Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
Document 101-116.pdf

Overview

General Information

Sample name:Document 101-116.pdf
Analysis ID:1643500
MD5:09fcd457a331137b2891ac2913680ddb
SHA1:12a0d6a2f1bce37eb214f83c6697d2de54c28bfd
SHA256:a057ba83208be579940254b56ce402625d88c669fee1e4ca93085565dee1f37a
Infos:

Detection

Score:56
Range:0 - 100
Confidence:100%

Signatures

Found potential malicious PDF (bad image similarity)
AI detected landing page (webpage, office document or email)
Suspicious PDF detected (based on various text indicators)
Creates files inside the system directory
Deletes files inside the Windows folder

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 7616 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Document 101-116.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 7804 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 8116 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1596 --field-trial-handle=1592,i,56940659623526008,9426062706914596360,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • chrome.exe (PID: 2072 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://storage.googleapis.com/dlbrautigan/index.html" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 3032 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2024,i,12779079142382512444,18033674228529783655,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2280 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • Phishing
  • Compliance
  • Networking
  • System Summary
  • Hooking and other Techniques for Hiding and Protection

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: PDF documentJoe Sandbox AI: Page contains button: 'VIEW SECURE DOCUMENT' Source: 'PDF document'
Source: PDF documentJoe Sandbox AI: PDF document contains prominent button: 'view secure document'
Source: Adobe Acrobat PDFOCR Text: New Document Received New File Received! PDF You've received (3) new PDF Documents for your review Please click the "View Secure Document" link below and sign in using your email account credentials to view it. VIEW SECURE DOCUMENT
Source: unknownHTTPS traffic detected: 142.251.40.164:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.195
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.195
Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.8
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.24.148
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.24.148
Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJShywEInP7MAQiFoM0BCL7VzgEIgdbOAQjI3M4BCIrgzgEIruTOAQiL5c4BSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.1.drString found in binary or memory: http://x1.i.lencr.org/
Source: Document 101-116.pdfString found in binary or memory: https://storage.googleapis.com/dlbrautigan/index.html)
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownHTTPS traffic detected: 142.251.40.164:443 -> 192.168.2.4:49746 version: TLS 1.2

System Summary

barindex
Source: Document 101-116.pdfStatic PDF information: Image stream: 17
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir2072_528119745Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir2072_528119745Jump to behavior
Source: classification engineClassification label: mal56.phis.winPDF@40/48@3/5
Source: Document 101-116.pdfInitial sample: https://storage.googleapis.com/dlbrautigan/index.html
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-03-19 16-41-02-810.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Document 101-116.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1596 --field-trial-handle=1592,i,56940659623526008,9426062706914596360,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://storage.googleapis.com/dlbrautigan/index.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2024,i,12779079142382512444,18033674228529783655,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2280 /prefetch:3
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1596 --field-trial-handle=1592,i,56940659623526008,9426062706914596360,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2024,i,12779079142382512444,18033674228529783655,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2280 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Document 101-116.pdfInitial sample: PDF keyword /JS count = 0
Source: Document 101-116.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: A9suo4ip_1c60yce_5y0.tmp.0.drInitial sample: PDF keyword /JS count = 0
Source: A9suo4ip_1c60yce_5y0.tmp.0.drInitial sample: PDF keyword /JavaScript count = 0
Source: Document 101-116.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Spearphishing Link		Windows Management Instrumentation1
Browser Extensions		1
Process Injection		11
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1643500 Sample: Document 101-116.pdf Startdate: 19/03/2025 Architecture: WINDOWS Score: 56 20 x1.i.lencr.org 2->20 22 e8652.dscx.akamaiedge.net 2->22 24 2 other IPs or domains 2->24 36 Found potential malicious PDF (bad image similarity) 2->36 38 Suspicious PDF detected (based on various text indicators) 2->38 40 AI detected landing page (webpage, office document or email) 2->40 8 chrome.exe 2 2->8         started        11 Acrobat.exe 18 71 2->11         started        signatures3 process4 dnsIp5 26 192.168.2.13 unknown unknown 8->26 28 192.168.2.23 unknown unknown 8->28 30 192.168.2.4, 138, 443, 49710 unknown unknown 8->30 13 chrome.exe 8->13         started        16 AcroCEF.exe 107 11->16         started        process6 dnsIp7 32 www.google.com 142.251.40.164, 443, 49746, 49757 GOOGLEUS United States 13->32 34 e8652.dscx.akamaiedge.net 23.39.37.95, 49731, 80 AKAMAI-ASUS United States 16->34 18 AcroCEF.exe 2 16->18         started        process8

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		high
    e8652.dscx.akamaiedge.net
    		23.39.37.95
    		truefalse
      		high
      www.google.com
      		142.251.40.164
      		truefalse
        		high
        x1.i.lencr.org
        		unknown
        		unknownfalse
          		high

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhEfalse
            		high
            NameSourceMaliciousAntivirus DetectionReputation
            http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.1.drfalse
              		high

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              142.251.40.164
              		www.google.comUnited States
              		15169GOOGLEUSfalse
              23.39.37.95
              		e8652.dscx.akamaiedge.netUnited States
              		16625AKAMAI-ASUSfalse

              Private

              IP
              192.168.2.4
              192.168.2.13
              192.168.2.23

              General Information

              Joe Sandbox version:42.0.0 Malachite
              Analysis ID:1643500
              Start date and time:2025-03-19 21:40:00 +01:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 5m 27s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:defaultwindowspdfcookbook.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:24
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:Document 101-116.pdf
              Detection:MAL
              Classification:mal56.phis.winPDF@40/48@3/5
              EGA Information:Failed
              HCA Information:
              • Successful, ratio: 100%
              • Number of executed functions: 0
              • Number of non-executed functions: 0
              Cookbook Comments:
              • Found application associated with file extension: .pdf
              • Found PDF document
              • Close Viewer
              • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 23.51.56.185, 23.206.121.41, 23.206.121.57, 52.22.41.97, 3.219.243.226, 3.233.129.217, 52.6.155.20, 172.64.41.3, 162.159.61.3, 23.203.176.221, 199.232.210.172, 142.250.65.163, 142.250.80.91, 142.250.81.251, 142.251.32.123, 142.250.65.187, 142.251.40.251, 142.250.64.123, 142.251.41.27, 142.250.80.59, 142.250.80.27, 142.251.40.219, 142.250.65.219, 142.250.65.251, 172.217.165.155, 142.250.80.123, 142.250.176.219, 142.250.72.123, 142.250.80.14, 142.250.65.174, 172.253.63.84, 23.206.121.36, 23.206.121.49, 142.251.40.110, 142.250.65.206, 142.250.80.46, 142.251.35.170, 142.251.41.10, 142.250.80.74, 142.250.64.74, 142.251.40.106, 142.251.40.138, 142.250.72.106, 142.250.80.106, 142.251.40.202, 142.250.80.42, 142.250.81.234, 142.251.40.170, 142.250.176.202, 142.251.40.234, 142.251.32.106, 142.250.64.106, 142.250.65.238, 142.251.35.174, 142.251.40.206, 199.232.214.172, 142.250.80.78, 142.251.40.131, 142.251.32.110, 142.250.81.227, 142.250.64.110, 142.251.40.238, 142.251.40.142,
              • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, storage.googleapis.com, slscr.update.microsoft.com, clientservices.googleapis.com, acroipm2.adobe.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, wu-b-net.trafficmanager.net, optimizationguide-pa.googleapis.com, clients1.google.com, fs.microsoft.com, accounts.google.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, armmf.adobe.com, clients.l.google.com, geo2.adobe.com
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtOpenFile calls found.

              Simulations

              Behavior and APIs

              TimeTypeDescription
              16:41:12API Interceptor3x Sleep call for process: AcroCEF.exe modified

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              bg.microsoft.map.fastly.netdriver1.exeGet hashmaliciousRHADAMANTHYSBrowse
              • 199.232.210.172
              bpypadkyksfdjjjs.exeGet hashmaliciousQuasarBrowse
              • 199.232.214.172
              bopwadthjjawds.exeGet hashmaliciousQuasarBrowse
              • 199.232.210.172
              mrwipe12312.exeGet hashmaliciousLummaC StealerBrowse
              • 199.232.210.172
              mrwipe12312.exeGet hashmaliciousLummaC StealerBrowse
              • 199.232.214.172
              VM Transcript Caller Left (2) CALL-MSG (010758Secs) 0dca046e198529fd52f5c8ffd061f84a.msgGet hashmaliciousUnknownBrowse
              • 199.232.214.172
              http://u1.tweeddisparity.shopGet hashmaliciousUnknownBrowse
              • 199.232.210.172
              SecuriteInfo.com.Win64.CrypterX-gen.8376.19365.exeGet hashmaliciousLummaC StealerBrowse
              • 199.232.214.172
              http://thetollroads.com-z1m5.cyouGet hashmaliciousUnknownBrowse
              • 199.232.214.172
              fattura_AR00881673_pdf.vbsGet hashmaliciousGuLoaderBrowse
              • 199.232.210.172
              e8652.dscx.akamaiedge.netprocessed-ach-remittance-031925 (2).pdfGet hashmaliciousUnknownBrowse
              • 2.19.105.127
              DTG.pdfGet hashmaliciousUnknownBrowse
              • 72.246.169.163
              Munsch-Employee-Handbook.pdfGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
              • 23.209.209.135
              doc Pg 2A gmt_5057363908.pdfGet hashmaliciousHTMLPhisherBrowse
              • 23.192.153.142
              Yasmine Hilal W2, 401(k).pdfGet hashmaliciousUnknownBrowse
              • 23.192.153.142
              virus.pdfGet hashmaliciousHTMLPhisherBrowse
              • 92.123.21.129
              Emarine System Contact Update.pdfGet hashmaliciousHTMLPhisherBrowse
              • 2.19.105.127
              1099-NEC.pdfGet hashmaliciousRHADAMANTHYSBrowse
              • 23.209.213.129
              1099-NEC.pdfGet hashmaliciousUnknownBrowse
              • 23.209.209.135
              resume.pdfGet hashmaliciousUnknownBrowse
              • 23.209.213.129

              ASNs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              AKAMAI-ASUSotohjsejdwear.exeGet hashmaliciousLummaC StealerBrowse
              • 23.204.10.89
              jkse.mips.elfGet hashmaliciousUnknownBrowse
              • 72.246.93.122
              mrwipe12312.exeGet hashmaliciousLummaC StealerBrowse
              • 23.204.10.89
              jkse.ppc.elfGet hashmaliciousUnknownBrowse
              • 173.223.114.164
              m68k.elfGet hashmaliciousUnknownBrowse
              • 23.36.238.98
              jklspc.elfGet hashmaliciousUnknownBrowse
              • 96.16.0.162
              Message.emlGet hashmaliciousUnknownBrowse
              • 2.19.122.209
              nklsh4.elfGet hashmaliciousUnknownBrowse
              • 23.59.229.152
              splsh4.elfGet hashmaliciousUnknownBrowse
              • 23.57.24.58
              splx86.elfGet hashmaliciousUnknownBrowse
              • 2.19.26.87

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:ASCII text
              Category:dropped
              Size (bytes):292
              Entropy (8bit):5.181963598381839
              Encrypted:false
              SSDEEP:6:iOG5eIq2Pwkn2nKuAl9OmbnIFUto5CBZmwC5CbkwOwkn2nKuAl9OmbjLJ:7G5eIvYfHAahFUto5CB/C5Cb5JfHAaSJ
              MD5:C7F70E1D881C70C897AD4E3915187241
              SHA1:283A94A22C029C8442638F7F0DB886A66CCF23C2
              SHA-256:C2237BE6AB6D2E0EAA2694B5DB25BEA9254C4083FC443699A0507FFEC0AA5EEB
              SHA-512:441B34BFE59734A6E76BD0AD88DD1968435610C8826912C08E9E87D966BC3CCB83A56581054E70584739AA7DEC2F895036189D2A1D3961B2EBA6F37A4F5E38FF
              Malicious:false
              Reputation:low
              Preview:2025/03/19-16:41:01.233 1eb0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/03/19-16:41:01.235 1eb0 Recovering log #3.2025/03/19-16:41:01.235 1eb0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:ASCII text
              Category:dropped
              Size (bytes):292
              Entropy (8bit):5.181963598381839
              Encrypted:false
              SSDEEP:6:iOG5eIq2Pwkn2nKuAl9OmbnIFUto5CBZmwC5CbkwOwkn2nKuAl9OmbjLJ:7G5eIvYfHAahFUto5CB/C5Cb5JfHAaSJ
              MD5:C7F70E1D881C70C897AD4E3915187241
              SHA1:283A94A22C029C8442638F7F0DB886A66CCF23C2
              SHA-256:C2237BE6AB6D2E0EAA2694B5DB25BEA9254C4083FC443699A0507FFEC0AA5EEB
              SHA-512:441B34BFE59734A6E76BD0AD88DD1968435610C8826912C08E9E87D966BC3CCB83A56581054E70584739AA7DEC2F895036189D2A1D3961B2EBA6F37A4F5E38FF
              Malicious:false
              Reputation:low
              Preview:2025/03/19-16:41:01.233 1eb0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/03/19-16:41:01.235 1eb0 Recovering log #3.2025/03/19-16:41:01.235 1eb0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:ASCII text
              Category:dropped
              Size (bytes):336
              Entropy (8bit):5.195118458039982
              Encrypted:false
              SSDEEP:6:iOG57gq2Pwkn2nKuAl9Ombzo2jMGIFUto5UUOZmwC59bkwOwkn2nKuAl9Ombzo23:7G57gvYfHAa8uFUto58/C5l5JfHAa8RJ
              MD5:DC4F09B9591CEF6008B5CBFC45EE522C
              SHA1:29CCA0FA7377AB5B607B9AE9D69B1786A3B07431
              SHA-256:D6D7EF5C29F209EB650C89F2F987C4B63E0384B4CF9873C8B3C36819393BD0DD
              SHA-512:8776D2040C448B782408390854CCFE753576A2411144A07BD2B28E15B4D5AD62641856DCDCB2F459A06F0EDB8C1F8C44C7ED677FA3E3F611087D5D7387A84BBA
              Malicious:false
              Reputation:low
              Preview:2025/03/19-16:41:01.081 1fc0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/03/19-16:41:01.086 1fc0 Recovering log #3.2025/03/19-16:41:01.087 1fc0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:ASCII text
              Category:dropped
              Size (bytes):336
              Entropy (8bit):5.195118458039982
              Encrypted:false
              SSDEEP:6:iOG57gq2Pwkn2nKuAl9Ombzo2jMGIFUto5UUOZmwC59bkwOwkn2nKuAl9Ombzo23:7G57gvYfHAa8uFUto58/C5l5JfHAa8RJ
              MD5:DC4F09B9591CEF6008B5CBFC45EE522C
              SHA1:29CCA0FA7377AB5B607B9AE9D69B1786A3B07431
              SHA-256:D6D7EF5C29F209EB650C89F2F987C4B63E0384B4CF9873C8B3C36819393BD0DD
              SHA-512:8776D2040C448B782408390854CCFE753576A2411144A07BD2B28E15B4D5AD62641856DCDCB2F459A06F0EDB8C1F8C44C7ED677FA3E3F611087D5D7387A84BBA
              Malicious:false
              Reputation:low
              Preview:2025/03/19-16:41:01.081 1fc0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/03/19-16:41:01.086 1fc0 Recovering log #3.2025/03/19-16:41:01.087 1fc0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):474
              Entropy (8bit):4.972275201446597
              Encrypted:false
              SSDEEP:12:YH/um3RA8sqF+sBdOg2HTcaq3QYiubInP7E4T3y:Y2sRdsYdMHq3QYhbG7nby
              MD5:9DFBB49B44FBB261C1B6A1A19DD829A6
              SHA1:2D3102E041A87218689F4000853E10E33DF4236A
              SHA-256:FFB5F23583F533D066800C32F4A37B48DD127659AB8A2327AB3F76B7ED794EE7
              SHA-512:0C2C1DD563FFA117D378A9CF0F4FF291B71BCF1CC1E2926A3264718E166E461B1F45F2E719B2C11CD8EC6900C86705C5663120CDAEE3E4F4716B60259B85BE14
              Malicious:false
              Reputation:low
              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13386976872707213","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":95926},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\ccb81a32-6087-4ffa-bfc7-0f76f6ec2af5.tmp

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:JSON data
              Category:modified
              Size (bytes):474
              Entropy (8bit):4.972275201446597
              Encrypted:false
              SSDEEP:12:YH/um3RA8sqF+sBdOg2HTcaq3QYiubInP7E4T3y:Y2sRdsYdMHq3QYhbG7nby
              MD5:9DFBB49B44FBB261C1B6A1A19DD829A6
              SHA1:2D3102E041A87218689F4000853E10E33DF4236A
              SHA-256:FFB5F23583F533D066800C32F4A37B48DD127659AB8A2327AB3F76B7ED794EE7
              SHA-512:0C2C1DD563FFA117D378A9CF0F4FF291B71BCF1CC1E2926A3264718E166E461B1F45F2E719B2C11CD8EC6900C86705C5663120CDAEE3E4F4716B60259B85BE14
              Malicious:false
              Reputation:low
              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13386976872707213","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":95926},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:data
              Category:dropped
              Size (bytes):4730
              Entropy (8bit):5.2515693832659744
              Encrypted:false
              SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7TB84n8HZ:etJCV4FiN/jTN/2r8Mta02fEhgO73go6
              MD5:751EE1D70E65C40E08C8237BB162B5EE
              SHA1:6D91AD827B1264D2B652A21B12B92DBB7C17495D
              SHA-256:29E4D9260F57811596BCB339271174016CFB150E904161418AE7F6082C182EFB
              SHA-512:BD0EC014AA80D7F5A9DF08E367E8676E04D23BA906583AC06E26E5562C4885F6BBC6A264BB3CF162D73C331D2D2317DFF3586F318A334B66281A744A2F3A80EA
              Malicious:false
              Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:ASCII text
              Category:dropped
              Size (bytes):324
              Entropy (8bit):5.174524085387498
              Encrypted:false
              SSDEEP:6:iOG5xGVOq2Pwkn2nKuAl9OmbzNMxIFUto57ZmwC5mbkwOwkn2nKuAl9OmbzNMFLJ:7G5xvvYfHAa8jFUto57/C5mb5JfHAa8E
              MD5:FE3A58291DB8EBCC43EFD5CF1817EFFD
              SHA1:B39CA2A20B5054BB8C97690133B78A716175809D
              SHA-256:77D1D7D254034D8BC6760B5AD227D391939E61FC1BA78BE601E2BD5BD7C361BE
              SHA-512:85BC3B301A22E07553C97E48DBDABA2EB663DD1FC5E832F7217EB5B049038AF3533DFD4EAF0D014B015FE9B2F77AC4B5E8DA27CE22A5DD5A1F731EEDABB6299C
              Malicious:false
              Preview:2025/03/19-16:41:01.305 1fc0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/03/19-16:41:01.308 1fc0 Recovering log #3.2025/03/19-16:41:01.310 1fc0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:ASCII text
              Category:dropped
              Size (bytes):324
              Entropy (8bit):5.174524085387498
              Encrypted:false
              SSDEEP:6:iOG5xGVOq2Pwkn2nKuAl9OmbzNMxIFUto57ZmwC5mbkwOwkn2nKuAl9OmbzNMFLJ:7G5xvvYfHAa8jFUto57/C5mb5JfHAa8E
              MD5:FE3A58291DB8EBCC43EFD5CF1817EFFD
              SHA1:B39CA2A20B5054BB8C97690133B78A716175809D
              SHA-256:77D1D7D254034D8BC6760B5AD227D391939E61FC1BA78BE601E2BD5BD7C361BE
              SHA-512:85BC3B301A22E07553C97E48DBDABA2EB663DD1FC5E832F7217EB5B049038AF3533DFD4EAF0D014B015FE9B2F77AC4B5E8DA27CE22A5DD5A1F731EEDABB6299C
              Malicious:false
              Preview:2025/03/19-16:41:01.305 1fc0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/03/19-16:41:01.308 1fc0 Recovering log #3.2025/03/19-16:41:01.310 1fc0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250319204105Z-208.bmp

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
              Category:dropped
              Size (bytes):71190
              Entropy (8bit):0.7446812502934657
              Encrypted:false
              SSDEEP:96:69oa666666666666sRIX2ihL9fENSMMMMMZMW9MBMHqdOaMv7R/:k666666666666CI3Q/
              MD5:C5E1F1F5EE2542E952657017F1B1C8CD
              SHA1:3AA1749BD5400D8040A8CCED0276F118DF418E22
              SHA-256:EEF1E60A8A0DBB479F228B1F30E03FCBD14FEA8CE25BD033CE875154AB9940F9
              SHA-512:D02B0A1EFEA62946F25340679F30F7A4E98E3271BA160260795C9047A788FDC43C8225DC067467EB3C3EB9DE1AC301CDD1631EFEB1DA751860D40BA868BD4F46
              Malicious:false
              Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
              Category:dropped
              Size (bytes):86016
              Entropy (8bit):4.4451004460532255
              Encrypted:false
              SSDEEP:384:yezci5t+iBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rRs3OazzU89UTTgUL
              MD5:501712A7C4B5F7B332710B04815D95C9
              SHA1:BB6DA5639CAEFDE1403F9E566C2AA2F73DDFABB4
              SHA-256:3CD053E70FD1000980F2D3BD8694DDFA08988629617F3CD32516CF4FE8830887
              SHA-512:60E6E9226A0B953A150DA695F99870A74392B4EFFB6065E46C292EF81EB8540DE8DF9E2CF5D1C5628290FF69D572FA8507BDB79C1454653426D51216A5162EE1
              Malicious:false
              Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:SQLite Rollback Journal
              Category:dropped
              Size (bytes):8720
              Entropy (8bit):3.773560837029423
              Encrypted:false
              SSDEEP:48:7MRYcp/E2ioyVVioy9oWoy1Cwoy1JKOioy1noy1AYoy1Wioy1hioybioyxoy1noS:789pjuVF4XKQs/b9IVXEBodRBkt
              MD5:2EB637452D40F6A032D113A40F0CEEE1
              SHA1:632C0681A9FE3E14BE122965C0544C430F618529
              SHA-256:E570118A6C37C98409B8846DA0FC6F5A8D51D56334E2CB17EBAD156544B1DA73
              SHA-512:AA9870EA6D9E9D2A1CABC995BF245DFE07BEE6BF6295519D0038BEFD6838AFB14DD2D9AE29BCFB5278BB2AFFC6F5A19C2A21C65FDBA546B076FBFAE5506F02AD
              Malicious:false
              Preview:.... .c......o.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:Certificate, Version=3
              Category:dropped
              Size (bytes):1391
              Entropy (8bit):7.705940075877404
              Encrypted:false
              SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
              MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
              SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
              SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
              SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
              Malicious:false
              Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 73305 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
              Category:dropped
              Size (bytes):73305
              Entropy (8bit):7.996028107841645
              Encrypted:true
              SSDEEP:1536:krha8mqJ7v3CeFMz/akys7nSTK7QMuK+C/Oh5:kAOFq+Mba9Ok7C/O/
              MD5:83142242E97B8953C386F988AA694E4A
              SHA1:833ED12FC15B356136DCDD27C61A50F59C5C7D50
              SHA-256:D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755
              SHA-512:BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10
              Malicious:false
              Preview:MSCF....Y.......,...................I.................;Za. .authroot.stl.98.?.6..CK..<Tk......4..c... .Ec...U.d.d.E&I.DH*..M.KB."..rK.RQ*..}f..f...}..1....9...........$.8q..fa...7.o.1.0...bfsM4.........u..l..0..4.a.t....0.....6#....n. :... ....%.,CQ5uU..(.3.<7#.0..JN.$...=j|w..*.#.oU..Eq[..P..^..~.V...;..m...I|...l..@-W..=.QQ.._./.M.nZ..(.........`.$Z.9wW:W.]..8*E.......I.D{..n...K:.m..^.(.S.......c..s.y..<...2.%o.o.....H.B.R.....11.|!.(...........h.SZ........<...^....Z>.Pp?... .pT@p.#.&..........#VEV=.....p........y..."T=l.n..egf.w..X.Y..-G...........KQ.]...pM..[m..-6.wd:........T...:.P5Zs....c.oT`..F1#......EuD.......7....V ..-....!.N..%S...k...S. ...@.J..../..b!B.(=\../.l......`.\...q9..>4!b..8EH.....zdy.....#...X>%0w...i.,>c.z.g"p.S..2W.+mMs.....5Def.....#._D.4....>}...i...\.&`D.......z;..ZY.3.+t.`....z_.q'w.z.)..j3.+.co.s..:.........qK...{...E....uPO...#vs.XxH.B!..(t. 8k+.....G\..?..GF8....'..w.>.ms..\ve.nFN..W)....xi..u..5.f.l....

              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:data
              Category:dropped
              Size (bytes):192
              Entropy (8bit):2.7457468364538267
              Encrypted:false
              SSDEEP:3:kkFklOkklfllXlE/HT8kkHlhlXNNX8RolJuRdxLlGB9lQRYwpDdt:kKXtmT8h7NMa8RdWBwRd
              MD5:21C40953166521A49271D20389F0F85C
              SHA1:1B2F2D1F7F749BC74A07AD7989832D9A17CB0976
              SHA-256:0DB33D6E68E5635AAFD7C0A18B079EBDFD2786A7866EAA1477854D3DB85835FC
              SHA-512:2BF8FE1EC56B3C1B25554977469EA948DDC95A5F6617B91351FCD85C170E1261D9AB301CEDB5417B193ABB8C9ADE5466002DFC942CB587DEC15A15F3E5655D7F
              Malicious:false
              Preview:p...... ........}v.@....(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:data
              Category:modified
              Size (bytes):330
              Entropy (8bit):3.267350459382745
              Encrypted:false
              SSDEEP:6:kKvpsrmcQRnSN+SkQlPlEGYRMY9z+4KlDA3RUeqpGVuys1:3UmfZkPlE99SNxAhUeq8S
              MD5:445CD66C0BD9A6E4FE8B1D484A37B96B
              SHA1:0BA2BD3BE12C44D9FB3A35276769408F03FAF3BB
              SHA-256:6D3A74F2BDFEBF2D18C21E7FFD9B82FBFE7166B33EC7E68B5A099D1ABD9F826F
              SHA-512:CFFAB18B7690D7E7D9A71571DD342B29EC906CB57BF76BC0E34755114CF33D5C69FAF64494BADE984524A55CF0D64C86AFC9957C247A0B8969C0D1D971F0C75E
              Malicious:false
              Preview:p...... .........3.d....(....................................................... ..................(....c*.....Y...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.4.2.7.f.6.c.2.b.7.8.7.d.b.1.:.0."...

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:data
              Category:dropped
              Size (bytes):243196
              Entropy (8bit):3.3450692389394283
              Encrypted:false
              SSDEEP:1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
              MD5:F5567C4FF4AB049B696D3BE0DD72A793
              SHA1:EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
              SHA-256:D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
              SHA-512:E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
              Malicious:false
              Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):295
              Entropy (8bit):5.382353792526338
              Encrypted:false
              SSDEEP:6:YEQXJ2HX4JsdToH9VoZcg1vRcR0YWXKoAvJM3g98kUwPeUkwRe9:YvXKX4EoHEZc0v35GMbLUkee9
              MD5:74A546F617F9AE20BF2CC97340664CA1
              SHA1:B8070325CE36117DC4568DDAE145D918BE687FB3
              SHA-256:D534EC4B0BDBD3A17321875D503660539B7EB6A3EB77D0197DD7FD287B2D6241
              SHA-512:DE8F67DC627BAD8C2E9690AF7E6D4223372937021F3A42025E69A03972E107FE5D87433885C1C805E6FB7684DD91F042777BF9F54FE9B4DFCC18BC64AA417FA9
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"327c137b-da8d-418d-af25-2f3181320a2f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1742590312556,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):294
              Entropy (8bit):5.333098239478
              Encrypted:false
              SSDEEP:6:YEQXJ2HX4JsdToH9VoZcg1vRcR0YWXKoAvJfBoTfXpnrPeUkwRe9:YvXKX4EoHEZc0v35GWTfXcUkee9
              MD5:B80CE0F7BB1D75937F80803EF7E5EB11
              SHA1:D5FC866D8AC49FB9E47E2FC8023A8E3034F21C29
              SHA-256:003AA07F2A3BF32EBBDEF1854EEDD3BFE2A97758823CB7C76FBECFDA77AC5732
              SHA-512:EDA3C9C149DF86A9057CC348693215BFFA037EC31AC5E3CD44DD37356A6B79E871E9D5341546F1AF0FAF890633CF38218CBE5C58461EDFBB28F48D78D2B6057D
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"327c137b-da8d-418d-af25-2f3181320a2f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1742590312556,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):294
              Entropy (8bit):5.311497558346431
              Encrypted:false
              SSDEEP:6:YEQXJ2HX4JsdToH9VoZcg1vRcR0YWXKoAvJfBD2G6UpnrPeUkwRe9:YvXKX4EoHEZc0v35GR22cUkee9
              MD5:2840675BF5264F1DC78CE9B676C4E4A0
              SHA1:EC4576D3CF622F87E4103FDBF061C60792F42EBC
              SHA-256:593B544FE44EF326D5F5E4AE5A99CE2F706981BC98FB1DFF06C5D0AA50573019
              SHA-512:C02748BD529E79C4190B7CE5E78AE0D11FA7E4607637EF5D22A9131E4BED9798A3B8A1A8EF70E40EC8E75DD18C9D1EA25E613ED360ECCD7E8FCB7F40F4711FCA
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"327c137b-da8d-418d-af25-2f3181320a2f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1742590312556,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):285
              Entropy (8bit):5.3700306287639235
              Encrypted:false
              SSDEEP:6:YEQXJ2HX4JsdToH9VoZcg1vRcR0YWXKoAvJfPmwrPeUkwRe9:YvXKX4EoHEZc0v35GH56Ukee9
              MD5:215FC6255E4EA4AE9BA2B070A4B7EC92
              SHA1:A0BCFA8C99C913D5ED9A661F10C589ECB87EBBAC
              SHA-256:1C5CABFA41202AACB2D1A0C6E6B86B722D3FE626FBEDE8170B422F3E10E1986C
              SHA-512:3F132764CA7F823BA7EEA57C32F1B3B5C93F9D2775AC25CAD9AE7A5D5713B7956B87DCA9B754D9E7901350782D9FB59928569BC9EA9625CDD4EC9C6352C488C3
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"327c137b-da8d-418d-af25-2f3181320a2f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1742590312556,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):2113
              Entropy (8bit):5.845607307705662
              Encrypted:false
              SSDEEP:24:Yv6XTqEzv3epLgEGycjycR84bNerISIedJGWQxiE5iODneLKnlYMfNcQbpEsrArx:YvK/ehgly48Y/TWCjiOumNcvKOrkUj
              MD5:0F58FD7C597F5BD0287873C065F07DF5
              SHA1:573E8BFF648B038206F4DCB1396EF5B30A17D1F4
              SHA-256:A710F0A3C90EE5A0EF65C591DF9908B0B0D654ACA7AAFC83D0353E1E468EBE0D
              SHA-512:6F6EB7B277BFD2CC1F29F580BB6952E0063486F5D533F669995E13E302A68389C777818BD43806A45EB7F1B1EA44D0D91AD235F663A340213E9F7EB2A23CB692
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"327c137b-da8d-418d-af25-2f3181320a2f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1742590312556,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_1","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"5a9d1955-ab74-4b89-837a-074b702313c0","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2NvbnZlcnQiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRXhwb3J0IFBERnMgdG8gTWljcm9zb2Z0IFdvcmQgYW5kIEV4Y2VsLiIsImN0YUxhYmVsIjpudWxsLCJjdGFCZWhhdmlvciI6bnVsbCwiY3RhVXJsIjpudWxsLCJjdGFVcmxUeXBlIjpudWxsLC

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):289
              Entropy (8bit):5.3164712197287285
              Encrypted:false
              SSDEEP:6:YEQXJ2HX4JsdToH9VoZcg1vRcR0YWXKoAvJf8dPeUkwRe9:YvXKX4EoHEZc0v35GU8Ukee9
              MD5:2798C6F476D68C7C11A1FF7F115F6666
              SHA1:37A8B3A2EA30ABB6759FAD0F35049AF9110F6235
              SHA-256:3F3B7EC5598BE811B5F2BE23194898969DBBD5C01EFEA8C2D3B40449A7924F87
              SHA-512:9EA8977C8D8F85F9D1B2AACED883036236FDD5B102B5F03C238524C24609D1DD738BEED736DAFC9797375B7F303C5F63B02E367EACB17E8593F21404B2BB05BE
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"327c137b-da8d-418d-af25-2f3181320a2f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1742590312556,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):292
              Entropy (8bit):5.321093226665042
              Encrypted:false
              SSDEEP:6:YEQXJ2HX4JsdToH9VoZcg1vRcR0YWXKoAvJfQ1rPeUkwRe9:YvXKX4EoHEZc0v35GY16Ukee9
              MD5:C972360E060935692C718D513B763870
              SHA1:78C957180E19F3D628C3DD2A5DA028CC80D7EAF1
              SHA-256:EADBEF5E6F9C96079D0A67656537E7E3B8B6B970109802A5776C087986F235C7
              SHA-512:BD2856F00EFFFAECE96A2B532E898C7812813AC3E23A500971E0119400E8B37A86D85B09182F9C056689E65664009841F2AC9DC70509212EC928AAD2D2FD0471
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"327c137b-da8d-418d-af25-2f3181320a2f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1742590312556,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):2064
              Entropy (8bit):5.827820203748072
              Encrypted:false
              SSDEEP:48:YvK/NogbN48l/GiyLVzyODRHKOkQDcSmjWAj:GyOg54Y/IVO4QOkQoSmb
              MD5:E86644727B1186F12B1772A9B9DCB69C
              SHA1:8909473984E35CCB571C3A1F65617EABB79AE426
              SHA-256:32EE4905E77C2E3FA4C325118DBC571F81C10E9505CECFFA994099FD1E1E5E17
              SHA-512:2339888F46A1B6C8504891A0EAD13B023EE75436297C8B8C8F25F80525FF97F88C492CABAEAC2AA27B812FF09256F54E0BB9EA0B029BEC2CF0E05480170788CB
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"327c137b-da8d-418d-af25-2f3181320a2f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1742590312556,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_2","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"164bf29d-ee04-491c-adf2-c0bfeedb2d1b","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2VkaXQiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjpudWxsLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJhY2tpbmdJZCI6bnVsbCwiX21ldGFkYXRhIjp7InN0cmluZ01ldGFkYXRhIjp

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):295
              Entropy (8bit):5.341487349396256
              Encrypted:false
              SSDEEP:6:YEQXJ2HX4JsdToH9VoZcg1vRcR0YWXKoAvJfzdPeUkwRe9:YvXKX4EoHEZc0v35Gb8Ukee9
              MD5:2F96F18703AC721B6D1A7F0D0070FCE6
              SHA1:77D2DD42FC874D984ADCA452BCBB819E24BF41C6
              SHA-256:4A8058315665516A164D5E9C98D334FFC240D2229BDE7D298BA1CBBEE1D5C1C1
              SHA-512:3350FE9EFB1969A263E17095FCE63D0DEDAECF674A9F4C9608B29A5D06213B0567D367E1EEE31EC666DD5862A83C22C258D1C192FCEDB543FD0AF1884414AFE3
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"327c137b-da8d-418d-af25-2f3181320a2f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1742590312556,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):289
              Entropy (8bit):5.322867885857234
              Encrypted:false
              SSDEEP:6:YEQXJ2HX4JsdToH9VoZcg1vRcR0YWXKoAvJfYdPeUkwRe9:YvXKX4EoHEZc0v35Gg8Ukee9
              MD5:69E68DFF4C78C7828E370BEDC2E95B68
              SHA1:3C6C3EB3C254EDDF49F81502AC13AC3400C01D4E
              SHA-256:73CFD277E6FD2477C946C4DE4155259064146BEE96BCD7BE8E1E71E45ADC64E0
              SHA-512:C7ACBA92F80283767942BA3472FB1F9BFE306095152A0877600F55B0B056B3D2385F47D4D1869A7F92A3E1C014E15D166159241ADE60C59534D68929AD8ED7B2
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"327c137b-da8d-418d-af25-2f3181320a2f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1742590312556,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):284
              Entropy (8bit):5.309003160771313
              Encrypted:false
              SSDEEP:6:YEQXJ2HX4JsdToH9VoZcg1vRcR0YWXKoAvJf+dPeUkwRe9:YvXKX4EoHEZc0v35G28Ukee9
              MD5:273591D11B2B4660D93BA84DCE1AF46B
              SHA1:EB463939C19FD7B5E1FC1B300E0E61892E8F6E89
              SHA-256:5D54F0D05D9A702D669AED452B3F9B5324230E0E8B2A63A1427740461FFD4B76
              SHA-512:FEE38A6A3CB98B8CF70FBC87207E2653E309AEA118DAFD5726FB00AA85A4AEC2CF77E5F6B0EFEA819D0F39432C84432DC87DB148BBE1088CAA6A6890E270AE3C
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"327c137b-da8d-418d-af25-2f3181320a2f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1742590312556,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):291
              Entropy (8bit):5.306257815930704
              Encrypted:false
              SSDEEP:6:YEQXJ2HX4JsdToH9VoZcg1vRcR0YWXKoAvJfbPtdPeUkwRe9:YvXKX4EoHEZc0v35GDV8Ukee9
              MD5:3406E7B2736C7D08585E892B97AEC2B1
              SHA1:5BA7483E88B4A4F5BDAD9A59D0E217258038CE96
              SHA-256:0D13D4760A93B39BBD2E2CA3F5F6CC395048E90852E7E210E9BC889B3FC4DDEA
              SHA-512:B3EF3B91F71BA09A5D066204DC6A8C379E3CC376E36999E8AF7E6749548886F798B33B10D7B54EECC9E6C3A79E043BB04AAFB3AC5741244555A9881ED09E5737
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"327c137b-da8d-418d-af25-2f3181320a2f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1742590312556,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):287
              Entropy (8bit):5.311521659843853
              Encrypted:false
              SSDEEP:6:YEQXJ2HX4JsdToH9VoZcg1vRcR0YWXKoAvJf21rPeUkwRe9:YvXKX4EoHEZc0v35G+16Ukee9
              MD5:DFB8AE82544C069B2A54F00AAEEEB63E
              SHA1:EA20E08BFF434E5309D7C86127EC9435ACDAC9E7
              SHA-256:25B6E642477EA5F201B96F053B3BB064599292B49F7E6548F10C45F0AE858432
              SHA-512:0BB9551327DDADDA5F68AB0396371C555073FF7BF93E40656002C525985931691A53277E100DCD2E043F466E0F9E4318BCAB7130C5894FC883594EEBD2AAFBD8
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"327c137b-da8d-418d-af25-2f3181320a2f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1742590312556,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):2012
              Entropy (8bit):5.840793426627291
              Encrypted:false
              SSDEEP:24:Yv6XTqEzv3CamXayLgEdycgNaLcR84bqerISIQ1iyLPZYMWD8W3V1LFnU6QHlOBI:YvK/cBgBG48j/SiyLVWOAI13kUj
              MD5:CB812A3B51AF0514AE794CB9CEC88BE7
              SHA1:B61BCA7886A87F891FAFEE6C02E62DCF54391E92
              SHA-256:D5DB92CFA60E53154756DE1FA9E983D1E1370F1C207386D7B39DAFB85F5033C6
              SHA-512:1BF54E27D597BF721C28B73DE971A7566B60906402F8EAF1257BCCA86A6AA83F2561A499E08F281187684F83BF7DA5E3300465A378E172474AC61718774871C6
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"327c137b-da8d-418d-af25-2f3181320a2f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1742590312556,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_0","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"339c0ba6-2e61-4622-82f6-f07787d206b8","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL3NpZ24iLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRWFzaWx5IGZpbGwgYW5kIHNpZ24gUERGcy4iLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJhY2tpbmdJZCI6bnVsbCwiX21ldGF

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):286
              Entropy (8bit):5.285490607597329
              Encrypted:false
              SSDEEP:6:YEQXJ2HX4JsdToH9VoZcg1vRcR0YWXKoAvJfshHHrPeUkwRe9:YvXKX4EoHEZc0v35GUUUkee9
              MD5:27B772ECC836F0FFDF44F7A255FD2876
              SHA1:3B0B72F88527289E5E37CB681D111C678B1A62DF
              SHA-256:1ACA1AB024312AE29FBDB5B711C417B87C94B49FEEF2CB912D57E3843C15C9BC
              SHA-512:17BB2099E76ECE689F321FBF4C78A2850723EBF2D1920BC8FEDE39DF9E10A414E61472EEB990336D548B47E6EE38CD5CD061ED2B9B535D42C0FFA020C54016D9
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"327c137b-da8d-418d-af25-2f3181320a2f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1742590312556,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):282
              Entropy (8bit):5.290195151168575
              Encrypted:false
              SSDEEP:6:YEQXJ2HX4JsdToH9VoZcg1vRcR0YWXKoAvJTqgFCrPeUkwRe9:YvXKX4EoHEZc0v35GTq16Ukee9
              MD5:ACDD12844A2E8AF127D9004374C4B94A
              SHA1:20390A8CB6E6DACDED3417EABBC20CD6B631A78D
              SHA-256:81AC22A6B407401F56C6C8944208408C3A20A622F7784DB086189689B2437428
              SHA-512:0F4E46764437DAE999CF9C2BE6C50DF24949A17198AC8F4AD6934CCDE4C4F848CADA12A0CDFBD4DCEBAAC86E14146D77D4325659C8A66294BB80FCB75FDC3441
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"327c137b-da8d-418d-af25-2f3181320a2f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1742590312556,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:data
              Category:dropped
              Size (bytes):4
              Entropy (8bit):0.8112781244591328
              Encrypted:false
              SSDEEP:3:e:e
              MD5:DC84B0D741E5BEAE8070013ADDCC8C28
              SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
              SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
              SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
              Malicious:false
              Preview:....

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):2815
              Entropy (8bit):5.145983630232527
              Encrypted:false
              SSDEEP:24:YGM311arHnaylC3cJPfFLZNaR5Avg35NgjLj0SoZNo2l1q2LSyChFsLdDb66JZP0:YGM3aO3y1tNS5ERnwy/susLdDGcKl9sK
              MD5:BDCA09D9511A891C549038476F192F12
              SHA1:A9CAEFAAD0156DBA773686214BAFA156DC2B0540
              SHA-256:EFA212ED7C7F9318635365C082A3CD1DAF463C200BF6F291BB5D821B83114624
              SHA-512:0713E85CCB80B6301E90ACE2807D0DDDEB458F43FD14719AC8402B71BFC2C1E1616CE761AA6C79172BA26589B8B0FC781B467D5F5FB5C17DEB61FF4BFA9E4BB5
              Malicious:false
              Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"d3803ee65ccef08ee468a1f7815c8755","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1742416867000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"5a8ae6bc897f736a6ef0138fc3418cb9","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":2012,"ts":1742416867000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"28f436e4d9bdbe5332ab29b3e1034457","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":2113,"ts":1742416867000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"7ee18bc1501980c5f158dfaa1c046ec8","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":2064,"ts":1742416867000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"22b89452c607bd6a019090b05bb8847c","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1742416867000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"235a4d8cb05832895d753bf9ce69502c","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file",

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
              Category:dropped
              Size (bytes):12288
              Entropy (8bit):1.1880672036486548
              Encrypted:false
              SSDEEP:48:TGufl2GL7msEHUUUUUUUUmQXSvR9H9vxFGiDIAEkGVvprQX:lNVmswUUUUUUUUX+FGSItK
              MD5:EAC42C93464ED5ADBBA2F84870C569C0
              SHA1:45BD81FD052A6F0BA708BB4004FC7769A6CED0BC
              SHA-256:409D27E06497A7ADC82AA845619969A4CD82460539B61434B4045780636D05C7
              SHA-512:68727DAE66C74260449C2AB58BD8B80AEBEB56AADF3958143DDFD16E7D2DF371B8E8E3BEB1C379B6D360BBDF3176928D7AD0BE98794B51CC2262D398B523A294
              Malicious:false
              Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:SQLite Rollback Journal
              Category:dropped
              Size (bytes):8720
              Entropy (8bit):1.6079210452950716
              Encrypted:false
              SSDEEP:48:7MzKUUUUUUUUUUmQLvR9H9vxFGiDIAEkGVvnqFl2GL7ms/:7ZUUUUUUUUUU7FGSIthKVms/
              MD5:857F335B77DB055ABE5F67790522F813
              SHA1:451C880A14319D8C91094964FE8A46AB7319BCF3
              SHA-256:8F8FBDB68896BB269F4F8293ED0E0EB6985992019919C74D36D30C04DE42B5EF
              SHA-512:56DD76C29B454A9B1533C33BA3809D473D1D99ABB3D99BE323764B57DC9E5710CC992745B7C31666A94A92A222DC7669D5DF6F8A935583654308B9075F63A1C8
              Malicious:false
              Preview:.... .c.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Temp\MSIbc8de.LOG

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
              Category:dropped
              Size (bytes):246
              Entropy (8bit):3.5457200906107795
              Encrypted:false
              SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8muVlErNIF:Qw946cPbiOxDlbYnuRKDrNQ
              MD5:940069146AC7655C8E1DC5E8731A6078
              SHA1:D4087AB7D783A4F7ACBB0B0C17BC0EC75A34F95F
              SHA-256:157CA43F8F2487E67B6F1DDE0CCD6376A6496B206D8725E8EE416E14688CC5ED
              SHA-512:EFE69A6894822F1213F712298210E3635BABEDB6D316194862F29DA543904E547D88FD672E406987A9943E0569C1F5A5CAD6A0AD62D25A8988A0FAC24E6CBF3F
              Malicious:false
              Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.9./.0.3./.2.0.2.5. . .1.6.:.4.1.:.0.8. .=.=.=.....

              C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9suo4ip_1c60yce_5y0.tmp

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:PDF document, version 1.6, 0 pages
              Category:dropped
              Size (bytes):358
              Entropy (8bit):5.084729033202952
              Encrypted:false
              SSDEEP:6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROONCVE2pkdEuVE2pkdEuvLCSyAAO:IngVMre9T0HQIDmy9g06JXakFkdLlX
              MD5:0CA894C253C28BC7244E7BBA58C901C9
              SHA1:32E79F92DF3FAAAAC0753B30DEC49FC19DA33C2D
              SHA-256:C21246C1B2BDFB3CF339347A399A9FF8CDF9660339049DB6AE1DFEBE187EECD8
              SHA-512:E0D708CEDF33DC510BF654FC63736D2CA872101E6666ED01AD7FA74612A22ED21C2294D7B42C77AF04BDE0190E94AD7D76886CECD22D95F9733B90C094FBE08C
              Malicious:false
              Preview:%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<35E84CDA508C7E49846C49BA839984B3><35E84CDA508C7E49846C49BA839984B3>]>>..startxref..127..%%EOF..

              C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-03-19 16-41-02-810.log

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:ASCII text, with very long lines (393)
              Category:dropped
              Size (bytes):16525
              Entropy (8bit):5.345946398610936
              Encrypted:false
              SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
              MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
              SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
              SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
              SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
              Malicious:false
              Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

              C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:ASCII text, with very long lines (393), with CRLF line terminators
              Category:dropped
              Size (bytes):15114
              Entropy (8bit):5.351536248940721
              Encrypted:false
              SSDEEP:384:S0I5IIa0w2BRgzKg2oeNRbEVKpKkPJBix1WmsSq8QGWw8yYgddSJb8789AyMtPUX:u+dY
              MD5:E6214A8E01B094FF0C4C5B3004D75A42
              SHA1:33F5882E17D656B1305F9953D35F6998D7A6902C
              SHA-256:64315E7C06E04020C96085545AA323E7B30E81D06FAA44B14801E7334A9B1E58
              SHA-512:2CEFD7D400AEAB69528C2263F932FFCF1E8E5C05D6B7846A3FF0E79D4461D39E461F22DF9775F1BC4F42CE9D0D818FF05B6F4B177DAF2A96F3125A6EDEF67F71
              Malicious:false
              Preview:SessionID=e02a893a-fb6e-4fe2-9960-4adac1ac283b.1742416862858 Timestamp=2025-03-19T16:41:02:858-0400 ThreadID=7796 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=e02a893a-fb6e-4fe2-9960-4adac1ac283b.1742416862858 Timestamp=2025-03-19T16:41:02:861-0400 ThreadID=7796 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=e02a893a-fb6e-4fe2-9960-4adac1ac283b.1742416862858 Timestamp=2025-03-19T16:41:02:861-0400 ThreadID=7796 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=e02a893a-fb6e-4fe2-9960-4adac1ac283b.1742416862858 Timestamp=2025-03-19T16:41:02:861-0400 ThreadID=7796 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=e02a893a-fb6e-4fe2-9960-4adac1ac283b.1742416862858 Timestamp=2025-03-19T16:41:02:861-0400 ThreadID=7796 Component=ngl-lib_NglAppLib Description="SetConf

              C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):29752
              Entropy (8bit):5.388466054961682
              Encrypted:false
              SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rK:W
              MD5:4D00D791902466671A24CE125597EB2D
              SHA1:56C5882B1BDD70C2C4EF5889AD0C9A5C45D6113B
              SHA-256:4F73C14CFBECFFF675940CE405211CD1AA7CEBCC9425DA086DCED218CBF41D57
              SHA-512:B13BA8BFA4F134470B06197D7743640CAB8165CE4798B4D91338F30BF1578A10E995436661F5157D865C53F6470D3AC49AD41C1759EFE45E85ECB553B095F3DC
              Malicious:false
              Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

              C:\Users\user\AppData\Local\Temp\acrocef_low\00a88fa6-0e79-4f52-82ff-549cc7eb2a8c.tmp

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
              Category:dropped
              Size (bytes):758601
              Entropy (8bit):7.98639316555857
              Encrypted:false
              SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
              MD5:3A49135134665364308390AC398006F1
              SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
              SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
              SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
              Malicious:false
              Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

              C:\Users\user\AppData\Local\Temp\acrocef_low\1b5d32ee-8f5e-41f0-b479-2eb2d0abd05e.tmp

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
              Category:dropped
              Size (bytes):1419751
              Entropy (8bit):7.976496077007677
              Encrypted:false
              SSDEEP:24576:/xTwYIGNPgeWL07oYGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JTwZG/WLxYGZN3mlind9i4ufFXpAXkru
              MD5:62F2E9F22B4021BA764763F066157442
              SHA1:0BBCDDCCA2B7342980503F1522E9249B077DED4C
              SHA-256:747B773557070E01063EDCDF20C3DA8DD01599EF5EE5E5320BA7328DFDB2E721
              SHA-512:0D58BA35B2BBE548612357D9252FD87DDDC939B346DC666778CCE2C44E60F4A58434A42FDA5BDC7DF9552999D29ACD35E2F77FC5BD3D423B336F224D157F00A6
              Malicious:false
              Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

              C:\Users\user\AppData\Local\Temp\acrocef_low\4b1a4bef-64f2-495d-aaa7-0ff6ed5feff6.tmp

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
              Category:dropped
              Size (bytes):386528
              Entropy (8bit):7.9736851559892425
              Encrypted:false
              SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
              MD5:5C48B0AD2FEF800949466AE872E1F1E2
              SHA1:337D617AE142815EDDACB48484628C1F16692A2F
              SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
              SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
              Malicious:false
              Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

              C:\Users\user\AppData\Local\Temp\acrocef_low\7eb633e2-95a9-42bd-8781-12448b781431.tmp

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 634912
              Category:dropped
              Size (bytes):1407294
              Entropy (8bit):7.97605879016224
              Encrypted:false
              SSDEEP:24576:/xbdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07EGZftwYIGNPzWL07oW:Jb3mlind9i4ufFXpAXkrfUs0wGZVwZGf
              MD5:0E1B199E77ACA01686FEB4EAEF72E148
              SHA1:7C22D506ABC4B734E9491A833F78CBB2549356D7
              SHA-256:46896E7C24B491E55815328A77A1F3FF6E9CBD6DAEFCD172F026B53320F934DE
              SHA-512:EFEEDED8F81C340876293C5A63B3F1BEED952659B2DACCCC3ADD9868F6D6782484B29BE6720FD7F8E32B0A5CFF5C08CC31C2252A9AE20F0692A935AF0C263664
              Malicious:false
              Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

              Chrome Cache Entry: 184

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text, with very long lines (6413)
              Category:downloaded
              Size (bytes):6418
              Entropy (8bit):5.7894975388106005
              Encrypted:false
              SSDEEP:192:Yo6rMvuOa8AU9mUSW+/H6666rpoR+BcorwQ1v1Gr:Y/MrA/USW0H6666rp7ccwWMr
              MD5:FF569B29BFC6BC121D223F8BEDB644E1
              SHA1:68EF38B2563B23E9C063245032B280583AF33691
              SHA-256:92CA01C41A8001CEBCD18E107E8D0C55E4CAC8A48F85EC172E930B3AA6641198
              SHA-512:441A5BFBD0A95670DDA4CF3E466A9211CB3433A3214103C66355B4D87EFBF5253F0D0A47659F3AAF37330E4317C9B7B89AC4E5F6CEAF69C761C50A4CD1F731DD
              Malicious:false
              URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
              Preview:)]}'.["",["san francisco 49ers","nike sb air jordan 4 navy","apple iphone 17 pro max","southwest airlines","spacex nasa astronauts","southwest airlines checked bags","mlb dodgers cubs","assassin creed shadows"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChoIkk4SFQoRVHJlbmRpbmcgc2VhcmNoZXMoCg\u003d\u003d","google:suggestdetail":[{"google:entityinfo":"CggvbS8wNnJueRINRm9vdGJhbGwgdGVhbTLKDWRhdGE6aW1hZ2UvcG5nO2Jhc2U2NCxpVkJPUncwS0dnb0FBQUFOU1VoRVVnQUFBRUFBQUFBbUNBTUFBQUJER20yckFBQUE5bEJNVkVYLy8vK3FBQUFBQUFDdEFBQ3lBQUQ3Ky90MUFBQ21BQUJoQUFCOUFBRG41K2ZaMmRtM28yTzBuMkYzZlgyN3BHU3NyS3lTQUFDSEFBQ2RBQUMxbTE2dVdUWmhZV0h4OGZIZjM5K2pvNk5tWERpelhqa2VIaDZTa3BKckFBQldWbFo4YWtCWUFBQ2xqVllQQUFDc09DSkZSVVcydHJhc1JDa1pBQUNEZzRPdFRTOU5UVTF4Y1hHdlpEMWphbXFibTV2SXlNZ05FQlF0S2hWSFFTWlhUeThNREFXNmxGcTNoRkMyZGtlQ2RVY2NHdzRvSXhhdExSdXNIUkk0TVI2b2xsdDZXMXVKZlgxakZSVmZHeHRvUVVFdVFFQlhLU2xtS2lwalZWVXlBQUJGVWxKQUFBQTJPVGtxTFMyVGZVeFFQajRBRmhZNExSRnpwNmlUQUFBRHpFbE

              Static File Info

              General

              File type:PDF document, version 1.7, 1 pages
              Entropy (8bit):7.668858050253984
              TrID:
              • Adobe Portable Document Format (5005/1) 100.00%
              File name:Document 101-116.pdf
              File size:37'593 bytes
              MD5:09fcd457a331137b2891ac2913680ddb
              SHA1:12a0d6a2f1bce37eb214f83c6697d2de54c28bfd
              SHA256:a057ba83208be579940254b56ce402625d88c669fee1e4ca93085565dee1f37a
              SHA512:cfe78788c12514bdc157390432e341c39a9fa59714afa8e4d281bcce523ba7d8f7eeae137e672d1c27fb4cb9c366cedfe144aa1a4d9f36e7a8e4188a47f8fd00
              SSDEEP:768:yl3INRprP0HZW8YdUzSFOCwS4NDyiZbxvA+FzwsZVnG5ttG/Fs1Dn5HkCa0pNW+H:Bh8CwjNDLZtIQzwq0tMFs1L5HkCa0XH
              TLSH:2AF2AF51980D2ACCD7A452D13F9A742EAAAEB22234C448917C3DC3C363D1F6EE91719A
              File Content Preview:%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 19 0 R/MarkInfo<</Marked true>>/Metadata 44 0 R/ViewerPreferences 45 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 1/Kids[ 3 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/R

              File Icon

              Icon Hash:62cc8caeb29e8ae0

              Static PDF Info

              General

              Header:%PDF-1.7
              Total Entropy:7.668858
              Total Bytes:37593
              Stream Entropy:7.787253
              Stream Bytes:32074
              Entropy outside Streams:5.175550
              Bytes outside Streams:5519
              Number of EOF found:2
              Bytes after EOF:
              NameCount
              obj28
              endobj28
              stream8
              endstream8
              xref2
              trailer2
              startxref2
              /Page1
              /Encrypt0
              /ObjStm1
              /URI2
              /JS0
              /JavaScript0
              /AA0
              /OpenAction0
              /AcroForm0
              /JBIG2Decode0
              /RichMedia0
              /Launch0
              /EmbeddedFile0
              IDDHASHMD5Preview
              17b1888a8ab2968eaa4320e76634685e597192795708693919

              Network Behavior

              Download Network PCAP: filteredfull

              Network Port Distribution

              • Total Packets: 56
              • 443 (HTTPS)
              • 80 (HTTP)
              • 53 (DNS)
              TimestampSource PortDest PortSource IPDest IP
              Mar 19, 2025 21:40:59.075407028 CET49671443192.168.2.4204.79.197.203
              Mar 19, 2025 21:40:59.387696028 CET49671443192.168.2.4204.79.197.203
              Mar 19, 2025 21:40:59.997009039 CET49671443192.168.2.4204.79.197.203
              Mar 19, 2025 21:41:01.200146914 CET49671443192.168.2.4204.79.197.203
              Mar 19, 2025 21:41:02.761861086 CET49680443192.168.2.4204.79.197.222
              Mar 19, 2025 21:41:03.277548075 CET4968180192.168.2.42.17.190.73
              Mar 19, 2025 21:41:03.614752054 CET49671443192.168.2.4204.79.197.203
              Mar 19, 2025 21:41:07.849641085 CET49678443192.168.2.420.189.173.27
              Mar 19, 2025 21:41:08.196371078 CET49678443192.168.2.420.189.173.27
              Mar 19, 2025 21:41:08.431050062 CET49671443192.168.2.4204.79.197.203
              Mar 19, 2025 21:41:08.890921116 CET49678443192.168.2.420.189.173.27
              Mar 19, 2025 21:41:10.098443031 CET49678443192.168.2.420.189.173.27
              Mar 19, 2025 21:41:12.504734039 CET49678443192.168.2.420.189.173.27
              Mar 19, 2025 21:41:12.537801027 CET49710443192.168.2.4204.79.197.222
              Mar 19, 2025 21:41:12.537801027 CET49710443192.168.2.4204.79.197.222
              Mar 19, 2025 21:41:12.537898064 CET49710443192.168.2.4204.79.197.222
              Mar 19, 2025 21:41:12.629251003 CET44349710204.79.197.222192.168.2.4
              Mar 19, 2025 21:41:12.629270077 CET44349710204.79.197.222192.168.2.4
              Mar 19, 2025 21:41:12.629281044 CET44349710204.79.197.222192.168.2.4
              Mar 19, 2025 21:41:12.630141020 CET44349710204.79.197.222192.168.2.4
              Mar 19, 2025 21:41:12.630151987 CET44349710204.79.197.222192.168.2.4
              Mar 19, 2025 21:41:12.630326033 CET49710443192.168.2.4204.79.197.222
              Mar 19, 2025 21:41:12.631623030 CET44349710204.79.197.222192.168.2.4
              Mar 19, 2025 21:41:12.631679058 CET49710443192.168.2.4204.79.197.222
              Mar 19, 2025 21:41:12.631710052 CET44349710204.79.197.222192.168.2.4
              Mar 19, 2025 21:41:12.631776094 CET49710443192.168.2.4204.79.197.222
              Mar 19, 2025 21:41:12.632529974 CET49710443192.168.2.4204.79.197.222
              Mar 19, 2025 21:41:12.723635912 CET44349710204.79.197.222192.168.2.4
              Mar 19, 2025 21:41:13.055002928 CET4973180192.168.2.423.39.37.95
              Mar 19, 2025 21:41:13.148750067 CET804973123.39.37.95192.168.2.4
              Mar 19, 2025 21:41:13.148900986 CET4973180192.168.2.423.39.37.95
              Mar 19, 2025 21:41:13.148992062 CET4973180192.168.2.423.39.37.95
              Mar 19, 2025 21:41:13.245624065 CET804973123.39.37.95192.168.2.4
              Mar 19, 2025 21:41:13.246731997 CET804973123.39.37.95192.168.2.4
              Mar 19, 2025 21:41:13.246773005 CET804973123.39.37.95192.168.2.4
              Mar 19, 2025 21:41:13.246817112 CET4973180192.168.2.423.39.37.95
              Mar 19, 2025 21:41:17.307833910 CET49678443192.168.2.420.189.173.27
              Mar 19, 2025 21:41:18.038047075 CET49671443192.168.2.4204.79.197.203
              Mar 19, 2025 21:41:24.587553978 CET4973180192.168.2.423.39.37.95
              Mar 19, 2025 21:41:26.918581009 CET49678443192.168.2.420.189.173.27
              Mar 19, 2025 21:41:30.744764090 CET49746443192.168.2.4142.251.40.164
              Mar 19, 2025 21:41:30.744844913 CET44349746142.251.40.164192.168.2.4
              Mar 19, 2025 21:41:30.744930983 CET49746443192.168.2.4142.251.40.164
              Mar 19, 2025 21:41:30.745131969 CET49746443192.168.2.4142.251.40.164
              Mar 19, 2025 21:41:30.745156050 CET44349746142.251.40.164192.168.2.4
              Mar 19, 2025 21:41:30.951015949 CET44349746142.251.40.164192.168.2.4
              Mar 19, 2025 21:41:30.951100111 CET49746443192.168.2.4142.251.40.164
              Mar 19, 2025 21:41:30.952503920 CET49746443192.168.2.4142.251.40.164
              Mar 19, 2025 21:41:30.952522039 CET44349746142.251.40.164192.168.2.4
              Mar 19, 2025 21:41:30.952847958 CET44349746142.251.40.164192.168.2.4
              Mar 19, 2025 21:41:30.993006945 CET49746443192.168.2.4142.251.40.164
              Mar 19, 2025 21:41:34.637595892 CET49746443192.168.2.4142.251.40.164
              Mar 19, 2025 21:41:34.680356026 CET44349746142.251.40.164192.168.2.4
              Mar 19, 2025 21:41:34.763194084 CET44349746142.251.40.164192.168.2.4
              Mar 19, 2025 21:41:34.763238907 CET44349746142.251.40.164192.168.2.4
              Mar 19, 2025 21:41:34.763292074 CET44349746142.251.40.164192.168.2.4
              Mar 19, 2025 21:41:34.763295889 CET49746443192.168.2.4142.251.40.164
              Mar 19, 2025 21:41:34.763334036 CET44349746142.251.40.164192.168.2.4
              Mar 19, 2025 21:41:34.763387918 CET49746443192.168.2.4142.251.40.164
              Mar 19, 2025 21:41:34.769510031 CET44349746142.251.40.164192.168.2.4
              Mar 19, 2025 21:41:34.772964001 CET44349746142.251.40.164192.168.2.4
              Mar 19, 2025 21:41:34.773052931 CET49746443192.168.2.4142.251.40.164
              Mar 19, 2025 21:41:34.773060083 CET44349746142.251.40.164192.168.2.4
              Mar 19, 2025 21:41:34.776928902 CET44349746142.251.40.164192.168.2.4
              Mar 19, 2025 21:41:34.777004957 CET49746443192.168.2.4142.251.40.164
              Mar 19, 2025 21:41:34.777126074 CET49746443192.168.2.4142.251.40.164
              Mar 19, 2025 21:41:34.777137995 CET44349746142.251.40.164192.168.2.4
              Mar 19, 2025 21:41:45.527916908 CET4971580192.168.2.4142.251.40.195
              Mar 19, 2025 21:41:45.618599892 CET8049715142.251.40.195192.168.2.4
              Mar 19, 2025 21:41:45.618664026 CET4971580192.168.2.4142.251.40.195
              Mar 19, 2025 21:41:45.687686920 CET49716443192.168.2.423.44.201.8
              Mar 19, 2025 21:42:30.717183113 CET49757443192.168.2.4142.251.40.164
              Mar 19, 2025 21:42:30.717274904 CET44349757142.251.40.164192.168.2.4
              Mar 19, 2025 21:42:30.717371941 CET49757443192.168.2.4142.251.40.164
              Mar 19, 2025 21:42:30.717680931 CET49757443192.168.2.4142.251.40.164
              Mar 19, 2025 21:42:30.717719078 CET44349757142.251.40.164192.168.2.4
              Mar 19, 2025 21:42:30.953443050 CET44349757142.251.40.164192.168.2.4
              Mar 19, 2025 21:42:30.953953028 CET49757443192.168.2.4142.251.40.164
              Mar 19, 2025 21:42:30.954020023 CET44349757142.251.40.164192.168.2.4
              Mar 19, 2025 21:42:34.028043032 CET49711443192.168.2.440.126.24.148
              Mar 19, 2025 21:42:34.137054920 CET4434971140.126.24.148192.168.2.4
              Mar 19, 2025 21:42:34.137264013 CET49711443192.168.2.440.126.24.148
              Mar 19, 2025 21:42:40.932137012 CET44349757142.251.40.164192.168.2.4
              Mar 19, 2025 21:42:40.932251930 CET44349757142.251.40.164192.168.2.4
              Mar 19, 2025 21:42:40.932434082 CET49757443192.168.2.4142.251.40.164
              Mar 19, 2025 21:42:42.391014099 CET49757443192.168.2.4142.251.40.164
              Mar 19, 2025 21:42:42.391088009 CET44349757142.251.40.164192.168.2.4
              Mar 19, 2025 21:42:43.574912071 CET49708443192.168.2.452.113.196.254
              Mar 19, 2025 21:42:43.919378042 CET49709443192.168.2.4131.253.33.254
              Mar 19, 2025 21:43:21.183115005 CET44349710204.79.197.222192.168.2.4
              TimestampSource PortDest PortSource IPDest IP
              Mar 19, 2025 21:41:12.954715967 CET5269353192.168.2.41.1.1.1
              Mar 19, 2025 21:41:13.050573111 CET53526931.1.1.1192.168.2.4
              Mar 19, 2025 21:41:26.423909903 CET53497371.1.1.1192.168.2.4
              Mar 19, 2025 21:41:26.423959017 CET53622511.1.1.1192.168.2.4
              Mar 19, 2025 21:41:26.463268995 CET53633101.1.1.1192.168.2.4
              Mar 19, 2025 21:41:27.157135010 CET53647671.1.1.1192.168.2.4
              Mar 19, 2025 21:41:30.650383949 CET5721753192.168.2.41.1.1.1
              Mar 19, 2025 21:41:30.650592089 CET5714053192.168.2.41.1.1.1
              Mar 19, 2025 21:41:30.743504047 CET53571401.1.1.1192.168.2.4
              Mar 19, 2025 21:41:30.743844032 CET53572171.1.1.1192.168.2.4
              Mar 19, 2025 21:41:35.739667892 CET53635761.1.1.1192.168.2.4
              Mar 19, 2025 21:41:44.096683025 CET53609131.1.1.1192.168.2.4
              Mar 19, 2025 21:42:02.896543980 CET53566001.1.1.1192.168.2.4
              Mar 19, 2025 21:42:07.284194946 CET138138192.168.2.4192.168.2.255
              Mar 19, 2025 21:42:25.526196957 CET53566701.1.1.1192.168.2.4
              Mar 19, 2025 21:42:25.911737919 CET53637601.1.1.1192.168.2.4
              Mar 19, 2025 21:42:29.438354015 CET53626971.1.1.1192.168.2.4
              Mar 19, 2025 21:42:56.513233900 CET53637401.1.1.1192.168.2.4
              Mar 19, 2025 21:43:41.701715946 CET53634561.1.1.1192.168.2.4

              DNS Queries

              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Mar 19, 2025 21:41:12.954715967 CET192.168.2.41.1.1.10x169fStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
              Mar 19, 2025 21:41:30.650383949 CET192.168.2.41.1.1.10x6b35Standard query (0)www.google.comA (IP address)IN (0x0001)false
              Mar 19, 2025 21:41:30.650592089 CET192.168.2.41.1.1.10x9488Standard query (0)www.google.com65IN (0x0001)false

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Mar 19, 2025 21:41:13.050573111 CET1.1.1.1192.168.2.40x169fNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
              Mar 19, 2025 21:41:13.050573111 CET1.1.1.1192.168.2.40x169fNo error (0)crl.root-x1.letsencrypt.org.edgekey.nete8652.dscx.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
              Mar 19, 2025 21:41:13.050573111 CET1.1.1.1192.168.2.40x169fNo error (0)e8652.dscx.akamaiedge.net23.39.37.95A (IP address)IN (0x0001)false
              Mar 19, 2025 21:41:13.391324043 CET1.1.1.1192.168.2.40xfce8No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
              Mar 19, 2025 21:41:13.391324043 CET1.1.1.1192.168.2.40xfce8No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
              Mar 19, 2025 21:41:30.743504047 CET1.1.1.1192.168.2.40x9488No error (0)www.google.com65IN (0x0001)false
              Mar 19, 2025 21:41:30.743844032 CET1.1.1.1192.168.2.40x6b35No error (0)www.google.com142.251.40.164A (IP address)IN (0x0001)false
              Mar 19, 2025 21:42:15.039072037 CET1.1.1.1192.168.2.40x88f4No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
              Mar 19, 2025 21:42:15.039072037 CET1.1.1.1192.168.2.40x88f4No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
              Mar 19, 2025 21:42:38.637002945 CET1.1.1.1192.168.2.40xbc52No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
              Mar 19, 2025 21:42:38.637002945 CET1.1.1.1192.168.2.40xbc52No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
              Mar 19, 2025 21:43:11.576749086 CET1.1.1.1192.168.2.40x6f35No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
              Mar 19, 2025 21:43:11.576749086 CET1.1.1.1192.168.2.40x6f35No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
              Mar 19, 2025 21:43:56.761338949 CET1.1.1.1192.168.2.40x2823No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
              Mar 19, 2025 21:43:56.761338949 CET1.1.1.1192.168.2.40x2823No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false

              HTTP Request Dependency Graph

              • www.google.com
              • x1.i.lencr.org

              HTTP Packets

              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              0192.168.2.44973123.39.37.95807804C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              TimestampBytes transferredDirectionData
              Mar 19, 2025 21:41:13.148992062 CET115OUTGET / HTTP/1.1
              Connection: Keep-Alive
              Accept: */*
              User-Agent: Microsoft-CryptoAPI/10.0
              Host: x1.i.lencr.org
              Mar 19, 2025 21:41:13.246731997 CET1257INHTTP/1.1 200 OK
              Server: nginx
              Content-Type: application/pkix-cert
              Last-Modified: Fri, 04 Aug 2023 20:57:56 GMT
              ETag: "64cd6654-56f"
              Content-Disposition: attachment; filename="ISRG Root X1.der"
              Cache-Control: max-age=55297
              Expires: Thu, 20 Mar 2025 12:02:50 GMT
              Date: Wed, 19 Mar 2025 20:41:13 GMT
              Content-Length: 1391
              Connection: keep-alive
              Data Raw: 30 82 05 6b 30 82 03 53 a0 03 02 01 02 02 11 00 82 10 cf b0 d2 40 e3 59 44 63 e0 bb 63 82 8b 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 1e 17 0d 31 35 30 36 30 34 31 31 30 34 33 38 5a 17 0d 33 35 30 36 30 34 31 31 30 34 33 38 5a 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 ad e8 24 73 f4 14 37 f3 9b 9e 2b 57 28 1c 87 be dc b7 df 38 90 8c 6e 3c e6 57 a0 78 f7 75 c2 a2 fe f5 6a 6e f6 00 4f 28 db de 68 86 6c 44 93 b6 b1 63 fd 14 12 6b bf 1f d2 ea 31 9b 21 7e d1 33 [TRUNCATED]
              Data Ascii: 0k0S@YDcc0*H0O10UUS1)0'U Internet Security Research Group10UISRG Root X10150604110438Z350604110438Z0O10UUS1)0'U Internet Security Research Group10UISRG Root X10"0*H0$s7+W(8n<WxujnO(hlDck1!~3<Hy!KqiJffl~<p)"K~G|H#S8Oo.IWt/8{p!u0<cOK~w.{JL%p)S$J?aQcq.o[\4ylv;by/&676urI*Av5/(ldwnG7Y^hrA)>Y>&$ZL@F:Qn;}rxY>Qx/>{JKsP|Ctt0[q600\H;}`)A|;FH*vvj=8d+(B"']ypN:'Qnd3COB0@0U0U00UyY{sXn0*HUXPi ')au\n
              Mar 19, 2025 21:41:13.246773005 CET488INData Raw: f8 82 e5 69 2f d5 f6 56 4b b9 b8 73 10 59 d3 21 97 7e e7 4c 71 fb b2 d2 60 ad 39 a8 0b ea 17 21 56 85 f1 50 0e 59 eb ce e0 59 e9 ba c9 15 ef 86 9d 8f 84 80 f6 e4 e9 91 90 dc 17 9b 62 1b 45 f0 66 95 d2 7c 6f c2 ea 3b ef 1f cf cb d6 ae 27 f1 a9 b0
              Data Ascii: i/VKsY!~Lq`9!VPYYbEf|o;'}~"+"4[XT&3L-<W,N;1"ss993#L<U)"k;W:pMMl]+NEJ&rj,_(.{q{^


              HTTPS Proxied Packets

              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              0192.168.2.449746142.251.40.1644433032C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2025-03-19 20:41:34 UTC579OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1
              Host: www.google.com
              Connection: keep-alive
              X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJShywEInP7MAQiFoM0BCL7VzgEIgdbOAQjI3M4BCIrgzgEIruTOAQiL5c4B
              Sec-Fetch-Site: none
              Sec-Fetch-Mode: no-cors
              Sec-Fetch-Dest: empty
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
              Accept-Encoding: gzip, deflate, br, zstd
              Accept-Language: en-US,en;q=0.9
              2025-03-19 20:41:34 UTC1303INHTTP/1.1 200 OK
              Date: Wed, 19 Mar 2025 20:41:34 GMT
              Pragma: no-cache
              Expires: -1
              Cache-Control: no-cache, must-revalidate
              Content-Type: text/javascript; charset=UTF-8
              Strict-Transport-Security: max-age=31536000
              Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-MGE5f1_iItKPyzbtlbCjyQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
              Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
              Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
              Accept-CH: Sec-CH-Prefers-Color-Scheme
              Accept-CH: Downlink
              Accept-CH: RTT
              Accept-CH: Sec-CH-UA-Form-Factors
              Accept-CH: Sec-CH-UA-Platform
              Accept-CH: Sec-CH-UA-Platform-Version
              Accept-CH: Sec-CH-UA-Full-Version
              Accept-CH: Sec-CH-UA-Arch
              Accept-CH: Sec-CH-UA-Model
              Accept-CH: Sec-CH-UA-Bitness
              Accept-CH: Sec-CH-UA-Full-Version-List
              Accept-CH: Sec-CH-UA-WoW64
              Permissions-Policy: unload=()
              Content-Disposition: attachment; filename="f.txt"
              Server: gws
              X-XSS-Protection: 0
              X-Frame-Options: SAMEORIGIN
              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
              Accept-Ranges: none
              Vary: Accept-Encoding
              Connection: close
              Transfer-Encoding: chunked
              2025-03-19 20:41:34 UTC1303INData Raw: 65 63 64 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 73 61 6e 20 66 72 61 6e 63 69 73 63 6f 20 34 39 65 72 73 22 2c 22 6e 69 6b 65 20 73 62 20 61 69 72 20 6a 6f 72 64 61 6e 20 34 20 6e 61 76 79 22 2c 22 61 70 70 6c 65 20 69 70 68 6f 6e 65 20 31 37 20 70 72 6f 20 6d 61 78 22 2c 22 73 6f 75 74 68 77 65 73 74 20 61 69 72 6c 69 6e 65 73 22 2c 22 73 70 61 63 65 78 20 6e 61 73 61 20 61 73 74 72 6f 6e 61 75 74 73 22 2c 22 73 6f 75 74 68 77 65 73 74 20 61 69 72 6c 69 6e 65 73 20 63 68 65 63 6b 65 64 20 62 61 67 73 22 2c 22 6d 6c 62 20 64 6f 64 67 65 72 73 20 63 75 62 73 22 2c 22 61 73 73 61 73 73 69 6e 20 63 72 65 65 64 20 73 68 61 64 6f 77 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63
              Data Ascii: ecd)]}'["",["san francisco 49ers","nike sb air jordan 4 navy","apple iphone 17 pro max","southwest airlines","spacex nasa astronauts","southwest airlines checked bags","mlb dodgers cubs","assassin creed shadows"],["","","","","","","",""],[],{"google:c
              2025-03-19 20:41:34 UTC1303INData Raw: 59 6b 31 6c 64 55 31 61 63 46 52 4c 61 6a 4a 32 59 6e 52 30 5a 56 42 55 65 47 4e 59 59 54 68 42 57 44 56 7a 61 48 64 59 61 30 39 4b 4f 43 39 44 53 55 78 75 57 47 63 76 59 30 39 4c 53 58 41 77 57 44 6c 68 4c 33 46 51 64 57 74 54 51 79 39 31 59 6b 70 71 51 30 70 6d 63 56 4a 4e 54 57 46 48 53 48 56 6a 55 48 52 31 4d 31 52 50 4d 57 64 6f 5a 6e 46 32 61 58 56 6b 59 6c 68 6b 57 48 52 74 61 47 78 4c 65 6b 6c 43 53 47 70 6c 63 44 59 76 62 31 4a 4c 52 33 4e 4a 5a 6b 74 6b 56 32 6f 7a 61 47 59 79 5a 6e 5a 50 63 56 4e 72 59 54 4e 78 63 46 49 33 57 6d 68 56 57 55 52 32 62 54 5a 30 59 6c 64 48 4f 47 51 34 57 57 4e 4b 57 44 41 30 63 33 4a 61 4e 6e 4d 32 4e 33 46 74 62 6c 4a 70 4f 56 46 6b 56 33 45 31 51 56 51 30 63 46 64 75 5a 54 56 53 56 33 4e 6f 52 44 6c 50 63 6b 31
              Data Ascii: Yk1ldU1acFRLajJ2YnR0ZVBUeGNYYThBWDVzaHdYa09KOC9DSUxuWGcvY09LSXAwWDlhL3FQdWtTQy91YkpqQ0pmcVJNTWFHSHVjUHR1M1RPMWdoZnF2aXVkYlhkWHRtaGxLeklCSGplcDYvb1JLR3NJZktkV2ozaGYyZnZPcVNrYTNxcFI3WmhVWUR2bTZ0YldHOGQ4WWNKWDA0c3JaNnM2N3FtblJpOVFkV3E1QVQ0cFduZTVSV3NoRDlPck1
              2025-03-19 20:41:34 UTC1190INData Raw: 46 53 6d 35 49 57 69 74 4e 61 46 6c 47 65 6a 4d 30 4e 47 68 54 4e 6d 35 53 4c 33 63 35 4d 32 4e 72 64 44 5a 6f 54 54 46 53 59 55 39 50 55 69 74 30 65 47 5a 50 55 33 46 46 54 58 6c 7a 63 46 70 30 53 55 5a 4e 52 33 56 77 53 46 41 78 54 58 4d 78 4b 33 52 6a 4e 58 70 4f 64 7a 4e 79 53 47 52 45 4d 33 6c 6c 53 45 56 44 63 58 64 4e 4d 56 56 6f 5a 57 34 34 62 6e 52 6b 4c 30 46 4e 57 6b 52 5a 62 56 52 77 5a 6d 63 72 5a 45 46 42 51 55 46 42 52 57 78 47 56 47 74 54 64 56 46 74 51 30 4d 36 45 31 4e 68 62 69 42 47 63 6d 46 75 59 32 6c 7a 59 32 38 67 4e 44 6c 6c 63 6e 4e 4b 42 79 4e 68 4d 7a 41 77 4d 44 42 53 50 6d 64 7a 58 33 4e 7a 63 44 31 6c 53 6e 70 71 4e 48 52 45 55 44 46 55 59 33 64 4c 4f 48 46 79 54 6b 64 45 4d 45 56 70 4e 55 39 36 52 6b 35 4a 53 7a 42 79 54 56
              Data Ascii: FSm5IWitNaFlGejM0NGhTNm5SL3c5M2NrdDZoTTFSYU9PUit0eGZPU3FFTXlzcFp0SUZNR3VwSFAxTXMxK3RjNXpOdzNySGREM3llSEVDcXdNMVVoZW44bnRkL0FNWkRZbVRwZmcrZEFBQUFBRWxGVGtTdVFtQ0M6E1NhbiBGcmFuY2lzY28gNDllcnNKByNhMzAwMDBSPmdzX3NzcD1lSnpqNHREUDFUY3dLOHFyTkdEMEVpNU96Rk5JSzByTV
              2025-03-19 20:41:34 UTC92INData Raw: 35 36 0d 0a 4f 46 42 77 64 47 6c 49 57 46 42 73 4f 45 46 51 64 55 74 79 61 46 55 7a 4d 6a 64 68 53 54 4a 5a 62 6b 4e 6d 57 6e 46 6a 5a 43 38 34 4f 48 4d 33 5a 55 4d 31 62 47 74 78 4d 48 64 44 5a 30 5a 42 53 30 46 56 51 57 39 44 63 79 73 77 57 6a 6c 30 63 6d 68 4c 57 54 0d 0a
              Data Ascii: 56OFBwdGlIWFBsOEFQdUtyaFUzMjdhSTJZbkNmWnFjZC84OHM3ZUM1bGtxMHdDZ0ZBS0FVQW9DcyswWjl0cmhLWT
              2025-03-19 20:41:34 UTC1223INData Raw: 39 65 66 0d 0a 42 30 5a 31 42 31 55 33 52 4e 5a 47 68 7a 4f 44 46 50 53 30 39 43 61 6e 68 49 55 44 42 78 62 58 55 76 64 54 4a 6c 62 48 4e 74 52 47 56 4d 61 6b 70 50 65 57 70 74 4d 33 6c 58 64 6e 4e 53 4d 33 4e 78 56 6a 64 32 59 55 70 73 63 47 5a 68 52 46 55 79 4d 33 6c 73 62 32 5a 55 4d 7a 56 50 55 57 5a 31 55 46 4e 76 4e 47 4a 4c 54 47 6b 35 56 57 46 4f 64 48 4a 6d 63 6c 4a 79 65 47 51 30 65 6c 4e 68 54 48 5a 58 5a 7a 68 56 56 55 46 76 51 6c 46 44 5a 30 5a 42 56 6b 64 54 64 47 51 35 4e 44 5a 61 61 55 6f 7a 5a 31 64 57 51 57 56 6c 54 30 35 73 65 55 5a 6d 61 30 67 72 62 7a 4d 34 64 32 46 76 5a 6d 5a 78 4d 6a 52 4d 4d 56 42 57 5a 32 78 6f 63 30 4d 31 4c 30 5a 56 65 56 67 33 56 6e 49 34 4f 55 39 6f 63 48 56 34 54 6d 63 30 4b 32 68 59 54 45 64 74 52 6d 51 77
              Data Ascii: 9efB0Z1B1U3RNZGhzODFPS09CanhIUDBxbXUvdTJlbHNtRGVMakpPeWptM3lXdnNSM3NxVjd2YUpscGZhRFUyM3lsb2ZUMzVPUWZ1UFNvNGJLTGk5VWFOdHJmclJyeGQ0elNhTHZXZzhVVUFvQlFDZ0ZBVkdTdGQ5NDZaaUozZ1dWQWVlT05seUZma0grbzM4d2FvZmZxMjRMMVBWZ2xoc0M1L0ZVeVg3VnI4OU9ocHV4Tmc0K2hYTEdtRmQw
              2025-03-19 20:41:34 UTC1223INData Raw: 64 33 70 31 52 6a 56 55 63 6e 6c 44 56 48 59 78 59 32 35 32 4e 54 46 5a 61 32 74 79 53 58 67 78 53 32 73 32 63 32 35 50 59 6e 55 79 56 45 35 6b 53 55 4e 6e 52 6b 46 5a 61 33 49 7a 64 30 55 76 56 32 64 4a 51 57 4e 4e 54 55 64 55 4d 48 70 36 63 57 78 6b 53 7a 4e 77 62 45 6f 78 53 45 52 34 51 33 6b 30 52 6d 5a 4d 63 46 56 30 64 32 64 45 62 48 49 79 64 31 46 44 51 55 39 47 56 6e 4e 72 53 6d 52 71 55 45 35 52 54 6c 4d 35 56 48 70 35 4d 54 64 6f 56 45 52 74 61 6b 45 77 62 6b 38 72 63 6c 56 52 63 46 46 34 63 54 56 75 5a 6b 70 76 52 45 55 79 63 44 6c 76 51 58 4e 58 4f 55 39 56 53 6b 4e 46 51 6b 6c 56 54 6e 52 44 61 55 46 4f 64 30 46 4f 57 6e 64 43 65 56 52 72 4e 45 46 43 54 31 46 4b 55 32 52 33 4e 6e 68 4b 61 56 4e 4a 65 6c 64 73 61 45 56 73 64 33 56 31 4e 44 4e
              Data Ascii: d3p1RjVUcnlDVHYxY252NTFZa2tySXgxS2s2c25PYnUyVE5kSUNnRkFZa3Izd0UvV2dJQWNNTUdUMHp6cWxkSzNwbEoxSER4Q3k0RmZMcFV0d2dEbHIyd1FDQU9GVnNrSmRqUE5RTlM5VHp5MTdoVERtakEwbk8rclVRcFF4cTVuZkpvREUycDlvQXNXOU9VSkNFQklVTnRDaUFOd0FOWndCeVRrNEFCT1FKU2R3NnhKaVNJeldsaEVsd3V1NDN
              2025-03-19 20:41:34 UTC104INData Raw: 33 2c 33 36 32 2c 33 30 38 5d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 22 45 4e 54 49 54 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 45 4e 54 49 54 59 22 5d 7d 5d 0d 0a
              Data Ascii: 3,362,308]],"google:suggesttype":["ENTITY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","ENTITY"]}]
              2025-03-19 20:41:34 UTC5INData Raw: 30 0d 0a 0d 0a
              Data Ascii: 0


              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              High Level Behavior Distribution

              • File
              • Registry

              Click to dive into process behavior distribution

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:0
              Start time:16:40:58
              Start date:19/03/2025
              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Document 101-116.pdf"
              Imagebase:0x7ff7dc980000
              File size:5'641'176 bytes
              MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true
              Show Windows behavior

              File Activities

              Show Windows behavior

              Section Activities

              Show Windows behavior

              Registry Activities

              Show Windows behavior

              COM Activities

              Show Windows behavior

              Mutex Activities

              Show Windows behavior

              Process Activities

              Show Windows behavior

              Thread Activities

              Show Windows behavior

              Memory Activities

              Show Windows behavior

              System Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Windows UI Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

              General

              Target ID:1
              Start time:16:40:59
              Start date:19/03/2025
              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
              Imagebase:0x7ff7278c0000
              File size:3'581'912 bytes
              MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true
              Show Windows behavior

              File Activities

              Show Windows behavior

              Section Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Mutex Activities

              Show Windows behavior

              Process Activities

              Show Windows behavior

              Thread Activities

              Show Windows behavior

              Memory Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Process Token Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

              General

              Target ID:3
              Start time:16:41:01
              Start date:19/03/2025
              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1596 --field-trial-handle=1592,i,56940659623526008,9426062706914596360,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
              Imagebase:0x7ff7278c0000
              File size:3'581'912 bytes
              MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Section Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Process Activities

              Show Windows behavior

              Thread Activities

              Show Windows behavior

              Memory Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

              General

              Target ID:19
              Start time:16:41:24
              Start date:19/03/2025
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://storage.googleapis.com/dlbrautigan/index.html"
              Imagebase:0x7ff786830000
              File size:3'388'000 bytes
              MD5 hash:E81F54E6C1129887AEA47E7D092680BF
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:false
              Show Windows behavior

              File Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              COM Activities

              Show Windows behavior

              Process Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Memory Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Process Token Activities


              General

              Target ID:20
              Start time:16:41:24
              Start date:19/03/2025
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2024,i,12779079142382512444,18033674228529783655,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2280 /prefetch:3
              Imagebase:0x7ff786830000
              File size:3'388'000 bytes
              MD5 hash:E81F54E6C1129887AEA47E7D092680BF
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:false
              Show Windows behavior

              File Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Memory Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

              Disassembly

              No disassembly