 23:07:46.116235971 CET4434974044.216.228.147192.168.2.4
                                      Feb 19, 2025 23:07:46.416193008 CET49746443192.168.2.444.216.228.147
                                      Feb 19, 2025 23:07:46.416246891 CET4434974644.216.228.147192.168.2.4
                                      Feb 19, 2025 23:07:46.416309118 CET49746443192.168.2.444.216.228.147
                                      Feb 19, 2025 23:07:46.416764975 CET49746443192.168.2.444.216.228.147
                                      Feb 19, 2025 23:07:46.416781902 CET4434974644.216.228.147192.168.2.4
                                      Feb 19, 2025 23:07:46.901478052 CET4434974644.216.228.147192.168.2.4
                                      Feb 19, 2025 23:07:46.966180086 CET49746443192.168.2.444.216.228.147
                                      Feb 19, 2025 23:07:47.156269073 CET49746443192.168.2.444.216.228.147
                                      Feb 19, 2025 23:07:47.156347036 CET4434974644.216.228.147192.168.2.4
                                      Feb 19, 2025 23:07:47.157903910 CET4434974644.216.228.147192.168.2.4
                                      Feb 19, 2025 23:07:47.173643112 CET49746443192.168.2.444.216.228.147
                                      Feb 19, 2025 23:07:47.174024105 CET4434974644.216.228.147192.168.2.4
                                      Feb 19, 2025 23:07:47.174031019 CET49746443192.168.2.444.216.228.147
                                      Feb 19, 2025 23:07:47.215339899 CET4434974644.216.228.147192.168.2.4
                                      Feb 19, 2025 23:07:47.271224976 CET49746443192.168.2.444.216.228.147
                                      Feb 19, 2025 23:07:47.283965111 CET4434974644.216.228.147192.168.2.4
                                      Feb 19, 2025 23:07:47.284610987 CET4434974644.216.228.147192.168.2.4
                                      Feb 19, 2025 23:07:47.285459995 CET49746443192.168.2.444.216.228.147
                                      Feb 19, 2025 23:07:47.296863079 CET49746443192.168.2.444.216.228.147
                                      Feb 19, 2025 23:07:47.296892881 CET4434974644.216.228.147192.168.2.4
                                      Feb 19, 2025 23:07:47.323379040 CET49748443192.168.2.4100.27.146.46
                                      Feb 19, 2025 23:07:47.323399067 CET44349748100.27.146.46192.168.2.4
                                      Feb 19, 2025 23:07:47.323460102 CET49748443192.168.2.4100.27.146.46
                                      Feb 19, 2025 23:07:47.323659897 CET49748443192.168.2.4100.27.146.46
                                      Feb 19, 2025 23:07:47.323672056 CET44349748100.27.146.46192.168.2.4
                                      Feb 19, 2025 23:07:47.329040051 CET49672443192.168.2.4173.222.162.32
                                      Feb 19, 2025 23:07:47.329071045 CET44349672173.222.162.32192.168.2.4
                                      Feb 19, 2025 23:07:48.001275063 CET44349748100.27.146.46192.168.2.4
                                      Feb 19, 2025 23:07:48.003612041 CET49748443192.168.2.4100.27.146.46
                                      Feb 19, 2025 23:07:48.003638029 CET44349748100.27.146.46192.168.2.4
                                      Feb 19, 2025 23:07:48.004673958 CET44349748100.27.146.46192.168.2.4
                                      Feb 19, 2025 23:07:48.004719019 CET49748443192.168.2.4100.27.146.46
                                      Feb 19, 2025 23:07:48.006635904 CET49748443192.168.2.4100.27.146.46
                                      Feb 19, 2025 23:07:48.006844997 CET44349748100.27.146.46192.168.2.4
                                      Feb 19, 2025 23:07:48.007531881 CET49748443192.168.2.4100.27.146.46
                                      Feb 19, 2025 23:07:48.007539034 CET44349748100.27.146.46192.168.2.4
                                      Feb 19, 2025 23:07:48.059180975 CET49748443192.168.2.4100.27.146.46
                                      Feb 19, 2025 23:07:48.121121883 CET44349748100.27.146.46192.168.2.4
                                      Feb 19, 2025 23:07:48.121273994 CET44349748100.27.146.46192.168.2.4
                                      Feb 19, 2025 23:07:48.121329069 CET49748443192.168.2.4100.27.146.46
                                      Feb 19, 2025 23:07:48.125878096 CET49748443192.168.2.4100.27.146.46
                                      Feb 19, 2025 23:07:48.125894070 CET44349748100.27.146.46192.168.2.4
                                      Feb 19, 2025 23:07:49.813774109 CET49753443192.168.2.4142.250.185.100
                                      Feb 19, 2025 23:07:49.813796043 CET44349753142.250.185.100192.168.2.4
                                      Feb 19, 2025 23:07:49.813936949 CET49753443192.168.2.4142.250.185.100
                                      Feb 19, 2025 23:07:49.814218044 CET49753443192.168.2.4142.250.185.100
                                      Feb 19, 2025 23:07:49.814229965 CET44349753142.250.185.100192.168.2.4
                                      Feb 19, 2025 23:07:50.446646929 CET44349753142.250.185.100192.168.2.4
                                      Feb 19, 2025 23:07:50.446957111 CET49753443192.168.2.4142.250.185.100
                                      Feb 19, 2025 23:07:50.447006941 CET44349753142.250.185.100192.168.2.4
                                      Feb 19, 2025 23:07:50.447884083 CET44349753142.250.185.100192.168.2.4
                                      Feb 19, 2025 23:07:50.447945118 CET49753443192.168.2.4142.250.185.100
                                      Feb 19, 2025 23:07:50.452768087 CET49753443192.168.2.4142.250.185.100
                                      Feb 19, 2025 23:07:50.452835083 CET44349753142.250.185.100192.168.2.4
                                      Feb 19, 2025 23:07:50.505506039 CET49753443192.168.2.4142.250.185.100
                                      Feb 19, 2025 23:07:50.505533934 CET44349753142.250.185.100192.168.2.4
                                      Feb 19, 2025 23:07:50.552381992 CET49753443192.168.2.4142.250.185.100
                                      Feb 19, 2025 23:07:51.850905895 CET4975780192.168.2.42.23.197.184
                                      Feb 19, 2025 23:07:51.856164932 CET80497572.23.197.184192.168.2.4
                                      Feb 19, 2025 23:07:51.856226921 CET4975780192.168.2.42.23.197.184
                                      Feb 19, 2025 23:07:51.856364012 CET4975780192.168.2.42.23.197.184
                                      Feb 19, 2025 23:07:51.861394882 CET80497572.23.197.184192.168.2.4
                                      Feb 19, 2025 23:07:52.503046036 CET80497572.23.197.184192.168.2.4
                                      Feb 19, 2025 23:07:52.503061056 CET80497572.23.197.184192.168.2.4
                                      Feb 19, 2025 23:07:52.503112078 CET4975780192.168.2.42.23.197.184
                                      Feb 19, 2025 23:08:00.382841110 CET44349753142.250.185.100192.168.2.4
                                      Feb 19, 2025 23:08:00.382903099 CET44349753142.250.185.100192.168.2.4
                                      Feb 19, 2025 23:08:00.383030891 CET49753443192.168.2.4142.250.185.100
                                      Feb 19, 2025 23:08:01.805098057 CET49753443192.168.2.4142.250.185.100
                                      Feb 19, 2025 23:08:01.805176020 CET44349753142.250.185.100192.168.2.4
                                      Feb 19, 2025 23:08:02.831897974 CET4975780192.168.2.42.23.197.184
                                      Feb 19, 2025 23:08:04.388541937 CET5255653192.168.2.4162.159.36.2
                                      Feb 19, 2025 23:08:04.393613100 CET5352556162.159.36.2192.168.2.4
                                      Feb 19, 2025 23:08:04.393682003 CET5255653192.168.2.4162.159.36.2
                                      Feb 19, 2025 23:08:04.398703098 CET5352556162.159.36.2192.168.2.4
                                      Feb 19, 2025 23:08:04.875303984 CET5255653192.168.2.4162.159.36.2
                                      Feb 19, 2025 23:08:04.880748987 CET5352556162.159.36.2192.168.2.4
                                      Feb 19, 2025 23:08:04.880812883 CET5255653192.168.2.4162.159.36.2
                                      Feb 19, 2025 23:08:49.827038050 CET52709443192.168.2.4142.250.186.36
                                      Feb 19, 2025 23:08:49.827060938 CET44352709142.250.186.36192.168.2.4
                                      Feb 19, 2025 23:08:49.827327967 CET52709443192.168.2.4142.250.186.36
                                      Feb 19, 2025 23:08:49.827488899 CET52709443192.168.2.4142.250.186.36
                                      Feb 19, 2025 23:08:49.827502012 CET44352709142.250.186.36192.168.2.4
                                      Feb 19, 2025 23:08:50.471271038 CET44352709142.250.186.36192.168.2.4
                                      Feb 19, 2025 23:08:50.471620083 CET52709443192.168.2.4142.250.186.36
                                      Feb 19, 2025 23:08:50.471632957 CET44352709142.250.186.36192.168.2.4
                                      Feb 19, 2025 23:08:50.472309113 CET44352709142.250.186.36192.168.2.4
                                      Feb 19, 2025 23:08:50.472733974 CET52709443192.168.2.4142.250.186.36
                                      Feb 19, 2025 23:08:50.472825050 CET44352709142.250.186.36192.168.2.4
                                      Feb 19, 2025 23:08:50.521028996 CET52709443192.168.2.4142.250.186.36
                                      Feb 19, 2025 23:09:00.414359093 CET44352709142.250.186.36192.168.2.4
                                      Feb 19, 2025 23:09:00.414417028 CET44352709142.250.186.36192.168.2.4
                                      Feb 19, 2025 23:09:00.414460897 CET52709443192.168.2.4142.250.186.36
                                      Feb 19, 2025 23:09:01.804234028 CET52709443192.168.2.4142.250.186.36
                                      Feb 19, 2025 23:09:01.804270983 CET44352709142.250.186.36192.168.2.4
                                      Feb 19, 2025 23:09:49.884581089 CET52829443192.168.2.4142.250.186.36
                                      Feb 19, 2025 23:09:49.884696007 CET44352829142.250.186.36192.168.2.4
                                      Feb 19, 2025 23:09:49.884860992 CET52829443192.168.2.4142.250.186.36
                                      Feb 19, 2025 23:09:49.885628939 CET52829443192.168.2.4142.250.186.36
                                      Feb 19, 2025 23:09:49.885667086 CET44352829142.250.186.36192.168.2.4
                                      Feb 19, 2025 23:09:50.519121885 CET44352829142.250.186.36192.168.2.4
                                      Feb 19, 2025 23:09:50.519517899 CET52829443192.168.2.4142.250.186.36
                                      Feb 19, 2025 23:09:50.519584894 CET44352829142.250.186.36192.168.2.4
                                      Feb 19, 2025 23:09:50.519886017 CET44352829142.250.186.36192.168.2.4
                                      Feb 19, 2025 23:09:50.520169973 CET52829443192.168.2.4142.250.186.36
                                      Feb 19, 2025 23:09:50.520235062 CET44352829142.250.186.36192.168.2.4
                                      Feb 19, 2025 23:09:50.568171978 CET52829443192.168.2.4142.250.186.36
                                      Feb 19, 2025 23:10:00.430219889 CET44352829142.250.186.36192.168.2.4
                                      Feb 19, 2025 23:10:00.430383921 CET44352829142.250.186.36192.168.2.4
                                      Feb 19, 2025 23:10:00.430565119 CET52829443192.168.2.4142.250.186.36
                                      Feb 19, 2025 23:10:01.805250883 CET52829443192.168.2.4142.250.186.36
                                      Feb 19, 2025 23:10:01.805321932 CET44352829142.250.186.36192.168.2.4

                                      UDP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Feb 19, 2025 23:07:45.252387047 CET53503231.1.1.1192.168.2.4
                                      Feb 19, 2025 23:07:45.301294088 CET5378553192.168.2.41.1.1.1
                                      Feb 19, 2025 23:07:45.301469088 CET5898253192.168.2.41.1.1.1
                                      Feb 19, 2025 23:07:45.309348106 CET53537851.1.1.1192.168.2.4
                                      Feb 19, 2025 23:07:45.312330008 CET53589821.1.1.1192.168.2.4
                                      Feb 19, 2025 23:07:45.325282097 CET53564221.1.1.1192.168.2.4
                                      Feb 19, 2025 23:07:46.441421032 CET53491791.1.1.1192.168.2.4
                                      Feb 19, 2025 23:07:47.302737951 CET6134753192.168.2.41.1.1.1
                                      Feb 19, 2025 23:07:47.303055048 CET5398353192.168.2.41.1.1.1
                                      Feb 19, 2025 23:07:47.322026968 CET53539831.1.1.1192.168.2.4
                                      Feb 19, 2025 23:07:47.322416067 CET53613471.1.1.1192.168.2.4
                                      Feb 19, 2025 23:07:49.759150982 CET5486753192.168.2.41.1.1.1
                                      Feb 19, 2025 23:07:49.759329081 CET5354253192.168.2.41.1.1.1
                                      Feb 19, 2025 23:07:49.812902927 CET53535421.1.1.1192.168.2.4
                                      Feb 19, 2025 23:07:49.812920094 CET53548671.1.1.1192.168.2.4
                                      Feb 19, 2025 23:07:50.325123072 CET138138192.168.2.4192.168.2.255
                                      Feb 19, 2025 23:07:51.839428902 CET5928553192.168.2.41.1.1.1
                                      Feb 19, 2025 23:07:51.847110987 CET53592851.1.1.1192.168.2.4
                                      Feb 19, 2025 23:08:03.530103922 CET53637951.1.1.1192.168.2.4
                                      Feb 19, 2025 23:08:04.387967110 CET5350206162.159.36.2192.168.2.4
                                      Feb 19, 2025 23:08:04.913352966 CET6201253192.168.2.41.1.1.1
                                      Feb 19, 2025 23:08:04.922967911 CET53620121.1.1.1192.168.2.4
                                      Feb 19, 2025 23:08:49.818835974 CET5728653192.168.2.41.1.1.1
                                      Feb 19, 2025 23:08:49.825931072 CET53572861.1.1.1192.168.2.4
                                      Feb 19, 2025 23:09:06.287350893 CET5865353192.168.2.41.1.1.1
                                      Feb 19, 2025 23:09:06.294646025 CET53586531.1.1.1192.168.2.4

                                      DNS Queries

                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                      Feb 19, 2025 23:07:45.301294088 CET192.168.2.41.1.1.10xbf78Standard query (0)zpr.ioA (IP address)IN (0x0001)false
                                      Feb 19, 2025 23:07:45.301469088 CET192.168.2.41.1.1.10x96c3Standard query (0)zpr.io65IN (0x0001)false
                                      Feb 19, 2025 23:07:47.302737951 CET192.168.2.41.1.1.10x35edStandard query (0)zpr.ioA (IP address)IN (0x0001)false
                                      Feb 19, 2025 23:07:47.303055048 CET192.168.2.41.1.1.10x1458Standard query (0)zpr.io65IN (0x0001)false
                                      Feb 19, 2025 23:07:49.759150982 CET192.168.2.41.1.1.10xb504Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                      Feb 19, 2025 23:07:49.759329081 CET192.168.2.41.1.1.10x7beeStandard query (0)www.google.com65IN (0x0001)false
                                      Feb 19, 2025 23:07:51.839428902 CET192.168.2.41.1.1.10x31cStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                                      Feb 19, 2025 23:08:04.913352966 CET192.168.2.41.1.1.10x8270Standard query (0)171.39.242.20.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                      Feb 19, 2025 23:08:49.818835974 CET192.168.2.41.1.1.10xdc74Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                      Feb 19, 2025 23:09:06.287350893 CET192.168.2.41.1.1.10xdf90Standard query (0)www.google.comA (IP address)IN (0x0001)false

                                      DNS Answers

                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                      Feb 19, 2025 23:07:45.309348106 CET1.1.1.1192.168.2.40xbf78No error (0)zpr.io44.216.228.147A (IP address)IN (0x0001)false
                                      Feb 19, 2025 23:07:45.309348106 CET1.1.1.1192.168.2.40xbf78No error (0)zpr.io54.163.147.21A (IP address)IN (0x0001)false
                                      Feb 19, 2025 23:07:45.309348106 CET1.1.1.1192.168.2.40xbf78No error (0)zpr.io52.54.122.121A (IP address)IN (0x0001)false
                                      Feb 19, 2025 23:07:47.322416067 CET1.1.1.1192.168.2.40x35edNo error (0)zpr.io100.27.146.46A (IP address)IN (0x0001)false
                                      Feb 19, 2025 23:07:47.322416067 CET1.1.1.1192.168.2.40x35edNo error (0)zpr.io50.19.210.240A (IP address)IN (0x0001)false
                                      Feb 19, 2025 23:07:47.322416067 CET1.1.1.1192.168.2.40x35edNo error (0)zpr.io52.54.214.157A (IP address)IN (0x0001)false
                                      Feb 19, 2025 23:07:49.812902927 CET1.1.1.1192.168.2.40x7beeNo error (0)www.google.com65IN (0x0001)false
                                      Feb 19, 2025 23:07:49.812920094 CET1.1.1.1192.168.2.40xb504No error (0)www.google.com142.250.185.100A (IP address)IN (0x0001)false
                                      Feb 19, 2025 23:07:51.847110987 CET1.1.1.1192.168.2.40x31cNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                      Feb 19, 2025 23:07:51.847110987 CET1.1.1.1192.168.2.40x31cNo error (0)crl.root-x1.letsencrypt.org.edgekey.nete8652.dscx.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                                      Feb 19, 2025 23:07:51.847110987 CET1.1.1.1192.168.2.40x31cNo error (0)e8652.dscx.akamaiedge.net2.23.197.184A (IP address)IN (0x0001)false
                                      Feb 19, 2025 23:08:04.922967911 CET1.1.1.1192.168.2.40x8270Name error (3)171.39.242.20.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                      Feb 19, 2025 23:08:49.825931072 CET1.1.1.1192.168.2.40xdc74No error (0)www.google.com142.250.186.36A (IP address)IN (0x0001)false
                                      Feb 19, 2025 23:09:06.294646025 CET1.1.1.1192.168.2.40xdf90No error (0)www.google.com142.250.186.132A (IP address)IN (0x0001)false

                                      HTTP Request Dependency Graph

                                      • zpr.io
                                      • https:
                                      • x1.i.lencr.org

                                      HTTP Packets

                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      0192.168.2.4497572.23.197.184807740C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      TimestampBytes transferredDirectionData
                                      Feb 19, 2025 23:07:51.856364012 CET115OUTGET / HTTP/1.1
                                      Connection: Keep-Alive
                                      Accept: */*
                                      User-Agent: Microsoft-CryptoAPI/10.0
                                      Host: x1.i.lencr.org
                                      Feb 19, 2025 23:07:52.503046036 CET1236INHTTP/1.1 200 OK
                                      Server: nginx
                                      Content-Type: application/pkix-cert
                                      Last-Modified: Fri, 04 Aug 2023 20:57:56 GMT
                                      ETag: "64cd6654-56f"
                                      Content-Disposition: attachment; filename="ISRG Root X1.der"
                                      Cache-Control: max-age=26738
                                      Expires: Thu, 20 Feb 2025 05:33:30 GMT
                                      Date: Wed, 19 Feb 2025 22:07:52 GMT
                                      Content-Length: 1391
                                      Connection: keep-alive
                                      Data Raw: 30 82 05 6b 30 82 03 53 a0 03 02 01 02 02 11 00 82 10 cf b0 d2 40 e3 59 44 63 e0 bb 63 82 8b 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 1e 17 0d 31 35 30 36 30 34 31 31 30 34 33 38 5a 17 0d 33 35 30 36 30 34 31 31 30 34 33 38 5a 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 ad e8 24 73 f4 14 37 f3 9b 9e 2b 57 28 1c 87 be dc b7 df 38 90 8c 6e 3c e6 57 a0 78 f7 75 c2 a2 fe f5 6a 6e f6 00 4f 28 db de 68 86 6c 44 93 b6 b1 63 fd 14 12 6b bf 1f d2 ea 31 9b 21 7e d1 33 [TRUNCATED]
                                      Data Ascii: 0k0S@YDcc0*H0O10UUS1)0'U Internet Security Research Group10UISRG Root X10150604110438Z350604110438Z0O10UUS1)0'U Internet Security Research Group10UISRG Root X10"0*H0$s7+W(8n<WxujnO(hlDck1!~3<Hy!KqiJffl~<p)"K~G|H#S8Oo.IWt/8{p!u0<cOK~w.{JL%p)S$J?aQcq.o[\4ylv;by/&676urI*Av5/(ldwnG7Y^hrA)>Y>&$ZL@F:Qn;}rxY>Qx/>{JKsP|Ctt0[q600\H;}`)A|;FH*vvj=8d+(B"']ypN:'Qnd3COB0@0U0U00UyY{sXn0*HUX
                                      Feb 19, 2025 23:07:52.503061056 CET509INData Raw: a9 bc b2 a8 50 d0 0c b1 d8 1a 69 20 27 29 08 ac 61 75 5c 8a 6e f8 82 e5 69 2f d5 f6 56 4b b9 b8 73 10 59 d3 21 97 7e e7 4c 71 fb b2 d2 60 ad 39 a8 0b ea 17 21 56 85 f1 50 0e 59 eb ce e0 59 e9 ba c9 15 ef 86 9d 8f 84 80 f6 e4 e9 91 90 dc 17 9b 62
                                      Data Ascii: Pi ')au\ni/VKsY!~Lq`9!VPYYbEf|o;'}~"+"4[XT&3L-<W,N;1"ss993#L<U)"k;W:pMMl]+NEJ&rj


                                      HTTPS Proxied Packets

                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      0192.168.2.44974044.216.228.1474438220C:\Program Files\Google\Chrome\Application\chrome.exe
                                      TimestampBytes transferredDirectionData
                                      2025-02-19 22:07:45 UTC661OUTGET /xr2yxXN4DCYD HTTP/1.1
                                      Host: zpr.io
                                      Connection: keep-alive
                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                      sec-ch-ua-mobile: ?0
                                      sec-ch-ua-platform: "Windows"
                                      Upgrade-Insecure-Requests: 1
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                      Sec-Fetch-Site: none
                                      Sec-Fetch-Mode: navigate
                                      Sec-Fetch-User: ?1
                                      Sec-Fetch-Dest: document
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      2025-02-19 22:07:46 UTC127INHTTP/1.1 200 OK
                                      Date: Wed, 19 Feb 2025 22:07:46 GMT
                                      Content-Type: application/json
                                      Content-Length: 31
                                      Connection: close
                                      2025-02-19 22:07:46 UTC31INData Raw: 7b 22 65 72 72 6f 72 22 3a 22 6e 6f 20 6c 69 6e 6b 20 66 6f 75 6e 64 21 20 3a 2d 28 22 7d 0a
                                      Data Ascii: {"error":"no link found! :-("}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      1192.168.2.44974644.216.228.1474438220C:\Program Files\Google\Chrome\Application\chrome.exe
                                      TimestampBytes transferredDirectionData
                                      2025-02-19 22:07:47 UTC580OUTGET /favicon.ico HTTP/1.1
                                      Host: zpr.io
                                      Connection: keep-alive
                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                      sec-ch-ua-mobile: ?0
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                      sec-ch-ua-platform: "Windows"
                                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                      Sec-Fetch-Site: same-origin
                                      Sec-Fetch-Mode: no-cors
                                      Sec-Fetch-Dest: image
                                      Referer: https://zpr.io/xr2yxXN4DCYD
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      2025-02-19 22:07:47 UTC127INHTTP/1.1 200 OK
                                      Date: Wed, 19 Feb 2025 22:07:47 GMT
                                      Content-Type: application/json
                                      Content-Length: 31
                                      Connection: close
                                      2025-02-19 22:07:47 UTC31INData Raw: 7b 22 65 72 72 6f 72 22 3a 22 6e 6f 20 6c 69 6e 6b 20 66 6f 75 6e 64 21 20 3a 2d 28 22 7d 0a
                                      Data Ascii: {"error":"no link found! :-("}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      2192.168.2.449748100.27.146.464438220C:\Program Files\Google\Chrome\Application\chrome.exe
                                      TimestampBytes transferredDirectionData
                                      2025-02-19 22:07:48 UTC341OUTGET /favicon.ico HTTP/1.1
                                      Host: zpr.io
                                      Connection: keep-alive
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                      Accept: */*
                                      Sec-Fetch-Site: none
                                      Sec-Fetch-Mode: cors
                                      Sec-Fetch-Dest: empty
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      2025-02-19 22:07:48 UTC127INHTTP/1.1 200 OK
                                      Date: Wed, 19 Feb 2025 22:07:48 GMT
                                      Content-Type: application/json
                                      Content-Length: 31
                                      Connection: close
                                      2025-02-19 22:07:48 UTC31INData Raw: 7b 22 65 72 72 6f 72 22 3a 22 6e 6f 20 6c 69 6e 6b 20 66 6f 75 6e 64 21 20 3a 2d 28 22 7d 0a
                                      Data Ascii: {"error":"no link found! :-("}


                                      Statistics

                                      CPU Usage

                                      Click to jump to process

                                      Memory Usage

                                      Click to jump to process

                                      High Level Behavior Distribution

                                      Click to dive into process behavior distribution

                                      Behavior

                                      Click to jump to process

                                      System Behavior

                                      General

                                      Target ID:0
                                      Start time:17:07:38
                                      Start date:19/02/2025
                                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Review-Report-Scannable.pdf"
                                      Imagebase:0x7ff6bc1b0000
                                      File size:5'641'176 bytes
                                      MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      General

                                      Target ID:1
                                      Start time:17:07:38
                                      Start date:19/02/2025
                                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                      Imagebase:0x7ff74bb60000
                                      File size:3'581'912 bytes
                                      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      General

                                      Target ID:3
                                      Start time:17:07:39
                                      Start date:19/02/2025
                                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1512,i,9956858854306803330,8917847987877056085,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                      Imagebase:0x7ff74bb60000
                                      File size:3'581'912 bytes
                                      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      General

                                      Target ID:4
                                      Start time:17:07:41
                                      Start date:19/02/2025
                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://zpr.io/xr2yxXN4DCYD
                                      Imagebase:0x7ff76e190000
                                      File size:3'242'272 bytes
                                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:false

                                      General

                                      Target ID:5
                                      Start time:17:07:44
                                      Start date:19/02/2025
                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1988,i,6750101603013777856,15764434734045457411,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                      Imagebase:0x7ff76e190000
                                      File size:3'242'272 bytes
                                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:false

                                      Disassembly

                                      No disassembly