Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
REGISTERED NY LIEN JUDGMENT 3 FILED.pdf

Overview

General Information

Sample name:REGISTERED NY LIEN JUDGMENT 3 FILED.pdf
Analysis ID:1467207
MD5:3d1421e74c45d30d1861983288f509d6
SHA1:ae031b7c4a69f2b338b70df155c31133f48e1272
SHA256:f7ae91286f594920119d821e62cfae146e942f8a22495ee18777ce945d0af8c0
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

IP address seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64_ra
  • Acrobat.exe (PID: 3636 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\REGISTERED NY LIEN JUDGMENT 3 FILED.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6228 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 6444 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2144 --field-trial-handle=1580,i,13178085396687229074,4243365313787994588,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: 171.39.242.20.in-addr.arpa
Source: global trafficTCP traffic: 192.168.2.17:49709 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.17:49707 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.17:49707 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.17:49707 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.17:49707 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.17:49707 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.17:49707 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.17:49707 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.17:49707 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.17:49707 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.17:49707 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.17:49707 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.17:49709 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.17:49709 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.17:49709 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.17:49709 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.17:49709 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.17:49709 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.17:49709 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.17:49709 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.17:49709 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.17:49709 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.17:49709 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.17:49709 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.17:49709 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.17:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.17:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.17:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.17:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.17:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.17:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.17:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.17:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.17:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.17:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.17:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.17:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.17:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.17:49707 -> 52.6.155.20:443
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.17:49707
Source: global trafficTCP traffic: 192.168.2.17:49707 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.17:49707 -> 52.6.155.20:443
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.17:49707
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.17:49707
Source: global trafficTCP traffic: 192.168.2.17:49707 -> 52.6.155.20:443
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.17:49707
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.17:49707
Source: global trafficTCP traffic: 192.168.2.17:49707 -> 52.6.155.20:443
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.17:49707
Source: global trafficTCP traffic: 192.168.2.17:49707 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.17:49707 -> 52.6.155.20:443
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.17:49707
Source: global trafficTCP traffic: 192.168.2.17:49707 -> 52.6.155.20:443
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.17:49707
Source: global trafficTCP traffic: 192.168.2.17:49707 -> 52.6.155.20:443
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.17:49707
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.17:49707
Source: global trafficTCP traffic: 192.168.2.17:49707 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.17:49707 -> 52.6.155.20:443
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.17:49707
Source: global trafficTCP traffic: 192.168.2.17:49709 -> 52.6.155.20:443
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.17:49709
Source: global trafficTCP traffic: 192.168.2.17:49709 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.17:49709 -> 52.6.155.20:443
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.17:49709
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.17:49709
Source: global trafficTCP traffic: 192.168.2.17:49709 -> 52.6.155.20:443
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.17:49709
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.17:49709
Source: global trafficTCP traffic: 192.168.2.17:49709 -> 52.6.155.20:443
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.17:49709
Source: global trafficTCP traffic: 192.168.2.17:49709 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.17:49709 -> 52.6.155.20:443
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.17:49709
Source: global trafficTCP traffic: 192.168.2.17:49709 -> 52.6.155.20:443
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.17:49709
Source: global trafficTCP traffic: 192.168.2.17:49709 -> 52.6.155.20:443
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.17:49709
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.17:49709
Source: global trafficTCP traffic: 192.168.2.17:49709 -> 52.6.155.20:443
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.17:49709
Source: global trafficTCP traffic: 192.168.2.17:49709 -> 52.6.155.20:443
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.17:49709
Source: global trafficTCP traffic: 192.168.2.17:49709 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.17:49709 -> 52.6.155.20:443
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.17:49709
Source: global trafficTCP traffic: 192.168.2.17:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.17:49713
Source: global trafficTCP traffic: 192.168.2.17:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.17:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.17:49713
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.17:49713
Source: global trafficTCP traffic: 192.168.2.17:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.17:49713
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.17:49713
Source: global trafficTCP traffic: 192.168.2.17:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.17:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.17:49713
Source: global trafficTCP traffic: 192.168.2.17:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.17:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.17:49713
Source: global trafficTCP traffic: 192.168.2.17:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.17:49713
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.17:49713
Source: global trafficTCP traffic: 192.168.2.17:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.17:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.17:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.17:49713
Source: global trafficTCP traffic: 192.168.2.17:49713 -> 23.47.168.24:443
Source: Joe Sandbox ViewIP Address: 23.47.168.24 23.47.168.24
Source: Joe Sandbox ViewIP Address: 52.6.155.20 52.6.155.20
Source: global trafficHTTP traffic detected: OPTIONS /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1Host: p13n.adobe.ioConnection: keep-aliveAccept: */*Access-Control-Request-Method: GETAccess-Control-Request-Headers: x-adobe-uuid,x-adobe-uuid-type,x-api-keyOrigin: https://rna-resource.acrobat.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Mode: corsSec-Fetch-Site: cross-siteSec-Fetch-Dest: emptyReferer: https://rna-resource.acrobat.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1Host: p13n.adobe.ioConnection: keep-alivesec-ch-ua: "Chromium";v="105"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01x-adobe-uuid: 1f3fa221-8ac6-43de-8455-1f83ca5a15c8x-adobe-uuid-type: visitorIdx-api-key: AdobeReader9sec-ch-ua-platform: "Windows"Origin: https://rna-resource.acrobat.comAccept-Language: en-US,en;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://rna-resource.acrobat.com/Accept-Encoding: gzip, deflate, br
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1Host: p13n.adobe.ioConnection: keep-alivesec-ch-ua: "Chromium";v="105"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01x-adobe-uuid: 1f3fa221-8ac6-43de-8455-1f83ca5a15c8x-adobe-uuid-type: visitorIdx-api-key: AdobeReader9sec-ch-ua-platform: "Windows"Origin: https://rna-resource.acrobat.comAccept-Language: en-US,en;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://rna-resource.acrobat.com/Accept-Encoding: gzip, deflate, br
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global trafficDNS traffic detected: DNS query: 171.39.242.20.in-addr.arpa
Source: E0F5C59F9FA661F6F4C50B87FEF3A15A0.2.drString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: REGISTERED NY LIEN JUDGMENT 3 FILED.pdfString found in binary or memory: http://www.sos.arkansas.gott
Source: REGISTERED NY LIEN JUDGMENT 3 FILED.pdfString found in binary or memory: http://www.sos.arkansas.gov
Source: REGISTERED NY LIEN JUDGMENT 3 FILED.pdfString found in binary or memory: http://www.sos.arkansas.gov(s01)
Source: REGISTERED NY LIEN JUDGMENT 3 FILED.pdfString found in binary or memory: http://www.wealth4freednm.com/l
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: REGISTERED NY LIEN JUDGMENT 3 FILED.pdfBinary or memory string: nB.VBp@
Source: REGISTERED NY LIEN JUDGMENT 3 FILED.pdfBinary or memory string: .sLn+
Source: classification engineClassification label: clean2.winPDF@16/57@1/2
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.4008Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-07-03 15-08-46-785.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\REGISTERED NY LIEN JUDGMENT 3 FILED.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2144 --field-trial-handle=1580,i,13178085396687229074,4243365313787994588,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2144 --field-trial-handle=1580,i,13178085396687229074,4243365313787994588,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: REGISTERED NY LIEN JUDGMENT 3 FILED.pdfStatic file information: File size 83103267 > 6291456
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1467207 Sample: REGISTERED NY LIEN JUDGMENT... Startdate: 03/07/2024 Architecture: WINDOWS Score: 2 14 171.39.242.20.in-addr.arpa 2->14 7 Acrobat.exe 16 75 2->7         started        process3 process4 9 AcroCEF.exe 132 7->9         started        process5 11 AcroCEF.exe 4 9->11         started        dnsIp6 16 52.6.155.20, 443, 49707, 49709 AMAZON-AESUS United States 11->16 18 23.47.168.24, 443, 49713 AKAMAI-ASUS United States 11->18

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.sos.arkansas.gov0%Avira URL Cloudsafe
http://www.sos.arkansas.gov(s01)0%Avira URL Cloudsafe
http://www.sos.arkansas.gott0%Avira URL Cloudsafe
http://www.wealth4freednm.com/l0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		unknown
    171.39.242.20.in-addr.arpa
    		unknown
    		unknownfalse
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://www.sos.arkansas.gottREGISTERED NY LIEN JUDGMENT 3 FILED.pdffalse
      • Avira URL Cloud: safe
      		unknown
      http://www.sos.arkansas.gov(s01)REGISTERED NY LIEN JUDGMENT 3 FILED.pdffalse
      • Avira URL Cloud: safe
      		unknown
      http://www.sos.arkansas.govREGISTERED NY LIEN JUDGMENT 3 FILED.pdffalse
      • Avira URL Cloud: safe
      		unknown
      http://www.wealth4freednm.com/lREGISTERED NY LIEN JUDGMENT 3 FILED.pdffalse
      • Avira URL Cloud: safe
      		unknown

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      23.47.168.24
      		unknownUnited States
      		16625AKAMAI-ASUSfalse
      52.6.155.20
      		unknownUnited States
      		14618AMAZON-AESUSfalse

      General Information

      Joe Sandbox version:40.0.0 Tourmaline
      Analysis ID:1467207
      Start date and time:2024-07-03 21:08:06 +02:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 4m 33s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:defaultwindowsinteractivecookbook.jbs
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:22
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Sample name:REGISTERED NY LIEN JUDGMENT 3 FILED.pdf
      Detection:CLEAN
      Classification:clean2.winPDF@16/57@1/2
      Cookbook Comments:
      • Found application associated with file extension: .pdf

      Warnings

      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, TextInputHost.exe
      • Excluded IPs from analysis (whitelisted): 172.64.41.3, 162.159.61.3, 184.28.88.176, 199.232.210.172, 2.16.241.13, 2.16.241.15, 2.19.126.143, 2.19.126.149, 104.124.11.43, 104.124.11.64, 88.221.110.81, 88.221.110.120, 88.221.110.64, 88.221.110.91, 88.221.110.115, 88.221.110.99, 88.221.110.59, 2.16.100.176, 2.16.100.162, 2.22.242.11, 2.22.242.123
      • Excluded domains from analysis (whitelisted): www.bing.com, chrome.cloudflare-dns.com, e4578.dscg.akamaiedge.net, fs.microsoft.com, identrust.edgesuite.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, acroipm2.adobe.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, a1952.dscq.akamai.net, ocsp.digicert.com, login.live.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, evoke-windowsservices-tas.msedge.net, geo2.adobe.com, wu-b-net.trafficmanager.net, apps.identrust.com
      • Not all processes where analyzed, report is missing behavior information
      • Report size exceeded maximum capacity and may have missing behavior information.
      • VT rate limit hit for: REGISTERED NY LIEN JUDGMENT 3 FILED.pdf

      Simulations

      Behavior and APIs

      TimeTypeDescription
      15:08:49API Interceptor2x Sleep call for process: AcroCEF.exe modified

      LLM Input / Output

      InputOutput
      URL: PDF Model: gpt-4o
      ```json{  "riskscore": 1,  "reasons": "The document appears to be an official filing acknowledgment from the State of New York Department of State. There are no visually prominent buttons or links in the screenshot. The text does not create a sense of urgency or interest that typically characterizes phishing attempts. It is a formal acknowledgment of a filing with no immediate call to action. The document does not impersonate any well-known brands beyond the legitimate government entity it claims to represent. The sense of urgency is not connected to any prominent button or link, as there are none present."}

      Joe Sandbox View / Context

      IPs

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      23.47.168.24Novolog (Pharm-Up 1966) LTD_SKM_C590368369060_417161.pdfGet hashmaliciousHTMLPhisherBrowse
        Invoice - 21153253589581947197326090404964329500290845699807 - Toyotaconnected.pdfGet hashmaliciousUnknownBrowse
          Hilcorp-updated agreement.pdfGet hashmaliciousUnknownBrowse
            Invoice - 07776611412802924323813205194919526056527884439486 - Kforce.pdfGet hashmaliciousUnknownBrowse
              invoicepast.pdf.lnk.mal.lnkGet hashmaliciousScreenConnect ToolBrowse
                PG96120000311.pdf.lnk.mal.lnkGet hashmaliciousUnknownBrowse
                  Absa.pdfGet hashmaliciousHTMLPhisherBrowse
                    Absa.pdfGet hashmaliciousUnknownBrowse
                      MOD_200.pdf.lnkGet hashmaliciousArc StealerBrowse
                        Fatura.pdfGet hashmaliciousUnknownBrowse
                          52.6.155.20Invoice - 21153253589581947197326090404964329500290845699807 - Toyotaconnected.pdfGet hashmaliciousUnknownBrowse
                            Hilcorp-updated agreement.pdfGet hashmaliciousUnknownBrowse
                              Remittance_ITWWX 5824.pdfGet hashmaliciousHTMLPhisherBrowse
                                https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:6604fc88-dc7a-4ae2-989d-f98c81c5e650Get hashmaliciousRemcosBrowse
                                  https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:4689d6e7-4d4c-4efb-91f6-652de2c9355cGet hashmaliciousRemcosBrowse
                                    https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:6f0c4644-4b4e-427a-aed3-c432945e399aGet hashmaliciousHTMLPhisherBrowse
                                      RE.msgGet hashmaliciousHTMLPhisherBrowse
                                        SecuriteInfo.com.W32.PossibleThreat.18276.7286.exeGet hashmaliciousUnknownBrowse
                                          http://liceogalois.co/w164669.shtmlGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                            https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:120c9aa5-c035-4084-b3ac-e9f5e128e76bGet hashmaliciousHTMLPhisherBrowse

                                              Domains

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              bg.microsoft.map.fastly.nethttp://sagilityhealth.comGet hashmaliciousUnknownBrowse
                                              • 199.232.210.172
                                              https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3A%2F%2Flodgesonvashon.us11.list-manage.com%2Ftrack%2Fclick%3Fu%3D7bd9671a0b3250a7fef40b908%26id%3Dd8775abc58%26e%3D176d192631&umid=dd8a56c0-7dd4-4bb3-bb0e-81b56ebc53fa&auth=f59947c46ffdca8529044338828c8694fe545b0c-e8ce5e3cd8a069926d864ab292898eb1f0993e46Get hashmaliciousHTMLPhisherBrowse
                                              • 199.232.214.172
                                              Groupe ECADE_00_Paiement de facture_9911.pdfGet hashmaliciousUnknownBrowse
                                              • 199.232.214.172
                                              http://yournewstech.comGet hashmaliciousUnknownBrowse
                                              • 199.232.214.172
                                              ZS5.dllGet hashmaliciousBlackMoonBrowse
                                              • 199.232.210.172
                                              https://troy-acoustics.neetoform.com/25d7349ac44d8bc00661Get hashmaliciousPhisherBrowse
                                              • 199.232.214.172
                                              RFQ-099409.exeGet hashmaliciousFormBookBrowse
                                              • 199.232.210.172
                                              RFQ-099409.exeGet hashmaliciousFormBookBrowse
                                              • 199.232.210.172
                                              2cFFfHDG7D.msiGet hashmaliciousAteraAgentBrowse
                                              • 199.232.214.172
                                              BL Draft.exeGet hashmaliciousFormBookBrowse
                                              • 199.232.210.172

                                              ASNs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              AMAZON-AESUShttps://link.mail.beehiiv.com/ls/click?upn=u001.DTQiLe1mLQCNek4IXPrb3cd8am3-2BtbSaRRShUhZCbhF1FE2NDum-2B9YeqhMivZ-2FcIJGKdOjfqgyCSTZimAiOiNKkJG3N5vgYBNDNlk5YkmOU2XPb-2FKTFlF-2Fc7jFH7Nb8Q0JW6uJclJabjCcGs0cWdzdydwDpcxzScPZQBex7SofyQj6MGdYzEG8hbxGGqYt2bpR0NjPAx6JIYz6GJiSrQNg-3D-3DNN1n_VW5ZEdFpCuXmC2nf4fwMfiBmdui0O95PSMmp4s-2F2oS3jvSHISWr6XQl8RtHpD7TWmHpRBlT8NsCamUZaroeFibjayeskXeuNnFhPFOon1-2FD6SmbcpIEUC7jghzzXsggajKIODB16RJEeGNz4SFHe6mT-2Bn59v08ju13fD9NtKJQcr97qiQNjiGiaoQJcvN3gUurUBqLZp9I4f9bNW54ZUVVCzpwaogbLaWcL9oScbt8r4Ku34t9zOqlF27gTqXVf6T2MbNMKkoCYnb-2BuL8kIZdyoRM3EFOIuktrG5gMH3OTa1K2klBhmxFOQ2d7plqd5asAi8Ofl9YcYOh-2FL4f45riCQtSdd7jru06EkHcBuJahi-2BD3xm-2F7PbjpIpmn-2Bu7KYdjQeOSKE-2FSiD6UNxc7JQNRWkdnK1RTC7eoEMZms82uCa8fJQIoMgqBt91NrcdZIDONaGhhpHXRhQ1VbYp5h6Cow-3D-3D#?email=YWx5c2EuYUBjZW50dXJ5Yml6c29sdXRpb25zLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                                              • 3.227.135.8
                                              http://sagilityhealth.comGet hashmaliciousUnknownBrowse
                                              • 44.195.204.217
                                              23eb97f4-980c-745d-c5e2-6fdb70189e48.emlGet hashmaliciousHTMLPhisherBrowse
                                              • 18.208.94.120
                                              https://hr.economictimes.indiatimes.com/etl.php?url=https://hr.economictimes.indiatimes.com/etl.php?url=//uiytrewrtyuiouyt.pages.dev/#?email=a2V2aW4uai5oYW5zZW5AeGNlbGVuZXJneS5jb20=Get hashmaliciousHTMLPhisherBrowse
                                              • 3.227.135.8
                                              Untitled.emlGet hashmaliciousHTMLPhisherBrowse
                                              • 3.227.135.8
                                              https://troy-acoustics.neetoform.com/25d7349ac44d8bc00661Get hashmaliciousPhisherBrowse
                                              • 3.5.29.70
                                              Service Desk - Please verify your Account!.emlGet hashmaliciousHTMLPhisherBrowse
                                              • 34.225.136.154
                                              https://link.mail.beehiiv.com/ls/click?upn=u001.DTQiLe1mLQCNek4IXPrb3cd8am3-2BtbSaRRShUhZCbhF1FE2NDum-2B9YeqhMivZ-2FcIJGKdOjfqgyCSTZimAiOiNKkJG3N5vgYBNDNlk5YkmOU2XPb-2FKTFlF-2Fc7jFH7Nb8Q0JW6uJclJabjCcGs0cWdzdydwDpcxzScPZQBex7SofyQj6MGdYzEG8hbxGGqYt2bpR0NjPAx6JIYz6GJiSrQNg-3D-3DNN1n_VW5ZEdFpCuXmC2nf4fwMfiBmdui0O95PSMmp4s-2F2oS3jvSHISWr6XQl8RtHpD7TWmHpRBlT8NsCamUZaroeFibjayeskXeuNnFhPFOon1-2FD6SmbcpIEUC7jghzzXsggajKIODB16RJEeGNz4SFHe6mT-2Bn59v08ju13fD9NtKJQcr97qiQNjiGiaoQJcvN3gUurUBqLZp9I4f9bNW54ZUVVCzpwaogbLaWcL9oScbt8r4Ku34t9zOqlF27gTqXVf6T2MbNMKkoCYnb-2BuL8kIZdyoRM3EFOIuktrG5gMH3OTa1K2klBhmxFOQ2d7plqd5asAi8Ofl9YcYOh-2FL4f45riCQtSdd7jru06EkHcBuJahi-2BD3xm-2F7PbjpIpmn-2Bu7KYdjQeOSKE-2FSiD6UNxc7JQNRWkdnK1RTC7eoEMZms82uCa8fJQIoMgqBt91NrcdZIDONaGhhpHXRhQ1VbYp5h6Cow-3D-3D#?email=dmFsZXJpZS5jaHJ1c2NpZWxAb3Zlcmxha2Vob3NwaXRhbC5vcmc=Get hashmaliciousHTMLPhisherBrowse
                                              • 3.227.135.8
                                              http://www.evernote.com/shard/s371/sh/f041cc04-2eb8-11e1-1279-c0c24914207a/LWhD3rgdQ5xR5t--iDOJ7P-MUkYVUhgRq62dC8LVzLZOnctWRKJm5hEzqgGet hashmaliciousHTMLPhisherBrowse
                                              • 44.197.227.46
                                              7sAylAXBOb.exeGet hashmaliciousUnknownBrowse
                                              • 44.221.84.105
                                              AKAMAI-ASUS23eb97f4-980c-745d-c5e2-6fdb70189e48.emlGet hashmaliciousHTMLPhisherBrowse
                                              • 2.19.126.151
                                              https://hr.economictimes.indiatimes.com/etl.php?url=https://hr.economictimes.indiatimes.com/etl.php?url=//uiytrewrtyuiouyt.pages.dev/#?email=a2V2aW4uai5oYW5zZW5AeGNlbGVuZXJneS5jb20=Get hashmaliciousHTMLPhisherBrowse
                                              • 23.38.98.238
                                              Groupe ECADE_00_Paiement de facture_9911.pdfGet hashmaliciousUnknownBrowse
                                              • 23.52.160.183
                                              Untitled.msgGet hashmaliciousHTMLPhisherBrowse
                                              • 2.19.244.127
                                              https://app.box.com/s/0818uk4femepnk27set00nsfufvakx91Get hashmaliciousHTMLPhisherBrowse
                                              • 23.38.98.104
                                              https://m.exactag.com/ai.aspx?tc=d9550673bc40b07205bbd26a23a8d2e6b6b4f9&url=%68%74%74%70%25%33%41tuskerdigital.com%2Fwinner%2F24968%2F%2FdHJ1bXBzdWNrc2RpY2tAbWFpbC5ydQ==Get hashmaliciousHTMLPhisherBrowse
                                              • 23.38.98.96
                                              http://www.evernote.com/shard/s371/sh/f041cc04-2eb8-11e1-1279-c0c24914207a/LWhD3rgdQ5xR5t--iDOJ7P-MUkYVUhgRq62dC8LVzLZOnctWRKJm5hEzqgGet hashmaliciousHTMLPhisherBrowse
                                              • 2.19.126.198
                                              1dntbjwU2s.exeGet hashmaliciousCryptOne, VidarBrowse
                                              • 104.102.42.29
                                              XZ50BK5JPZ.exeGet hashmaliciousCryptOne, VidarBrowse
                                              • 104.102.42.29
                                              https://www.evernote.com/shard/s371/sh/f041cc04-2eb8-11e1-1279-c0c24914207a/LWhD3rgdQ5xR5t--iDOJ7P-MUkYVUhgRq62dC8LVzLZOnctWRKJm5hEzqgGet hashmaliciousHTMLPhisherBrowse
                                              • 2.19.126.225

                                              JA3 Fingerprints

                                              No context

                                              Dropped Files

                                              No context

                                              Created / dropped Files

                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):294
                                              Entropy (8bit):5.212368316484212
                                              Encrypted:false
                                              SSDEEP:6:BOWIvU7L+q2PsHO2nKuAl9OmbnIFUt84OWIvU5z1Zmw+4OWIvU5lLVkwOsHO2nKZ:EPvK+vkHVHAahFUt81Pvmz1/+1PvmNVM
                                              MD5:F1214095391F59B07302F03FFB91E867
                                              SHA1:C0F5372F46A92CF8704A155039F3DB7A7A1A5E1E
                                              SHA-256:C55555C73D6A86AE08527CABE945B1DD8B4CD92D14659C0C32184B71CEF4CFB0
                                              SHA-512:9D2E548F640D91785BED34E5F5C0A9F91BA6E089F97DD8AF579A3B7EF17BE1313A04D5F8A642428632BE5AB6279D8686CB71EB9A5FC2BD04E1C688AE1FD71DBA
                                              Malicious:false
                                              Reputation:low
                                              Preview:2024/07/03-15:08:41.630 187c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/07/03-15:08:41.634 187c Recovering log #3.2024/07/03-15:08:41.634 187c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):294
                                              Entropy (8bit):5.212368316484212
                                              Encrypted:false
                                              SSDEEP:6:BOWIvU7L+q2PsHO2nKuAl9OmbnIFUt84OWIvU5z1Zmw+4OWIvU5lLVkwOsHO2nKZ:EPvK+vkHVHAahFUt81Pvmz1/+1PvmNVM
                                              MD5:F1214095391F59B07302F03FFB91E867
                                              SHA1:C0F5372F46A92CF8704A155039F3DB7A7A1A5E1E
                                              SHA-256:C55555C73D6A86AE08527CABE945B1DD8B4CD92D14659C0C32184B71CEF4CFB0
                                              SHA-512:9D2E548F640D91785BED34E5F5C0A9F91BA6E089F97DD8AF579A3B7EF17BE1313A04D5F8A642428632BE5AB6279D8686CB71EB9A5FC2BD04E1C688AE1FD71DBA
                                              Malicious:false
                                              Reputation:low
                                              Preview:2024/07/03-15:08:41.630 187c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/07/03-15:08:41.634 187c Recovering log #3.2024/07/03-15:08:41.634 187c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):338
                                              Entropy (8bit):5.184847357092801
                                              Encrypted:false
                                              SSDEEP:6:BOWIvU5qjyq2PsHO2nKuAl9Ombzo2jMGIFUt84OWIvUdyz1Zmw+4OWIvUdFjRkwM:EPvZOvkHVHAa8uFUt81Pvoyz1/+1PvoG
                                              MD5:345B0A9BE02FC75AC99AE1881BE9870A
                                              SHA1:9BF9DA67E31F19C767B048389DB0DE8EABBAC092
                                              SHA-256:EA4901FEFF6B701D0716DED1CC73204E443730D09C7C6660D99AD15333D1EC53
                                              SHA-512:1926697C32AEC3C215EC1A1B366D5D5A8F043A3756728C85C37A25149CF5814255FB440DC63F66A2A7404469EC4C28E54F8990B764E512BF10993ECCE8F6C4F1
                                              Malicious:false
                                              Reputation:low
                                              Preview:2024/07/03-15:08:41.507 1954 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/07/03-15:08:41.514 1954 Recovering log #3.2024/07/03-15:08:41.515 1954 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):338
                                              Entropy (8bit):5.184847357092801
                                              Encrypted:false
                                              SSDEEP:6:BOWIvU5qjyq2PsHO2nKuAl9Ombzo2jMGIFUt84OWIvUdyz1Zmw+4OWIvUdFjRkwM:EPvZOvkHVHAa8uFUt81Pvoyz1/+1PvoG
                                              MD5:345B0A9BE02FC75AC99AE1881BE9870A
                                              SHA1:9BF9DA67E31F19C767B048389DB0DE8EABBAC092
                                              SHA-256:EA4901FEFF6B701D0716DED1CC73204E443730D09C7C6660D99AD15333D1EC53
                                              SHA-512:1926697C32AEC3C215EC1A1B366D5D5A8F043A3756728C85C37A25149CF5814255FB440DC63F66A2A7404469EC4C28E54F8990B764E512BF10993ECCE8F6C4F1
                                              Malicious:false
                                              Reputation:low
                                              Preview:2024/07/03-15:08:41.507 1954 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/07/03-15:08:41.514 1954 Recovering log #3.2024/07/03-15:08:41.515 1954 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:JSON data
                                              Category:dropped
                                              Size (bytes):476
                                              Entropy (8bit):4.977564621483501
                                              Encrypted:false
                                              SSDEEP:12:YH/um3RA8sqbl7SsBdOg2HNcaq3QYiubEP7E4T3y:Y2sRdsWlbdMH83QYhbY7nby
                                              MD5:BBFFABCBFCCF8D0768D314FB28B0F8D6
                                              SHA1:FC35B6B48C9997E42A7F094B765A37A3AC031C72
                                              SHA-256:CD378BE71FE74AC3344F2CE976F1B8BBF80FA9C1E4FFF28EA80FC60069A32E9B
                                              SHA-512:779EBB50C677050116D8A59A0E21C92638139C5964BF7F808C4181BF73339FAC33926D5CE4789638BE02D06CD5AB4038C2131FF8328F9C0001171CBCA8214C61
                                              Malicious:false
                                              Reputation:low
                                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13364593732560979","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":181823},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.17","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\fbe6c672-8240-4893-981a-414a27204b52.tmp

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:JSON data
                                              Category:modified
                                              Size (bytes):476
                                              Entropy (8bit):4.977564621483501
                                              Encrypted:false
                                              SSDEEP:12:YH/um3RA8sqbl7SsBdOg2HNcaq3QYiubEP7E4T3y:Y2sRdsWlbdMH83QYhbY7nby
                                              MD5:BBFFABCBFCCF8D0768D314FB28B0F8D6
                                              SHA1:FC35B6B48C9997E42A7F094B765A37A3AC031C72
                                              SHA-256:CD378BE71FE74AC3344F2CE976F1B8BBF80FA9C1E4FFF28EA80FC60069A32E9B
                                              SHA-512:779EBB50C677050116D8A59A0E21C92638139C5964BF7F808C4181BF73339FAC33926D5CE4789638BE02D06CD5AB4038C2131FF8328F9C0001171CBCA8214C61
                                              Malicious:false
                                              Reputation:low
                                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13364593732560979","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":181823},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.17","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):6495
                                              Entropy (8bit):5.243880731815611
                                              Encrypted:false
                                              SSDEEP:192:TUi8h+F8Aj8DRCGwtqzmsLnNreR2ZpjRe4I8qr9jnNI92D3jC+3ETKEAE8jQe3KZ:jX8eQM0
                                              MD5:3DA7368D01140B7B9A1EB9AE0D422AA1
                                              SHA1:367642A9AEF29F8FAA6841121D4F9DAD00DF9C3F
                                              SHA-256:DF2930C53A0EE5566B678CD9D9B14A908440B94714F6382E946782573AB047F1
                                              SHA-512:1741A6A49FB28D323085884AD0C56704BD5733BB669586D0FEEFB52283AE0A6FC6CC56E911835A541AF965D339C8086431DAA5F1942222E3CED743B4EF109670
                                              Malicious:false
                                              Reputation:low
                                              Preview:*...#................version.1..namespace-....o................next-map-id.1.Pnamespace-42000ee3_e7f8_4e1a_acf9_c35e414a379e-https://rna-resource.acrobat.com/.0F...r................next-map-id.2.Snamespace-c3e8f6d4_f714_436a_92db_f0a4810aae6e-https://rna-v2-resource.acrobat.com/.1.p..r................next-map-id.3.Snamespace-d0743b68_de08_4f3c_b7bc_aca178ee7ff1-https://rna-v2-resource.acrobat.com/.2....o................next-map-id.4.Pnamespace-ce27b6a8_7896_4616_ab45_36a5ede234ad-https://rna-resource.acrobat.com/.3..).^...............Pnamespace-42000ee3_e7f8_4e1a_acf9_c35e414a379e-https://rna-resource.acrobat.com/...^...............Pnamespace-ce27b6a8_7896_4616_ab45_36a5ede234ad-https://rna-resource.acrobat.com/.{VUa...............Snamespace-c3e8f6d4_f714_436a_92db_f0a4810aae6e-https://rna-v2-resource.acrobat.com/....a...............Snamespace-d0743b68_de08_4f3c_b7bc_aca178ee7ff1-https://rna-v2-resource.acrobat.com/yATuo................next-map-id.5.Pnamespace-eb3aef6d_d129_430c_a353_

                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):326
                                              Entropy (8bit):5.228271608271069
                                              Encrypted:false
                                              SSDEEP:6:BOWIvU6yq2PsHO2nKuAl9OmbzNMxIFUt84OWIvUTQR11Zmw+4OWIvUORkwOsHO2v:EPvKvkHVHAa8jFUt81PvT1/+1Pv951Hp
                                              MD5:CE63CA5BD54D051480CDABA127ACFAAB
                                              SHA1:F6BCFF0F9B071447243B2FE51419F15493C302EB
                                              SHA-256:C71FB171B3650FF2FC949BE25B488E5A182E7B736A8551BEC3B4DE80E01E1DA9
                                              SHA-512:2FE9C7E1A91DFB31810B4CAD4EDB72A0B79A5BA0474DC0F1CAE727F4D0BBBABB2E453653839FBB087D83B47B507EF2FFC60E3FAD20BEC1CF1CF0D2CB222FD132
                                              Malicious:false
                                              Reputation:low
                                              Preview:2024/07/03-15:08:41.691 1954 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/07/03-15:08:41.693 1954 Recovering log #3.2024/07/03-15:08:41.695 1954 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):326
                                              Entropy (8bit):5.228271608271069
                                              Encrypted:false
                                              SSDEEP:6:BOWIvU6yq2PsHO2nKuAl9OmbzNMxIFUt84OWIvUTQR11Zmw+4OWIvUORkwOsHO2v:EPvKvkHVHAa8jFUt81PvT1/+1Pv951Hp
                                              MD5:CE63CA5BD54D051480CDABA127ACFAAB
                                              SHA1:F6BCFF0F9B071447243B2FE51419F15493C302EB
                                              SHA-256:C71FB171B3650FF2FC949BE25B488E5A182E7B736A8551BEC3B4DE80E01E1DA9
                                              SHA-512:2FE9C7E1A91DFB31810B4CAD4EDB72A0B79A5BA0474DC0F1CAE727F4D0BBBABB2E453653839FBB087D83B47B507EF2FFC60E3FAD20BEC1CF1CF0D2CB222FD132
                                              Malicious:false
                                              Reputation:low
                                              Preview:2024/07/03-15:08:41.691 1954 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/07/03-15:08:41.693 1954 Recovering log #3.2024/07/03-15:08:41.695 1954 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000001.dbtmp

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):16
                                              Entropy (8bit):3.2743974703476995
                                              Encrypted:false
                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                              MD5:46295CAC801E5D4857D09837238A6394
                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                              Malicious:false
                                              Reputation:high, very likely benign file
                                              Preview:MANIFEST-000001.

                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000003.log

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:data
                                              Category:modified
                                              Size (bytes):107
                                              Entropy (8bit):4.562663554774739
                                              Encrypted:false
                                              SSDEEP:3:x9K+k1t1HcZUV/TSq8qaOlknlll11HcZUV/TgllkW:ItVnVmq83OIlPVnV8OW
                                              MD5:500A7231DF678BE00BF7BD9E19759B22
                                              SHA1:065BAEFD0C8832A87821DC7B95C778706754806E
                                              SHA-256:54BC9ABDAC791BB99323175D9B45787A1B076E8A7F64E4797272A485C1F9E4B9
                                              SHA-512:3BD8FE5ED8EF86B152091517D0921D7E8CC21F153A50928418B8AE2B7AFDA9B38D5D0194A9D7F8D8ACDC8A0C56C4F7ED96995654DA4E5CA763968692182D6F7A
                                              Malicious:false
                                              Reputation:low
                                              Preview:..../................22_11|360x240|60........9......yB....................22_11|360x240|60..x....9;.....yB

                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\CURRENT (copy)

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):16
                                              Entropy (8bit):3.2743974703476995
                                              Encrypted:false
                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                              MD5:46295CAC801E5D4857D09837238A6394
                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                              Malicious:false
                                              Preview:MANIFEST-000001.

                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\LOG

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):285
                                              Entropy (8bit):5.20734629366535
                                              Encrypted:false
                                              SSDEEP:6:BOWIIDEFD1sHO2nKuAl9OmbzfXkrl2KLlrOWIID+4q2PsHO2nKuAl9OmbzfXkrKQ:EPIwwHVHAa8/uLcPIK4vkHVHAa8/F3F2
                                              MD5:E0773E8EFDA4D54CE495A6481553843D
                                              SHA1:D0447FD3E5ABDBC59E172FD2D535437A153828C6
                                              SHA-256:2AD5A044C74DFE56AA85A410E99268CEAE7C2A8670C28F0FAF7D1311C321CDDF
                                              SHA-512:4F14246681BD652CC31D7EA297226F5B96D488BE5015F9CF5A9BC861F664589CFEC14FB899B3A947A9FC640D8202623083352ECB0B8494FA35205BBBB58AAE97
                                              Malicious:false
                                              Preview:2024/07/03-15:10:53.650 1920 Creating DB C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db since it was missing..2024/07/03-15:10:53.658 1920 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db/MANIFEST-000001.

                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\MANIFEST-000001

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:OpenPGP Secret Key
                                              Category:dropped
                                              Size (bytes):41
                                              Entropy (8bit):4.704993772857998
                                              Encrypted:false
                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                              Malicious:false
                                              Preview:.|.."....leveldb.BytewiseComparator......

                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000001.dbtmp

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):16
                                              Entropy (8bit):3.2743974703476995
                                              Encrypted:false
                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                              MD5:46295CAC801E5D4857D09837238A6394
                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                              Malicious:false
                                              Preview:MANIFEST-000001.

                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000003.log

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):126
                                              Entropy (8bit):3.6123534208443075
                                              Encrypted:false
                                              SSDEEP:3:G0XttkJcsRwI9tkJcsSaJkG3mH2lztzlkzXlfmH2lG:G0XtqcsqczaJf3mH2lztzl4mH2lG
                                              MD5:A05963DD9E2C7C3F13C18A9245AD5934
                                              SHA1:15A87493591860C6C22499DF3A705ACB3CB466BD
                                              SHA-256:F40B7EF0FE0B676871403B8DD21CE42AF8E482DC8B81F09D93CB2C48CCD112B4
                                              SHA-512:E67833950A3DB8D4C27FC851C7DF9AEBB85699024F805E98A2951E9E9FC3B606F10EAD23CE0A3B97484A18A9A52520540FB29787178BFEB9FBD8D46D0AA492A2
                                              Malicious:false
                                              Preview:.h.6.................__global... .t...................__global... ..7..................22_......u...................22_.....

                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\CURRENT (copy)

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):16
                                              Entropy (8bit):3.2743974703476995
                                              Encrypted:false
                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                              MD5:46295CAC801E5D4857D09837238A6394
                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                              Malicious:false
                                              Preview:MANIFEST-000001.

                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\LOG

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):303
                                              Entropy (8bit):5.178802974173485
                                              Encrypted:false
                                              SSDEEP:6:BOWIIDcR1sHO2nKuAl9OmbzfXkrzs52KLlrOWIIDPN4q2PsHO2nKuAl9OmbzfXkO:EPIDHVHAa8/N9LcPIzN4vkHVHAa8/iF2
                                              MD5:ADF409835A8F2F72C3F997215D333DD0
                                              SHA1:EEF3CC6E07971194C12C0D9580694578A228F297
                                              SHA-256:187D695E8E9A818B6FF48709D3273376A6FD7E4194C63354B114A89F8DF0A7CA
                                              SHA-512:6EB805AA5481D1D5068FC70B7FDE47A8356DA33EAA2903E015E6034118A16C42403B6186EF95EED80FFE8219779151434B353ED1E99A5A6DB4D9D0EC884DC6AA
                                              Malicious:false
                                              Preview:2024/07/03-15:10:53.636 1920 Creating DB C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata since it was missing..2024/07/03-15:10:53.646 1920 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata/MANIFEST-000001.

                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\MANIFEST-000001

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:OpenPGP Secret Key
                                              Category:dropped
                                              Size (bytes):41
                                              Entropy (8bit):4.704993772857998
                                              Encrypted:false
                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                              Malicious:false
                                              Preview:.|.."....leveldb.BytewiseComparator......

                                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240703190847Z-246.bmp

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
                                              Category:dropped
                                              Size (bytes):71190
                                              Entropy (8bit):1.9038836417609133
                                              Encrypted:false
                                              SSDEEP:192:JBdIuxWqftGSmlcZdjJRJzpE0Oe/2KjqR6OiwMseNxtIV3xds5N0mc3W9KAFlqiW:WABmUjv1OlKO6OHAtIFsH0/3WYAFFW
                                              MD5:D41CC13956E189B0381DF3E3E595F550
                                              SHA1:6909372332C0C779A274BF29E43F358448D9C5E8
                                              SHA-256:23529DEFE1A7DA911FC013195CFF8A0B8BDECCF602B8255D3F6254F91ACCD0FF
                                              SHA-512:924616A8785CD28F041B52C8785CA4594ED316446D70D7DE2E9088400477AE928E43B9F881D9F7DEC8DB249D0DA33B5EA68A4D7A882957D22D455CA53B62929C
                                              Malicious:false
                                              Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
                                              Category:dropped
                                              Size (bytes):86016
                                              Entropy (8bit):4.4448400659258755
                                              Encrypted:false
                                              SSDEEP:384:yeZci5tRiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:Fis3OazzU89UTTgUL
                                              MD5:ED8E9CAA6C322C94A2058BBAEFFAC344
                                              SHA1:0F939BF3932DA5C2AC223F34651FF089D0E7AD31
                                              SHA-256:2919BEEC467C57F525655F3AA0DBD0ADA48687A406686B9B7E65000FEBC78E63
                                              SHA-512:15720B18BA5A8DF103E6802442388461771CD7E33C487563BD01CE33302F7B195B915FD89422C2154525025F92C441C80F413A95916AB728ADB0926503644463
                                              Malicious:false
                                              Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:SQLite Rollback Journal
                                              Category:dropped
                                              Size (bytes):8720
                                              Entropy (8bit):3.7665941734906774
                                              Encrypted:false
                                              SSDEEP:48:7MfJioyVPioyDoy1C7oy16oy1ZKOioy1noy1AYoy1Wioy1oioykioyBoy1noy1Oa:7IJuPd0XjBikb9IVXEBodRBkE
                                              MD5:D95F960DB18BD637FC7EAD10E26D8361
                                              SHA1:810A1700262CC719E5236B0AC1C7EFEE1212EA0E
                                              SHA-256:7C85CC24D7B68267835F5F44CE0DF8246EE228CDD6D870B35CEFD2F70BF04763
                                              SHA-512:776488738B1235F56635FCB3EDA55268A5CF71CB2725A709B405A25E1F1FD18A933CFC79BB3B3E35DC7BF86DCA815F22D80946522986D55C9982797F0EB830A8
                                              Malicious:false
                                              Preview:.... .c......+3~...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                              Category:dropped
                                              Size (bytes):71954
                                              Entropy (8bit):7.996617769952133
                                              Encrypted:true
                                              SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                              MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                              SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                              SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                              SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                              Malicious:false
                                              Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):893
                                              Entropy (8bit):7.366016576663508
                                              Encrypted:false
                                              SSDEEP:24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
                                              MD5:D4AE187B4574036C2D76B6DF8A8C1A30
                                              SHA1:B06F409FA14BAB33CBAF4A37811B8740B624D9E5
                                              SHA-256:A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
                                              SHA-512:1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C
                                              Malicious:false
                                              Preview:0..y..*.H.........j0..f...1.0...*.H.........N0..J0..2.......D....'..09...@k0...*.H........0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30...000930211219Z..210930140115Z0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30.."0...*.H.............0..........P..W..be......,k0.[...}.@......3vI*.?!I..N..>H.e...!.e.*.2....w..{........s.z..2..~..0....*8.y.1.P..e.Qc...a.Ka..Rk...K.(.H......>.... .[.*....p....%.tr.{j.4.0...h.{T....Z...=d.....Ap..r.&.8U9C....\@........%.......:..n.>..\..<.i....*.)W..=....]......B0@0...U.......0....0...U...........0...U.........{,q...K.u...`...0...*.H...............,...\...(f7:...?K.... ]..YD.>.>..K.t.....t..~.....K. D....}..j.....N..:.pI...........:^H...X._..Z.....Y..n......f3.Y[...sG.+..7H..VK....r2...D.SrmC.&H.Rg.X..gvqx...V..9$1....Z0G..P.......dc`........}...=2.e..|.Wv..(9..e...w.j..w.......)...55.1.

                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):328
                                              Entropy (8bit):3.241800306278292
                                              Encrypted:false
                                              SSDEEP:6:kKo9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:LDImsLNkPlE99SNxAhUe/3
                                              MD5:97366CFA55357B4AA6A18A20B7CA05CE
                                              SHA1:8C93F4EDD4198CCE78AE2984A033606D3C316654
                                              SHA-256:C90084E0CA19B12B6B39DCEC5F506AE9C1ECBA81C790046EF648D2C585400A42
                                              SHA-512:BE7751104C292D00D125FFE83BB5EBFC5150299834E9412D4ED0D3E89E47C9D381BD666077EF014DDB2C0EF78CE7C2FCA19517DF2B011B98EF870CF990CEF588
                                              Malicious:false
                                              Preview:p...... ...........|...(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):252
                                              Entropy (8bit):3.018927670754178
                                              Encrypted:false
                                              SSDEEP:3:kkFkl0w31fllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7lnka:kKuxliBAIdQZV7I7kc3
                                              MD5:6ED2E4851B4C10EED664F9006ADD0903
                                              SHA1:39D311F1AF043599D5B4305181CC111A3E4155D2
                                              SHA-256:AF5C789DC37F48895E61B8CAE0649E5F80BBF6FCCF707F5069BDB4926E16480D
                                              SHA-512:72779B6E0CDAB250D0D5196A9628B7DB0624C8450DCCDBB0BBBB24EE973232B2A724AD9F69E708D55A106ADE217E364C77BC6EE36BA7E0CA31292068B0EAF5EC
                                              Malicious:false
                                              Preview:p...... ....`.....o|...(....................................................... ........!.M........(...........}...h.t.t.p.:././.a.p.p.s...i.d.e.n.t.r.u.s.t...c.o.m./.r.o.o.t.s./.d.s.t.r.o.o.t.c.a.x.3...p.7.c...".3.7.d.-.6.0.7.9.b.8.c.0.9.2.9.c.0."...

                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.4008

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:PostScript document text
                                              Category:dropped
                                              Size (bytes):185099
                                              Entropy (8bit):5.182478651346149
                                              Encrypted:false
                                              SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                                              MD5:94185C5850C26B3C6FC24ABC385CDA58
                                              SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                                              SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                                              SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                                              Malicious:false
                                              Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:PostScript document text
                                              Category:dropped
                                              Size (bytes):185099
                                              Entropy (8bit):5.182478651346149
                                              Encrypted:false
                                              SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                                              MD5:94185C5850C26B3C6FC24ABC385CDA58
                                              SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                                              SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                                              SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                                              Malicious:false
                                              Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:JSON data
                                              Category:dropped
                                              Size (bytes):295
                                              Entropy (8bit):5.341249681261484
                                              Encrypted:false
                                              SSDEEP:6:YEQXJ2HXFWf+sV/jx6mJ0YOX3ceoAvJM3g98kUwPeUkwRe9:YvXKXFoxxjx6mk3kGMbLUkee9
                                              MD5:95EEE892BD13E1ADFA2FC407D3908201
                                              SHA1:2B4AFE1EA904ED29C84C7674BD955C552CF3677A
                                              SHA-256:B7F1407B686948163630324A0E9C0FA763EC92717963379941ED03C98C39A790
                                              SHA-512:406442929A30A3F93EFD323236F96BD6DE5DE9495C1684847198A01AA375DBD1B9D137B0298CDE534EF1244B52647E929531BAFADA2B1B90F9567B64F7364DE0
                                              Malicious:false
                                              Preview:{"analyticsData":{"responseGUID":"23c9a43f-f3e4-48b6-aade-6fd23ad37d49","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1720208481372,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:JSON data
                                              Category:dropped
                                              Size (bytes):294
                                              Entropy (8bit):5.286636331732146
                                              Encrypted:false
                                              SSDEEP:6:YEQXJ2HXFWf+sV/jx6mJ0YOX3ceoAvJfBoTfXpnrPeUkwRe9:YvXKXFoxxjx6mk3kGWTfXcUkee9
                                              MD5:6B07FA7F1F5ED38CBC9847D364974A68
                                              SHA1:AE667EA874AA83699E672911B28336E0F441164D
                                              SHA-256:1494B0DC2A658ADC659A7DFAF6A9390FF60980D34734335FF38708768210176F
                                              SHA-512:3CB3C7A215579FA6A7904CB9B10CFBA8138D7F39401C443C5E28A23BDB149D5D86CC28DC3AE2A16BF8D3C2A1A7BEA428EBDE946590183421F502644EB22F08C2
                                              Malicious:false
                                              Preview:{"analyticsData":{"responseGUID":"23c9a43f-f3e4-48b6-aade-6fd23ad37d49","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1720208481372,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:JSON data
                                              Category:dropped
                                              Size (bytes):294
                                              Entropy (8bit):5.265631367127222
                                              Encrypted:false
                                              SSDEEP:6:YEQXJ2HXFWf+sV/jx6mJ0YOX3ceoAvJfBD2G6UpnrPeUkwRe9:YvXKXFoxxjx6mk3kGR22cUkee9
                                              MD5:F1C92082A5E44E10D726979C069CF824
                                              SHA1:5822C79601A3AC32DDF918E8D84C7F3FE2F65C19
                                              SHA-256:8D719982DFBA8994851612245F0DCBF938B531F06FDA734F65417FF7C7B33A15
                                              SHA-512:481951C3E2CE655C72DCE42F5D6E9858D66D473F76B835992E812D18CC36A68965014DD0F7369575F615149F816936455370842BDA7ED50A034A10B0EB16C4B4
                                              Malicious:false
                                              Preview:{"analyticsData":{"responseGUID":"23c9a43f-f3e4-48b6-aade-6fd23ad37d49","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1720208481372,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:JSON data
                                              Category:dropped
                                              Size (bytes):285
                                              Entropy (8bit):5.326570245549348
                                              Encrypted:false
                                              SSDEEP:6:YEQXJ2HXFWf+sV/jx6mJ0YOX3ceoAvJfPmwrPeUkwRe9:YvXKXFoxxjx6mk3kGH56Ukee9
                                              MD5:7F7C971C7516B330C68E543E2831F1A3
                                              SHA1:C3F22D21E6B35BF6EDCE8FD1AFAB3B13CF68E1E8
                                              SHA-256:3316881B222B60B1FB43A716AD8E410762D90A34CC445592F011254E18DF40FA
                                              SHA-512:F344CEF0B1B54E6C97DB4D35B5483E97B1881A1D4781CE4606EC4C8E0896C928D81E464CEBAF4CF64A574D0D5CB047E316BD51FA34C2FFC8D808E0B07D31AC9B
                                              Malicious:false
                                              Preview:{"analyticsData":{"responseGUID":"23c9a43f-f3e4-48b6-aade-6fd23ad37d49","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1720208481372,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:JSON data
                                              Category:dropped
                                              Size (bytes):292
                                              Entropy (8bit):5.287118867437206
                                              Encrypted:false
                                              SSDEEP:6:YEQXJ2HXFWf+sV/jx6mJ0YOX3ceoAvJfJWCtMdPeUkwRe9:YvXKXFoxxjx6mk3kGBS8Ukee9
                                              MD5:D68F243708AB9D263D3CF15A0F63A0C7
                                              SHA1:A304386BDED772679033A7CF1BADD0F3892205DC
                                              SHA-256:A6323BF5C59EBA52472A4EACCC7A73E92D185A25818C86D6D181C8794B1FE48D
                                              SHA-512:9837483216A34F980F98D424C7E5F79B71FFE5D9F1AE6910A8AB53646C6E5952A1B9F952EBD00456EB89F52B9A8098C6227874CEF214FAA5DB31B7FD77496C0E
                                              Malicious:false
                                              Preview:{"analyticsData":{"responseGUID":"23c9a43f-f3e4-48b6-aade-6fd23ad37d49","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1720208481372,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:JSON data
                                              Category:dropped
                                              Size (bytes):289
                                              Entropy (8bit):5.273642170814053
                                              Encrypted:false
                                              SSDEEP:6:YEQXJ2HXFWf+sV/jx6mJ0YOX3ceoAvJf8dPeUkwRe9:YvXKXFoxxjx6mk3kGU8Ukee9
                                              MD5:2C5EBD3C873B4614B1FD208C9C5D752E
                                              SHA1:4FF631EBD240DC15DB1495C9A327060D4CCA4DC8
                                              SHA-256:9DE18D0113FC817706EEC9F3FEC6902C561451ACCEE78AB1D722F88094C7493B
                                              SHA-512:9655BAE6E3222065DCD2ED8A459A69FF2DCCB8C2BB634BD4881F6D387CB7710B3043250EEB9F35563D7C2E77657246834DB8CE4A9E77CE96CDDDDF26A0FF1EBA
                                              Malicious:false
                                              Preview:{"analyticsData":{"responseGUID":"23c9a43f-f3e4-48b6-aade-6fd23ad37d49","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1720208481372,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:JSON data
                                              Category:dropped
                                              Size (bytes):292
                                              Entropy (8bit):5.2754517959709055
                                              Encrypted:false
                                              SSDEEP:6:YEQXJ2HXFWf+sV/jx6mJ0YOX3ceoAvJfQ1rPeUkwRe9:YvXKXFoxxjx6mk3kGY16Ukee9
                                              MD5:01A9D2E9474FEAEE530CE0B5B5458E64
                                              SHA1:61FE1635192E23E479A01F8CF450B5115DEE9AA1
                                              SHA-256:9BCB64FD83DDF8DE172C8239CD674DAD1F8D0A0CA8912A458F1110A4FA280904
                                              SHA-512:0F89A9DEE42C345D1B9C2728C93CFD5FE07484E26B7CD2E5E52C38BDD205E7FED98B09CE8D1175D2B5F0894830CF3E721C746DBF417F7FCB28B2EA2045EC67C5
                                              Malicious:false
                                              Preview:{"analyticsData":{"responseGUID":"23c9a43f-f3e4-48b6-aade-6fd23ad37d49","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1720208481372,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:JSON data
                                              Category:dropped
                                              Size (bytes):289
                                              Entropy (8bit):5.28151936397677
                                              Encrypted:false
                                              SSDEEP:6:YEQXJ2HXFWf+sV/jx6mJ0YOX3ceoAvJfFldPeUkwRe9:YvXKXFoxxjx6mk3kGz8Ukee9
                                              MD5:82D52CDC3A9140D255D9CCA26E36B305
                                              SHA1:5EF71F638DBF0448A97BCF93B47B324D9642A009
                                              SHA-256:AB9571AB94DFE4B1189F07353E8F93895C3C76888DD7C7777B801BBB3E2EAB63
                                              SHA-512:3B8D3D910D8FB7CB8632C55AF8B634FEA50AC638A863DA4ADB2338BCB1C5243F0EE8412B911148D691059A22B874A4071AB095F7792FD5C9C93A4B6A1F4AB444
                                              Malicious:false
                                              Preview:{"analyticsData":{"responseGUID":"23c9a43f-f3e4-48b6-aade-6fd23ad37d49","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1720208481372,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:JSON data
                                              Category:dropped
                                              Size (bytes):1372
                                              Entropy (8bit):5.735050671946279
                                              Encrypted:false
                                              SSDEEP:24:Yv6Xwxd6HMKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJN9r:Yv9x8sEgigrNt0wSJn+ns8cvFJvr
                                              MD5:36D1CF4831AD5AC7B25FF4C331B878FF
                                              SHA1:00706E7E3E559A420E157A30C9630A12AA8F40E2
                                              SHA-256:B751DE6AE66B096D92D612313542D8EC533409FEFD42CB7A2FDACD1C271F512B
                                              SHA-512:07401C3F5DFD18BA961B7CCEB9A6616C8DE5605D5863E65B179EFBF3C972C45F353B2EAA309FBB4CC810669C167CB9556AF751DBDA369E77FF19B6AEEA168147
                                              Malicious:false
                                              Preview:{"analyticsData":{"responseGUID":"23c9a43f-f3e4-48b6-aade-6fd23ad37d49","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1720208481372,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:JSON data
                                              Category:dropped
                                              Size (bytes):289
                                              Entropy (8bit):5.280058452197058
                                              Encrypted:false
                                              SSDEEP:6:YEQXJ2HXFWf+sV/jx6mJ0YOX3ceoAvJfYdPeUkwRe9:YvXKXFoxxjx6mk3kGg8Ukee9
                                              MD5:4574C665E56ED3554D5211C0972CC6C5
                                              SHA1:32C04D0EDA695E1C2911469B950A4E8D7D56960D
                                              SHA-256:5C9CA4185C1172FB4140317B122CB1CB07C3F886BC8369C450070D5E405FFC90
                                              SHA-512:D3C926C6AA65FB5238D03AB86B1837A7F12C1F51DD69EF12C7E429AA213A3F90BEDE5FD06E8F78DAD4B487208382C41A456D452025A45D4764E2B9D86E8716CC
                                              Malicious:false
                                              Preview:{"analyticsData":{"responseGUID":"23c9a43f-f3e4-48b6-aade-6fd23ad37d49","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1720208481372,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:JSON data
                                              Category:dropped
                                              Size (bytes):1395
                                              Entropy (8bit):5.77215330255997
                                              Encrypted:false
                                              SSDEEP:24:Yv6Xwxd6HDrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNlr:Yv9x8jHgDv3W2aYQfgB5OUupHrQ9FJ7r
                                              MD5:DE392F682A0980741B8FA51145FFEB63
                                              SHA1:0B1878FAD601B244B4B80AE39CAC52B1C6D266D7
                                              SHA-256:815581352BD4137E09A91725C1BEA477FBF59458730E439585E655A206A3B676
                                              SHA-512:E464F0901BE5F34C1E4A260A81EA62D5BC41A241038CAD28C337AD562C9916465DB121CECCD3EC178774AD1EB24C0E04DE98E60EB7636E06B66D506208E1E76F
                                              Malicious:false
                                              Preview:{"analyticsData":{"responseGUID":"23c9a43f-f3e4-48b6-aade-6fd23ad37d49","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1720208481372,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:JSON data
                                              Category:dropped
                                              Size (bytes):291
                                              Entropy (8bit):5.263742605182283
                                              Encrypted:false
                                              SSDEEP:6:YEQXJ2HXFWf+sV/jx6mJ0YOX3ceoAvJfbPtdPeUkwRe9:YvXKXFoxxjx6mk3kGDV8Ukee9
                                              MD5:D0BC260DE4A3FD407E57D9826A05E188
                                              SHA1:D1F3C84607F0CFD15ADA5E59498000F897F91DF1
                                              SHA-256:22B532C8051A2DE93F566FDFB94FA13BCEFDAB168E206802A34EC0ABF5DBDF67
                                              SHA-512:BC14FE3DA890AA198EE568299C452C572A2C7F8ED8A18BAB6176B3F579F718D21B13258971797AF38D56ADB93066B335D15D27398DD21FBFC30705CBC1B63B75
                                              Malicious:false
                                              Preview:{"analyticsData":{"responseGUID":"23c9a43f-f3e4-48b6-aade-6fd23ad37d49","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1720208481372,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:JSON data
                                              Category:dropped
                                              Size (bytes):287
                                              Entropy (8bit):5.265715080417709
                                              Encrypted:false
                                              SSDEEP:6:YEQXJ2HXFWf+sV/jx6mJ0YOX3ceoAvJf21rPeUkwRe9:YvXKXFoxxjx6mk3kG+16Ukee9
                                              MD5:12706DF1F5A5CFE7F621356448877A22
                                              SHA1:57986D531D91A3E559CFFF4B4110759A54B5ADBE
                                              SHA-256:D95F2956CB7ACFA320286057BB160790542F87F3AE2E29E123FDA128721DFF35
                                              SHA-512:E63E200C8E384117B3BC1CBC1C0990AE7CD54CFAFC88FD07BEA61A42FB103EEDC1BA285F126C429AB59AC78C0C21EEDA204DB9E4E9E2E7FDEB9068F667615C7C
                                              Malicious:false
                                              Preview:{"analyticsData":{"responseGUID":"23c9a43f-f3e4-48b6-aade-6fd23ad37d49","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1720208481372,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:JSON data
                                              Category:dropped
                                              Size (bytes):289
                                              Entropy (8bit):5.286893580955206
                                              Encrypted:false
                                              SSDEEP:6:YEQXJ2HXFWf+sV/jx6mJ0YOX3ceoAvJfbpatdPeUkwRe9:YvXKXFoxxjx6mk3kGVat8Ukee9
                                              MD5:7F292E053BE8310480CB5397CAE4569A
                                              SHA1:40B23612058CBF676BE9273EE362C0861B6B61E8
                                              SHA-256:6768679424A8C87C4C5393FC20A1EAFC1DF8624AF312BE9091FE7A98031FC369
                                              SHA-512:AB3E198164D2445D446FC9087BA0FF914F327BAD636BDB31B10B283A4BB8C7BE91FB13E51B9F133F25C4651ED29BF6CF513C89C6AB0921608EA704B103669CDD
                                              Malicious:false
                                              Preview:{"analyticsData":{"responseGUID":"23c9a43f-f3e4-48b6-aade-6fd23ad37d49","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1720208481372,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:JSON data
                                              Category:dropped
                                              Size (bytes):286
                                              Entropy (8bit):5.239132758867432
                                              Encrypted:false
                                              SSDEEP:6:YEQXJ2HXFWf+sV/jx6mJ0YOX3ceoAvJfshHHrPeUkwRe9:YvXKXFoxxjx6mk3kGUUUkee9
                                              MD5:066DDBE25BEA0D568258100FBBBAC6C1
                                              SHA1:6B917AE432D1357347570142842CB20D47AEA18F
                                              SHA-256:8EB27C88AAB61BA7F02B427334284567AC20BB927CFB3B08DE65BB059C8FC887
                                              SHA-512:FEC748C5B3333809C8E01E630FCC49CC045B689D309839DAEDC6042282ED7788266CFF38E0B8D4A4CE03EA013949A1711D2AA5A3AE6637102D76DF1AA529B78F
                                              Malicious:false
                                              Preview:{"analyticsData":{"responseGUID":"23c9a43f-f3e4-48b6-aade-6fd23ad37d49","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1720208481372,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:JSON data
                                              Category:dropped
                                              Size (bytes):782
                                              Entropy (8bit):5.362060573982161
                                              Encrypted:false
                                              SSDEEP:12:YvXKXFoxxjx6mk3kGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWpYS:Yv6Xwxd6Ha168CgEXX5kcIfANhAr
                                              MD5:4BB92359A91BFAA648DF3AC39B09BB0B
                                              SHA1:9542838BB304E6A14DAD2501CDB601674D8DA5FB
                                              SHA-256:C8EC322A7528C5E0C6C98AB0E006CDF44488C0B5F94715C4B594459A15F506E2
                                              SHA-512:06B46D346A6710FEABAA50C15EE5F3138CA7C5CFBB36288546A011C18F40AB31765F3A5DCEFAAA3F21F169A4D6DA64D4C48E182216191564DA157E2305E2627C
                                              Malicious:false
                                              Preview:{"analyticsData":{"responseGUID":"23c9a43f-f3e4-48b6-aade-6fd23ad37d49","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1720208481372,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1720033731409}}}}

                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):4
                                              Entropy (8bit):0.8112781244591328
                                              Encrypted:false
                                              SSDEEP:3:e:e
                                              MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                              SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                              SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                              SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                              Malicious:false
                                              Preview:....

                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:JSON data
                                              Category:dropped
                                              Size (bytes):2814
                                              Entropy (8bit):5.11171229560097
                                              Encrypted:false
                                              SSDEEP:48:Y5irPp5ActRgcbv3lGqdwabB5Zx6Ajw/jnz12X9taG/:tAAg8v1X5Lfgz+x
                                              MD5:34524995DEBF37DF3E67B8BA73E79EAE
                                              SHA1:6C2B1DCE221BFF30407D4E65F95971AEAF61A316
                                              SHA-256:6300A68F3A45ACB4EC9892F15C6ABCF66BF5A71D8701894265A60C2F9B2E51AE
                                              SHA-512:62DCAF805BC7184C5F3085FDCAEEAAB855AAE8F3CE1A515E6B7A90CD1B96E417AE1CD2D7E582907E663FCE665AED9109F0A2F33A38EA059480789E27D40243D5
                                              Malicious:false
                                              Preview:{"all":[{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"907eb73f31d53a6f9049a103a4f83333","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1720033730000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"f9f357b8ffa1bb3bb400b1e3fa640da3","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1720033730000},{"id":"Edit_InApp_Aug2020","info":{"dg":"c3ae7083a883dacb275b5265864d224e","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1720033730000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"1ffc5e1492cf53277269e9b06c3d8702","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1720033730000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"e0d1dcf5a062aac834353dc82a376326","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1720033730000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"3b0326ff332924f1f7a96cbe3e2cea8c","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1720033730000},

                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 23, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 23
                                              Category:dropped
                                              Size (bytes):12288
                                              Entropy (8bit):1.3570997345394584
                                              Encrypted:false
                                              SSDEEP:48:TVl2GL7msncRVbjVpOV6cV6+VZeVZvVZCVZW/Vk/Vhjv2ubCs22Lb5BvPX:vVmssZnrF4tf
                                              MD5:557EDFF9D71C8A931984CBC9D772417A
                                              SHA1:F1E65069DF4544A13E4DD5110145543A2C55A57D
                                              SHA-256:B662C59C1BB6D0ECCAC6BB0381F631B993B1087E955E425435AAAF195A259EC5
                                              SHA-512:FDACDA1E415437E7098759BAA94AD8EDAE29A1F2F791DFFE584D451C238066D74311E602E98A7E3959C9470273A771E9D58785048D7F20C85374FDB51FB8D48A
                                              Malicious:false
                                              Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:SQLite Rollback Journal
                                              Category:dropped
                                              Size (bytes):8720
                                              Entropy (8bit):1.8298028706964506
                                              Encrypted:false
                                              SSDEEP:48:7MgWcRVbjVpOV6cV6+VZeVZvVZCVZW/Vk/Vhjv2ubCs22LaBvPxcTqll2GL7msY:7VZnrFrtaqVmsY
                                              MD5:9C39704FAAE976E1CCE31B1A15DDDA3C
                                              SHA1:FE850A584F176034B79887F142CAB9443B97F52F
                                              SHA-256:5C7321EAFC526DEF28CE6AA561E0F4EFB8D7D4994AC5ECFD1B9DDDB664450AC5
                                              SHA-512:051504F4D57E9C3EA4AD91DCAEFFD478741747C2504DE5CB688F1FC0392C10FF93C7A9171768BB070EC3F2278EC7B8FE29656FFB9587888AD45181DE735BE0DC
                                              Malicious:false
                                              Preview:.... .c........j......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................v.../.././././.-.-.-.-.-.-.-.-.-.-.-.-.-.-........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\Local\Temp\MSI7cfbe.LOG

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):246
                                              Entropy (8bit):3.5309417490522437
                                              Encrypted:false
                                              SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K82AawClUnH:Qw946cPbiOxDlbYnuRKXArH
                                              MD5:7309030769A0A67AEF849986666511A5
                                              SHA1:35C6E2C5BE5DF1F221F1AE2ABAC3FA90D3FFFE8F
                                              SHA-256:3AAB1800FA5B7BE43331B302E23C6C8D7F85C9E32716A393C8C2608A6C07D468
                                              SHA-512:0DA2AF6D28497A004A3DEF4336C2C61C8E81227E7E526566EE5B1F6CD7D73ADD033A0D2AAA69E30796C7505C8AE9D6700AEFCD440264365EBC8C950E1B7BC013
                                              Malicious:false
                                              Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.3./.0.7./.2.0.2.4. . .1.5.:.0.8.:.5.1. .=.=.=.....

                                              C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-07-03 15-08-46-785.log

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:ASCII text, with very long lines (393)
                                              Category:dropped
                                              Size (bytes):16525
                                              Entropy (8bit):5.359827924713262
                                              Encrypted:false
                                              SSDEEP:384:yNDmLJAZYTtvEcrd/GVMimVRMTzpCeb9sJVPbvHktuFKr4Bnk2DfNSNq8iwyhZ9u:bAPaRH9E3/
                                              MD5:06DEAEDB81D09FD8FB5FF668D8E09CB2
                                              SHA1:28A02BCBD5975117B97A08AFB049F2C94F334726
                                              SHA-256:D98DE785425112A2D7A41B16073812FA4FA4955F2D5139AE87C9A5FBC4717D64
                                              SHA-512:948E3B56E5A8D818A5FE9D74B82A898F7264909ADF2C49E5D096CB90F4D28ED95990545A4857933F0E06D493AA0F6D41F6109C74B44BC0E4B84346B519681936
                                              Malicious:false
                                              Preview:SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:755+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig:

                                              C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:ASCII text, with very long lines (392), with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):15090
                                              Entropy (8bit):5.363305827815339
                                              Encrypted:false
                                              SSDEEP:384:ZWULsy9/tm31rSGTOkmr0yba+RQrm99/rcie4a5/H3eHJjmj7E/ApmpIRpnkP2eF:t6m
                                              MD5:6E4741F5D96DD1EDA6BD3E0AFCB7FEB7
                                              SHA1:562D3F9870896167B4D67EBD731B73C95636B2AE
                                              SHA-256:938C1BE056E378AEB3F5DF0CD2819FE54DCE92ABE26968F09DAE68E475E3E577
                                              SHA-512:3777C13E592721A73E9DDC38FCB0E7300E361AFD5495E445A3BD8F957DDFB7BF5BF6743EC407F0C7EDF117EEE9E4C11556C60B669F0AF0A39F68EADCBA6AB712
                                              Malicious:false
                                              Preview:SessionID=1c003f80-505e-42c8-a23f-91f959641d88.1720033726795 Timestamp=2024-07-03T15:08:46:795-0400 ThreadID=6204 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=1c003f80-505e-42c8-a23f-91f959641d88.1720033726795 Timestamp=2024-07-03T15:08:46:797-0400 ThreadID=6204 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=1c003f80-505e-42c8-a23f-91f959641d88.1720033726795 Timestamp=2024-07-03T15:08:46:797-0400 ThreadID=6204 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=1c003f80-505e-42c8-a23f-91f959641d88.1720033726795 Timestamp=2024-07-03T15:08:46:797-0400 ThreadID=6204 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=1c003f80-505e-42c8-a23f-91f959641d88.1720033726795 Timestamp=2024-07-03T15:08:46:797-0400 ThreadID=6204 Component=ngl-lib_NglAppLib Description="SetConf

                                              C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              File Type:ASCII text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):35721
                                              Entropy (8bit):5.424573981635283
                                              Encrypted:false
                                              SSDEEP:192:fcbmI6ccb9cb+IqccbdcbIIl3cbXcbWIS+cb4cbIIJzcbWcbAIXRcbh:g6sqGlVS/JgXu
                                              MD5:18E40BB8288BF3E4F7FAAED5938A4F6D
                                              SHA1:E3704378D91C4D703D3684C6F0EB92AE8586533D
                                              SHA-256:C9627A20D4056565B87065706A1D75A88A21E178A81EE14F0AF366BC87B420B7
                                              SHA-512:C2E81F391996426BA276E1FBF7B7013B8C10DFED43EE8EBA0FD45460953F9F943F2AC503C3C1DB8FDADB00F732895EFD1A2AE2827F149DE384DCD2DD77FABFBD
                                              Malicious:false
                                              Preview:06-10-2023 11:44:59:.---2---..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 11:44:59:.Closing File..06-10-

                                              C:\Users\user\AppData\Local\Temp\acrocef_low\1f5e4699-88fe-4e25-9c25-a2911c722499.tmp

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                              Category:dropped
                                              Size (bytes):386528
                                              Entropy (8bit):7.9736851559892425
                                              Encrypted:false
                                              SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                              MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                              SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                              SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                              SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                              Malicious:false
                                              Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                              C:\Users\user\AppData\Local\Temp\acrocef_low\5f21dc58-7cfb-435a-af83-3ce8b48d4399.tmp

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                              Category:dropped
                                              Size (bytes):1419751
                                              Entropy (8bit):7.976496077007677
                                              Encrypted:false
                                              SSDEEP:24576:/xA7ouWLGwYIGNPMGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVuWLGwZGuGZn3mlind9i4ufFXpAXkru
                                              MD5:0E1580362291AD21A1D725FA761C79B6
                                              SHA1:C7F4D713FE4C54F61F1A49E50157466B02540C19
                                              SHA-256:76239186C62B735AC3954CE66A2A216AA2D703A4AAF29F2C50CE1C2A8679E647
                                              SHA-512:52BECFE8086D70C8F1B2F52551E43BE17F3238BB771D91C2B267EC7DDE1DB830FC612A021E0C491C283D61E05C4B5EF191B23D41EBAF2AC36712F6B0C4D15785
                                              Malicious:false
                                              Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                              C:\Users\user\AppData\Local\Temp\acrocef_low\8138b0ab-650f-41c1-b64b-6354f4532533.tmp

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                              Category:dropped
                                              Size (bytes):1407294
                                              Entropy (8bit):7.97605879016224
                                              Encrypted:false
                                              SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw
                                              MD5:8B9FA2EC5118087D19CFDB20DA7C4C26
                                              SHA1:E32D6A1829B18717EF1455B73E88D36E0410EF93
                                              SHA-256:4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
                                              SHA-512:662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
                                              Malicious:false
                                              Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                              C:\Users\user\AppData\Local\Temp\acrocef_low\d58e41eb-4acf-4038-9dda-ab394a8331cf.tmp

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                              Category:dropped
                                              Size (bytes):543911
                                              Entropy (8bit):7.977303608379539
                                              Encrypted:false
                                              SSDEEP:12288:ONh3P65+Tegs6121STJJJJv+9UZ+bvH01ybxrr/IxkB1mabFhOXZ/fEa+Q:O3Pjegf1210JJJJm94+oMNB1DofjR
                                              MD5:956BEC2EB32005025184F904D9622D32
                                              SHA1:C6A9A8B3F7A7AB8122FB00457C0F83D4A77F21AF
                                              SHA-256:DEFD4ADB96BA87467278B6B06980FDAB1EE460D971B62ED05A89FF32983784EF
                                              SHA-512:3A32B169312E5886D8C3029BF15AD291C41AF9FB03AE7D9B1A3CAB74E95C7AAAF3E384F2432BDB8F815075B11F30D4FF083271802B41616C9060E268EB3B5D3D
                                              Malicious:false
                                              Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                              C:\Users\user\AppData\Local\Temp\acrocef_low\ff28a03a-b19a-424e-b522-17b111758400.tmp

                                              Download File
                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                              Category:dropped
                                              Size (bytes):758601
                                              Entropy (8bit):7.98639316555857
                                              Encrypted:false
                                              SSDEEP:12288:ONh3P65+Tegs6121D1ybxrr/IxkB1mabFhOXZ/fEa+bSWBlkipdjuGTJJJJv+9U0:O3Pjegf121DMNB1Dofj0S8lkipdj/JJg
                                              MD5:410BB1A54ECCE470696636D4C2000E33
                                              SHA1:53A6AC06832DAA17D7C006C0A9B8B30597701926
                                              SHA-256:8B6D42D70862D6623F66B09F6819A35E1AF4ACC409461E140DA020F386877F92
                                              SHA-512:1A46EDB52F5785C7B9D1FF702CC62764BFDD3EDA5848740B00751E7F4C3AE7C691E88A26B1AE7F5213242887846BEC92C02C744B43046E7414F4D6B85E0E5913
                                              Malicious:false
                                              Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                              Static File Info

                                              General

                                              File type:PDF document, version 2.0 (zip deflate encoded)
                                              Entropy (8bit):7.755217322942899
                                              TrID:
                                              • Adobe Portable Document Format (5005/1) 100.00%
                                              File name:REGISTERED NY LIEN JUDGMENT 3 FILED.pdf
                                              File size:83'103'267 bytes
                                              MD5:3d1421e74c45d30d1861983288f509d6
                                              SHA1:ae031b7c4a69f2b338b70df155c31133f48e1272
                                              SHA256:f7ae91286f594920119d821e62cfae146e942f8a22495ee18777ce945d0af8c0
                                              SHA512:c1cf6c531477bdfcc8f28f14c02ab7a5c973cdca2a498a363c2e9c613b6b7b68a0ab2f1909b552ae88db786d44a66dccece93d8f57233d1de89452e082f4aa7a
                                              SSDEEP:1572864:7N1l6LERn7hiHarRfYDE8rHRp0uRphGc1elAjM4/Zb6YKC0GY5eriwHm:7NeEZhiGRsE8DXhnh5dp6MfY5+rG
                                              TLSH:E508ABEF9FCD40BA4D868370FD11458E9BBD49589AF85790007B503FA88695CB2EE87C
                                              File Content Preview:%PDF-2.0.%.....1124 0 obj<</Linearized 1/L 83103267/O 1127/E 485011/N 138/T 83099941/H [ 691 570]>>.endobj. .1125 0 obj<</ID[<0943564B84B30E0B9DECDEA

                                              File Icon

                                              Icon Hash:62cc8caeb29e8ae0

                                              Network Behavior

                                              Network Port Distribution

                                              TCP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Jul 3, 2024 21:08:49.637758970 CEST49707443192.168.2.1752.6.155.20
                                              Jul 3, 2024 21:08:49.637798071 CEST4434970752.6.155.20192.168.2.17
                                              Jul 3, 2024 21:08:49.637870073 CEST49707443192.168.2.1752.6.155.20
                                              Jul 3, 2024 21:08:49.638106108 CEST49707443192.168.2.1752.6.155.20
                                              Jul 3, 2024 21:08:49.638118982 CEST4434970752.6.155.20192.168.2.17
                                              Jul 3, 2024 21:08:50.261478901 CEST4434970752.6.155.20192.168.2.17
                                              Jul 3, 2024 21:08:50.261871099 CEST49707443192.168.2.1752.6.155.20
                                              Jul 3, 2024 21:08:50.261897087 CEST4434970752.6.155.20192.168.2.17
                                              Jul 3, 2024 21:08:50.262773037 CEST4434970752.6.155.20192.168.2.17
                                              Jul 3, 2024 21:08:50.262840033 CEST49707443192.168.2.1752.6.155.20
                                              Jul 3, 2024 21:08:50.262847900 CEST4434970752.6.155.20192.168.2.17
                                              Jul 3, 2024 21:08:50.262886047 CEST49707443192.168.2.1752.6.155.20
                                              Jul 3, 2024 21:08:50.291712046 CEST49707443192.168.2.1752.6.155.20
                                              Jul 3, 2024 21:08:50.291821957 CEST4434970752.6.155.20192.168.2.17
                                              Jul 3, 2024 21:08:50.291975975 CEST49707443192.168.2.1752.6.155.20
                                              Jul 3, 2024 21:08:50.291986942 CEST4434970752.6.155.20192.168.2.17
                                              Jul 3, 2024 21:08:50.345827103 CEST49707443192.168.2.1752.6.155.20
                                              Jul 3, 2024 21:08:50.623157024 CEST4434970752.6.155.20192.168.2.17
                                              Jul 3, 2024 21:08:50.623274088 CEST4434970752.6.155.20192.168.2.17
                                              Jul 3, 2024 21:08:50.623343945 CEST49707443192.168.2.1752.6.155.20
                                              Jul 3, 2024 21:08:50.624980927 CEST49707443192.168.2.1752.6.155.20
                                              Jul 3, 2024 21:08:50.624998093 CEST4434970752.6.155.20192.168.2.17
                                              Jul 3, 2024 21:08:50.626562119 CEST49709443192.168.2.1752.6.155.20
                                              Jul 3, 2024 21:08:50.626580954 CEST4434970952.6.155.20192.168.2.17
                                              Jul 3, 2024 21:08:50.626646042 CEST49709443192.168.2.1752.6.155.20
                                              Jul 3, 2024 21:08:50.626847982 CEST49709443192.168.2.1752.6.155.20
                                              Jul 3, 2024 21:08:50.626864910 CEST4434970952.6.155.20192.168.2.17
                                              Jul 3, 2024 21:08:51.223222017 CEST4434970952.6.155.20192.168.2.17
                                              Jul 3, 2024 21:08:51.223777056 CEST49709443192.168.2.1752.6.155.20
                                              Jul 3, 2024 21:08:51.223808050 CEST4434970952.6.155.20192.168.2.17
                                              Jul 3, 2024 21:08:51.227152109 CEST4434970952.6.155.20192.168.2.17
                                              Jul 3, 2024 21:08:51.227250099 CEST49709443192.168.2.1752.6.155.20
                                              Jul 3, 2024 21:08:51.227261066 CEST4434970952.6.155.20192.168.2.17
                                              Jul 3, 2024 21:08:51.229536057 CEST49709443192.168.2.1752.6.155.20
                                              Jul 3, 2024 21:08:51.229690075 CEST49709443192.168.2.1752.6.155.20
                                              Jul 3, 2024 21:08:51.229747057 CEST4434970952.6.155.20192.168.2.17
                                              Jul 3, 2024 21:08:51.229967117 CEST49709443192.168.2.1752.6.155.20
                                              Jul 3, 2024 21:08:51.229983091 CEST4434970952.6.155.20192.168.2.17
                                              Jul 3, 2024 21:08:51.282849073 CEST49709443192.168.2.1752.6.155.20
                                              Jul 3, 2024 21:08:51.472475052 CEST4434970952.6.155.20192.168.2.17
                                              Jul 3, 2024 21:08:51.472560883 CEST4434970952.6.155.20192.168.2.17
                                              Jul 3, 2024 21:08:51.472635031 CEST49709443192.168.2.1752.6.155.20
                                              Jul 3, 2024 21:08:51.472665071 CEST4434970952.6.155.20192.168.2.17
                                              Jul 3, 2024 21:08:51.472702980 CEST49709443192.168.2.1752.6.155.20
                                              Jul 3, 2024 21:08:51.472737074 CEST4434970952.6.155.20192.168.2.17
                                              Jul 3, 2024 21:08:51.472805023 CEST49709443192.168.2.1752.6.155.20
                                              Jul 3, 2024 21:08:51.474390984 CEST49709443192.168.2.1752.6.155.20
                                              Jul 3, 2024 21:08:51.474406958 CEST4434970952.6.155.20192.168.2.17
                                              Jul 3, 2024 21:08:53.491899967 CEST49713443192.168.2.1723.47.168.24
                                              Jul 3, 2024 21:08:53.491954088 CEST4434971323.47.168.24192.168.2.17
                                              Jul 3, 2024 21:08:53.492145061 CEST49713443192.168.2.1723.47.168.24
                                              Jul 3, 2024 21:08:53.492301941 CEST49713443192.168.2.1723.47.168.24
                                              Jul 3, 2024 21:08:53.492317915 CEST4434971323.47.168.24192.168.2.17
                                              Jul 3, 2024 21:08:54.141747952 CEST4434971323.47.168.24192.168.2.17
                                              Jul 3, 2024 21:08:54.142085075 CEST49713443192.168.2.1723.47.168.24
                                              Jul 3, 2024 21:08:54.142118931 CEST4434971323.47.168.24192.168.2.17
                                              Jul 3, 2024 21:08:54.143603086 CEST4434971323.47.168.24192.168.2.17
                                              Jul 3, 2024 21:08:54.143683910 CEST49713443192.168.2.1723.47.168.24
                                              Jul 3, 2024 21:08:54.202785015 CEST49713443192.168.2.1723.47.168.24
                                              Jul 3, 2024 21:08:54.202985048 CEST4434971323.47.168.24192.168.2.17
                                              Jul 3, 2024 21:08:54.203027010 CEST49713443192.168.2.1723.47.168.24
                                              Jul 3, 2024 21:08:54.244081974 CEST49713443192.168.2.1723.47.168.24
                                              Jul 3, 2024 21:08:54.244096041 CEST4434971323.47.168.24192.168.2.17
                                              Jul 3, 2024 21:08:54.291918039 CEST49713443192.168.2.1723.47.168.24
                                              Jul 3, 2024 21:08:54.309082031 CEST4434971323.47.168.24192.168.2.17
                                              Jul 3, 2024 21:08:54.309236050 CEST4434971323.47.168.24192.168.2.17
                                              Jul 3, 2024 21:08:54.309381008 CEST49713443192.168.2.1723.47.168.24
                                              Jul 3, 2024 21:08:54.309726954 CEST49713443192.168.2.1723.47.168.24
                                              Jul 3, 2024 21:08:54.309726954 CEST49713443192.168.2.1723.47.168.24
                                              Jul 3, 2024 21:08:54.309755087 CEST4434971323.47.168.24192.168.2.17
                                              Jul 3, 2024 21:08:54.310702085 CEST49713443192.168.2.1723.47.168.24

                                              UDP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Jul 3, 2024 21:09:02.912003994 CEST5355227162.159.36.2192.168.2.17
                                              Jul 3, 2024 21:09:03.479067087 CEST6546253192.168.2.171.1.1.1
                                              Jul 3, 2024 21:09:03.486974001 CEST53654621.1.1.1192.168.2.17

                                              DNS Queries

                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                              Jul 3, 2024 21:09:03.479067087 CEST192.168.2.171.1.1.10xbc9bStandard query (0)171.39.242.20.in-addr.arpaPTR (Pointer record)IN (0x0001)false

                                              DNS Answers

                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                              Jul 3, 2024 21:08:48.366347075 CEST1.1.1.1192.168.2.170x308dNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                              Jul 3, 2024 21:08:48.366347075 CEST1.1.1.1192.168.2.170x308dNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                              Jul 3, 2024 21:09:03.486974001 CEST1.1.1.1192.168.2.170xbc9bName error (3)171.39.242.20.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false

                                              HTTP Request Dependency Graph

                                              • https:
                                                • p13n.adobe.io
                                              • armmf.adobe.com

                                              HTTPS Proxied Packets

                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              0192.168.2.174970752.6.155.204436444C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              TimestampBytes transferredDirectionData
                                              2024-07-03 19:08:50 UTC1353OUTOPTIONS /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1
                                              Host: p13n.adobe.io
                                              Connection: keep-alive
                                              Accept: */*
                                              Access-Control-Request-Method: GET
                                              Access-Control-Request-Headers: x-adobe-uuid,x-adobe-uuid-type,x-api-key
                                              Origin: https://rna-resource.acrobat.com
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                                              Sec-Fetch-Mode: cors
                                              Sec-Fetch-Site: cross-site
                                              Sec-Fetch-Dest: empty
                                              Referer: https://rna-resource.acrobat.com/
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en;q=0.9
                                              2024-07-03 19:08:50 UTC569INHTTP/1.1 204 No Content
                                              Server: openresty
                                              Date: Wed, 03 Jul 2024 19:08:50 GMT
                                              Content-Type: text/plain
                                              Content-Length: 0
                                              Connection: close
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, OPTIONS
                                              Access-Control-Allow-Headers: Authorization,Content-Type,X-Api-Key,cache-control,User-Agent,If-None-Match,x-adobe-uuid,x-adobe-uuid-type, X-Request-Id
                                              Access-Control-Allow-Credentials: true
                                              Access-Control-Expose-Headers: x-request-id
                                              X-Request-Id: 6SOtfWhjYRV1BZdQav0ECtrTgL7McmkB
                                              Strict-Transport-Security: max-age=86400; includeSubDomains


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              1192.168.2.174970952.6.155.204436444C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              TimestampBytes transferredDirectionData
                                              2024-07-03 19:08:51 UTC1473OUTGET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1
                                              Host: p13n.adobe.io
                                              Connection: keep-alive
                                              sec-ch-ua: "Chromium";v="105"
                                              sec-ch-ua-mobile: ?0
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                                              Accept: application/json, text/javascript, */*; q=0.01
                                              x-adobe-uuid: 1f3fa221-8ac6-43de-8455-1f83ca5a15c8
                                              x-adobe-uuid-type: visitorId
                                              x-api-key: AdobeReader9
                                              sec-ch-ua-platform: "Windows"
                                              Origin: https://rna-resource.acrobat.com
                                              Accept-Language: en-US,en;q=0.9
                                              Sec-Fetch-Site: cross-site
                                              Sec-Fetch-Mode: cors
                                              Sec-Fetch-Dest: empty
                                              Referer: https://rna-resource.acrobat.com/
                                              Accept-Encoding: gzip, deflate, br
                                              2024-07-03 19:08:51 UTC605INHTTP/1.1 200
                                              Server: openresty
                                              Date: Wed, 03 Jul 2024 19:08:51 GMT
                                              Content-Type: application/json;charset=UTF-8
                                              Content-Length: 3120
                                              Connection: close
                                              x-request-id: Us31LB2hHSvVZnpYQc5mdsARoCwjIH2V
                                              vary: accept-encoding
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, OPTIONS
                                              Access-Control-Allow-Headers: Authorization,Content-Type,X-Api-Key,cache-control,User-Agent,If-None-Match,x-adobe-uuid,x-adobe-uuid-type, X-Request-Id
                                              Access-Control-Allow-Credentials: true
                                              Access-Control-Expose-Headers: x-request-id
                                              Strict-Transport-Security: max-age=86400; includeSubDomains
                                              2024-07-03 19:08:51 UTC3120INData Raw: 7b 22 73 75 72 66 61 63 65 73 22 3a 7b 22 44 43 5f 52 65 61 64 65 72 5f 52 48 50 5f 42 61 6e 6e 65 72 22 3a 7b 22 63 6f 6e 74 61 69 6e 65 72 73 22 3a 5b 7b 22 63 6f 6e 74 61 69 6e 65 72 49 64 22 3a 31 2c 22 63 6f 6e 74 61 69 6e 65 72 4c 61 62 65 6c 22 3a 22 4a 53 4f 4e 20 66 6f 72 20 52 65 61 64 65 72 20 44 43 20 52 48 50 20 42 61 6e 6e 65 72 22 2c 22 64 61 74 61 54 79 70 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 22 2c 22 64 61 74 61 22 3a 22 65 79 4a 6a 64 47 45 69 4f 6e 73 69 64 48 6c 77 5a 53 49 36 49 6d 4a 31 64 48 52 76 62 69 49 73 49 6e 52 6c 65 48 51 69 4f 69 4a 47 63 6d 56 6c 49 44 63 74 52 47 46 35 49 46 52 79 61 57 46 73 49 69 77 69 5a 32 39 66 64 58 4a 73 49 6a 6f 69 61 48 52 30 63 48 4d 36 4c 79 39 68 59 33 4a 76 59 6d 46 30
                                              Data Ascii: {"surfaces":{"DC_Reader_RHP_Banner":{"containers":[{"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","dataType":"application/json","data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              2192.168.2.174971323.47.168.244436444C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              TimestampBytes transferredDirectionData
                                              2024-07-03 19:08:54 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                                              Host: armmf.adobe.com
                                              Connection: keep-alive
                                              Accept-Language: en-US,en;q=0.9
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                                              Sec-Fetch-Site: same-origin
                                              Sec-Fetch-Mode: no-cors
                                              Sec-Fetch-Dest: empty
                                              Accept-Encoding: gzip, deflate, br
                                              If-None-Match: "78-5faa31cce96da"
                                              If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                                              2024-07-03 19:08:54 UTC198INHTTP/1.1 304 Not Modified
                                              Content-Type: text/plain; charset=UTF-8
                                              Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                                              ETag: "78-5faa31cce96da"
                                              Date: Wed, 03 Jul 2024 19:08:54 GMT
                                              Connection: close


                                              Statistics

                                              CPU Usage

                                              Click to jump to process

                                              Memory Usage

                                              Click to jump to process

                                              High Level Behavior Distribution

                                              Click to dive into process behavior distribution

                                              Behavior

                                              Click to jump to process

                                              System Behavior

                                              General

                                              Target ID:0
                                              Start time:15:08:39
                                              Start date:03/07/2024
                                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\REGISTERED NY LIEN JUDGMENT 3 FILED.pdf"
                                              Imagebase:0x7ff75d550000
                                              File size:5'641'176 bytes
                                              MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:moderate
                                              Has exited:false

                                              General

                                              Target ID:2
                                              Start time:15:08:40
                                              Start date:03/07/2024
                                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                              Imagebase:0x7ff7678d0000
                                              File size:3'581'912 bytes
                                              MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:moderate
                                              Has exited:false

                                              General

                                              Target ID:3
                                              Start time:15:08:41
                                              Start date:03/07/2024
                                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2144 --field-trial-handle=1580,i,13178085396687229074,4243365313787994588,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                              Imagebase:0x7ff7678d0000
                                              File size:3'581'912 bytes
                                              MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:moderate
                                              Has exited:false

                                              Disassembly

                                              No disassembly