Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Resume - Ms. Nilar Htet.pdf

Overview

General Information

Sample name:Resume - Ms. Nilar Htet.pdf
Analysis ID:1559180
MD5:d64856d9a6627005f1ad675e9e3141f1
SHA1:ca0ee1e6b68a47370b220595e3cd1a505a4aa709
SHA256:76dc5cb613a95b031765b5454c76819f528357ffb85f933088671e0ef73e6bf2
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

IP address seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

  • System is w10x64_ra
  • Acrobat.exe (PID: 424 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Resume - Ms. Nilar Htet.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6724 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7088 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1568 --field-trial-handle=1604,i,7349804857027900102,10984797605832616491,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.16:49713
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.16:49713
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.16:49713
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.16:49713
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.16:49713
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.16:49713
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.16:49713
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.16:49713
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.16:49713
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.16:49713
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.16:49713
Source: Joe Sandbox ViewIP Address: 23.47.168.24 23.47.168.24
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.3.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.3.drString found in binary or memory: http://x1.i.lencr.org/
Source: a18afa0a-ac60-41a1-9454-1d365aa47b8c.tmp.4.dr, cde83237-edc8-4081-b86c-f46036a2e43d.tmp.4.drString found in binary or memory: https://chrome.cloudflare-dns.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: classification engineClassification label: clean2.winPDF@15/51@2/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-20 03-26-31-498.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Resume - Ms. Nilar Htet.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1568 --field-trial-handle=1604,i,7349804857027900102,10984797605832616491,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1568 --field-trial-handle=1604,i,7349804857027900102,10984797605832616491,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Resume - Ms. Nilar Htet.pdfInitial sample: PDF keyword /JS count = 0
Source: Resume - Ms. Nilar Htet.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: Resume - Ms. Nilar Htet.pdfInitial sample: PDF keyword stream count = 55
Source: Resume - Ms. Nilar Htet.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: Resume - Ms. Nilar Htet.pdfInitial sample: PDF keyword obj count = 109
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformationJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution
Path Interception1
Process Injection
1
Masquerading
OS Credential Dumping1
Process Discovery
Remote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS Memory1
System Information Discovery
Remote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1559180 Sample: Resume - Ms. Nilar Htet.pdf Startdate: 20/11/2024 Architecture: WINDOWS Score: 2 14 x1.i.lencr.org 2->14 7 Acrobat.exe 20 75 2->7         started        process3 process4 9 AcroCEF.exe 108 7->9         started        process5 11 AcroCEF.exe 6 9->11         started        dnsIp6 16 23.47.168.24, 443, 49713 AKAMAI-ASUS United States 11->16

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
Resume - Ms. Nilar Htet.pdf0%ReversingLabs
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalse
    high
    x1.i.lencr.org
    unknown
    unknownfalse
      high
      NameSourceMaliciousAntivirus DetectionReputation
      https://chrome.cloudflare-dns.coma18afa0a-ac60-41a1-9454-1d365aa47b8c.tmp.4.dr, cde83237-edc8-4081-b86c-f46036a2e43d.tmp.4.drfalse
        high
        http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.3.drfalse
          high
          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs
          IPDomainCountryFlagASNASN NameMalicious
          23.47.168.24
          unknownUnited States
          16625AKAMAI-ASUSfalse
          Joe Sandbox version:41.0.0 Charoite
          Analysis ID:1559180
          Start date and time:2024-11-20 09:25:58 +01:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 4m 3s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:defaultwindowsinteractivecookbook.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:15
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Sample name:Resume - Ms. Nilar Htet.pdf
          Detection:CLEAN
          Classification:clean2.winPDF@15/51@2/1
          Cookbook Comments:
          • Found application associated with file extension: .pdf
          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 199.232.214.172, 184.28.88.176, 54.227.187.23, 52.5.13.197, 23.22.254.206, 52.202.204.11, 162.159.61.3, 172.64.41.3, 2.23.197.184, 2.19.126.143, 2.19.126.149, 23.200.0.21
          • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, 6.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
          • Not all processes where analyzed, report is missing behavior information
          • Report size exceeded maximum capacity and may have missing behavior information.
          • Report size getting too big, too many NtCreateFile calls found.
          • VT rate limit hit for: Resume - Ms. Nilar Htet.pdf
          TimeTypeDescription
          03:26:42API Interceptor2x Sleep call for process: AcroCEF.exe modified
          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          23.47.168.24Complete_with_DocuSign_49584.pdfGet hashmaliciousHTMLPhisherBrowse
            ZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
              XUpERCR9nC.lnkGet hashmaliciousDucktailBrowse
                Heritage Commercial Flooring.pdfGet hashmaliciousUnknownBrowse
                  copyright_infringement_evidence_1.exeGet hashmaliciousUnknownBrowse
                    cleu.cmDGet hashmaliciousUnknownBrowse
                      https://content.app-us1.com/5zbe53/2024/09/30/8d9df716-ca99-47ed-825e-d3a2a0e6cd9e.pdfGet hashmaliciousHTMLPhisherBrowse
                        PDF...pdfGet hashmaliciousUnknownBrowse
                          TM3utH2CsU.exeGet hashmaliciousPureLog Stealer, XWormBrowse
                            8f40pUzDo8.exeGet hashmaliciousMetasploitBrowse
                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              bg.microsoft.map.fastly.netMyInstaller_PDFGear.exeGet hashmaliciousUnknownBrowse
                              • 199.232.210.172
                              PO-000041492.xlsGet hashmaliciousUnknownBrowse
                              • 199.232.214.172
                              file.exeGet hashmaliciousCredential FlusherBrowse
                              • 199.232.214.172
                              file.exeGet hashmaliciousUnknownBrowse
                              • 199.232.210.172
                              Benefit Enrollment -wZ5nusm.pdfGet hashmaliciousUnknownBrowse
                              • 199.232.214.172
                              6GvQSVIEIu.exeGet hashmaliciousUnknownBrowse
                              • 199.232.210.172
                              Benefit Enrollment -eGz8VNb.pdfGet hashmaliciousUnknownBrowse
                              • 199.232.214.172
                              217469812STM.pdfGet hashmaliciousScreenConnect Tool, PhisherBrowse
                              • 199.232.210.172
                              file.exeGet hashmaliciousRemcosBrowse
                              • 199.232.214.172
                              file.exeGet hashmaliciousCredential FlusherBrowse
                              • 199.232.210.172
                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              AKAMAI-ASUSmeow.arm7.elfGet hashmaliciousUnknownBrowse
                              • 23.51.121.34
                              https://estudioit.cl/starl/#ZGVicmEuY2FydGVyQGNhc2EuZ292LmF1Get hashmaliciousUnknownBrowse
                              • 2.19.126.202
                              file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                              • 23.57.90.171
                              QuarantineMessage.zipGet hashmaliciousUnknownBrowse
                              • 23.217.172.185
                              Benefit Enrollment -wZ5nusm.pdfGet hashmaliciousUnknownBrowse
                              • 23.203.104.175
                              Customer forms.pdfGet hashmaliciousUnknownBrowse
                              • 104.78.188.188
                              Benefit Enrollment -eGz8VNb.pdfGet hashmaliciousUnknownBrowse
                              • 23.203.104.175
                              Integration.pdf www.skype.com.lnkGet hashmaliciousUnknownBrowse
                              • 96.17.64.171
                              b.pdfGet hashmaliciousUnknownBrowse
                              • 23.217.172.185
                              https://www.bing.com/ck/a?!&&p=5ceef533778c3decJmltdHM9MTcyMzQyMDgwMCZpZ3VpZD0zNjRmNjVlOC1lNTZjLTYxOWQtMTI1Ny03MTNlZTQyYTYwMTImaW5zaWQ9NTE0MA&ptn=3&ver=2&hsh=3&fclid=364f65e8-e56c-619d-1257-713ee42a6012&u=a1aHR0cHM6Ly9sZXhpbnZhcmlhbnQuY29tLw#aHR0cHM6Ly9HMTAuZHpwdndvYnIucnUvdkd5c2dQdC8=Get hashmaliciousUnknownBrowse
                              • 92.122.18.57
                              No context
                              No context
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):290
                              Entropy (8bit):5.1235291067658455
                              Encrypted:false
                              SSDEEP:6:H/veQ+q2PRN2nKuAl9OmbnIFUt8Y/XNgZmw+Y/XNQVkwORN2nKuAl9OmbjLJ:fveVvaHAahFUt8YXNg/+YXNI5JHAaSJ
                              MD5:61F5C3E0BA7090DCDA4DBD71114211E8
                              SHA1:2E8745E7E0931DD9F2E7BBB2C61AAAA230769DBE
                              SHA-256:2537EA02841194954FCE9377CB85EEE5101F03FB54D119019382C506182C4BBD
                              SHA-512:3A3CA2ECD7A30C6094DAA406185D53548E7496FE7376036F935A65C2B6712ACBC638C9E179DD3469ADB23517E395A680F8FBBD4A4E1D8CB35683D27463F44545
                              Malicious:false
                              Reputation:low
                              Preview:2024/11/20-03:26:30.120 1b38 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/11/20-03:26:30.123 1b38 Recovering log #3.2024/11/20-03:26:30.123 1b38 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):290
                              Entropy (8bit):5.1235291067658455
                              Encrypted:false
                              SSDEEP:6:H/veQ+q2PRN2nKuAl9OmbnIFUt8Y/XNgZmw+Y/XNQVkwORN2nKuAl9OmbjLJ:fveVvaHAahFUt8YXNg/+YXNI5JHAaSJ
                              MD5:61F5C3E0BA7090DCDA4DBD71114211E8
                              SHA1:2E8745E7E0931DD9F2E7BBB2C61AAAA230769DBE
                              SHA-256:2537EA02841194954FCE9377CB85EEE5101F03FB54D119019382C506182C4BBD
                              SHA-512:3A3CA2ECD7A30C6094DAA406185D53548E7496FE7376036F935A65C2B6712ACBC638C9E179DD3469ADB23517E395A680F8FBBD4A4E1D8CB35683D27463F44545
                              Malicious:false
                              Reputation:low
                              Preview:2024/11/20-03:26:30.120 1b38 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/11/20-03:26:30.123 1b38 Recovering log #3.2024/11/20-03:26:30.123 1b38 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):331
                              Entropy (8bit):5.125099233918783
                              Encrypted:false
                              SSDEEP:6:HeN9+q2PRN2nKuAl9Ombzo2jMGIFUt8YSZmw+YtN9VkwORN2nKuAl9Ombzo2jMmd:LvaHAa8uFUt8D/+OD5JHAa8RJ
                              MD5:5A8B616F5831227316E7FFC7B9B7CDE9
                              SHA1:1ED0485D5C216E91923C9B95CD81CA93859651E1
                              SHA-256:88D2E38F6A4276CD113EEAA321CDCB0FE152FFDC3D9632D98E58DA1714809EF1
                              SHA-512:1DC4993D9EC1CEC07C5A5690F8A63E683B84086838641566DD20CD3753660C368E070DBF00F0198EDE9F8BF59C1F556BEAF92C553618AD2B50C3A1C8BA28E498
                              Malicious:false
                              Reputation:low
                              Preview:2024/11/20-03:26:30.023 b18 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/11/20-03:26:30.027 b18 Recovering log #3.2024/11/20-03:26:30.028 b18 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):331
                              Entropy (8bit):5.125099233918783
                              Encrypted:false
                              SSDEEP:6:HeN9+q2PRN2nKuAl9Ombzo2jMGIFUt8YSZmw+YtN9VkwORN2nKuAl9Ombzo2jMmd:LvaHAa8uFUt8D/+OD5JHAa8RJ
                              MD5:5A8B616F5831227316E7FFC7B9B7CDE9
                              SHA1:1ED0485D5C216E91923C9B95CD81CA93859651E1
                              SHA-256:88D2E38F6A4276CD113EEAA321CDCB0FE152FFDC3D9632D98E58DA1714809EF1
                              SHA-512:1DC4993D9EC1CEC07C5A5690F8A63E683B84086838641566DD20CD3753660C368E070DBF00F0198EDE9F8BF59C1F556BEAF92C553618AD2B50C3A1C8BA28E498
                              Malicious:false
                              Reputation:low
                              Preview:2024/11/20-03:26:30.023 b18 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/11/20-03:26:30.027 b18 Recovering log #3.2024/11/20-03:26:30.028 b18 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):403
                              Entropy (8bit):4.953858338552356
                              Encrypted:false
                              SSDEEP:12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby
                              MD5:4C313FE514B5F4E7E89329630909F8DC
                              SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                              SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                              SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                              Malicious:false
                              Reputation:moderate, very likely benign file
                              Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):403
                              Entropy (8bit):4.953858338552356
                              Encrypted:false
                              SSDEEP:12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby
                              MD5:4C313FE514B5F4E7E89329630909F8DC
                              SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                              SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                              SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                              Malicious:false
                              Reputation:moderate, very likely benign file
                              Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):403
                              Entropy (8bit):4.953858338552356
                              Encrypted:false
                              SSDEEP:12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby
                              MD5:4C313FE514B5F4E7E89329630909F8DC
                              SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                              SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                              SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                              Malicious:false
                              Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:JSON data
                              Category:modified
                              Size (bytes):403
                              Entropy (8bit):4.981202135099884
                              Encrypted:false
                              SSDEEP:6:YHpoNXR8+eqq59Zr7SsDHF4R8HOVWj2HEBkAa9a1o3/QBR7Y53h6ubU74MS7PMV/:YHO8sqAsBdOg2H+caq3QYiubrP7E4T3y
                              MD5:1041D8469D8D09CED8E94A497051C783
                              SHA1:29C0CBD1EAC0DE20C62BABCA36A3A98825939DDC
                              SHA-256:0A293021BE97C825DAF830ADB6D6EF0869C1DA3AB8FA766759ECC7D0C3BF346E
                              SHA-512:D3B72E7F37DA4224BFFF42E19F7861D3A063E7325D1DC936BAC0C6C9EBAA641D4381AB783FECB99EB088C0489994D217791AEF98A3AFF60F51A35483F4C64655
                              Malicious:false
                              Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13376651201898912","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":123392},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):4099
                              Entropy (8bit):5.229980671497029
                              Encrypted:false
                              SSDEEP:96:OLSw0bSwIAnrRqLX2rSq1OUxu/0OZ0xRBTxekN8xeCJCM:OLT0bTIeYa51Ogu/0OZARBT8kN88CJv
                              MD5:8C4DD64E080B1D189076E9F937FC143B
                              SHA1:636794C8EA23810B9EEE7E44D4A1ED04491F0CAC
                              SHA-256:8D7C15B8B9C514B71EE2BC32DC35234FCA7C833CF481F69384C2F6E5B6ED2D17
                              SHA-512:40556083C4686D06129CE6A3CD8E6BA9E2BBF02BBFAE3784CDF1204F8633EF04281C3B04EA006FE1718B19090981AEBD1CC1E86832891C548395E52322C8AB9C
                              Malicious:false
                              Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):319
                              Entropy (8bit):5.146153087027008
                              Encrypted:false
                              SSDEEP:6:H7o+q2PRN2nKuAl9OmbzNMxIFUt8Y7/NJZmw+Y7EVkwORN2nKuAl9OmbzNMFLJ:b9vaHAa8jFUt8c/X/+cE5JHAa84J
                              MD5:262077E12161C7F029373CD1664D586F
                              SHA1:128E08DAB4EAD3EEB1AFFDA454C3C843EFE9FAED
                              SHA-256:DFD242659B44CBA25B48ABF1E390FBC89840DAE72B3EA2B83C8F0A179F0DDC2F
                              SHA-512:88F0860F92F5DD923F2E599C0EAC8D0BE7B6B288676B1CB019628F4F891C6FEA9E0840D095E0EF013D6C5C154BD73B4E0FF40588DDA4E24072A999F2B25BAC35
                              Malicious:false
                              Preview:2024/11/20-03:26:30.160 b18 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/11/20-03:26:30.163 b18 Recovering log #3.2024/11/20-03:26:30.164 b18 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):319
                              Entropy (8bit):5.146153087027008
                              Encrypted:false
                              SSDEEP:6:H7o+q2PRN2nKuAl9OmbzNMxIFUt8Y7/NJZmw+Y7EVkwORN2nKuAl9OmbzNMFLJ:b9vaHAa8jFUt8c/X/+cE5JHAa84J
                              MD5:262077E12161C7F029373CD1664D586F
                              SHA1:128E08DAB4EAD3EEB1AFFDA454C3C843EFE9FAED
                              SHA-256:DFD242659B44CBA25B48ABF1E390FBC89840DAE72B3EA2B83C8F0A179F0DDC2F
                              SHA-512:88F0860F92F5DD923F2E599C0EAC8D0BE7B6B288676B1CB019628F4F891C6FEA9E0840D095E0EF013D6C5C154BD73B4E0FF40588DDA4E24072A999F2B25BAC35
                              Malicious:false
                              Preview:2024/11/20-03:26:30.160 b18 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/11/20-03:26:30.163 b18 Recovering log #3.2024/11/20-03:26:30.164 b18 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                              Category:dropped
                              Size (bytes):65110
                              Entropy (8bit):3.370740073604283
                              Encrypted:false
                              SSDEEP:768:9MSLvyJ1RU5CQozyjAcxGiIm211iMi6g8pkYA702UvtV8GpTn0RxAoz/ZKwYypC7:9MSLvy2jYT
                              MD5:C1D585984466A1ED54455099E840DA8F
                              SHA1:9672AA24805F6186FBEE1440887EA014991C0934
                              SHA-256:2DB1E4A5FACBE9E0B9AD4CA203DBA69A33B55C0CFB7ED34CE9DDBA38539E4F96
                              SHA-512:5B34F4594C85E70A6A734DDA99B67E8F5E2E70360EFC425787B63A9C95C65983E88EC48A6C8705495E42ED4EB062D7927D51DE2BE08EA89EC7E07E716F22B8B7
                              Malicious:false
                              Preview:BMV.......6...(...k...h..... .........................EK..+2..+2..+3..+3..+2..+3..+3..+2..+2..+2..+3..+2..+2..+3..+2..JP......HK..$*..06..:>..(,...2..<@..:?..+/..27..RV..........cg..bf..........................................................................................................................................................................................................................................................................................................EK..+2..+3..+2..+2..+2..+2..+2..+2..+3..+3..+2..+2..+2..+2..+2..fk......+3..jo..............................GM..+2..:?..bd..................................................................................................................................................................................................................................................................................................................EK..+2..+2..+2..+2..,3..NT..nr..di..7=..+3..+2..+2..+2..+3..+3..4:......jo..BG......06....
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 3, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 3
                              Category:dropped
                              Size (bytes):57344
                              Entropy (8bit):3.293325457856636
                              Encrypted:false
                              SSDEEP:192:/edRBTVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:/eZci5H5FY+EUUUTTcHqFzqFP
                              MD5:60D9215972BC7671E62BED38B50FAB17
                              SHA1:D1A8B76E66476F7FBE4770851DD1CC05BB2ACAA7
                              SHA-256:541AFC165376795681B300B1A0F4BCC9F6D52068601BFAD0D39874D74B2D98CE
                              SHA-512:8ABEA29A2B9AE4FB91AE5672AE286BC2794457DD95295AA7E6146136EE92607A319C69DBDEED91AC0F5757D3DF92614572B79FFF2806FB16B4C68C7ACCE9F051
                              Malicious:false
                              Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:SQLite Rollback Journal
                              Category:dropped
                              Size (bytes):8720
                              Entropy (8bit):2.2019441070472334
                              Encrypted:false
                              SSDEEP:24:7+tyMEWewKeqLazkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9n:7MbUeqemFTIF3XmHjBoGGR+jMz+Lh9
                              MD5:2B5238D49C5C18EAFD8FF9F97220CFF6
                              SHA1:0EE179DAE1D521F9738C2B17E10F82B17F995881
                              SHA-256:1EBA3B54E6149BDB8C21F5D1882667EE4AC0D48FC91A15A3B7B42AA6F9D99C1F
                              SHA-512:C399D2B1A5C2B245D2C7711D26CEFA990C87C966540E7AFF68EFA2B5C97F86E8E81FB1D2345F303D50C511756AFFC1A45A152FC5DC1C65E8B4EF8505CECE215D
                              Malicious:false
                              Preview:.... .c.....d..w........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:Certificate, Version=3
                              Category:dropped
                              Size (bytes):1391
                              Entropy (8bit):7.705940075877404
                              Encrypted:false
                              SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                              MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                              SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                              SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                              SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                              Malicious:false
                              Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                              Category:dropped
                              Size (bytes):71954
                              Entropy (8bit):7.996617769952133
                              Encrypted:true
                              SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                              MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                              SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                              SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                              SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                              Malicious:false
                              Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):192
                              Entropy (8bit):2.7895108629891827
                              Encrypted:false
                              SSDEEP:3:kkFklFF9el1fllXlE/HT8k9Sh1NNX8RolJuRdxLlGB9lQRYwpDdt:kKxQT80Y7NMa8RdWBwRd
                              MD5:C2E55AC2E302CBABE750D72ED0A46F52
                              SHA1:AA51C5411BF3236752B1427C8449DDD0632076E2
                              SHA-256:27E85845431F6351860D1F262F695DF4745738CC1F0137CD4F0F307595401AC7
                              SHA-512:73C6334C4FCB8884164D63E8CB78FD8F92312B7E646FB9CCC2E313B3CCF580931C8980F8B4EB04FB4DC88530BCF4D7D66A7BDEBCA37C2C9A10AE029158C005D1
                              Malicious:false
                              Preview:p...... ..........|.%;..(....................................................... ..........W.....8..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:data
                              Category:modified
                              Size (bytes):328
                              Entropy (8bit):3.2478978672539016
                              Encrypted:false
                              SSDEEP:6:kKF9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:UDImsLNkPlE99SNxAhUe/3
                              MD5:5CBAE0C72CF927FF9E65EB86F3E453E4
                              SHA1:3F7F0FB522336A9A26C6C30FBB332DFFFD93BA77
                              SHA-256:BCAA911C7BFBB773B58144EF45DC64C36736ABD87763814631DFC4FD5B969F34
                              SHA-512:57B7B83FE7F5687D1886908E05F4C247860F3E6619FC9B551FF3757A0986956ED95DF5A15FEE521A5BABE207C0D9AB1AFEEAEDEFBE983C95F0AD97111D3B3C55
                              Malicious:false
                              Preview:p...... ........Q%..%;..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):295
                              Entropy (8bit):5.388911785648542
                              Encrypted:false
                              SSDEEP:6:YEQXJ2HXt6vIRvn2Q5IRR4UhUR0YXoAvJM3g98kUwPeUkwRe9:YvXKXUvsvn2QWRuUhUUGMbLUkee9
                              MD5:9C33EC59752716629740A129206839E6
                              SHA1:F61B1502D9C5D3C4820C81848383A8EB2F3B50DD
                              SHA-256:91DE56A5CC0A219B97F22DB566D04771452BE69ADA7E6F344F4C0CF00D00BD89
                              SHA-512:4B247006B3029BA496875B276085FFD34DCD81DEB76BE6366C329D3F5974ADAEEBD87A15DA408B087DA5F5161160333A1974CC0A73DA2605152FB39A33C54E1E
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"9b01f612-f823-49fc-8cd1-44de575f2d72","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732269455411,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):294
                              Entropy (8bit):5.33686584741301
                              Encrypted:false
                              SSDEEP:6:YEQXJ2HXt6vIRvn2Q5IRR4UhUR0YXoAvJfBoTfXpnrPeUkwRe9:YvXKXUvsvn2QWRuUhUUGWTfXcUkee9
                              MD5:C3020EDC0640529B167D1C8E3D25D4F0
                              SHA1:1FC5E03824F256962D3CF92223A0AA2FB9E110EA
                              SHA-256:223721EA66D3245F10026AC00BED6EBFD7AFB1DC12D8776880BE38BE63A8F1A3
                              SHA-512:73BE0332C30B1CBEDAC8C7DF65BB19C2A98D3141965A6B5431FC5D5A36A5EA45DBE8DFDD01509623ACF4A0695E0ABA875EF6EE96239DCA6826B9564E27DEF0C5
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"9b01f612-f823-49fc-8cd1-44de575f2d72","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732269455411,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):294
                              Entropy (8bit):5.315125342770818
                              Encrypted:false
                              SSDEEP:6:YEQXJ2HXt6vIRvn2Q5IRR4UhUR0YXoAvJfBD2G6UpnrPeUkwRe9:YvXKXUvsvn2QWRuUhUUGR22cUkee9
                              MD5:DA7FB6247FD4159F242AB1A224954B11
                              SHA1:B6E8565C6A22B0757249D0882E7A2695F07CB58C
                              SHA-256:12E38FA4E5E771FE4F373B1E73422B52E258E2DBAA1F143EEB3A3D452DAF10C6
                              SHA-512:D34E3770197B51AF2563993E1977D16A23F6284D2E6AACAA5A9D28694E66792D8A786F272D8DDEB749188538309A151B68A8D9D30E802EB708D3790020240388
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"9b01f612-f823-49fc-8cd1-44de575f2d72","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732269455411,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):285
                              Entropy (8bit):5.378188409453795
                              Encrypted:false
                              SSDEEP:6:YEQXJ2HXt6vIRvn2Q5IRR4UhUR0YXoAvJfPmwrPeUkwRe9:YvXKXUvsvn2QWRuUhUUGH56Ukee9
                              MD5:E8D365A9C9173C66381DB9ADEEC8A162
                              SHA1:E827F5D68618201AAAC216AF0EA9D64F1CB98CF3
                              SHA-256:4F0CEDB868E7885BFF40071C44D978A1F5ED359D449E899699154E8A3AD2CF32
                              SHA-512:8D850D51422EF8DAE7F3D98549B7F209E5158B958CBDB0F9BEA6815E416446771813675B45293B3DB11817417C067746239E078A756A64204C9ECE4A7B914440
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"9b01f612-f823-49fc-8cd1-44de575f2d72","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732269455411,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1123
                              Entropy (8bit):5.691381555179961
                              Encrypted:false
                              SSDEEP:24:Yv6XZvnkUxpLgE9cQx8LennAvzBvkn0RCmK8czOCCSxQF:YvckUxhgy6SAFv5Ah8cv/WF
                              MD5:8CEB67D254286DCDB74D0AA372F454AE
                              SHA1:1015EB4DD88FC0DF0D002F4283E65DA80F8DBF6D
                              SHA-256:5607C99F863F51A6AE191A1C14FC35F1F7A75F1EDC2D710CE6EDA66A013254B5
                              SHA-512:D3F2024B19D7EE3A27AF01648250BD5BBD888B687A5974630214FFECF6B4281E3BB22022CBDD059411D9507DEB2A98CA629F922BE007DAF131C8454AB67ED2E5
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"9b01f612-f823-49fc-8cd1-44de575f2d72","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732269455411,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1122
                              Entropy (8bit):5.68438169566763
                              Encrypted:false
                              SSDEEP:24:Yv6XZvnkUtVLgEwcp06ybnAvz7xHn0RCmK8czOCYHfl8zdBoQF:YvckUtFgSNycJUAh8cvYHUF
                              MD5:7659D627E0E2E87B45D03D4E620A9300
                              SHA1:3AED1389E61608E6A47605068385944383069923
                              SHA-256:3651194120A6895EE1ACEEAAFAB2C4C75E31C007F2A9C51C0501691A20343EC4
                              SHA-512:0985AB07E63F69DFB38C18F3B342770E924E69BAA701C8A859836FE536BF79BC44AA7017DD95FC7C601EC73A0091F59FE144E97F649D8E62E9E12FE572F9DC69
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"9b01f612-f823-49fc-8cd1-44de575f2d72","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732269455411,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_0","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"1aad653c-ef44-43f7-be1c-3a2ba2cf2cfc","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuIFBERiBmb3JtcyAmIGFncmVlbWVudHMuIn0sInRjY
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):292
                              Entropy (8bit):5.328180111358799
                              Encrypted:false
                              SSDEEP:6:YEQXJ2HXt6vIRvn2Q5IRR4UhUR0YXoAvJfQ1rPeUkwRe9:YvXKXUvsvn2QWRuUhUUGY16Ukee9
                              MD5:611B1AF8EC4E12C52B497208EBF863A1
                              SHA1:A36B89BF1CD8021C9CAC6F78FA02C5B64948A95A
                              SHA-256:879A28C5240EDB7B82E8A4498A9417A46A27BCBDAE2BE93F7EBE892847FA3309
                              SHA-512:9FD5509B1C0CF761015438A30B34B333237081533C5915F62FB5416E35BDF77B9C04D8733F4960C907423D364E41573B9461274C5FEDE56C1EA2CA95AA215109
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"9b01f612-f823-49fc-8cd1-44de575f2d72","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732269455411,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1102
                              Entropy (8bit):5.6770695564007285
                              Encrypted:false
                              SSDEEP:24:Yv6XZvnkUs2LgErcXWl7y0nAvzIBcSJCBViVoQF:YvckUsogH47yfkB5kVWF
                              MD5:F867508452C7ED4975BA63BDCD7F9070
                              SHA1:5FF282367808285B494FD43C6CF3DAA83AB3F50B
                              SHA-256:9A577C45EF60340A2E90EE70928E82A0E4EAA0CDDA51A7087515140659A93817
                              SHA-512:C2D107DEB877A2DD48301AC61FE6F96DEA7A125F20C0A6A09063FA8C9000E8F7504CB0020ECF5C7F179E5B7C10D334779E1E5FDD5DD04F11EEEAB76E82793EAF
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"9b01f612-f823-49fc-8cd1-44de575f2d72","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732269455411,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_1","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"533ab5eb-b236-4889-89a5-ac002261d71e","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkVkaXRQREZSZHJBcHBGdWxsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTRweCIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTJweCIsImZvbnRfc3R5bGUiOiItMSJ9LCJ0aXRsZSI6bnVsbCwiZGVzY3JpcHRpb24iOiJFZGl0IHRleHQsIGltYWdlcywgcGFnZXMsIGFuZCBtb3JlLiJ9LCJ0Y2F0SWQiOm51bGx9","da
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1164
                              Entropy (8bit):5.701578012856769
                              Encrypted:false
                              SSDEEP:24:Yv6XZvnkUsKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5oQF:YvckUsEgqprtrS5OZjSlwTmAfSKbF
                              MD5:88D75C7613B2A03252D3B144B3511C3A
                              SHA1:AD8E17AB4C4C9B064CE3B91B19B94CFA12530287
                              SHA-256:3B45A9DCF7DE93033071429C0247B36054DE91633C7A6810D65056F08C43FE22
                              SHA-512:7A238C6F352A0722273292550EE279AD5CAAC32AA3909EA3FA9A5FA76DC064F18C5278E3DB94D38811E4730F63014AAE1E2324DAA51913B9DF141E23E68FBC1F
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"9b01f612-f823-49fc-8cd1-44de575f2d72","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732269455411,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):289
                              Entropy (8bit):5.332728788718154
                              Encrypted:false
                              SSDEEP:6:YEQXJ2HXt6vIRvn2Q5IRR4UhUR0YXoAvJfYdPeUkwRe9:YvXKXUvsvn2QWRuUhUUGg8Ukee9
                              MD5:FF44EBA1A9F0C1C5E78622F122F3882D
                              SHA1:7DDEEE0447590E0CF157E3C6A2825EDDB8848D0A
                              SHA-256:DB0DF971E52FD3FCCBE343329C0E3132C9256337873C138CD95577B807C67BD6
                              SHA-512:61FE617147172034FD11908AA3A4C219BFCCA414945D2603E0E5D64935A9BF462E6567ADA2ED6E277ED9DC0502621ECE4D585A9274BBAE5F84D9DCDAADE4A5F9
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"9b01f612-f823-49fc-8cd1-44de575f2d72","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732269455411,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):284
                              Entropy (8bit):5.319355372610009
                              Encrypted:false
                              SSDEEP:6:YEQXJ2HXt6vIRvn2Q5IRR4UhUR0YXoAvJf+dPeUkwRe9:YvXKXUvsvn2QWRuUhUUG28Ukee9
                              MD5:F1B48F068F40FF82890F3D71B3478C4C
                              SHA1:DB19661975AEF8A2DFBF40A48CCDDFBA40712283
                              SHA-256:7EF1380D314AEC3FC579065DF80F7C1249E9FAF8836FAB719C4A6A4F8443C493
                              SHA-512:B7ABAE143F23F13914E802E7A87B3AD119DFB3FEA7F0C6F9483B44904964A6E8FD2462E5DE7929C80CC64B0CD46AD3CA6B450840B2CA4701CF299B6727550BB7
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"9b01f612-f823-49fc-8cd1-44de575f2d72","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732269455411,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):291
                              Entropy (8bit):5.3160509462633705
                              Encrypted:false
                              SSDEEP:6:YEQXJ2HXt6vIRvn2Q5IRR4UhUR0YXoAvJfbPtdPeUkwRe9:YvXKXUvsvn2QWRuUhUUGDV8Ukee9
                              MD5:AD7A2DA1D6A4605F676EA50E66FE67AE
                              SHA1:BA4A55913C420661524E30B53AEB11BDBB0BA09B
                              SHA-256:FB46F4686FA2F664A151F30593E2EA4D7272A3120272BF9203A74E50336E13A8
                              SHA-512:120B2DCC8AAD14F6F5D4D3751BDA31DD9F7D95FCB3841EFB6C1252DDA17F546FEFE4E84E36D0011A3189A0855E08917BB4AE16DEF5E1F4EF4FC7C5374292F5D1
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"9b01f612-f823-49fc-8cd1-44de575f2d72","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732269455411,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):287
                              Entropy (8bit):5.3192355317979345
                              Encrypted:false
                              SSDEEP:6:YEQXJ2HXt6vIRvn2Q5IRR4UhUR0YXoAvJf21rPeUkwRe9:YvXKXUvsvn2QWRuUhUUG+16Ukee9
                              MD5:0F65CA0FCFD750B00262AC43D581A1D1
                              SHA1:4DE1F80FEF19E30759CE179A5DBDF746BE128402
                              SHA-256:AAA90295645229BBB5EBD0135F80693AD403E89AC84C120A0B9F90A7308F534D
                              SHA-512:F87B83F73A6B135926E278E3D4B8FB9245147CF63DF9C6035701986F68DD722809E1C0C9AD711B79C4FA15B6088A23FCCFE4EE42ACD8F0D97820D0E5DCEAA5D7
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"9b01f612-f823-49fc-8cd1-44de575f2d72","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732269455411,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1090
                              Entropy (8bit):5.666683372148608
                              Encrypted:false
                              SSDEEP:24:Yv6XZvnkURamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSxQF:YvckUdBgkDMUJUAh8cvMWF
                              MD5:4B416F046E0B305C764AB3D6F47F379D
                              SHA1:550C91FFAAEB8E88A6E7E5E86BCCA5563AD46C65
                              SHA-256:CE2E3560D5D05F73F45ABDF9ADE4664D1DEF777B259A45E4875BE348434D9C46
                              SHA-512:1C995F22B9AF14DFBAD797653E28ED552918AE1E12D4DC5925F31B7B26EBB09771112AD5205C88A2BC84DA435540C8FDEE13BB61FDCA550B7FF46C570DD644E4
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"9b01f612-f823-49fc-8cd1-44de575f2d72","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732269455411,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):286
                              Entropy (8bit):5.294495853001488
                              Encrypted:false
                              SSDEEP:6:YEQXJ2HXt6vIRvn2Q5IRR4UhUR0YXoAvJfshHHrPeUkwRe9:YvXKXUvsvn2QWRuUhUUGUUUkee9
                              MD5:C9E1C83919618C29A361837E91616963
                              SHA1:5D492E584ADC102454A7A9C46DD46D128A460E0E
                              SHA-256:A7532F29D54748F69E81E05B19C43CEA0CF3D345ACA32E9D0CC98615C2DAB389
                              SHA-512:CF841005708329D547DCD39FAB20D17901421B180F40ECA82AE527520DB5F3BC639060B7ACA4E615D753645A1906CD48A6A8F171A14342725E3A486A35EE2941
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"9b01f612-f823-49fc-8cd1-44de575f2d72","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732269455411,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):782
                              Entropy (8bit):5.375499992161712
                              Encrypted:false
                              SSDEEP:12:YvXKXUvsvn2QWRuUhUUGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWUQ:Yv6XZvnkU6168CgEXX5kcIfANhxQF
                              MD5:7174E46C9D27E84A57F77A6213993EB8
                              SHA1:4A69F38D10654ED075CF1580CE6A288378521A39
                              SHA-256:8C3E1C3EF6B2CB863C451AEA8EF7B1A20D6BF8CE1659EF398DCA9F90A06DC181
                              SHA-512:2A2EEDC075FE18D2C4C2D9A21DF59132C9D901DFE0296F0D66E121F79D55C6AA804F79B9E1BFC2FA27C3A3EB77A87C9B886B562BFC16F16EA3A3975442C4945E
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"9b01f612-f823-49fc-8cd1-44de575f2d72","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732269455411,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1732091195444}}}}
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):4
                              Entropy (8bit):0.8112781244591328
                              Encrypted:false
                              SSDEEP:3:e:e
                              MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                              SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                              SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                              SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                              Malicious:false
                              Preview:....
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):2817
                              Entropy (8bit):5.125242087361248
                              Encrypted:false
                              SSDEEP:48:YDV0da2YcBUoyMxVIp8yOZ6Te+0DND9/Q:QV0vkMxVIpxOsK+0D3/Q
                              MD5:3A4FAE69618531A69A81C4AE03063305
                              SHA1:D3F8B0C50BEB9275B0C1803B08A10030DC06656B
                              SHA-256:A8108564CAD0A951D2485267F1D0EBA8F56A101343763CFD80A7B3E524D7BD5E
                              SHA-512:94B781CD7873340863AD701DB1C751BFB68E112D5CF5705E685278C87E7A747D4056EC6CAD69422BADB89FFC35C040E65BDED736FDD8BB737613361A0137620D
                              Malicious:false
                              Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"b6b00674ce87a3d079d5c913ce0a56e5","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1122,"ts":1732091194000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"4222a4986ec10551c652f5fdbf845a3a","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1732091194000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"f34767993addea2de9be8bc93e651ca1","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1732091194000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"1029e349878cc87370c9dee811733151","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1732091194000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"e363f27d6171fa75b60661a3d51fa7df","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1102,"ts":1732091194000},{"id":"Edit_InApp_Aug2020","info":{"dg":"b9a38467b882ab454734f72eaab8118f","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                              Category:dropped
                              Size (bytes):12288
                              Entropy (8bit):0.9948480700655941
                              Encrypted:false
                              SSDEEP:24:TLKufx/XYKQvGJF7ursEY9QmQ6PfdHfPgLpYB6duVbtkctcOcRfPgLF:TGufl2GL7msEYXtNHCYcuDkRk
                              MD5:DB88137BF4AA4508545E4DE7CB8352CA
                              SHA1:0D1AA01A1C6F2D81AABB2EE634EBA798A1E4032B
                              SHA-256:B343954FF135E186C2ADADCD0AD94474126F08C0402285F200F61D7AA6E079CD
                              SHA-512:8EF3458B853BE92CE796AB7CD4B67428F467247F339CD81CA25F48F50D5FAF8493070801A0647CA37D350BC9AB8EEE44C561D4D674A3688A77D4C620975A6AE2
                              Malicious:false
                              Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:SQLite Rollback Journal
                              Category:dropped
                              Size (bytes):8720
                              Entropy (8bit):1.3555801295794863
                              Encrypted:false
                              SSDEEP:24:7+tOSY9QmQ6QecfPgLpYB6duVbtkctcOcRfPgLGnqLhx/XYKQvGJF7ursy2:7M/YXtrcCYcuDkRJqFl2GL7msZ
                              MD5:5CB903205C6485B6458A5DA6B9273CA6
                              SHA1:A8755B387BD2D11F1E600BC09D37FE546C384330
                              SHA-256:41FFA3C78B1AC067628AF08488BA7E6A43D54CDAB5F557D88A813F12C1C6973D
                              SHA-512:4C2E1B6F6708F27F93F844C4E5A3AEA55773150BED394F1903A424AD84FC6F8C8811CBF0AA56CCD26B2D57812D1919BA9B323879934D92E140EF3B4AB9C7DD5B
                              Malicious:false
                              Preview:.... .c.....IY.o......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#...z.>.....}.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):66726
                              Entropy (8bit):5.392739213842091
                              Encrypted:false
                              SSDEEP:768:RNOpblrU6TBH44ADKZEgak2KJ0NxFlQ5C06JEkRLdajnYyu:6a6TZ44ADEakr0NblSQdwnK
                              MD5:E9D5DF51ECF6AD02CF69D8EAD4D3AAFF
                              SHA1:286C61FDE1BBA89ECE2A88371BE3F4E69520EDF4
                              SHA-256:D62C5FD36306EB49B27A1B8EBD0538DCD76E7CC66F2D71B056987A23DFB4EFAE
                              SHA-512:267E834B9A63A0324CDBE1C255D4EACFD4ED6F93226E8DDB4C7F0BA8AA4068513FE80D0B0A0024CB9DD4A3C48F96DF5E2B5E7CB9DEBF78A6DED1FC93D59B5C65
                              Malicious:false
                              Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):246
                              Entropy (8bit):3.5162684137903053
                              Encrypted:false
                              SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8QOOltqwle:Qw946cPbiOxDlbYnuRKZOOXqww
                              MD5:0F04594B91958050ACD343A0450618CC
                              SHA1:9C382C9BF84DEF956E24CAA1C5F9DAB74295E2B4
                              SHA-256:5ABC1BF0B860642946D8C11D594A08DAF6671549FA8ACE4BFB24E7508FF138B4
                              SHA-512:A1C2F2775EB302E715B530920647733937C857346BBF5FF776BE647C776CE4FEF06B7645EA585A67D74F52B4C18435C1FED25C1E4DAADD223B0929005B3D6AE0
                              Malicious:false
                              Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.0./.1.1./.2.0.2.4. . .0.3.:.2.6.:.3.6. .=.=.=.....
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
                              Category:dropped
                              Size (bytes):144514
                              Entropy (8bit):7.992637131260696
                              Encrypted:true
                              SSDEEP:3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL
                              MD5:BA1716D4FB435DA6C47CE77E3667E6A8
                              SHA1:AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF
                              SHA-256:AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D
                              SHA-512:65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD
                              Malicious:false
                              Preview:PK.........D.Y...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........D.Y.+.`............message.xml.]is.8...[.....Oq.'...S...g.X+;....%X."U$.....}.P.%....8.tl. ...../..}......A.......,...a...r.....=..i{......0H..v.g.c0.3~....G.b....,.BvJ.'./.`xJ]..O./.!K...XG?.$.,=.Z...q.f~...,..:b.Pl..f..|....,.A.....Z..a<.C._..../G|....q.....~.?...G.............y+.. ...s.,.2...^uon..:....~....C....i.>.<hy..x..?....F.w..4e.|.'...#?..a......i...W.".+...'.......,..6..... ..}.........llj.>.3v.."..CdA.".....v...4H..C]>........4..$.O........9._..C{(....A~.k...f.x8.<... l!..}...ol.q.......2.s.Y..&:....>...l.S..w.t^D.C....]0......L...z[`J<.....L.1t-.Z.n..7.)...aj;.0.r|.._.V......JWT.>.p.?s....boN.....X.jkN.9..3jN.9..t...o..c.nX4......0.D.....Cv .....!k..........d.1B....=3.Bq.E.bo.....6..r..6@.b...T......Ig...(..(K].:...#..k..q2G."o.Tz...qJ.......;?|~..1...J...RA...'..*C...T...dNMZ.3.z-..LCI..I..-.,.Y.J.....m.KY}.Lw......G........-.(E....b..^..}..
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:ASCII text, with very long lines (393)
                              Category:dropped
                              Size (bytes):16525
                              Entropy (8bit):5.353642815103214
                              Encrypted:false
                              SSDEEP:384:tbxtsuP+XEWJJQbnR8L31M7HeltV+KYm3wsa2KjF4ODkr/O8r2IUHUHMWwEyZRN2:aPL
                              MD5:91F06491552FC977E9E8AF47786EE7C1
                              SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
                              SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
                              SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
                              Malicious:false
                              Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:ASCII text, with very long lines (393), with CRLF line terminators
                              Category:dropped
                              Size (bytes):15114
                              Entropy (8bit):5.362121554784381
                              Encrypted:false
                              SSDEEP:384:lWKDKK20ES1FpPZ019+ZZLuD7w7kQoshLoB79RbiWSDFrs/AGzaGOnOn2vps9iys:r7L
                              MD5:6057C4241B107AFDDF3CF35C37E4461E
                              SHA1:1086046F2FC8296A5DE7671ED9F766B96E2616B4
                              SHA-256:1DC6AE111E55054CAC625198A933B4A726C60F3DEAB6A16FC491658FD623F11A
                              SHA-512:0291393ED0671A27AB2C3BBB2A8C0D6EE865F766CF785148D9F0BAA9DEDF1DC3CC3A09FEDDEE6F6FA972BD04C67568F9C8CAC03AF6110B135C8EDCF8DE3CACF6
                              Malicious:false
                              Preview:SessionID=627f0609-08a6-4b3e-87e2-cfcbc94284f5.1732091191511 Timestamp=2024-11-20T03:26:31:511-0500 ThreadID=6812 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=627f0609-08a6-4b3e-87e2-cfcbc94284f5.1732091191511 Timestamp=2024-11-20T03:26:31:514-0500 ThreadID=6812 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=627f0609-08a6-4b3e-87e2-cfcbc94284f5.1732091191511 Timestamp=2024-11-20T03:26:31:514-0500 ThreadID=6812 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=627f0609-08a6-4b3e-87e2-cfcbc94284f5.1732091191511 Timestamp=2024-11-20T03:26:31:514-0500 ThreadID=6812 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=627f0609-08a6-4b3e-87e2-cfcbc94284f5.1732091191511 Timestamp=2024-11-20T03:26:31:514-0500 ThreadID=6812 Component=ngl-lib_NglAppLib Description="SetConf
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):29752
                              Entropy (8bit):5.4164319314341425
                              Encrypted:false
                              SSDEEP:192:0cbgIhPcbocbAIlncb2cbwI/RcbNcbQIVvcbKcbVGIDtcb9:fhWlA/TVWvDG
                              MD5:5C2E94CB7E9A0DBE8A6C4658840B4601
                              SHA1:970C32F277EB6CADF100B544CCCC70E7D0C0E216
                              SHA-256:CA9F9192AB6A827D1DE5EE047C4BD9633EE63453065C6A3A8995702725109F04
                              SHA-512:17CC1F0F24104ED9393869CBB6309AD932E1365A590886C2F4C8985C2E460E37B43C61499314AF3AC0598775D04AD33C061E1F5FEDEAA8D115A9A8779F871537
                              Malicious:false
                              Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                              Category:dropped
                              Size (bytes):386528
                              Entropy (8bit):7.9736851559892425
                              Encrypted:false
                              SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                              MD5:5C48B0AD2FEF800949466AE872E1F1E2
                              SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                              SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                              SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                              Malicious:false
                              Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57837
                              Category:dropped
                              Size (bytes):1419751
                              Entropy (8bit):7.976496077007677
                              Encrypted:false
                              SSDEEP:24576:/gWL07oXGZIZwYIGNPJ5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07c:4WLxXGZIZwZGd3mlind9i4ufFXpAXkrj
                              MD5:6455D4D4FB0840FC05FEC57993FD113B
                              SHA1:E4115E9861BCCD2595E12947BCE232E89F589775
                              SHA-256:7E396DED5CA9391334E4A4C39700F25D6DACEBBD80E63E1D4A19275165523916
                              SHA-512:CC1088CB870FB226929D9B4200112678BD933A648809BE6CD682FE1EF78531EC92E9BE248CB09C7B71E98FDA63EB9BC92F783E54886E75C52185A1B281ABBF44
                              Malicious:false
                              Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                              Category:dropped
                              Size (bytes):758601
                              Entropy (8bit):7.98639316555857
                              Encrypted:false
                              SSDEEP:12288:bWNh3P6+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:C3PDegf121YS8lkipdjMMNB1DofjgJJg
                              MD5:59EE5E2FB56A099CAA8EDFD7AF821ED6
                              SHA1:F5DC4F876768D57B69EC894ADE0A66E813BFED92
                              SHA-256:E100AAAA4FB2B3D78E3B6475C3B48BE189C5A39F73CFC2D22423F2CE928D3E75
                              SHA-512:77A45C89F6019F92576D88AE67B59F9D6D36BA6FDC020419DAB55DBD8492BA97B3DAC18278EB0210F90758B3D643EA8DCF8EC2BD1481930A59B8BB515E7440FE
                              Malicious:false
                              Preview:...........].s..R/c..D@..\......3Z.....E.,...d{.k.~..H3....-......A...<>n.......X..Dp..d......f.{...9&F..........R.UW-..^..zC.kjOUUMm...nW...Z.7.J.R.....=*.R........4..(WCMQ..u]]R...R......5.*..N)].....!.-.d]M....7.......i..rmP...6A.Z .=..~..$C-..}..Mo.T......:._'.S....r.9....6.....r....#...<U@.Iiu..X].T x.j....x...:q.....j]P3......[.5]|..7;.5....^..7(.E..@..s...2..}..j....*...t.5J...6Rf..%P{2T^$Y.V.O9.W...4...\ .5............Q.&j....h.+.u......W...4f]..s..(...:....`.<W_...z*Bs|tF5 NI4.zD..5...u...!........M.0.K%F....,.c.....>R6..i..Am.y.~5..S....M...^......F.&..V...Z.......i....b....V..,.UH"...W...5}A.....KUT..=6jZ.....B...Z...Y(..u...=....x,2..."._Cf.....b...z7..... r..#.r..L9....2...R,..J?&..p..~.....3.=z...w..m..U..%._#<....r.....B.z..G..D.:4m.Z.&.N......</..Dz+.......vn.....;Qhk....!dw...A......3..a..K...).Q.`t[..)].6.%@....v.g.%E>;Z...uz.L..6Ct..O.Eo.O.e..........J.J$...:....K..)......F.....ZWE...z..5..g.io...l2[.,m9X..f......5|:bj[.._R{gi...^
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                              Category:dropped
                              Size (bytes):1407294
                              Entropy (8bit):7.97605879016224
                              Encrypted:false
                              SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw
                              MD5:8B9FA2EC5118087D19CFDB20DA7C4C26
                              SHA1:E32D6A1829B18717EF1455B73E88D36E0410EF93
                              SHA-256:4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
                              SHA-512:662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
                              Malicious:false
                              Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):98682
                              Entropy (8bit):6.445287254681573
                              Encrypted:false
                              SSDEEP:1536:0tlkIi4M2MXZcFVZNt0zfIagnbSLDII+D61S8:03kf4MlpyZN+gbE8pD61L
                              MD5:7113425405A05E110DC458BBF93F608A
                              SHA1:88123C4AD0C5E5AFB0A3D4E9A43EAFDF7C4EBAAF
                              SHA-256:7E5C3C23B9F730818CDC71D7A2EA01FE57F03C03118D477ADB18FA6A8DBDBC46
                              SHA-512:6AFE246B0B5CD5DE74F60A19E31822F83CCA274A61545546BDA90DDE97C84C163CB1D4277D0F4E0F70F1E4DE4B76D1DEB22992E44030E28EB9E56A7EA2AB5E8D
                              Malicious:false
                              Preview:0...u0...\...0...*.H........0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1..240807121815Z..240814121815Z0..~.0!.......0.E....[0...210531000001Z0!...7g...(..^`.x.l...210531000001Z0!...\./M.8..>.f.....210531000001Z0!...*B.Sh...f...s.0..210531000001Z0!..../n...h..7....>..210601000001Z0!....0..>5..aN.u{D..210601000001Z0!...-...qpWa.!n.....210601000001Z0!..."f...\..N.....X..210601000001Z0!...in.H...[u...]....210602000001Z0!......`......._.]...210602000001Z0!...{..e..i......=..210602000001Z0!......S....fNj'.wy..210602000001Z0!......C.lm..B.*.....210602000001Z0!... .}...|.,dk...+..210603000001Z0!...U.K....o.".Rj..210603000001Z0!.....A...K.ZpK..'h..210603000001Z0!.....&}{ ......l..210603000001Z0!...:.m...I.p.;..v..210604000001Z0!...1"uw3..Gou.qg.q..210607000001Z0!...1.o}...c/...-R}..210608000001Z0!................210608000001Z0!...[.N.d............210609000001Z0!......x..i........210610000001Z0!...(... (..#.^.f...210
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):737
                              Entropy (8bit):7.501268097735403
                              Encrypted:false
                              SSDEEP:12:yeRLaWQMnFQlRKfdFfBy6T6FYoX0fH8PkwWWOxPLA3jw/fQMlNdP8LOUa:y2GWnSKfdtw46FYfP1icPLHCfa
                              MD5:5274D23C3AB7C3D5A4F3F86D4249A545
                              SHA1:8A3778F5083169B281B610F2036E79AEA3020192
                              SHA-256:8FEF0EEC745051335467846C2F3059BD450048E744D83EBE6B7FD7179A5E5F97
                              SHA-512:FC3E30422A35A78C93EDB2DAD6FAF02058FC37099E9CACD639A079DF70E650FEC635CF7592FFB069F23E90B47B0D7CF3518166848494A35AF1E10B50BB177574
                              Malicious:false
                              Preview:0...0.....0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G4..240806194648Z..240827194648Z.00.0...U.#..0.......q]dL..g?....O0...U........0...*.H.............vz..@.Nm...6d...t;.Jx?....6...p...#.[.......o.q...;.........?......o...^p0R*.......~....)....i.*n;A.n.z..O~..%=..s..W.4.+........G...*..=....xen$_i"s..\...L..4../<.4...G.....L...c..k@.J.rC.4h.c.ck./.Q-r53..a#.8#......0.n......a.-'..S. .>..xAKo.k.....;.D>....sb '<..-o.KE...X!i.].c.....o~.q........D...`....N... W:{.3......a@....i....#./..eQ...e.......W.s..V:.38..U.H{.>.....#....?{.....bYAk'b0on..Gb..-..).."q2GO<S.C...FsY!D....x..]4.....X....Y...Rj.....I.96$.4ZQ&..$,hC..H.%..hE....
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:ISO-8859 text, with very long lines (3486), with CRLF, CR line terminators
                              Category:dropped
                              Size (bytes):14456
                              Entropy (8bit):4.2098179599164975
                              Encrypted:false
                              SSDEEP:192:gcPqYV/saFlwwR+kMqe8TlZMX1sgUVa3ddMVsuNeMcGdSD9obOUAVlcMudM/Y14e:g7Q/X4kMb0lZ6mgtdHOelGdWaolvsTZ
                              MD5:32FCA302C8B872738373D7CCB1E75FD4
                              SHA1:DA85FAF24ED0ECFD5D69CCFD6286D8B77D7EB4F1
                              SHA-256:CD0DD26304B88C20801FE80B33C49C009E2E5D4411B5D7F83252E1D90CD461C6
                              SHA-512:57F8CC85FAFB15455074431216E47433E50DF5DE74ED74C395B7FF2C433DB7CE06F0A1C1FE1EFDC17229DBC33325D559789F43901556DD1A12963B94F01D5A1F
                              Malicious:false
                              Preview:%PPKLITE-2.1.%......1 0 obj.<</PPK<</AddressBook<</Entries[2 0 R 3 0 R 4 0 R 5 0 R 6 0 R]/NextID 1006/Type/AddressBook>>/Type/PPK/User<</Type/User>>/V 65537>>/Type/Catalog>>.endobj.2 0 obj.<</ABEType 1/Cert<308204A130820389A00302010202043E1CBD28300D06092A864886F70D01010505003069310B300906035504061302555331233021060355040A131A41646F62652053797374656D7320496E636F72706F7261746564311D301B060355040B131441646F6265205472757374205365727669636573311630140603550403130D41646F626520526F6F74204341301E170D3033303130383233333732335A170D3233303130393030303732335A3069310B300906035504061302555331233021060355040A131A41646F62652053797374656D7320496E636F72706F7261746564311D301B060355040B131441646F6265205472757374205365727669636573311630140603550403130D41646F626520526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100CC4F5484F7A7A2E733537F3F9C12886B2C9947677E0F1EB9AD1488F9C310D81DF0F0D59F690A2F5935B0CC6CA94C9C15A09FCE20BFA0CF54E2E02066453F3986387E9CC48E0722C624F60112B035DF55EA6990B
                              File type:PDF document, version 1.3, 3 pages
                              Entropy (8bit):7.950242578442586
                              TrID:
                              • Adobe Portable Document Format (5005/1) 100.00%
                              File name:Resume - Ms. Nilar Htet.pdf
                              File size:1'024'188 bytes
                              MD5:d64856d9a6627005f1ad675e9e3141f1
                              SHA1:ca0ee1e6b68a47370b220595e3cd1a505a4aa709
                              SHA256:76dc5cb613a95b031765b5454c76819f528357ffb85f933088671e0ef73e6bf2
                              SHA512:a270839342b4ad82b0f6142ebf9b89a04f8a4d8f3fde1909158ad0079e3203e619bc88f2547ea33d1bf87f6a516e37f31a61c28d4a2f9c33bb10948002680585
                              SSDEEP:24576:PtfSq3hXGEGxYvQhRezoNaVCLJz8e/EJLqSZIq:PtfSq3h21evKNaVCZ1MgSOq
                              TLSH:8325F160D751503BB9488220B509229B81683DBB78B8EE0109C33D1F5BABFFDEE75D59
                              File Content Preview:%PDF-1.3.%............3 0 obj.<< /Filter /FlateDecode /Length 15362 >>.stream.x...].37r...+t.........2Y... .... .3.;A0. q.....".,v.[ju.....QO........y....^o...}.....s...l..........].../ih.....~...._.3...~..<p.>o..x.....4.W{.....?_...........o...W....]mt.w
                              Icon Hash:62cc8caeb29e8ae0

                              General

                              Header:%PDF-1.3
                              Total Entropy:7.950243
                              Total Bytes:1024188
                              Stream Entropy:7.952476
                              Stream Bytes:1004521
                              Entropy outside Streams:5.124660
                              Bytes outside Streams:19667
                              Number of EOF found:1
                              Bytes after EOF:
                              NameCount
                              obj109
                              endobj108
                              stream55
                              endstream55
                              xref1
                              trailer1
                              startxref1
                              /Page3
                              /Encrypt0
                              /ObjStm0
                              /URI0
                              /JS0
                              /JavaScript0
                              /AA0
                              /OpenAction0
                              /AcroForm0
                              /JBIG2Decode0
                              /RichMedia0
                              /Launch0
                              /EmbeddedFile0

                              Image Streams

                              IDDHASHMD5Preview
                              5000000000000000098f8257a694597cdcc4f034518243d5b
                              9000000000000000073127489431151b8b59c7f60295daef9
                              10000000000000000095434c15917c3b51a14b6c7d965bfc65
                              110000000000000000dc5046b81b4387ffe55f017b436808c9
                              1200000000000000008fe6d6ab88b791422224a62c78a85a61
                              TimestampSource PortDest PortSource IPDest IP
                              Nov 20, 2024 09:26:42.896569014 CET49713443192.168.2.1623.47.168.24
                              Nov 20, 2024 09:26:42.896610975 CET4434971323.47.168.24192.168.2.16
                              Nov 20, 2024 09:26:42.896688938 CET49713443192.168.2.1623.47.168.24
                              Nov 20, 2024 09:26:42.896939039 CET49713443192.168.2.1623.47.168.24
                              Nov 20, 2024 09:26:42.896956921 CET4434971323.47.168.24192.168.2.16
                              Nov 20, 2024 09:26:43.459379911 CET4434971323.47.168.24192.168.2.16
                              Nov 20, 2024 09:26:43.459784985 CET49713443192.168.2.1623.47.168.24
                              Nov 20, 2024 09:26:43.459810019 CET4434971323.47.168.24192.168.2.16
                              Nov 20, 2024 09:26:43.460917950 CET4434971323.47.168.24192.168.2.16
                              Nov 20, 2024 09:26:43.461083889 CET49713443192.168.2.1623.47.168.24
                              Nov 20, 2024 09:26:43.463396072 CET49713443192.168.2.1623.47.168.24
                              Nov 20, 2024 09:26:43.463505983 CET4434971323.47.168.24192.168.2.16
                              Nov 20, 2024 09:26:43.463613987 CET49713443192.168.2.1623.47.168.24
                              Nov 20, 2024 09:26:43.507337093 CET4434971323.47.168.24192.168.2.16
                              Nov 20, 2024 09:26:43.513639927 CET49713443192.168.2.1623.47.168.24
                              Nov 20, 2024 09:26:43.513664961 CET4434971323.47.168.24192.168.2.16
                              Nov 20, 2024 09:26:43.561647892 CET49713443192.168.2.1623.47.168.24
                              Nov 20, 2024 09:26:43.562114000 CET4434971323.47.168.24192.168.2.16
                              Nov 20, 2024 09:26:43.562217951 CET4434971323.47.168.24192.168.2.16
                              Nov 20, 2024 09:26:43.563848972 CET49713443192.168.2.1623.47.168.24
                              Nov 20, 2024 09:26:43.564199924 CET49713443192.168.2.1623.47.168.24
                              Nov 20, 2024 09:26:43.564215899 CET4434971323.47.168.24192.168.2.16
                              TimestampSource PortDest PortSource IPDest IP
                              Nov 20, 2024 09:26:42.476519108 CET5117253192.168.2.161.1.1.1
                              Nov 20, 2024 09:26:56.581393003 CET5721953192.168.2.161.1.1.1
                              Nov 20, 2024 09:27:05.021539927 CET53524061.1.1.1192.168.2.16
                              Nov 20, 2024 09:27:06.590565920 CET5363762162.159.36.2192.168.2.16
                              Nov 20, 2024 09:27:07.077996969 CET53584591.1.1.1192.168.2.16
                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                              Nov 20, 2024 09:26:42.476519108 CET192.168.2.161.1.1.10x3e86Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                              Nov 20, 2024 09:26:56.581393003 CET192.168.2.161.1.1.10x14ecStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                              Nov 20, 2024 09:26:29.969464064 CET1.1.1.1192.168.2.160xf179No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                              Nov 20, 2024 09:26:29.969464064 CET1.1.1.1192.168.2.160xf179No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                              Nov 20, 2024 09:26:42.485065937 CET1.1.1.1192.168.2.160x3e86No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                              Nov 20, 2024 09:26:56.588928938 CET1.1.1.1192.168.2.160x14ecNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                              • armmf.adobe.com
                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              0192.168.2.164971323.47.168.244437088C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              TimestampBytes transferredDirectionData
                              2024-11-20 08:26:43 UTC390OUTGET /onboarding/smskillreader.txt HTTP/1.1
                              Host: armmf.adobe.com
                              Connection: keep-alive
                              Accept-Language: en-US,en;q=0.9
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                              Sec-Fetch-Site: same-origin
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: empty
                              Accept-Encoding: gzip, deflate, br
                              2024-11-20 08:26:43 UTC247INHTTP/1.1 200 OK
                              Server: Apache
                              Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                              ETag: "78-5faa31cce96da"
                              Accept-Ranges: bytes
                              Content-Length: 120
                              Content-Type: text/plain; charset=UTF-8
                              Date: Wed, 20 Nov 2024 08:26:43 GMT
                              Connection: close
                              2024-11-20 08:26:43 UTC120INData Raw: 46 69 6c 65 20 74 68 61 74 20 61 63 74 73 20 6c 69 6b 65 20 61 20 4b 69 6c 6c 20 73 77 69 74 63 68 20 66 6f 72 20 53 4d 53 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 20 69 6e 20 52 65 61 64 65 72 2e 20 44 65 6c 65 74 65 20 74 68 69 73 20 66 69 6c 65 20 74 6f 20 65 6e 61 62 6c 65 20 74 68 65 20 6b 69 6c 6c 20 73 77 69 74 63 68 20 69 6e 20 52 65 61 64 65 72 2e
                              Data Ascii: File that acts like a Kill switch for SMS functionality in Reader. Delete this file to enable the kill switch in Reader.


                              Click to jump to process

                              Click to jump to process

                              Click to dive into process behavior distribution

                              Click to jump to process

                              Target ID:0
                              Start time:03:26:27
                              Start date:20/11/2024
                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Resume - Ms. Nilar Htet.pdf"
                              Imagebase:0x7ff608e00000
                              File size:5'641'176 bytes
                              MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:false

                              Target ID:3
                              Start time:03:26:29
                              Start date:20/11/2024
                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                              Imagebase:0x7ff7d66e0000
                              File size:3'581'912 bytes
                              MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:false

                              Target ID:4
                              Start time:03:26:29
                              Start date:20/11/2024
                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1568 --field-trial-handle=1604,i,7349804857027900102,10984797605832616491,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                              Imagebase:0x7ff7d66e0000
                              File size:3'581'912 bytes
                              MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:false

                              No disassembly