Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Peo Retention Memo Reff No2.pdf

Overview

General Information

Sample name:Peo Retention Memo Reff No2.pdf
Analysis ID:1637397
MD5:1b2827e4684f07345199e033b2cbda47
SHA1:af1f536a952a76d2a73862e36d88a29225ff2aeb
SHA256:253d84997f2141023ddd0b5a5cabee27153a393ac2f05f99a160f178b5e23ade
Infos:

Detection

Score:52
Range:0 - 100
Confidence:100%

Signatures

AI detected landing page (webpage, office document or email)
AI detected suspicious URL
Suspicious PDF detected (based on various text indicators)
Creates files inside the system directory
Deletes files inside the Windows folder
HTML page contains hidden javascript code
IP address seen in connection with other malware

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 8592 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Peo Retention Memo Reff No2.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 8780 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 9028 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2252 --field-trial-handle=1604,i,694957018260659851,10963411568758228945,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • chrome.exe (PID: 8988 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://microsodt.gribed.com/?uaanderson@peo.on.ca MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 7072 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2040,i,17943941093483786729,4358705279315839112,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2060 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 9848 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2040,i,17943941093483786729,4358705279315839112,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4780 /prefetch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected landing page (webpage, office document or email)
Source: PDF documentJoe Sandbox AI: PDF document contains QR code
AI detected suspicious URL
Source: https://microsodt.gribed.comJoe Sandbox AI: The URL 'microsodt.gribed.com' appears to be a typosquatting attempt targeting the well-known brand 'Microsoft'. The primary domain 'microsodt' is visually similar to 'microsoft', with the substitution of 'd' for 'f', which could easily confuse users. The use of a subdomain 'gribed.com' does not suggest a legitimate purpose and does not appear to be associated with any known marketing campaigns or legitimate uses related to Microsoft. The structural similarity and the potential for user confusion due to the character substitution contribute to a high likelihood of this being a typosquatting attempt.
Suspicious PDF detected (based on various text indicators)
Source: Adobe Acrobat PDFOCR Text: Professional Engineers Ontario Human Resources/PayroII Department shared Employee Retention Agreement, Bonus & Increment Strategy e-Sign Memo With You Aanderson Please use your smartphone camera to scan the QR code below for quick access to your document for review. Complete: Professional Engineers Ontario 2025 Employee Retention Agreement, Bonus & Increment Strategy e-Sign Today DATE: 13/Mar/2025 Do Not Share This Email This email contains a secure link to DocuSign. Please do not share this email link or access code with others. About DocuSign Sign documents electronically in just minutes. It's safe, secure, and legally binding. Whether you're in an office, at home, on-the-go, or even across the globe, DocuSign provides a professional trusted solution for Digital Transaction Management. Questions about the Document? If you need to modify the document or have questions about the details, please contact the sender by replying to this email. Please refrain from sharing this email, as it includes a secure link to our SharePoint platform. We appreciate your cooperation in maintaining security and confidentiality by not disclosing this link or its access code to others. You're accessing sensitive information, kindly verify your password to complete verifications process.
Source: https://microsodt.gribed.com/?uaanderson@peo.on.caHTTP Parser: Base64 decoded: a[href="http://www.salidzini.lv/"][style="display: block; width: 120px; height: 40px; overflow: hidden; position: relative;"]
Source: https://microsodt.gribed.com/?uaanderson@peo.on.caHTTP Parser: No favicon
Source: https://microsodt.gribed.com/?uaanderson@peo.on.caHTTP Parser: No favicon
Source: https://microsodt.gribed.com/?uaanderson@peo.on.caHTTP Parser: No favicon
Source: Joe Sandbox ViewIP Address: 1.1.1.1 1.1.1.1
Source: Joe Sandbox ViewIP Address: 23.217.172.185 23.217.172.185
Source: chromecache_203.4.dr, chromecache_219.4.drString found in binary or memory: https://cloud.google.com/contact
Source: chromecache_203.4.dr, chromecache_219.4.drString found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: chromecache_203.4.dr, chromecache_219.4.drString found in binary or memory: https://cloud.google.com/recaptcha/docs/troubleshoot-recaptcha-issues#automated-query-error
Source: chromecache_203.4.dr, chromecache_219.4.drString found in binary or memory: https://cloud.google.com/recaptcha/docs/troubleshoot-recaptcha-issues#localhost-error
Source: chromecache_203.4.dr, chromecache_219.4.drString found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_219.4.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_219.4.drString found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_203.4.dr, chromecache_219.4.drString found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_203.4.dr, chromecache_219.4.drString found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_203.4.dr, chromecache_219.4.drString found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_203.4.dr, chromecache_219.4.dr, chromecache_208.4.drString found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_203.4.dr, chromecache_219.4.drString found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/J79K9xgfxwT6Syzx-UyWdD89/recaptcha__.
Source: chromecache_213.4.dr, chromecache_208.4.drString found in binary or memory: https://www.gstatic.com/recaptcha/releases/J79K9xgfxwT6Syzx-UyWdD89/recaptcha__en.js
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir8988_793659252Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir8988_793659252Jump to behavior
Source: classification engineClassification label: mal52.phis.winPDF@42/63@0/8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-03-13 10-49-14-429.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Peo Retention Memo Reff No2.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://microsodt.gribed.com/?uaanderson@peo.on.ca
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2252 --field-trial-handle=1604,i,694957018260659851,10963411568758228945,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2040,i,17943941093483786729,4358705279315839112,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2060 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2040,i,17943941093483786729,4358705279315839112,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4780 /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2252 --field-trial-handle=1604,i,694957018260659851,10963411568758228945,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2040,i,17943941093483786729,4358705279315839112,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2060 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2040,i,17943941093483786729,4358705279315839112,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4780 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Peo Retention Memo Reff No2.pdfInitial sample: PDF keyword /JS count = 0
Source: Peo Retention Memo Reff No2.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: Peo Retention Memo Reff No2.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: Peo Retention Memo Reff No2.pdfInitial sample: PDF keyword obj count = 64
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation2
Browser Extensions		1
Process Injection		11
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1637397 Sample: Peo Retention Memo Reff No2.pdf Startdate: 13/03/2025 Architecture: WINDOWS Score: 52 32 Suspicious PDF detected (based on various text indicators) 2->32 34 AI detected suspicious URL 2->34 36 AI detected landing page (webpage, office document or email) 2->36 7 chrome.exe 2 2->7         started        10 Acrobat.exe 17 64 2->10         started        process3 dnsIp4 24 192.168.2.17 unknown unknown 7->24 12 chrome.exe 7->12         started        15 chrome.exe 7->15         started        17 AcroCEF.exe 105 10->17         started        process5 dnsIp6 26 142.250.186.132 GOOGLEUS United States 12->26 28 142.250.186.68 GOOGLEUS United States 12->28 30 4 other IPs or domains 12->30 19 AcroCEF.exe 4 17->19         started        process7 dnsIp8 22 23.217.172.185 AKAMAI-ASUS United States 19->22

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://www.gstatic.c..?/recaptcha/releases/J79K9xgfxwT6Syzx-UyWdD89/recaptcha__.0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

Contacted URLs

NameMaliciousAntivirus DetectionReputation
https://microsodt.gribed.com/?uaanderson@peo.on.catrue
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://www.gstatic.c..?/recaptcha/releases/J79K9xgfxwT6Syzx-UyWdD89/recaptcha__.chromecache_203.4.dr, chromecache_219.4.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://play.google.com/log?format=json&hasfast=truechromecache_219.4.drfalse
      		high
      https://cloud.google.com/recaptcha/docs/troubleshoot-recaptcha-issues#localhost-errorchromecache_203.4.dr, chromecache_219.4.drfalse
        		high
        https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-recachromecache_203.4.dr, chromecache_219.4.drfalse
          		high
          https://support.google.com/recaptcha/#6175971chromecache_203.4.dr, chromecache_219.4.drfalse
            		high
            https://support.google.com/recaptcha#6262736chromecache_203.4.dr, chromecache_219.4.drfalse
              		high
              https://cloud.google.com/recaptcha-enterprise/billing-informationchromecache_203.4.dr, chromecache_219.4.drfalse
                		high
                https://cloud.google.com/recaptcha/docs/troubleshoot-recaptcha-issues#automated-query-errorchromecache_203.4.dr, chromecache_219.4.drfalse
                  		high
                  https://www.google.com/recaptcha/api2/chromecache_203.4.dr, chromecache_219.4.dr, chromecache_208.4.drfalse
                    		high
                    https://support.google.com/recaptcha/?hl=en#6223828chromecache_203.4.dr, chromecache_219.4.drfalse
                      		high
                      https://cloud.google.com/contactchromecache_203.4.dr, chromecache_219.4.drfalse
                        		high
                        https://support.google.com/recaptchachromecache_219.4.drfalse
                          		high

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          142.250.186.68
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          142.250.186.132
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          172.235.37.241
                          		unknownUnited States
                          		20940AKAMAI-ASN1EUfalse
                          1.1.1.1
                          		unknownAustralia
                          		13335CLOUDFLARENETUSfalse
                          23.217.172.185
                          		unknownUnited States
                          		16625AKAMAI-ASUSfalse
                          172.217.16.196
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          172.217.16.132
                          		unknownUnited States
                          		15169GOOGLEUSfalse

                          Private

                          IP
                          192.168.2.17

                          General Information

                          Joe Sandbox version:42.0.0 Malachite
                          Analysis ID:1637397
                          Start date and time:2025-03-13 15:48:13 +01:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:0h 5m 37s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:defaultwindowspdfcookbook.jbs
                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                          Number of analysed new started processes analysed:20
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Sample name:Peo Retention Memo Reff No2.pdf
                          Detection:MAL
                          Classification:mal52.phis.winPDF@42/63@0/8
                          EGA Information:Failed
                          HCA Information:
                          • Successful, ratio: 100%
                          • Number of executed functions: 0
                          • Number of non-executed functions: 0
                          Cookbook Comments:
                          • Found application associated with file extension: .pdf
                          • Found PDF document
                          • Close Viewer

                          Warnings

                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                          • Excluded IPs from analysis (whitelisted): 142.250.185.78, 142.250.184.195, 142.250.184.206, 108.177.15.84, 172.64.41.3, 162.159.61.3, 2.18.96.131, 142.250.185.110, 172.217.16.206, 2.22.242.123, 2.22.242.11, 23.57.90.74, 23.57.90.73, 23.57.90.75, 23.57.90.78, 23.57.90.79, 23.57.90.70, 23.57.90.69, 192.168.2.5, 142.250.185.142, 172.217.18.14, 142.250.184.238, 216.58.206.67, 142.250.184.202, 142.250.185.138, 142.250.185.202, 142.250.186.138, 142.250.185.74, 172.217.18.10, 142.250.186.170, 142.250.181.234, 142.250.184.234, 172.217.16.202, 142.250.185.170, 216.58.206.74, 142.250.186.74, 216.58.206.42, 172.217.16.138, 142.250.185.106, 172.217.16.131, 142.250.185.163, 142.250.185.99, 216.58.212.163, 74.125.206.84, 142.250.186.110, 142.250.186.163, 216.58.206.78, 142.250.185.174, 142.250.186.46, 64.233.184.84, 142.250.186.142, 172.217.18.110, 142.250.81.238, 74.125.7.136, 142.250.186.99, 142.250.186.67, 142.250.181.227, 3.233.129.217, 4.175.87.197
                          • Excluded domains from analysis (whitelisted): chrome.cloudflare-dns.com, e4578.dscg.akamaiedge.net, slscr.update.microsoft.com, clientservices.googleapis.com, g.bing.com, acroipm2.adobe.com, r3---sn-hp57yns7.gvt1.com, dns.msftncsi.com, clients2.google.com, redirector.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, www.gstatic.com, clients1.google.com, accounts.google.com, content-autofill.googleapis.com, acroipm2.adobe.com.edgesuite.net, fonts.gstatic.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, r3.sn-hp57yns7.gvt1.com, clients.l.google.com, geo2.adobe.com
                          • Not all processes where analyzed, report is missing behavior information
                          • Report size getting too big, too many NtOpenFile calls found.

                          Simulations

                          Behavior and APIs

                          No simulations

                          QR Codes

                          SourceURL
                          Screenshothttps://microsodt.gribed.com/?uaanderson@peo.on.ca

                          Joe Sandbox View / Context

                          IPs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          1.1.1.1watchdog.elfGet hashmaliciousXmrigBrowse
                          • 1.1.1.1:8080/
                          6fW0GedR6j.xlsGet hashmaliciousUnknownBrowse
                          • 1.1.1.1/ctrl/playback.php
                          PO-230821_pdf.exeGet hashmaliciousFormBook, NSISDropperBrowse
                          • www.974dp.com/sn26/?kJBLpb8=qaEGeuQorcUQurUZCuE8d9pas+Z0M0brqtX248JBolEfq8j8F1R9i1jKZexhxY54UlRG&ML0tl=NZlpi
                          AFfv8HpACF.exeGet hashmaliciousUnknownBrowse
                          • 1.1.1.1/
                          23.217.172.185Dsyhre- approved on Wednesday March 2025.pdfGet hashmaliciousGabagoolBrowse
                            https://garfieldthecat.tech/Receipt.htmlGet hashmaliciousWinSearchAbuseBrowse
                              FW_ _Reminder_ Membership Credit Verification - TPIS Industrial Services_ LLC.msgGet hashmaliciousUnknownBrowse
                                8347392490280.pdfGet hashmaliciousKnowBe4, PDFPhishBrowse
                                  Isabella County Emergency Management-protected.pdfGet hashmaliciousHTMLPhisherBrowse
                                    QuarantineMessage.zipGet hashmaliciousUnknownBrowse
                                      b.pdfGet hashmaliciousUnknownBrowse
                                        20240930_185453_p1uYhraXAa8FqoQDzs1lqwv0Fp3NVQrL.emlGet hashmaliciousGRQ ScamBrowse
                                          https://media.thesocialpresskit.com/american-bankers-association/BNAT2024PrintablesPostcard2.zipGet hashmaliciousUnknownBrowse
                                            original (3).emlGet hashmaliciousUnknownBrowse

                                              Domains

                                              No context

                                              ASNs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              CLOUDFLARENETUSNotice Letter 2025 03 12 02930920.docs.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                              • 104.21.16.1
                                              https://auth.microsites.m-atelier.cz/redir?url=https://telegra.ph/Charlotte-Reeves-03-13&data=05%7C02%7Cteat@test.com%7Cf85134ec55e24fa0741708dd623d50ea%7C22def1f7e945453d836bda7282c42443%7C0%7C0%7C638774737677482831%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ==%7C0%7C%7C%7C&sdata=AFWlQKGCYsB3szoYr99UdtJsHEuv5b0KPmvHih+dvhk=&reserved=0Get hashmaliciousUnknownBrowse
                                              • 104.18.95.41
                                              https://app.storylane.io/share/bq4ugmizxawqGet hashmaliciousInvisible JS, Tycoon2FABrowse
                                              • 104.21.82.118
                                              Copy of Cheque.htmlGet hashmaliciousKnowBe4Browse
                                              • 104.17.245.203
                                              http://insprocks.com/Insprock289.exeGet hashmaliciousUnknownBrowse
                                              • 104.21.16.1
                                              https://zcmp-semi.maillist-manage.jp/click/11ed2c6aa12966a/11ed2c6aa12ae03Get hashmaliciousUnknownBrowse
                                              • 104.17.25.14
                                              https://llttfr.boa.ink/?fr=gemma.inglis@heritageportfolio.co.ukGet hashmaliciousUnknownBrowse
                                              • 104.18.186.31
                                              nvtoaldlrg.exeGet hashmaliciousLummaC StealerBrowse
                                              • 104.21.80.1
                                              kmtsefjtjha.exeGet hashmaliciousLummaC StealerBrowse
                                              • 188.114.97.3
                                              https://zcmp-semi.maillist-manage.jp/click/11ed2c6aa12966a/11ed2c6aa12ae03Get hashmaliciousUnknownBrowse
                                              • 104.17.24.14
                                              AKAMAI-ASUSnvtoaldlrg.exeGet hashmaliciousLummaC StealerBrowse
                                              • 104.73.234.102
                                              7ZSfxMod_x86.exeGet hashmaliciousGamaredon, UltraVNCBrowse
                                              • 2.19.105.127
                                              http://observalgerie.comGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                              • 23.57.19.78
                                              https://scuddlecakevgzg.cfd/d7p96sGet hashmaliciousUnknownBrowse
                                              • 2.19.105.89
                                              New_Voicemail_Peterborough_.htmlGet hashmaliciousHTMLPhisherBrowse
                                              • 92.123.12.9
                                              New_Voicemail_ Peterborough_.htmlGet hashmaliciousHTMLPhisherBrowse
                                              • 92.123.12.11
                                              https://test.novanotes.de/Get hashmaliciousUnknownBrowse
                                              • 104.73.230.208
                                              https://parta-doc.surge.sh/connexion.htmlGet hashmaliciousUnknownBrowse
                                              • 23.192.243.7
                                              https://pub-a75ffa45639b4a91a804d5a002f48c9d.r2.dev/signs.htmlGet hashmaliciousHTMLPhisherBrowse
                                              • 2.19.122.200
                                              https://allegrolokalnie.pl-745667434.icu/dostawa/pilarka-stihl-ms-362-cm---jak-nowa-970323Get hashmaliciousHTMLPhisherBrowse
                                              • 104.73.230.208
                                              AKAMAI-ASN1EUBank_Statement.htmlGet hashmaliciousHTMLPhisherBrowse
                                              • 2.18.98.164
                                              https://forms.office.com/e/pnG8K1BDnsGet hashmaliciousInvisible JS, Tycoon2FABrowse
                                              • 2.22.89.48
                                              FW New Login on Your ScreenConnect Instance.msgGet hashmaliciousUnknownBrowse
                                              • 88.221.110.227
                                              script5.ps1Get hashmaliciousLummaC StealerBrowse
                                              • 23.197.127.21
                                              https://scuddlecakevgzg.cfd/d7p96sGet hashmaliciousUnknownBrowse
                                              • 2.19.96.249
                                              New_Voicemail_ Peterborough_.htmlGet hashmaliciousHTMLPhisherBrowse
                                              • 95.101.182.112
                                              https://test.novanotes.de/Get hashmaliciousUnknownBrowse
                                              • 2.18.96.221
                                              https://allegrolokalnie.pl-745667434.icu/dostawa/pilarka-stihl-ms-362-cm---jak-nowa-970323Get hashmaliciousHTMLPhisherBrowse
                                              • 2.22.242.136
                                              uy2g7z.batGet hashmaliciousUnknownBrowse
                                              • 2.16.164.49
                                              http://sg-adh7.vv.885210.xyz/Get hashmaliciousUnknownBrowse
                                              • 2.21.65.135

                                              JA3 Fingerprints

                                              No context

                                              Dropped Files

                                              No context

                                              Created / dropped Files

                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):294
                                              Entropy (8bit):5.201742504042203
                                              Encrypted:false
                                              SSDEEP:6:iOGP4UM+q2P92nKuAl9OmbnIFUtoP47ZmwCP4dllMVkwO92nKuAl9OmbjLJ:7GgUM+v4HAahFUtog7/CgdllMV5LHAae
                                              MD5:B4E396895BEF24A992A41140F645F256
                                              SHA1:8725161063F8BDD4382341AFE814833086D2FBE0
                                              SHA-256:BB71E364EB49FABB30847F3127E98BF9CA05A84F185743227D45F91DAAE969F8
                                              SHA-512:99504492D9E88B6526A666609B3F6386EE84F501D191C7A123E6EC33FE2139C85304B4CCF433E1B9359A803B9DC40C6E4D4DC4E36E647979CBDC76A1BB741B42
                                              Malicious:false
                                              Reputation:low
                                              Preview:2025/03/13-10:49:13.941 226c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/03/13-10:49:13.943 226c Recovering log #3.2025/03/13-10:49:13.944 226c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):294
                                              Entropy (8bit):5.201742504042203
                                              Encrypted:false
                                              SSDEEP:6:iOGP4UM+q2P92nKuAl9OmbnIFUtoP47ZmwCP4dllMVkwO92nKuAl9OmbjLJ:7GgUM+v4HAahFUtog7/CgdllMV5LHAae
                                              MD5:B4E396895BEF24A992A41140F645F256
                                              SHA1:8725161063F8BDD4382341AFE814833086D2FBE0
                                              SHA-256:BB71E364EB49FABB30847F3127E98BF9CA05A84F185743227D45F91DAAE969F8
                                              SHA-512:99504492D9E88B6526A666609B3F6386EE84F501D191C7A123E6EC33FE2139C85304B4CCF433E1B9359A803B9DC40C6E4D4DC4E36E647979CBDC76A1BB741B42
                                              Malicious:false
                                              Reputation:low
                                              Preview:2025/03/13-10:49:13.941 226c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/03/13-10:49:13.943 226c Recovering log #3.2025/03/13-10:49:13.944 226c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):338
                                              Entropy (8bit):5.206954213757683
                                              Encrypted:false
                                              SSDEEP:6:iOGP4rjIq2P92nKuAl9Ombzo2jMGIFUtoP4P0ZmwCP40WkwO92nKuAl9Ombzo2jz:7GgrjIv4HAa8uFUtogP0/Cgx5LHAa8RJ
                                              MD5:A2CA94B87474E6C107DAA0123FDBA2C1
                                              SHA1:5135D2D68AC5C06AC65F5A90074E6ACF8F20F4B2
                                              SHA-256:239B0051BE8649A5B7212467CEFC4D2E7787F0E64CDFBEAB41D270A847486A11
                                              SHA-512:69CF4B6B5219A59038A1D03542DA1C311547C5683EF2B3611B5468B6FD8612E648A6E5957DEF4CD3E6DA453A7B5D74D2F00DE28C4CBFD48A11F629474CF7EF8B
                                              Malicious:false
                                              Reputation:low
                                              Preview:2025/03/13-10:49:13.288 2364 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/03/13-10:49:13.294 2364 Recovering log #3.2025/03/13-10:49:13.295 2364 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):338
                                              Entropy (8bit):5.206954213757683
                                              Encrypted:false
                                              SSDEEP:6:iOGP4rjIq2P92nKuAl9Ombzo2jMGIFUtoP4P0ZmwCP40WkwO92nKuAl9Ombzo2jz:7GgrjIv4HAa8uFUtogP0/Cgx5LHAa8RJ
                                              MD5:A2CA94B87474E6C107DAA0123FDBA2C1
                                              SHA1:5135D2D68AC5C06AC65F5A90074E6ACF8F20F4B2
                                              SHA-256:239B0051BE8649A5B7212467CEFC4D2E7787F0E64CDFBEAB41D270A847486A11
                                              SHA-512:69CF4B6B5219A59038A1D03542DA1C311547C5683EF2B3611B5468B6FD8612E648A6E5957DEF4CD3E6DA453A7B5D74D2F00DE28C4CBFD48A11F629474CF7EF8B
                                              Malicious:false
                                              Reputation:low
                                              Preview:2025/03/13-10:49:13.288 2364 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/03/13-10:49:13.294 2364 Recovering log #3.2025/03/13-10:49:13.295 2364 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:JSON data
                                              Category:dropped
                                              Size (bytes):508
                                              Entropy (8bit):5.047195090775108
                                              Encrypted:false
                                              SSDEEP:12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+
                                              MD5:70321A46A77A3C2465E2F031754B3E06
                                              SHA1:5E7E713285D36F12ACFC68A34D8A34FD33C96B34
                                              SHA-256:344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248
                                              SHA-512:E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D
                                              Malicious:false
                                              Reputation:moderate, very likely benign file
                                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340988966329963","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF4bb45f.TMP (copy)

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:JSON data
                                              Category:dropped
                                              Size (bytes):508
                                              Entropy (8bit):5.047195090775108
                                              Encrypted:false
                                              SSDEEP:12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+
                                              MD5:70321A46A77A3C2465E2F031754B3E06
                                              SHA1:5E7E713285D36F12ACFC68A34D8A34FD33C96B34
                                              SHA-256:344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248
                                              SHA-512:E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D
                                              Malicious:false
                                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340988966329963","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\cc05927f-8e77-4e95-a9f6-ce1fda774e51.tmp

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:JSON data
                                              Category:modified
                                              Size (bytes):508
                                              Entropy (8bit):5.049626770656755
                                              Encrypted:false
                                              SSDEEP:12:YH/um3RA8sqCsBdOg2Hxcaq3QYiubxnP7E4TfF+:Y2sRdsidMHI3QYhbxP7np+
                                              MD5:E3143BF8208C2D7935DFDCA40505C272
                                              SHA1:A34C2EC7827F6433AE369C60A47F87EEA72DD40E
                                              SHA-256:E24E88CBADD8C9115E5B0EC782DFBF308AD1D0CBFB4586C128FED0B4B3604868
                                              SHA-512:FB0B4CB0BD33F76C0FDFAF4848442F39EFF77E9CC6900BBAD17265B68209F966F6DA19A61EB47D93338E15DB59D3277CCFC68B4BE9595695723AFC4318A745FA
                                              Malicious:false
                                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13386437363968545","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":189917},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\db905820-89eb-4563-8194-170d24b14b8d.tmp

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:JSON data
                                              Category:dropped
                                              Size (bytes):508
                                              Entropy (8bit):5.047195090775108
                                              Encrypted:false
                                              SSDEEP:12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+
                                              MD5:70321A46A77A3C2465E2F031754B3E06
                                              SHA1:5E7E713285D36F12ACFC68A34D8A34FD33C96B34
                                              SHA-256:344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248
                                              SHA-512:E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D
                                              Malicious:false
                                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340988966329963","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):4509
                                              Entropy (8bit):5.230497187248219
                                              Encrypted:false
                                              SSDEEP:96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUeJURu1P7uUZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLz
                                              MD5:382922EC0193F9F7F47C4736AEA86658
                                              SHA1:D070491805D03FCDBE19E3BC335917EA77B055D4
                                              SHA-256:C9C73CDB087BEDDD9832B0ED665C687C39DCF7C57AB85DD00B5F923DA64D72C1
                                              SHA-512:966EEA223E568DACC3FE7C40364B8697B30DA470D9F121645EB78F027ED4536484C787968CAFB32B537C01F4E4FD81B7E420E06D491F48AE2C54ADFA206EA877
                                              Malicious:false
                                              Preview:*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):326
                                              Entropy (8bit):5.19243322957421
                                              Encrypted:false
                                              SSDEEP:6:iOGP4Bkoq2P92nKuAl9OmbzNMxIFUtoP4DqZmwCP4ZFkwO92nKuAl9OmbzNMFLJ:7GgBHv4HAa8jFUtoge/CgZF5LHAa84J
                                              MD5:9B6014E3B93C1CE0C824BD3FAFAD4088
                                              SHA1:D5CC2572D67B6A5A0FDCF7B2322AEDA8883AFBED
                                              SHA-256:320395F92FFEB088028EDECDEAF92E68E4ADD71601EDBD7BE9D9B779B7D42BDF
                                              SHA-512:5446AD751C5B1D91830B745D9510324A24DC86B391212B3521453E91F8D6DFD06F5AA4B45EFAB408463E3D82573EA2E50A47DC9CC797FD9FFA66042818A770E7
                                              Malicious:false
                                              Preview:2025/03/13-10:49:14.024 2364 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/03/13-10:49:14.026 2364 Recovering log #3.2025/03/13-10:49:14.027 2364 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):326
                                              Entropy (8bit):5.19243322957421
                                              Encrypted:false
                                              SSDEEP:6:iOGP4Bkoq2P92nKuAl9OmbzNMxIFUtoP4DqZmwCP4ZFkwO92nKuAl9OmbzNMFLJ:7GgBHv4HAa8jFUtoge/CgZF5LHAa84J
                                              MD5:9B6014E3B93C1CE0C824BD3FAFAD4088
                                              SHA1:D5CC2572D67B6A5A0FDCF7B2322AEDA8883AFBED
                                              SHA-256:320395F92FFEB088028EDECDEAF92E68E4ADD71601EDBD7BE9D9B779B7D42BDF
                                              SHA-512:5446AD751C5B1D91830B745D9510324A24DC86B391212B3521453E91F8D6DFD06F5AA4B45EFAB408463E3D82573EA2E50A47DC9CC797FD9FFA66042818A770E7
                                              Malicious:false
                                              Preview:2025/03/13-10:49:14.024 2364 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/03/13-10:49:14.026 2364 Recovering log #3.2025/03/13-10:49:14.027 2364 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250313144916Z-185.bmp

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
                                              Category:dropped
                                              Size (bytes):71190
                                              Entropy (8bit):2.8577176595034435
                                              Encrypted:false
                                              SSDEEP:192:uakp836mYGtSGYyQR0cxYurtZVyTdsEDF5G244WztqurlsbJW:ute3BYcPuR0cxYurzsTdlDF5GBRYM
                                              MD5:28CE63E0695040E67EF97CC7107AB614
                                              SHA1:A73B8D5A8237FAE09FDE03CAE04EA61CD0FF3198
                                              SHA-256:B6A023C274890D8D13B54B6BDAD019CABACD3F299E560628E3442CDFA0CDE1F5
                                              SHA-512:595D34471BFC1C2930BC0D93FADD7C177F80A879985D13CD726B2594412CDFB00CAAA562C394D9F08C532033868A9949FB569821A58485D28D3A1CAC0B86B2BD
                                              Malicious:false
                                              Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):4
                                              Entropy (8bit):0.8112781244591328
                                              Encrypted:false
                                              SSDEEP:3:e:e
                                              MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                              SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                              SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                              SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                              Malicious:false
                                              Preview:....

                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:JSON data
                                              Category:dropped
                                              Size (bytes):2145
                                              Entropy (8bit):5.070510904075857
                                              Encrypted:false
                                              SSDEEP:24:YFu33QJGm27XHZ2LSCt7aZna0TNpnayGZmmuBJvbZW4xCZqu20Z+nZO8ZMCCDxiW:YIAwmWXZYEtoitbRCwu20wD+JliWxao
                                              MD5:FBD3553BDC2A45BBA6C6F957F91898D4
                                              SHA1:B884ECAB47B035937C6773332EAC44396B193E72
                                              SHA-256:67A6479960D74F3A1E36A67B155C8D2AE9C139D94BBEAC86541E4D5F011E2A79
                                              SHA-512:B00236638BE83E92456B6A0B372EDFC90087A1C6B5E4B557A950C768240205B32CC45BD6E7D4BFF95B9D50E0742E7A14A882AB9FF32BBA5ABB6EDC68BA9CFC00
                                              Malicious:false
                                              Preview:{"all":[{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1741877356000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"d550de899f04b5f1cb01c3a7438d5d96","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1696428962000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"cfa45c7829b86b94abc8cd788add6752","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696428962000},{"id":"DC_FirstMile_Right_Sec_Surface","info":{"dg":"2dd86d6e5f99203c47dd099f6b5e82b8","sid":"DC_FirstMile_Right_Sec_Surface"},"mimeType":"file","size":294,"ts":1696428955000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"3ef850c86adcfefa30feaf6c5c1404b1","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1696426848000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"955b63af1bb125ce44faeb9a35adb91d","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696426848000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg"

                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 24, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 24
                                              Category:dropped
                                              Size (bytes):12288
                                              Entropy (8bit):0.9949413338347266
                                              Encrypted:false
                                              SSDEEP:24:TLhx/XYKQvGJF7ursQ1RZKHs/Ds/Sp3npauV/1kq9nF:TFl2GL7msogOVpZauhbH
                                              MD5:52AF0B326126C1A9F7788EDF18CF8EC3
                                              SHA1:D58116D67DDDEBCC1F01C238F2F7789F07A16F8A
                                              SHA-256:BE6D9687FEE8AEBDA27C1D1019AF86C59292B9436C2FF97F5C3027861740BDFE
                                              SHA-512:78B46CA59F85C83BFA151204AFAD81481A1D36ED60BC0C0C11E761001D1BDFB351262D54C01E8440F31C168C95420F3F02077CF7417114EBA5D0C62F653642F9
                                              Malicious:false
                                              Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:SQLite Rollback Journal
                                              Category:dropped
                                              Size (bytes):8720
                                              Entropy (8bit):1.3560609561488461
                                              Encrypted:false
                                              SSDEEP:24:7+tYl1RZKHs/Ds/Sp3nlzJm1kq9nLqLxx/XYKQvGJF7ursK:7MQgOVpVzsbpqVl2GL7msK
                                              MD5:5D519987A30A1F5B719C75C0804B8360
                                              SHA1:B0891437A645021028DCE7B2638A85FDE8455DC7
                                              SHA-256:0794118193B9ADA6E42D6988C123DD9D3304F0154F68F4569420BE6180E5CF93
                                              SHA-512:46DB87B375DC34E48EE672E1696E365A10A75246B949DAFB49A1E4B59FD72BF26DF81CE30A8216FE5D846C751834262CA415E4A413EA31C9D3AFAB7411144EDD
                                              Malicious:false
                                              Preview:.... .c.....W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#...z.>.....#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\Local\Temp\MSIb8158.LOG

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):246
                                              Entropy (8bit):3.524398495091119
                                              Encrypted:false
                                              SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K84UlEdNOeNlH:Qw946cPbiOxDlbYnuRKTFOeN9
                                              MD5:C6ACF87539175AAC04EFAF7FEA270356
                                              SHA1:B3705C4C9662C33378AC4F34E6EBBD566579FC5E
                                              SHA-256:49A250903D1DBD0DA191A3A4991401EE9F3327A339B04B57770B165543A48A46
                                              SHA-512:BC37301E72188FC31F256BE6C18CE209A0859B0874FB3575F1244B1D5B88E66C2E0F640BFC0E548666B159AF087DA44838F966449609814CA93761D1F3D849A6
                                              Malicious:false
                                              Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.3./.0.3./.2.0.2.5. . .1.0.:.4.9.:.2.1. .=.=.=.....

                                              C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91vzux6r_151ocmp_6p8.tmp

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
                                              Category:dropped
                                              Size (bytes):172533
                                              Entropy (8bit):7.9939633424166745
                                              Encrypted:true
                                              SSDEEP:3072:sl2qfO9Wr2CdN9jNS9c840Ig+qZ+kXnR2RKw0n1NwQqV4EqQ9tBgTBpLS:sl2qUwEzXZr+0nwNV4eDgNFS
                                              MD5:514BB67C2C74526747528180719E8884
                                              SHA1:A8280BDC1B75153D7688B5378203A79329C6D44E
                                              SHA-256:FDCA0AFCDDB6CC1D71281AF56A64F8E71EAD5143ED620607DAC57BEE3578FEA8
                                              SHA-512:4F0EC2FFBBBEE2C482EF3E95F0A7499D58A2D3B7BFA96899A84B474ABFDCEFE7E5326F4E0C538D92359AFF93E91FE36D353868EA7D92DBC0B5C9A5665EBDB97B
                                              Malicious:false
                                              Preview:PK..........XZ...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK..........XZ................message.xml.]{s.X....j..........xJ.#..;..N..nu...-6....x....9.,!..\.t:6p/\..y?...m.Y_.4.../{.-..x...../{.o......N.,....(...8...p..0g....}.l..G.y.G..8<(~9.GG.u....r8........?..8.....?..e...{=.....x.{.....{...xc5.D..Y.h...Q2...X...{...T.8....>..................@...I.M#...8...[~t>....po...C..2x.....>.<.6=<X.4?.ER>..Q...#....,.r.....e.~...Y.d....4.....xK......m>...X.<...-Q).}...(.s....]...<8b..}".).(...#p......4L....0n.......i.&i.?.......9.V.q8....(,~i.a.g.$....Ei.......A....y....0....0f..*:KpZ.Xo^>L6.Y{.7.t....(8..7.d.....`.....S..`*k...S.".'.f.z%L...Z........I.G....T.U.VP. ..M.'.Y.M.....u1.7s..+.jAS..ZP..... ..x...... ..D..z....u0.LF..@v.e.m.Y.GDm.Z....7.,.g."RQs.....].-...=..x...[A.F...u.p.a.X....3...E.G....9#..r...6.JD0.].J..,......8O....3.........ZF.....O.6...Q]N.(..,..A...9...e.......Y.H7?B......-...;..c.....p........b.&..m@...b^.^

                                              C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-03-13 10-49-14-429.log

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:ASCII text, with very long lines (393)
                                              Category:dropped
                                              Size (bytes):16525
                                              Entropy (8bit):5.376360055978702
                                              Encrypted:false
                                              SSDEEP:384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
                                              MD5:1336667A75083BF81E2632FABAA88B67
                                              SHA1:46E40800B27D95DAED0DBB830E0D0BA85C031D40
                                              SHA-256:F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
                                              SHA-512:D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
                                              Malicious:false
                                              Preview:SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

                                              C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):15114
                                              Entropy (8bit):5.398833933249411
                                              Encrypted:false
                                              SSDEEP:384:WICJ6U6DBi3dgy4va1REWF5DfMZHdvfzpa/dbTPAlDrVIYMDpsPs1ExvC14yYvH7:Jlf
                                              MD5:0B09D13F4B59FBEC8AEDB8AEFEF96D0C
                                              SHA1:29A6F50F9A22E3FD7F5C19604F130964572215D9
                                              SHA-256:7A0B5F0379124681E9371CFC3FDE0FC91D127E2BDB2DC4349F92566EA8723149
                                              SHA-512:AF80C0CC28F35F1154085D4E7590D3F2A09EFA2A4B14AC24BABF3FF7A7A5F201A7EC088CC02DCCFEDF1E9819F84218D5F5CF2BDA25534DC7783DFB1C2B1D198E
                                              Malicious:false
                                              Preview:SessionID=caa929fc-2b19-4b68-886c-f66d04b9f4b9.1741877354576 Timestamp=2025-03-13T10:49:14:576-0400 ThreadID=8772 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=caa929fc-2b19-4b68-886c-f66d04b9f4b9.1741877354576 Timestamp=2025-03-13T10:49:14:579-0400 ThreadID=8772 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=caa929fc-2b19-4b68-886c-f66d04b9f4b9.1741877354576 Timestamp=2025-03-13T10:49:14:580-0400 ThreadID=8772 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=caa929fc-2b19-4b68-886c-f66d04b9f4b9.1741877354576 Timestamp=2025-03-13T10:49:14:580-0400 ThreadID=8772 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=caa929fc-2b19-4b68-886c-f66d04b9f4b9.1741877354576 Timestamp=2025-03-13T10:49:14:580-0400 ThreadID=8772 Component=ngl-lib_NglAppLib Description="SetConf

                                              C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:ASCII text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):29752
                                              Entropy (8bit):5.402196546436214
                                              Encrypted:false
                                              SSDEEP:768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGb0:o
                                              MD5:19445153062B3E0CF08F6B9D05C7880F
                                              SHA1:F48FE2657E6BFF0987A38225CC80CF7BAD182DFE
                                              SHA-256:B2F923F94C49CBAE52E1FCD61FDC0AFB02BC7B16BE44A41E34B58AAB43EEBBC1
                                              SHA-512:1F6401239C7C7B0DC683093C51F6479EC64C91E695ACDBB7FA98228014BF46E2D944C18DBCFF546ACD407285901D2C36CA86EAA4C7650CE732ECA5142056ED64
                                              Malicious:false
                                              Preview:04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

                                              C:\Users\user\AppData\Local\Temp\acrocef_low\00c9192d-f3f5-4ddc-852a-0478ee080c4d.tmp

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                              Category:dropped
                                              Size (bytes):1419751
                                              Entropy (8bit):7.976496077007677
                                              Encrypted:false
                                              SSDEEP:24576:6DaWL07oXGZGwYIGNPJNdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:caWLxXGZGwZGh3mlind9i4ufFXpAXkru
                                              MD5:7867DAFF192926A49EB7516D226D452F
                                              SHA1:BD0B185B12DB865CEA23060A9789C6B2D814B62E
                                              SHA-256:C7586BA81615BBAA63DA0D81CE18C0D087D1237500C99C35239A4D3CAEED2934
                                              SHA-512:B556042E82056983EA6A69AEE0DAB370641437EF6239FD04676FC26EC9472C6E5EF6194885C165E3987E8019321DCD9B4A574EA7A6253AC3C9468434AEAA0C21
                                              Malicious:false
                                              Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                              C:\Users\user\AppData\Local\Temp\acrocef_low\6da2ed39-f468-4201-92b9-61f6e03ed824.tmp

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 42290
                                              Category:dropped
                                              Size (bytes):1407294
                                              Entropy (8bit):7.97605879016224
                                              Encrypted:false
                                              SSDEEP:24576:/rnAdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07WWL07oXGZvYIGNPHs:T43mlind9i4ufFXpAXkrfUs0qWLxXGZx
                                              MD5:62061BF81A7BFF55E8E4E997DA2690AF
                                              SHA1:871FDD1A2F5925A1BA13A0E0E5FEF9B6AC1A6F5E
                                              SHA-256:C14FA57D8954682FFD2E3DAEB1215BDC616B7A16288576C0F1A82590263595B7
                                              SHA-512:54B39C40CE7E660E2810EE07C42716C426644C9A5761BC245C9797B29BFFF4DA5035EA5B9FCAD0686A16F22947CFA801D2327D0E0BE10A44186D9A95571ECF04
                                              Malicious:false
                                              Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                              C:\Users\user\AppData\Local\Temp\acrocef_low\8fbe6a88-80fa-4d7b-b284-9fc5e1380bfa.tmp

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                              Category:dropped
                                              Size (bytes):758601
                                              Entropy (8bit):7.98639316555857
                                              Encrypted:false
                                              SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                              MD5:3A49135134665364308390AC398006F1
                                              SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                              SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                              SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                              Malicious:false
                                              Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                              C:\Users\user\AppData\Local\Temp\acrocef_low\bd815e5b-a9a5-419a-bc77-2e271db634bf.tmp

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                              Category:dropped
                                              Size (bytes):386528
                                              Entropy (8bit):7.9736851559892425
                                              Encrypted:false
                                              SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                              MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                              SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                              SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                              SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                              Malicious:false
                                              Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                              C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):119584
                                              Entropy (8bit):6.450058575859411
                                              Encrypted:false
                                              SSDEEP:1536:QVzes29Or3mrGFfZ7t0zfIagnbSLDIIfF61rAOkM7IPlEdyvj:QVez9Ob+KZ7+gbE8qF61BAtUaj
                                              MD5:63BBE6751E744628442634746F9525C2
                                              SHA1:90B67D752120A52F4F5306302BF702D7E6D99520
                                              SHA-256:49BE79EAA8FDCE6D4EECCACE471BFBF84E04DC8A2955089904643262E9605CDA
                                              SHA-512:E5FB4D4FF34B47C865076A48E2D50BC6F22E784B7D23E81C473A27C6A326FCB857E339F83EAAFF63D8D75EBF51589C61C2F09F59A8129E3FBB2C793C9EAEF9D2
                                              Malicious:false
                                              Preview:0....0.......0...*.H........0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1..250223232053Z..250302232053Z0...00!.......0.E....[0...210531000001Z0!...7g...(..^`.x.l...210531000001Z0!...\./M.8..>.f.....210531000001Z0!...*B.Sh...f...s.0..210531000001Z0!..../n...h..7....>..210601000001Z0!....0..>5..aN.u{D..210601000001Z0!...-...qpWa.!n.....210601000001Z0!..."f...\..N.....X..210601000001Z0!...in.H...[u...]....210602000001Z0!......`......._.]...210602000001Z0!...{..e..i......=..210602000001Z0!......S....fNj'.wy..210602000001Z0!......C.lm..B.*.....210602000001Z0!... .}...|.,dk...+..210603000001Z0!...U.K....o.".Rj..210603000001Z0!.....A...K.ZpK..'h..210603000001Z0!.....&}{ ......l..210603000001Z0!...:.m...I.p.;..v..210604000001Z0!...1"uw3..Gou.qg.q..210607000001Z0!................210608000001Z0!...1.o}...c/...-R}..210608000001Z0!...[.N.d............210609000001Z0!......x..i........210610000001Z0!...(... (..#.^.f...210

                                              C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):737
                                              Entropy (8bit):7.522217744185411
                                              Encrypted:false
                                              SSDEEP:12:yeRLaWQMnFQlRVESFfBOoQu+Q9XoC5LT2ttqjj/AsXgzeiAZKaIOxrXJcdz4T3Ib:y2GWnSiStBQmXTLT2tAv/AwgzeiAZTFc
                                              MD5:DDB77C5086BE457C223FF7CB855BAA4A
                                              SHA1:6F30C37CC4D515EAA6EA9B0ACB9C7D061D320878
                                              SHA-256:D341075E49D123D0104A9BF138763E1AC78D6C5A30235AF0EA3D4AEDEB08F51C
                                              SHA-512:B0200A05552239B4D74C0A64E9680B484004753D95428781E8676E2A187AA7CE05B9B59EEBD6F50ECE0A1246B020AD2294675FD7A8ABEFB55A136BA3533912ED
                                              Malicious:false
                                              Preview:0...0.....0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G4..250218210859Z..250311210859Z.00.0...U.#..0.......q]dL..g?....O0...U........0...*.H..............-m....r|...L.w.@g....zs.+.{Z.e..A)s.9.p;.....o.>.9...~.....t.d.;.qZ.....H_T.;.[..JZ*..K..oe....C)... .`..C.a.l7&......m?.z...\5.x.+TGhU..DwS.u....c...`|d;N..M...L.....0e.".n #.`.Q5u..3..{O.&......#..P..M..k....VVP...I....QdB.z...Eg..Xw..wc..4..L./B.n...*..G......oe.^....8......Z.t...EA...j..j+.a.a].*b....mamz...1.lR..h jW........?..w..q........UI....#.{g.c........A..x..].u.7....Z.G...u.g`.R6....L,.g4V...1-..l|..L..&.I.._..Z(W.L.5.a.....":\....v.....Z.v....~P...l......*.f.c^..bO....#.b..f

                                              C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:ISO-8859 text, with very long lines (3486), with CRLF, CR line terminators
                                              Category:dropped
                                              Size (bytes):14456
                                              Entropy (8bit):4.2098179599164975
                                              Encrypted:false
                                              SSDEEP:192:gcPqYV/saFlwwR+kMqe8TlZMX1sgUVa3ddMVsuNeMcGdSD9obOUAVlcMudM/Y14e:g7Q/X4kMb0lZ6mgtdHOelGdWaolvsTZ
                                              MD5:32FCA302C8B872738373D7CCB1E75FD4
                                              SHA1:DA85FAF24ED0ECFD5D69CCFD6286D8B77D7EB4F1
                                              SHA-256:CD0DD26304B88C20801FE80B33C49C009E2E5D4411B5D7F83252E1D90CD461C6
                                              SHA-512:57F8CC85FAFB15455074431216E47433E50DF5DE74ED74C395B7FF2C433DB7CE06F0A1C1FE1EFDC17229DBC33325D559789F43901556DD1A12963B94F01D5A1F
                                              Malicious:false
                                              Preview:%PPKLITE-2.1.%......1 0 obj.<</PPK<</AddressBook<</Entries[2 0 R 3 0 R 4 0 R 5 0 R 6 0 R]/NextID 1006/Type/AddressBook>>/Type/PPK/User<</Type/User>>/V 65537>>/Type/Catalog>>.endobj.2 0 obj.<</ABEType 1/Cert<308204A130820389A00302010202043E1CBD28300D06092A864886F70D01010505003069310B300906035504061302555331233021060355040A131A41646F62652053797374656D7320496E636F72706F7261746564311D301B060355040B131441646F6265205472757374205365727669636573311630140603550403130D41646F626520526F6F74204341301E170D3033303130383233333732335A170D3233303130393030303732335A3069310B300906035504061302555331233021060355040A131A41646F62652053797374656D7320496E636F72706F7261746564311D301B060355040B131441646F6265205472757374205365727669636573311630140603550403130D41646F626520526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100CC4F5484F7A7A2E733537F3F9C12886B2C9947677E0F1EB9AD1488F9C310D81DF0F0D59F690A2F5935B0CC6CA94C9C15A09FCE20BFA0CF54E2E02066453F3986387E9CC48E0722C624F60112B035DF55EA6990B

                                              Chrome Cache Entry: 202

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 450x450, components 3
                                              Category:downloaded
                                              Size (bytes):34659
                                              Entropy (8bit):7.9702244114188145
                                              Encrypted:false
                                              SSDEEP:768:e36kyKWhxBiOVC7I/nYYawKqANrNQOLBVQL0Ms:eeKWEOVC7lvxZQoBmFs
                                              MD5:424638B0EE6ACDB7D9B92A44F758CF14
                                              SHA1:CB7268D9D64EE085B81402A9E3327BCBA5FEA75F
                                              SHA-256:BD45778215527CB8F52C7F4DBA812B07E0B728693FB53E73CC77ECD3FEC0C787
                                              SHA-512:AA2FBDA7F7628252E7A5F7D082E4FE30873D732A3780218E542B8B77C03AD23892422F27E248DFD55D8F48C01777051837AEBFE2278CAB1DE831D1F04047577B
                                              Malicious:false
                                              URL:https://www.google.com/recaptcha/api2/payload?p=06AFcWeA4WixDvtHN8XPPLfJxITOH9iUkN5x2uy8jmXnHMTyhjItl2yN0Du9DZQxVUACxHbdAa4wgLPhT9y-NDgkoNZkB6XoJvxH9cAomC5AOyBuIIJxdeTyfADuw23zb_edkX01-SY4kWLwpZUSWjfuWsBCdvpokdo5zyaDIp5i-DIuv8-pON_K5jq6aTPz6lKuWUdWRo0QJJ&k=6LfGYPMqAAAAALBkfv5WOm0BvBzFEsntHcAwqKvG
                                              Preview:......JFIF.............C..............................................!........."$".$.......C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..u....ZG6.*....P..Z.H...ol..P..|..k..)DY2..P.5G.UKc...t..GR....qt-..i...U{.oT..vv.B.0.<.z.1.2..s.....v....q..>.+...0..A3...Dq..j..~ fG]Y.P.`.&...g".<.........}qO. .g;mk|..&.p..G.5..|.8e..V`A`O..%.1dpNx..".....P...g/..Xng.%...6.$....... .]B......F.L..[...W*......+.xK6s..xY|....v.....<.~h....._..\u..R.B.9A.j.....3..:.Ee......mG..H.t..{..h.;^1.......Pf.T.g...<

                                              Chrome Cache Entry: 203

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (590)
                                              Category:downloaded
                                              Size (bytes):558604
                                              Entropy (8bit):5.709733010176998
                                              Encrypted:false
                                              SSDEEP:6144:HVFDGd9+8cScgz571y+joHXFQuDApgeqCygEeTXB4MGzI8yeK6bDHdClUAJR7Duq:HVxG+LLg9otDAd6SbBpJ8U3lv
                                              MD5:6A36163AA0BBF83AB5D1C9FE0FF046C7
                                              SHA1:B5D6C2EB38480243E8527D29030A895E4558F0B4
                                              SHA-256:430AA09E2AEC35F41AFAC94B13F2550D632F4D12D14549AD3344CF29AA9F40A2
                                              SHA-512:A9299850AB3FDEB4E86DA6E8A1D66F4B9C80BAD0E4CFB0105A7D2DCC7FF380181A611B8681B639E46815BEC3DE31DCAA700FD655C23F8896D42391328FEE4663
                                              Malicious:false
                                              URL:https://www.gstatic.com/recaptcha/releases/J79K9xgfxwT6Syzx-UyWdD89/recaptcha__en.js
                                              Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright 2005, 2007 Bob Ippolito. All Rights Reserved.. Copyright The Closure Library Authors.. SPDX-License-Identifier: MIT.*/./*.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0.*/./*. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var U=function(){return[function(f,V,Z,P,X,D,G,k,H,w,A,S,n,r,K,M,R,t,z,F,g,L,d,v,O,E,m,N,b,q,fc,e,B,V0,l,PL,HL,kK,cL){return f>>((((f&(kK=[1846,2,33],(f<<kK[1]&7)<kK[1]&&(f>>kK[1]&13)>=7&&(cL=Z.M*4294967296+(Z.o>>>V)),93))==f&&c.call(this,V),f)>>1&kK[1])==kK[1]&&(D=[1,191,1213],V.O$?(R=V.Km,S=V.lP,A=J[5](4,12),b=C[16](52,A),M=b.next().value,F=b.next().value,X=b.next().value,K=b.next().value,l=b.next().value,m=b.next().value,PL=b.next().value,b.next(),b.next(),G=b.next().value,b.next(),B=b.next().value,.e=[C[1](65,S,x[32](6,S),x[32](6,kK[0])),x[27](78,S,x[32](kK[2],S),x[32](6,D[kK[1]])),Q[26](22,S,x[32](65,S),x[32]

                                              Chrome Cache Entry: 204

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:Web Open Font Format (Version 2), TrueType, length 15340, version 1.0
                                              Category:downloaded
                                              Size (bytes):15340
                                              Entropy (8bit):7.983406336508752
                                              Encrypted:false
                                              SSDEEP:384:F2gPJde0V2iGrQyD8b3k/tigCdeNqOUd47SH0tsGm:4gPVV2NQE8b3ldeNWH0Wb
                                              MD5:19B7A0ADFDD4F808B53AF7E2CE2AD4E5
                                              SHA1:81D5D4C7B5035AD10CCE63CF7100295E0C51FDDA
                                              SHA-256:C912A9CE0C3122D4B2B29AD26BFE06B0390D1A5BDAA5D6128692C0BEFD1DFBBD
                                              SHA-512:49DA16000687AC81FC4CA9E9112BDCA850BB9F32E0AF2FE751ABC57A8E9C3382451B50998CEB9DE56FC4196F1DC7EF46BBA47933FC47EB4538124870B7630036
                                              Malicious:false
                                              URL:https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
                                              Preview:wOF2......;........d..;..........................d..z..J.`..L.Z..<.....\..`..^...x.6.$..6. ..|. ..8..z%......Q.{..q...FF.kd .8.(..d..).!C...Y.JA...r. ..GH8F......nW...".2&....2<..+C...p...b..SC.......J......z.-..Q..#6&1zUe../\...l.....<.....9s...E~.]B-..B.wY..o......Q..*A.F..1j.......-.`P% .. ,..@1.0..~.....WWW.d.u<c{..^.R.+..w....&.........A......+C....(.N.....0.~..0.J.;.Nu..7....]..m.H.....[h.GL3....?)....c.H...2.3.}y........SXI|..iVN'%E.D.W....r..<`....i....6;E$.....U.$j.@...._.......R2....WS...k.vz.R.'a9!^..*.N....h.._.....c.%."..S.2.16B...o.2}.pmU[.|.LI....2.....OWQLO1-....s..8.(...".|6...6R.. ..M-.zO.}w)..v..mXxX...c..3*#.+.v....F`.Z;.zQ.......r,....Yo.....g.h....+.....O.3Y..)Y.8.!....elX......._.3.}k~u.{ C..H.z..FP........@...d..)T.R...L.H.J.j.@..............$...E......y...3.b...I.h u.+%.HA.\..9..8..X.!....gx...].:..V..C...._..X..!....6..)...GM:E.....O.Z.*}k.;.T.k..D.k.O..D5.r..."......?..T.Q.A...CF...3g.5.Dn<.QPy..G..1.9..Q..0..

                                              Chrome Cache Entry: 205

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
                                              Category:dropped
                                              Size (bytes):600
                                              Entropy (8bit):7.391634169810707
                                              Encrypted:false
                                              SSDEEP:12:6v/7OEUT9vceKKNtY3kM8O+mucROzZbJOAjPBE2Iq8AnxT9:bTdcVIM8tfHzzjy2IdKT9
                                              MD5:0F2A4639B8A4CB30C76E8333C00D30A6
                                              SHA1:57E273A270BB864970D747C74B3F0A7C8E515B13
                                              SHA-256:44B988703019CD6BFA86C91840FECF2A42B611B364E3EEA2F4EB63BF62714E98
                                              SHA-512:3EA72C7E8702D2E9D94B0FAA6FA095A33AB8BC6EC2891F8B3165CE29A9CCF2114FAEF424FA03FD4B9D06785326284C1BB2087CE05E249CCAC65418361BFA7C51
                                              Malicious:false
                                              Preview:.PNG........IHDR...0...0.......1.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.........IDATX..M+.Q.....&/....&......6...|.I..).o.I.X..#.@.bb.D.'5....m...=..y........{....<.P..;.H......f...3l...M.I...j2.....3..1x..S......9..<m...E.'F'.. ...M.j...C..c.5.-..F..3H./F!.."V.e.i.}.Y....../.rw...@...].rp...`CQo(.....J...u.".!E...$.^$...k....b...*.@.^.;.u5.*.......H/Q{..$..'..........w...r.+xS.uR..J.......GD.O./.. G7..l...J.t.3.S...N.7...e..s.-Jlj)..5E....E.;8w4.k..=.li.G...1.c....p,T6;....1.oW.%.2,..Z..a...*m.s}T1F....Hr.1......<x0.....-.i......IEND.B`.

                                              Chrome Cache Entry: 206

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
                                              Category:downloaded
                                              Size (bytes):530
                                              Entropy (8bit):7.2576396280117494
                                              Encrypted:false
                                              SSDEEP:12:6v/7OEUhUxzPKmghSn8nazyk+k8/OzxQcxNMvVb:bhUxzlvWkT8FcxK1
                                              MD5:88E0F42C9FA4F94AA8BCD54D1685C180
                                              SHA1:5AD9D47A49B82718BAA3BE88550A0B3350270C42
                                              SHA-256:89C62095126FCA89EA1511CF35B49B8306162946B0C26D6F60C5506C51D85992
                                              SHA-512:FAFF842E9FF4CC838EC3C724E95EEE6D36B2F8C768DC23E48669E28FC5C19AA24B1B34CF1DBCBE877B3537D6A325B4C35AF440C2B6D58F6A77A04A208D9296F8
                                              Malicious:false
                                              URL:https://www.gstatic.com/recaptcha/api2/audio_2x.png
                                              Preview:.PNG........IHDR...0...0.......1.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.........IDATX...JBA.....E-R... (#..-*$.}.%.Kt.A..Dx.I...AF.Q.4.......-.6..?.m:.,.......Q..D.L..e4..2.D..8)j4:......&>.s......p?......9.o5>.][H.}...&L.%.xh{~K.J|.b..N..HMp....f.}dd..S..4%...$dK..!..Z..NNs.W&g..Fn....p...w..Ut...E\.e.......6......M.F...X.L......em.....R#'..%....j$/..-......@.l."..M.|....OtW.H.,.-.~W`Z.s8..W...B...C-.8"H....6......9...A..aO.1`.M..A..eA.{...-...U.,.W........IEND.B`.

                                              Chrome Cache Entry: 207

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:Web Open Font Format (Version 2), TrueType, length 15552, version 1.0
                                              Category:downloaded
                                              Size (bytes):15552
                                              Entropy (8bit):7.983966851275127
                                              Encrypted:false
                                              SSDEEP:384:HDKhlQ8AGL0dgUoEGBQTc7r6QYMkyr/iobA2E4/jKcJZI7lhzi:jslQ+LhUoTB0Qr6Qjkg/DmcJufzi
                                              MD5:285467176F7FE6BB6A9C6873B3DAD2CC
                                              SHA1:EA04E4FF5142DDD69307C183DEF721A160E0A64E
                                              SHA-256:5A8C1E7681318CAA29E9F44E8A6E271F6A4067A2703E9916DFD4FE9099241DB7
                                              SHA-512:5F9BB763406EA8CE978EC675BD51A0263E9547021EA71188DBD62F0212EB00C1421B750D3B94550B50425BEBFF5F881C41299F6A33BBFA12FB1FF18C12BC7FF1
                                              Malicious:false
                                              URL:https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
                                              Preview:wOF2......<...........<Z.........................d..z..J.`..L.\..<.....<.....^...x.6.$..6. .... ..S..}%.......|....x..[j.E...d..-A...]=sjf$X.o.5......V....i?}.\...;...V......5..mO=,[.B..d'..=..M...q...8..U'..N..G...[..8....Jp..xP...'.?....}.-.1F.C.....%z..#...Q...~.~..3.............r.Xk..v.*.7t.+bw...f..b...q.W..'E.....O..a..HI.....Y.B..i.K.0.:.d.E.Lw....Q..~.6.}B...bT.F.,<./....Qu....|...H....Fk.*-..H..p4.$......{.2.....".T'..........Va.6+.9uv....RW..U$8...p...........H5...B..N..V...{.1....5}p.q6..T...U.P.N...U...!.w..?..mI..8q.}.... >.Z.K.....tq..}.><Ok..w.. ..v....W...{....o...."+#+,..vdt...p.WKK:.p1...3`. 3.......Q.].V.$}.......:.S..bb!I...c.of.2uq.n.MaJ..Cf.......w.$.9C...sj.=...=.Z7...h.w M.D..A.t.....]..GVpL...U(.+.)m..e)..H.}i.o.L...S.r..m..Ko....i..M..J..84.=............S..@......Z.V.E..b...0.....@h>...."$.?....../..?.....?.J.a,..|..d...|`.m5..b..LWc...L...?.G.].i...Q..1.:..LJV.J...bU.2.:\.kt.......t.....k....B..i.z+...........A.....

                                              Chrome Cache Entry: 208

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (1475), with no line terminators
                                              Category:downloaded
                                              Size (bytes):1475
                                              Entropy (8bit):5.788470067541392
                                              Encrypted:false
                                              SSDEEP:24:2jkm94/zKPccAgnHs+KVCe2TLph9gFB5vtADjkrDQndcl/1t4glvllLty1gA1sLc:VKEcznfKo7LmvtUjPKtX7I1HSLrwUnG
                                              MD5:1B0B9B0C321562572E244EB589574700
                                              SHA1:B6F1BAE6F03C0488065A871DDD4687CAA47C54DE
                                              SHA-256:DE9CF6D96D7D8D11871925C40F6D820064A28C0FA9C770A015CB7717E608EC67
                                              SHA-512:D884F5282C66A6690070E0FCA4BEF2CAD36E0A395724629CCDC2D5661C335F7AD8FF88DDD42BDDD80A5353DFAAB6B4091A57A8866C87F527D65AB10A4A0511B4
                                              Malicious:false
                                              URL:https://www.google.com/recaptcha/api.js
                                              Preview:/* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]||{},N='grecaptcha';var gr=w[N]=w[N]||{};gr.ready=gr.ready||function(f){(cfg['fns']=cfg['fns']||[]).push(f);};w['__recaptcha_api']='https://www.google.com/recaptcha/api2/';(cfg['render']=cfg['render']||[]).push('onload');(cfg['clr']=cfg['clr']||[]).push('true');w['__google_recaptcha_client']=true;var d=document,po=d.createElement('script');po.type='text/javascript';po.async=true; po.charset='utf-8';var v=w.navigator,m=d.createElement('meta');m.httpEquiv='origin-trial';m.content='A/kargTFyk8MR5ueravczef/wIlTkbVk1qXQesp39nV+xNECPdLBVeYffxrM8TmZT6RArWGQVCJ0LRivD7glcAUAAACQeyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkRpc2FibGVUaGlyZFBhcnR5U3RvcmFnZVBhcnRpdGlvbmluZzIiLCJleHBpcnkiOjE3NDIzNDIzOTksImlzU3ViZG9tYWluIjp0cnVlLCJpc1RoaXJkUGFydHkiOnRydWV9';if(v&&v.cookieDeprecationLabel){v.cookieDeprecationLabel.getValue().then(function(l){if(l!=='treatment_1.1'&&l!=='treatment_1

                                              Chrome Cache Entry: 209

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
                                              Category:dropped
                                              Size (bytes):665
                                              Entropy (8bit):7.42832670119013
                                              Encrypted:false
                                              SSDEEP:12:6v/7OEUelyuRs56fyKgIEInu5VLJBZInmJhd/3VqQXD8GBm1:belFRs56fuIEIu5VNBZInMTICfBO
                                              MD5:07BF314AAB04047B9E9A959EE6F63DA3
                                              SHA1:17BEF6602672E2FD9956381E01356245144003E5
                                              SHA-256:55EAF62CB05DA20088DC12B39D7D254D046CB1FD61DDF3AE641F1439EFD0A5EE
                                              SHA-512:2A1D4EBC7FBA6951881FD1DDA745480B504E14E3ADAC3B27EC5CF4045DE14FF030D45DDA99DC056285C7980446BA0FC37F489B7534BE46107B21BD43CEE87BA0
                                              Malicious:false
                                              Preview:.PNG........IHDR...0...0.......1.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.........IDATX..W..DA.=.6O...H.,E.............b.....C.1...1..EbLPI.W......H..s.z5.:..._.d.0.u.......j.x.R..._.v..R...1..ir..`.yn..R..j.h./y..l......(`..5....l.E..0......B^......F.....F....Y|p..._,p.............(3^.r.P.O......;<....z.,..yF....N..x.MS...Q.C%......D8G.+......oOk...)T..}|..e...G.....'.R..G.Z.T}7(...&..@...G....$PGYv...A.c.]d....N..'.4b...R.%..)2Yd..b.M..^@.M....^.:h.N(dP*t..RQ%.o...{.vGH..S._".@./...g.....]...?..h..E.,r.m.%."."W.6G..t...->....q\.Kc.t"^......Kj~{l..C..).y..><@|yB....=c.............!...<....IEND.B`.

                                              Chrome Cache Entry: 210

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                              Category:dropped
                                              Size (bytes):2228
                                              Entropy (8bit):7.82817506159911
                                              Encrypted:false
                                              SSDEEP:48:4/6MuQu6DYYEcBDlBVzqawiHI1Oupgl8m7NCnagQJFknwD:4SabhtXqMHyCl8m7N0ag6D
                                              MD5:EF9941290C50CD3866E2BA6B793F010D
                                              SHA1:4736508C795667DCEA21F8D864233031223B7832
                                              SHA-256:1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
                                              SHA-512:A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
                                              Malicious:false
                                              Preview:.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6...*.Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6...*..,xz.._......B."#...L(n..f..Yb...*.8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o......*....x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.*....-.A.}.......I .P.....S....|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.*iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.

                                              Chrome Cache Entry: 211

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
                                              Category:downloaded
                                              Size (bytes):600
                                              Entropy (8bit):7.391634169810707
                                              Encrypted:false
                                              SSDEEP:12:6v/7OEUT9vceKKNtY3kM8O+mucROzZbJOAjPBE2Iq8AnxT9:bTdcVIM8tfHzzjy2IdKT9
                                              MD5:0F2A4639B8A4CB30C76E8333C00D30A6
                                              SHA1:57E273A270BB864970D747C74B3F0A7C8E515B13
                                              SHA-256:44B988703019CD6BFA86C91840FECF2A42B611B364E3EEA2F4EB63BF62714E98
                                              SHA-512:3EA72C7E8702D2E9D94B0FAA6FA095A33AB8BC6EC2891F8B3165CE29A9CCF2114FAEF424FA03FD4B9D06785326284C1BB2087CE05E249CCAC65418361BFA7C51
                                              Malicious:false
                                              URL:https://www.gstatic.com/recaptcha/api2/refresh_2x.png
                                              Preview:.PNG........IHDR...0...0.......1.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.........IDATX..M+.Q.....&/....&......6...|.I..).o.I.X..#.@.bb.D.'5....m...=..y........{....<.P..;.H......f...3l...M.I...j2.....3..1x..S......9..<m...E.'F'.. ...M.j...C..c.5.-..F..3H./F!.."V.e.i.}.Y....../.rw...@...].rp...`CQo(.....J...u.".!E...$.^$...k....b...*.@.^.;.u5.*.......H/Q{..$..'..........w...r.+xS.uR..J.......GD.O./.. G7..l...J.t.3.S...N.7...e..s.-Jlj)..5E....E.;8w4.k..=.li.G...1.c....p,T6;....1.oW.%.2,..Z..a...*m.s}T1F....Hr.1......<x0.....-.i......IEND.B`.

                                              Chrome Cache Entry: 212

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
                                              Category:downloaded
                                              Size (bytes):15344
                                              Entropy (8bit):7.984625225844861
                                              Encrypted:false
                                              SSDEEP:384:ctE5KIuhGO+DSdXwye6i9Xm81v4vMHCbppV0pr3Ll9/w:cqrVO++tw/9CICFbQLlxw
                                              MD5:5D4AEB4E5F5EF754E307D7FFAEF688BD
                                              SHA1:06DB651CDF354C64A7383EA9C77024EF4FB4CEF8
                                              SHA-256:3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC
                                              SHA-512:7EB7C301DF79D35A6A521FAE9D3DCCC0A695D3480B4D34C7D262DD0C67ABEC8437ED40E2920625E98AAEAFBA1D908DEC69C3B07494EC7C29307DE49E91C2EF48
                                              Malicious:false
                                              URL:https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
                                              Preview:wOF2......;........H..;..........................d..@..J.`..L.T..<.....x.....^...x.6.$..6. ..t. ..I.h|.l....A....b6........(......@e.]...*:..-.0..r.)..hS..h...N.).D.........b.].......^..t?.m{...."84...9......c...?..r3o....}...S]....zbO.../z..{.....~cc....I...#.G.D....#*e.A..b...b`a5P.4........M....v4..fI#X.z,.,...=avy..F.a.\9.P|.[....r.Q@M.I.._.9..V..Q..]......[ {u..L@...]..K......]C....l$.Z.Z...Zs.4........ x.........F.?.7N..].|.wb\....Z{1L#..t....0.dM...$JV...{..oX...i....6.v.~......)|.TtAP&).KQ.]y........'...:.d..+..d..."C.h..p.2.M..e,.*UP..@.q..7..D.@...,......B.n. r&.......F!.....\...;R.?-.i...,7..cb../I...Eg...!X.)5.Aj7...Ok..l7.j.A@B`".}.w.m..R.9..T.X.X.d....S..`XI..1... .$C.H.,.\. ..A(.AZ.................`Wr.0]y..-..K.1.............1.tBs..n.0...9.F[b.3x...*$....T..PM.Z-.N.rS?I.<8eR'.3..27..?;..OLf*.Rj.@.o.W...........j~ATA....vX.N:.3dM.r.)Q.B...4i.f..K.l..s....e.U.2...k..a.GO.}..../.'..%$..ed.*.'..qP....M..j....../.z&.=...q<....-..?.A.%..K..

                                              Chrome Cache Entry: 213

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:downloaded
                                              Size (bytes):102
                                              Entropy (8bit):4.959834136761674
                                              Encrypted:false
                                              SSDEEP:3:JSbMqSL1cdXWKQKTc73DN7IVgWaee:PLKdXNQKTC3DlIVgL
                                              MD5:85CF33A7525444B6CA922F12FDB45E9C
                                              SHA1:5BC107045CCE930F2E2FF8A134A52AFCB7EDB55B
                                              SHA-256:223A644C50BB4E93AEE4C2C96AE68188D4BC0B1BA5A10F32293EB32066857A47
                                              SHA-512:D17244B9E8467549693502EEDA6A94AC5C24DC4817E9526689322149F1DCA9B4E47AAF385C84D52E10E890BF0512DD941F0382C247C3054F1A7A51DC72132340
                                              Malicious:false
                                              URL:https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=J79K9xgfxwT6Syzx-UyWdD89
                                              Preview:importScripts('https://www.gstatic.com/recaptcha/releases/J79K9xgfxwT6Syzx-UyWdD89/recaptcha__en.js');

                                              Chrome Cache Entry: 214

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
                                              Category:downloaded
                                              Size (bytes):665
                                              Entropy (8bit):7.42832670119013
                                              Encrypted:false
                                              SSDEEP:12:6v/7OEUelyuRs56fyKgIEInu5VLJBZInmJhd/3VqQXD8GBm1:belFRs56fuIEIu5VNBZInMTICfBO
                                              MD5:07BF314AAB04047B9E9A959EE6F63DA3
                                              SHA1:17BEF6602672E2FD9956381E01356245144003E5
                                              SHA-256:55EAF62CB05DA20088DC12B39D7D254D046CB1FD61DDF3AE641F1439EFD0A5EE
                                              SHA-512:2A1D4EBC7FBA6951881FD1DDA745480B504E14E3ADAC3B27EC5CF4045DE14FF030D45DDA99DC056285C7980446BA0FC37F489B7534BE46107B21BD43CEE87BA0
                                              Malicious:false
                                              URL:https://www.gstatic.com/recaptcha/api2/info_2x.png
                                              Preview:.PNG........IHDR...0...0.......1.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.........IDATX..W..DA.=.6O...H.,E.............b.....C.1...1..EbLPI.W......H..s.z5.:..._.d.0.u.......j.x.R..._.v..R...1..ir..`.yn..R..j.h./y..l......(`..5....l.E..0......B^......F.....F....Y|p..._,p.............(3^.r.P.O......;<....z.,..yF....N..x.MS...Q.C%......D8G.+......oOk...)T..}|..e...G.....'.R..G.Z.T}7(...&..@...G....$PGYv...A.c.]d....N..'.4b...R.%..)2Yd..b.M..^@.M....^.:h.N(dP*t..RQ%.o...{.vGH..S._".@./...g.....]...?..h..E.,r.m.%."."W.6G..t...->....q\.Kc.t"^......Kj~{l..C..).y..><@|yB....=c.............!...<....IEND.B`.

                                              Chrome Cache Entry: 215

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                              Category:downloaded
                                              Size (bytes):2228
                                              Entropy (8bit):7.82817506159911
                                              Encrypted:false
                                              SSDEEP:48:4/6MuQu6DYYEcBDlBVzqawiHI1Oupgl8m7NCnagQJFknwD:4SabhtXqMHyCl8m7N0ag6D
                                              MD5:EF9941290C50CD3866E2BA6B793F010D
                                              SHA1:4736508C795667DCEA21F8D864233031223B7832
                                              SHA-256:1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
                                              SHA-512:A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
                                              Malicious:false
                                              URL:https://www.gstatic.com/recaptcha/api2/logo_48.png
                                              Preview:.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6...*.Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6...*..,xz.._......B."#...L(n..f..Yb...*.8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o......*....x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.*....-.A.}.......I .P.....S....|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.*iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.

                                              Chrome Cache Entry: 216

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:downloaded
                                              Size (bytes):16
                                              Entropy (8bit):3.75
                                              Encrypted:false
                                              SSDEEP:3:H0hCkY:UUkY
                                              MD5:AFB69DF47958EB78B4E941270772BD6A
                                              SHA1:D9FE9A625E906FF25C1F165E7872B1D9C731E78E
                                              SHA-256:874809FB1235F80831B706B9E9B903D80BD5662D036B7712CC76F8C684118878
                                              SHA-512:FD92B98859FFCCFD12AD57830887259F03C7396DA6569C0629B64604CD964E0DF15D695F1A770D2E7F8DF238140F0E6DA7E7D176B54E31C3BB75DDE9B9127C45
                                              Malicious:false
                                              URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIZCbNhQ_oXpMbHEgUNU1pHxSGEZXhLeYJgAw==?alt=proto
                                              Preview:CgkKBw1TWkfFGgA=

                                              Chrome Cache Entry: 217

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (65536), with no line terminators
                                              Category:downloaded
                                              Size (bytes):78627
                                              Entropy (8bit):6.021125182969774
                                              Encrypted:false
                                              SSDEEP:1536:ZfGNbFoZJSUYOOaLnAW8+IcTOIUawthXwW5vx7:pGRFauOxLA/+IcTO5LX9
                                              MD5:6AF145664EB7177B2280DFFA8492731C
                                              SHA1:1E95F2F04E7B6335081E7CDBDCC48A4654A44ED3
                                              SHA-256:0767863BFDE47D05640AD76BD3A33AA5CD7DFBA5391E1D80347F7EC41563E404
                                              SHA-512:22D3022DA4B8E4374441ED29C40B6BA43856110D089260C905D55BC914106173A228829605995860BDD9E15E81A7DC87C1C16F37589AD5E63461C2A1125311E9
                                              Malicious:false
                                              URL:https://www.gstatic.com/recaptcha/releases/J79K9xgfxwT6Syzx-UyWdD89/styles__ltr.css
                                              Preview:.goog-inline-block{position:relative;display:-moz-inline-box;display:inline-block}* html .goog-inline-block{display:inline}*:first-child+html .goog-inline-block{display:inline}.recaptcha-checkbox{border:none;font-size:1px;height:28px;margin:4px;width:28px;overflow:visible;outline:0;vertical-align:text-bottom}.recaptcha-checkbox-border{-webkit-border-radius:2px;-moz-border-radius:2px;border-radius:2px;background-color:#fff;border:2px solid #444746;font-size:1px;height:24px;position:absolute;width:24px;z-index:1}.recaptcha-checkbox-borderAnimation{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFQAAANICAYAAABZl8i8AAAAIGNIUk0AAHomAACAhAAA+gAAAIDoAAB1MAAA6mAAADqYAAAXcJy6UTwAAAAGYktHRAD/AP8A/6C9p5MAAHq9SURBVHja7Z15fFTl9f/fd9ZM9n1PgCyEXSSRNYKCgAuiIipuVSuudavV1tq6W/WrtnWrrZbWDZUqUqUoCoIEQhBI2JesELKvM9mTWe7c3x83d5xAlkky8fv92ft5vfKC19znOWfuZ571POc5B1SoUKFChQoVKlSoUKFChQoVKlSoUKFChQoVKlSoUKFChQoVKlSoUKFChQoVKlSoUKFChQoVKlSoUKHifwGCRqsTNFrdj6VPq9XqtNofT9+wvutQyEyad8t9IaPPntFUd

                                              Chrome Cache Entry: 218

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:gzip compressed data, from Unix, original size modulo 2^32 168996
                                              Category:downloaded
                                              Size (bytes):64927
                                              Entropy (8bit):7.995813560726473
                                              Encrypted:true
                                              SSDEEP:1536:LE5BE85KipQuvifaWpe9EAnUuqPEplI74CIFfA:LaSipnviSm/AhqP4CIFfA
                                              MD5:167FA31CB875D01F48B2ABCDDD747991
                                              SHA1:E9287D68C657E6C65FAF7F4E9A0A9D6ABA196BDF
                                              SHA-256:C6A93D5DA59E06BAF6E0C8A3E318BE6C27C1A36AF20DF94BF38505BEBEECFC7F
                                              SHA-512:5BEF14AD36A610E38BB0F53381437D362E3EED0680F016A502E7B844ED9F2971A5B74488A507D897D1C3D30EA8DD62A8825EFDE06B71500D2901042CF7B92675
                                              Malicious:false
                                              URL:https://microsodt.gribed.com/?uaanderson@peo.on.ca
                                              Preview:...........;.z.H...S.s.Ic.......a;.......O..Q..# >..{....^.......>.VU.N.%.."..O.u.....O....}.....x.?;3'...../....n...~w.-&....Y>.q..%.X...|w..G..x.`...`.)..5.?i..h...m.Z3..U$z.x.z....}.[..(.7qB.f..Q<..\.....L6.-..3;.]...........i....-.I.T}K-=......-.6:.z.:...S...^.^...n..n....T...DG...X.^.R....j.9.=.W....p......I.G.m...r.ZL............g9.........a.Z.\...'.!...!A....+.8..:qY....{..P",......X.........6;jm.TMv.q.a.7..iClW*cM....Pq..f.x...nVs.,...K;X.f:k7.D......z...Nf............|E...}...r..|..|Jx48p.._.c..K..'.>'C......r..y>@...K..|....w.u...\.....C%r.7..D..K..J.....zv..w..PF...V.1l+0....(.^6&...t.2M.h....x....D0YG{.<y...g.L.......^e.|[,#..T......+......!...J.>..&...f..R..`.d.....4.u.j.`4?DQ.5..P..wa.\(.....`.%....^s9.B %...U.b...Y..............K.*.YN...Q..V..uiC.9...s.u.*.....>.~.....D....u@.+M..eyDMW z.L.n^#.~...#..:...F.^p.Q.b.OQ..r..1...q...)...q....b4T<.d...I.}.I..z...".qH0c.i....ww@m.....Fo. u;0[.V&a..7.....@....l.

                                              Chrome Cache Entry: 219

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (590)
                                              Category:downloaded
                                              Size (bytes):558604
                                              Entropy (8bit):5.709733010176998
                                              Encrypted:false
                                              SSDEEP:6144:HVFDGd9+8cScgz571y+joHXFQuDApgeqCygEeTXB4MGzI8yeK6bDHdClUAJR7Duq:HVxG+LLg9otDAd6SbBpJ8U3lv
                                              MD5:6A36163AA0BBF83AB5D1C9FE0FF046C7
                                              SHA1:B5D6C2EB38480243E8527D29030A895E4558F0B4
                                              SHA-256:430AA09E2AEC35F41AFAC94B13F2550D632F4D12D14549AD3344CF29AA9F40A2
                                              SHA-512:A9299850AB3FDEB4E86DA6E8A1D66F4B9C80BAD0E4CFB0105A7D2DCC7FF380181A611B8681B639E46815BEC3DE31DCAA700FD655C23F8896D42391328FEE4663
                                              Malicious:false
                                              URL:https://www.gstatic.com/recaptcha/releases/J79K9xgfxwT6Syzx-UyWdD89/recaptcha__en.js
                                              Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright 2005, 2007 Bob Ippolito. All Rights Reserved.. Copyright The Closure Library Authors.. SPDX-License-Identifier: MIT.*/./*.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0.*/./*. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var U=function(){return[function(f,V,Z,P,X,D,G,k,H,w,A,S,n,r,K,M,R,t,z,F,g,L,d,v,O,E,m,N,b,q,fc,e,B,V0,l,PL,HL,kK,cL){return f>>((((f&(kK=[1846,2,33],(f<<kK[1]&7)<kK[1]&&(f>>kK[1]&13)>=7&&(cL=Z.M*4294967296+(Z.o>>>V)),93))==f&&c.call(this,V),f)>>1&kK[1])==kK[1]&&(D=[1,191,1213],V.O$?(R=V.Km,S=V.lP,A=J[5](4,12),b=C[16](52,A),M=b.next().value,F=b.next().value,X=b.next().value,K=b.next().value,l=b.next().value,m=b.next().value,PL=b.next().value,b.next(),b.next(),G=b.next().value,b.next(),B=b.next().value,.e=[C[1](65,S,x[32](6,S),x[32](6,kK[0])),x[27](78,S,x[32](kK[2],S),x[32](6,D[kK[1]])),Q[26](22,S,x[32](65,S),x[32]

                                              Chrome Cache Entry: 220

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 450x450, components 3
                                              Category:dropped
                                              Size (bytes):34659
                                              Entropy (8bit):7.9702244114188145
                                              Encrypted:false
                                              SSDEEP:768:e36kyKWhxBiOVC7I/nYYawKqANrNQOLBVQL0Ms:eeKWEOVC7lvxZQoBmFs
                                              MD5:424638B0EE6ACDB7D9B92A44F758CF14
                                              SHA1:CB7268D9D64EE085B81402A9E3327BCBA5FEA75F
                                              SHA-256:BD45778215527CB8F52C7F4DBA812B07E0B728693FB53E73CC77ECD3FEC0C787
                                              SHA-512:AA2FBDA7F7628252E7A5F7D082E4FE30873D732A3780218E542B8B77C03AD23892422F27E248DFD55D8F48C01777051837AEBFE2278CAB1DE831D1F04047577B
                                              Malicious:false
                                              Preview:......JFIF.............C..............................................!........."$".$.......C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..u....ZG6.*....P..Z.H...ol..P..|..k..)DY2..P.5G.UKc...t..GR....qt-..i...U{.oT..vv.B.0.<.z.1.2..s.....v....q..>.+...0..A3...Dq..j..~ fG]Y.P.`.&...g".<.........}qO. .g;mk|..&.p..G.5..|.8e..V`A`O..%.1dpNx..".....P...g/..Xng.%...6.$....... .]B......F.L..[...W*......+.xK6s..xY|....v.....<.~h....._..\u..R.B.9A.j.....3..:.Ee......mG..H.t..{..h.;^1.......Pf.T.g...<

                                              Chrome Cache Entry: 221

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
                                              Category:dropped
                                              Size (bytes):530
                                              Entropy (8bit):7.2576396280117494
                                              Encrypted:false
                                              SSDEEP:12:6v/7OEUhUxzPKmghSn8nazyk+k8/OzxQcxNMvVb:bhUxzlvWkT8FcxK1
                                              MD5:88E0F42C9FA4F94AA8BCD54D1685C180
                                              SHA1:5AD9D47A49B82718BAA3BE88550A0B3350270C42
                                              SHA-256:89C62095126FCA89EA1511CF35B49B8306162946B0C26D6F60C5506C51D85992
                                              SHA-512:FAFF842E9FF4CC838EC3C724E95EEE6D36B2F8C768DC23E48669E28FC5C19AA24B1B34CF1DBCBE877B3537D6A325B4C35AF440C2B6D58F6A77A04A208D9296F8
                                              Malicious:false
                                              Preview:.PNG........IHDR...0...0.......1.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.........IDATX...JBA.....E-R... (#..-*$.}.%.Kt.A..Dx.I...AF.Q.4.......-.6..?.m:.,.......Q..D.L..e4..2.D..8)j4:......&>.s......p?......9.o5>.][H.}...&L.%.xh{~K.J|.b..N..HMp....f.}dd..S..4%...$dK..!..Z..NNs.W&g..Fn....p...w..Ut...E\.e.......6......M.F...X.L......em.....R#'..%....j$/..-......@.l."..M.|....OtW.H.,.-.~W`Z.s8..W...B...C-.8"H....6......9...A..aO.1`.M..A..eA.{...-...U.,.W........IEND.B`.

                                              Static File Info

                                              General

                                              File type:PDF document, version 1.4, 2 pages
                                              Entropy (8bit):7.885037672498281
                                              TrID:
                                              • Adobe Portable Document Format (5005/1) 100.00%
                                              File name:Peo Retention Memo Reff No2.pdf
                                              File size:77'025 bytes
                                              MD5:1b2827e4684f07345199e033b2cbda47
                                              SHA1:af1f536a952a76d2a73862e36d88a29225ff2aeb
                                              SHA256:253d84997f2141023ddd0b5a5cabee27153a393ac2f05f99a160f178b5e23ade
                                              SHA512:d569ec9040220a5bd687e0d043311607af9148bfcf3b4ba73e75de1740c4e13db23e8bf7e80cb255e6de7485be04419acd3ebb7bded45e5f0a8ca34c36bf55be
                                              SSDEEP:1536:3JnkCYEMjDudM0fzvr3F58fSxbYTAJJg3TaES8YAIx1R:9MCF7prxcTAPgjLSbAIxX
                                              TLSH:FD73E030F9CE5C1DE982E646CA7C785D9EAEB02B12CC6865027C8A45F505C69EBC37D3
                                              File Content Preview:%PDF-1.4.%.....1 0 obj.<</Creator (Chromium)./Producer (Skia/PDF m127)./CreationDate (D:20250313140130+00'00')./ModDate (D:20250313140130+00'00')>>.endobj.3 0 obj.<</ca 1./BM /Normal>>.endobj.6 0 obj.<</N 3./Filter /FlateDecode./Length 293>> stream.x.}..J

                                              File Icon

                                              Icon Hash:62cc8caeb29e8ae0

                                              Static PDF Info

                                              General

                                              Header:%PDF-1.4
                                              Total Entropy:7.885038
                                              Total Bytes:77025
                                              Stream Entropy:7.995771
                                              Stream Bytes:65224
                                              Entropy outside Streams:5.127161
                                              Bytes outside Streams:11801
                                              Number of EOF found:1
                                              Bytes after EOF:

                                              Keywords Statistics

                                              NameCount
                                              obj64
                                              endobj64
                                              stream16
                                              endstream16
                                              xref1
                                              trailer1
                                              startxref1
                                              /Page2
                                              /Encrypt0
                                              /ObjStm0
                                              /URI0
                                              /JS0
                                              /JavaScript0
                                              /AA0
                                              /OpenAction0
                                              /AcroForm0
                                              /JBIG2Decode0
                                              /RichMedia0
                                              /Launch0
                                              /EmbeddedFile0

                                              Image Streams

                                              IDDHASHMD5Preview
                                              40000000000000000c8b633a14d381c4d522bd6824890f853
                                              52d1c724b5c4d344c8eda5b531640d6ef5b6f25754dfc517a
                                              90000000000000000e8343f747727805eb5cc5aac805cf471
                                              130000000000000000f5cab9c56b36fade5d7db4a45400672e
                                              14f0c0b2c0c0b2c0f0284630674de8586dd326f34ceab464b8

                                              Network Behavior

                                              No network behavior found

                                              Statistics

                                              CPU Usage

                                              Click to jump to process

                                              Memory Usage

                                              Click to jump to process

                                              High Level Behavior Distribution

                                              Click to dive into process behavior distribution

                                              Behavior

                                              Click to jump to process

                                              System Behavior

                                              General

                                              Target ID:0
                                              Start time:10:49:10
                                              Start date:13/03/2025
                                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Peo Retention Memo Reff No2.pdf"
                                              Imagebase:0x7ff7f7a00000
                                              File size:5'641'176 bytes
                                              MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:1
                                              Start time:10:49:11
                                              Start date:13/03/2025
                                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                              Imagebase:0x7ff7394e0000
                                              File size:3'581'912 bytes
                                              MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:2
                                              Start time:10:49:13
                                              Start date:13/03/2025
                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://microsodt.gribed.com/?uaanderson@peo.on.ca
                                              Imagebase:0x7ff79d7f0000
                                              File size:3'388'000 bytes
                                              MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:false

                                              General

                                              Target ID:3
                                              Start time:10:49:13
                                              Start date:13/03/2025
                                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2252 --field-trial-handle=1604,i,694957018260659851,10963411568758228945,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                              Imagebase:0x7ff7394e0000
                                              File size:3'581'912 bytes
                                              MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:4
                                              Start time:10:49:14
                                              Start date:13/03/2025
                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2040,i,17943941093483786729,4358705279315839112,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2060 /prefetch:3
                                              Imagebase:0x7ff79d7f0000
                                              File size:3'388'000 bytes
                                              MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:false

                                              General

                                              Target ID:5
                                              Start time:10:49:17
                                              Start date:13/03/2025
                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2040,i,17943941093483786729,4358705279315839112,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4780 /prefetch:8
                                              Imagebase:0x7ff79d7f0000
                                              File size:3'388'000 bytes
                                              MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:false

                                              Disassembly

                                              No disassembly