Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
CRANSTONJONATHAN.pdf

Overview

General Information

Sample name:CRANSTONJONATHAN.pdf
Analysis ID:1525186
MD5:acfd79294b7a2b428b071bb757328866
SHA1:08e80fdedbd891ab484c05e65e77f69bf8b36684
SHA256:61353ab9c07351dd768f95a2c39d71d109c75f2e9227b2eef6bd26283cd8ed87
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

IP address seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 6712 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\CRANSTONJONATHAN.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 2736 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 4368 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2204 --field-trial-handle=1588,i,12537562669909444829,16526735775559190256,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 23.41.168.139:443
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.6:49729
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 23.41.168.139:443
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.6:49729
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.6:49729
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 23.41.168.139:443
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.6:49729
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.6:49729
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 23.41.168.139:443
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.6:49729
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 23.41.168.139:443
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.6:49729
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 23.41.168.139:443
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.6:49729
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.6:49729
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 23.41.168.139:443
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.6:49729
Source: Joe Sandbox ViewIP Address: 23.41.168.139 23.41.168.139
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.drString found in binary or memory: http://x1.i.lencr.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: classification engineClassification label: clean2.winPDF@14/46@1/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-03 14-44-01-611.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\CRANSTONJONATHAN.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2204 --field-trial-handle=1588,i,12537562669909444829,16526735775559190256,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2204 --field-trial-handle=1588,i,12537562669909444829,16526735775559190256,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: CRANSTONJONATHAN.pdfInitial sample: PDF keyword /JS count = 0
Source: CRANSTONJONATHAN.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: A919hrw6g_14yuoh7_22o.tmp.0.drInitial sample: PDF keyword /JS count = 0
Source: A919hrw6g_14yuoh7_22o.tmp.0.drInitial sample: PDF keyword /JavaScript count = 0
Source: CRANSTONJONATHAN.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://x1.i.lencr.org/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
84.201.210.34
truefalse
    		unknown
    x1.i.lencr.org
    		unknown
    		unknownfalse
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.2.drfalse
      • URL Reputation: safe
      		unknown

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      23.41.168.139
      		unknownUnited States
      		6461ZAYO-6461USfalse

      General Information

      Joe Sandbox version:41.0.0 Charoite
      Analysis ID:1525186
      Start date and time:2024-10-03 20:42:56 +02:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 4m 12s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:defaultwindowspdfcookbook.jbs
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:11
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Sample name:CRANSTONJONATHAN.pdf
      Detection:CLEAN
      Classification:clean2.winPDF@14/46@1/1
      Cookbook Comments:
      • Found application associated with file extension: .pdf
      • Found PDF document
      • Close Viewer

      Warnings

      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
      • Excluded IPs from analysis (whitelisted): 184.28.88.176, 23.22.254.206, 52.5.13.197, 54.227.187.23, 52.202.204.11, 162.159.61.3, 172.64.41.3, 2.19.126.143, 2.19.126.149, 2.23.197.184, 84.201.210.34, 2.19.126.163, 2.19.126.137
      • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, a767.dspw65.akamai.net, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
      • VT rate limit hit for: CRANSTONJONATHAN.pdf

      Simulations

      Behavior and APIs

      TimeTypeDescription
      14:44:12API Interceptor3x Sleep call for process: AcroCEF.exe modified

      Joe Sandbox View / Context

      IPs

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      23.41.168.139Refrence-Order#63729.pdfGet hashmaliciousAzorultBrowse
        Sales_Contract_Main_417053608_09.2024.pdfGet hashmaliciousUnknownBrowse
          Sales_Contract_Main_417053608_09.2024.pdfGet hashmaliciousUnknownBrowse
            140AEcuVy7.lnkGet hashmaliciousLonePageBrowse
              XnQmVRj5g0.lnkGet hashmaliciousLonePageBrowse
                Advisory23-UCDMS04-11-01.pdf.lnkGet hashmaliciousUnknownBrowse
                  Callus+1(814)-310-9943.pdfGet hashmaliciousPayPal PhisherBrowse
                    Steel Dynamics.pdfGet hashmaliciousUnknownBrowse
                      https://seedsmarket.org/Get hashmaliciousHTMLPhisherBrowse
                        1445321243TK.pdfGet hashmaliciousUnknownBrowse

                          Domains

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comhttps://technopro-bg.com/redirect.php?action=url&goto=mairie-espondeilhan.com&osCsid=m24rb0l158b8m36rktotvg5ti2Get hashmaliciousHTMLPhisherBrowse
                          • 217.20.57.18
                          mnFHs2DuKg.exeGet hashmaliciousUnknownBrowse
                          • 217.20.57.34
                          http://0f46b0f46b.briandrakebooks.com/Get hashmaliciousUnknownBrowse
                          • 217.20.57.18
                          LnK0dS8jcA.exeGet hashmaliciousXmrigBrowse
                          • 217.20.57.42
                          https://app.useberry.com/t/BzWnZbSjHzChdj/Get hashmaliciousHtmlDropperBrowse
                          • 217.20.57.18
                          OPyF68i97j.exeGet hashmaliciousUnknownBrowse
                          • 217.20.57.27
                          https://trello.com/c/2T5XVROVGet hashmaliciousHTMLPhisherBrowse
                          • 217.20.57.39
                          https://email.mg.pmctraining.com/c/eJwUzDGOhSAQANDTSCfBAQQL2n-PgRmUDaAh_E329hvbVzwKpJF3Ehw2B84ro50WV0j68CYB2SNnQrVvLloHPjtLjAq9KAFAJ7thXDVQWlEdcfVg82oOBTo6s9ucFqPaKZ-W5sDSSz9lupuogbhPrBkT10n4ooxjgU8jXuDzfeqNJJ_rESP8fLGXiXJw6ddd6S3_GnaczPIep_gN8B8AAP__bcA-LwGet hashmaliciousHTMLPhisherBrowse
                          • 217.20.57.23
                          Translink_rishi.vasandani_Advice81108.pdfGet hashmaliciousUnknownBrowse
                          • 217.20.57.37
                          http://innerglowjourney.comGet hashmaliciousUnknownBrowse
                          • 217.20.57.27

                          ASNs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          ZAYO-6461USRefrence-Order#63729.pdfGet hashmaliciousAzorultBrowse
                          • 23.41.168.139
                          Sales_Contract_Main_417053608_09.2024.pdfGet hashmaliciousUnknownBrowse
                          • 23.41.168.139
                          Sales_Contract_Main_417053608_09.2024.pdfGet hashmaliciousUnknownBrowse
                          • 23.41.168.139
                          140AEcuVy7.lnkGet hashmaliciousLonePageBrowse
                          • 23.41.168.139
                          XnQmVRj5g0.lnkGet hashmaliciousLonePageBrowse
                          • 23.41.168.139
                          Advisory23-UCDMS04-11-01.pdf.lnkGet hashmaliciousUnknownBrowse
                          • 23.41.168.139
                          Callus+1(814)-310-9943.pdfGet hashmaliciousPayPal PhisherBrowse
                          • 23.41.168.139
                          Steel Dynamics.pdfGet hashmaliciousUnknownBrowse
                          • 23.41.168.139
                          https://seedsmarket.org/Get hashmaliciousHTMLPhisherBrowse
                          • 23.41.168.139
                          1445321243TK.pdfGet hashmaliciousUnknownBrowse
                          • 23.41.168.139

                          JA3 Fingerprints

                          No context

                          Dropped Files

                          No context

                          Created / dropped Files

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):295
                          Entropy (8bit):5.2101554405153205
                          Encrypted:false
                          SSDEEP:6:Pwi5Vq2PN72nKuAl9OmbnIFUt8mwi8SgZmw+mwi8SIkwON72nKuAl9OmbjLJ:VvVaHAahFUt8LX/+LF5OaHAaSJ
                          MD5:431758562A4ECAEB2D831D1A85973AEE
                          SHA1:FB301A58C0520C1C773D661305F61BC08474DC8F
                          SHA-256:73BDB676C21A0D361EF33947BD4253D78F44EA10070505787B8BBBE159BA7FDE
                          SHA-512:C4B3A73632E815268AB668FE9F57989355779BD920AD68ED7C7BB611BFDCF76C3BD1BF02CDDB66AE14F76395A2ED686509C0A2E9BE00159326F01FFD08A895C8
                          Malicious:false
                          Reputation:low
                          Preview:2024/10/03-14:43:59.366 6e4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/03-14:43:59.368 6e4 Recovering log #3.2024/10/03-14:43:59.368 6e4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):295
                          Entropy (8bit):5.2101554405153205
                          Encrypted:false
                          SSDEEP:6:Pwi5Vq2PN72nKuAl9OmbnIFUt8mwi8SgZmw+mwi8SIkwON72nKuAl9OmbjLJ:VvVaHAahFUt8LX/+LF5OaHAaSJ
                          MD5:431758562A4ECAEB2D831D1A85973AEE
                          SHA1:FB301A58C0520C1C773D661305F61BC08474DC8F
                          SHA-256:73BDB676C21A0D361EF33947BD4253D78F44EA10070505787B8BBBE159BA7FDE
                          SHA-512:C4B3A73632E815268AB668FE9F57989355779BD920AD68ED7C7BB611BFDCF76C3BD1BF02CDDB66AE14F76395A2ED686509C0A2E9BE00159326F01FFD08A895C8
                          Malicious:false
                          Reputation:low
                          Preview:2024/10/03-14:43:59.366 6e4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/03-14:43:59.368 6e4 Recovering log #3.2024/10/03-14:43:59.368 6e4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):342
                          Entropy (8bit):5.165332868942412
                          Encrypted:false
                          SSDEEP:6:PwN0q2PN72nKuAl9Ombzo2jMGIFUt8mwHH9Zmw+mwHHPkwON72nKuAl9Ombzo2jz:w0vVaHAa8uFUt8Vd/+Vv5OaHAa8RJ
                          MD5:DE8AD3B89449A762C4C54D7291F579BA
                          SHA1:1AD87E783CDD90DC1098B7F801AE199E5DF427F8
                          SHA-256:B2B1E30C7F96C1A4F27F1FC3D5E298781E64C4AE2DC93D9351DF08B23520E551
                          SHA-512:7AD8A85633B473A0C296B080437406CCB048C1857C83E2FD3C70F3DCDD5A78C82D271EB5D6F0FB511023B36687D1D758FD6976BD8A49160CC79BB27B1AE7AD43
                          Malicious:false
                          Reputation:low
                          Preview:2024/10/03-14:43:59.429 18b4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/03-14:43:59.430 18b4 Recovering log #3.2024/10/03-14:43:59.430 18b4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):342
                          Entropy (8bit):5.165332868942412
                          Encrypted:false
                          SSDEEP:6:PwN0q2PN72nKuAl9Ombzo2jMGIFUt8mwHH9Zmw+mwHHPkwON72nKuAl9Ombzo2jz:w0vVaHAa8uFUt8Vd/+Vv5OaHAa8RJ
                          MD5:DE8AD3B89449A762C4C54D7291F579BA
                          SHA1:1AD87E783CDD90DC1098B7F801AE199E5DF427F8
                          SHA-256:B2B1E30C7F96C1A4F27F1FC3D5E298781E64C4AE2DC93D9351DF08B23520E551
                          SHA-512:7AD8A85633B473A0C296B080437406CCB048C1857C83E2FD3C70F3DCDD5A78C82D271EB5D6F0FB511023B36687D1D758FD6976BD8A49160CC79BB27B1AE7AD43
                          Malicious:false
                          Reputation:low
                          Preview:2024/10/03-14:43:59.429 18b4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/03-14:43:59.430 18b4 Recovering log #3.2024/10/03-14:43:59.430 18b4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):475
                          Entropy (8bit):4.975824910517686
                          Encrypted:false
                          SSDEEP:12:YH/um3RA8sqNsBdOg2Hkgcaq3QYiubcP7E4T3y:Y2sRdsrdMHo3QYhbA7nby
                          MD5:CAC0EBD8FA16118F4BA2A7C01E59610F
                          SHA1:003CE17C70A5C14EEC4E18CF655A1B56CE511378
                          SHA-256:9EA13965D66D9DA926DE04C79D9F686DFBC47E9A33ABC4CB2183D5C6E3E02C73
                          SHA-512:9053EE7245122175251BE66F5D385E5BC335E274BD09CB4F428B2CB01EF189F41199C1DA596B2ED485D8A350E2D1567F23AEC0D69A1B010BB50D028D418EE7CE
                          Malicious:false
                          Reputation:low
                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372541052056557","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":133798},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\f255c1af-ab5b-4ea7-81a2-73bc3578dac4.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:JSON data
                          Category:modified
                          Size (bytes):475
                          Entropy (8bit):4.975824910517686
                          Encrypted:false
                          SSDEEP:12:YH/um3RA8sqNsBdOg2Hkgcaq3QYiubcP7E4T3y:Y2sRdsrdMHo3QYhbA7nby
                          MD5:CAC0EBD8FA16118F4BA2A7C01E59610F
                          SHA1:003CE17C70A5C14EEC4E18CF655A1B56CE511378
                          SHA-256:9EA13965D66D9DA926DE04C79D9F686DFBC47E9A33ABC4CB2183D5C6E3E02C73
                          SHA-512:9053EE7245122175251BE66F5D385E5BC335E274BD09CB4F428B2CB01EF189F41199C1DA596B2ED485D8A350E2D1567F23AEC0D69A1B010BB50D028D418EE7CE
                          Malicious:false
                          Reputation:low
                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372541052056557","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":133798},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):5859
                          Entropy (8bit):5.247748933929616
                          Encrypted:false
                          SSDEEP:96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE7aBU9d:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzhB
                          MD5:89DC024E42542F58DEB46FC86EF1FA9C
                          SHA1:9D133C68115E6A9C358DD54875C0387B0D9E6989
                          SHA-256:34C1D9786DA04D01E986966CA8F7CB750086FA222F0C9989F7F32DC8DC692089
                          SHA-512:D8BC81C874224C8E57264701E811CCF14AE2DD6B8B517999BA3A2D51330D932FC451F1A5E53A5F3B587E8F05B947FD870D2A1AAFC80699110B7F883B3AA367E8
                          Malicious:false
                          Reputation:low
                          Preview:*...#................version.1..namespace-.X.Bo................next-map-id.1.Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/.0.>j.r................next-map-id.2.Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/.1.J.4r................next-map-id.3.Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/.2..J.o................next-map-id.4.Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.3..M.^...............Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/..d.^...............Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.u..a...............Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/..`aa...............Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/`v.Yo................next-map-id.5.Pnamespace-30587558_ed88_4bd8_adc0_

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):330
                          Entropy (8bit):5.104771454802195
                          Encrypted:false
                          SSDEEP:6:PPjsq2PN72nKuAl9OmbzNMxIFUt8mPWU7Zmw+mPekwON72nKuAl9OmbzNMFLJ:zsvVaHAa8jFUt8JU7/+T5OaHAa84J
                          MD5:AD9E2022422D8802127B3DBB4C071A50
                          SHA1:A75E557E8C215E78278BF74267D79CEA865A0700
                          SHA-256:07BF7EFA0B6AA47822CD80DBC834CF6D749E64302124D9E2FD6EB2625A9DC179
                          SHA-512:D9469E06CCF1DC6323E7DD5C7AE41E9945881BEC82BEA0BFEAA25F5F437EA625A608A6597175C7B27B8E07835F1802CD783F47768727D2B662CA6B51EBCBC5BC
                          Malicious:false
                          Reputation:low
                          Preview:2024/10/03-14:44:00.337 18b4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/03-14:44:00.344 18b4 Recovering log #3.2024/10/03-14:44:00.347 18b4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):330
                          Entropy (8bit):5.104771454802195
                          Encrypted:false
                          SSDEEP:6:PPjsq2PN72nKuAl9OmbzNMxIFUt8mPWU7Zmw+mPekwON72nKuAl9OmbzNMFLJ:zsvVaHAa8jFUt8JU7/+T5OaHAa84J
                          MD5:AD9E2022422D8802127B3DBB4C071A50
                          SHA1:A75E557E8C215E78278BF74267D79CEA865A0700
                          SHA-256:07BF7EFA0B6AA47822CD80DBC834CF6D749E64302124D9E2FD6EB2625A9DC179
                          SHA-512:D9469E06CCF1DC6323E7DD5C7AE41E9945881BEC82BEA0BFEAA25F5F437EA625A608A6597175C7B27B8E07835F1802CD783F47768727D2B662CA6B51EBCBC5BC
                          Malicious:false
                          Reputation:low
                          Preview:2024/10/03-14:44:00.337 18b4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/03-14:44:00.344 18b4 Recovering log #3.2024/10/03-14:44:00.347 18b4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241003184404Z-169.bmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                          Category:dropped
                          Size (bytes):65110
                          Entropy (8bit):1.7427501219882056
                          Encrypted:false
                          SSDEEP:192:F3AEYNiGLrusvyGJk8amMt02LNvzFb6NjJBdz1Mb6P6E+kB:qEHGnuGaRvwJGOSkB
                          MD5:938ED2CF7753BC9B484B6241A41C2AA2
                          SHA1:7AA5A65432A2205F7968C69E8EEC901E121CE301
                          SHA-256:01A3ECFC805580ABB4DF13A4E8E4FA90E644D8BE23EB9EB770637D6C92F18F29
                          SHA-512:9399449626BAFDA8C4CC01F65E076A508A00515F1787F93AA441842F36ED223C0EE2BBE05A9D9ABB4CC4201EDCF1DC5CE0FF149E56CD1858371A4F275624C287
                          Malicious:false
                          Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
                          Category:dropped
                          Size (bytes):86016
                          Entropy (8bit):4.444862308178459
                          Encrypted:false
                          SSDEEP:384:ye6ci5tBiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:mSs3OazzU89UTTgUL
                          MD5:6760E33366A7833EA20024F92BA28651
                          SHA1:8D1E009F29319E59C1424AF710D54D8ACA778DD7
                          SHA-256:4E78936FE334AD6D344F62E6F1D8CCB7D8E0F42A524211608FE492FB48CB6D10
                          SHA-512:BB5CC05552453A4BA66C70610B5F0356501E6C62349C48BD752DA0B77C207755BDACD946964645C4E24E4120EA51FBDECF24BC3052371BD284D400D225D1708A
                          Malicious:false
                          Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite Rollback Journal
                          Category:dropped
                          Size (bytes):8720
                          Entropy (8bit):3.768254579411002
                          Encrypted:false
                          SSDEEP:48:7MLJioyVtioyJoy1C7oy16oy1fKOioy1noy1AYoy1Wioy1oioykioyBoy1noy1Oo:7MJutr6XjBieb9IVXEBodRBks
                          MD5:7FBBA7AB7EE7B637D2FCD851D2ACAE1E
                          SHA1:3001BDEE08D0AA0AC6B6614D8746A1796B2AF14F
                          SHA-256:594D414867D3D50267599CE3547F9F9FB9C25300FED17A3A59D86F44D18092F5
                          SHA-512:46AE9455357EEF0A74951399F632F5439068CEA4DAF29D47C4875378F3480296BCB434FC6862FD90880E8A1CE9E3C36C4DD44688B49098E622B07C06726000F1
                          Malicious:false
                          Preview:.... .c........l...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:Certificate, Version=3
                          Category:dropped
                          Size (bytes):1391
                          Entropy (8bit):7.705940075877404
                          Encrypted:false
                          SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                          MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                          SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                          SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                          SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                          Malicious:false
                          Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                          Category:dropped
                          Size (bytes):71954
                          Entropy (8bit):7.996617769952133
                          Encrypted:true
                          SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                          MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                          SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                          SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                          SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                          Malicious:false
                          Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):192
                          Entropy (8bit):2.7673182398396405
                          Encrypted:false
                          SSDEEP:3:kkFklAFAhLkXfllXlE/HT8kejNNX8RolJuRdxLlGB9lQRYwpDdt:kKZFEL9T8NRNMa8RdWBwRd
                          MD5:8099FE7B0CAFE44FE345308FFD556BA0
                          SHA1:DB7496E5DD6D03A8CED988ED568969746B152042
                          SHA-256:4B2A80DDAAD9E114FEE4DDD2CEA4E0FA54D8E46791179FF17E33EBF59496C570
                          SHA-512:530F68453BA66093F0B1DB4E55B08870ED040EC7984467AEE3B14293670E3FDAAE4348D03FC39A4F53C5B388C95061FA0315EE1DDB92973F0ECFBB1301751A83
                          Malicious:false
                          Preview:p...... .........`J=....(....................................................... ..........W....<u..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:data
                          Category:modified
                          Size (bytes):328
                          Entropy (8bit):3.130277681168393
                          Encrypted:false
                          SSDEEP:6:kKsmbT9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:8DnLNkPlE99SNxAhUe/3
                          MD5:1F628C9883F5169E0D28BDEB2BB8A040
                          SHA1:81075EC88311DBF38F8FDB9B0722793E6D41044C
                          SHA-256:2D0D3C70AC84037264D8C15A658921C1A9634969266812D1D79F75C3991FC87A
                          SHA-512:455B959BE6A8D2C8CF5C8C2F3E28F8FD232AAE42F2130634103F7B8C79FC78A352CE0BE66D938CBD6DB817774C6A39F5687E76479869FB4B7F2D13A406F6ACC8
                          Malicious:false
                          Preview:p...... ...........a....(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):227002
                          Entropy (8bit):3.392780893644728
                          Encrypted:false
                          SSDEEP:1536:qKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:XPCaJ/3AYvYwglFoL+sn
                          MD5:265E3E1166312A864FB63291EA661C6A
                          SHA1:80DFF3187FF929596EB22E1DB9021BAD6F97178C
                          SHA-256:C13E08B1887A4E44DC39609D7234E8D732A6BC11313B55D6F4ECFB060CD87728
                          SHA-512:48776A2BFE8F25E5601DCC0137F7AB103D5684517334B806E3ACF61683DD9B283828475FC85CE0CBE4E8AF88E6F8B25EED0A77640E2CFFF2CC73708726519AFA
                          Malicious:false
                          Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):295
                          Entropy (8bit):5.3422367604700165
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXMIEgyEBl0nZiQ0YGJZd2DoAvJM3g98kUwPeUkwRe9:YvXKXM4f0cbGMbLUkee9
                          MD5:2AF7F7DEEE5F15BE84BB2EBD1004ED3D
                          SHA1:F2A8CA4000EC3D9719870B830F718F36061B499B
                          SHA-256:972AFA1A855850B7866F85756F948FF09DD10BCF6886024D44F078E6B5CFED57
                          SHA-512:3CC5EA0C3A80F955F6C792C84544E8D98EF2A4D844EED6F9D4E19F66662AD99C7752CCCEAE37741CC46F538FF8D2099E6CC4CA6C2E45C88B26329F51916A8A78
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"ad2ca66a-ce8c-4219-a67a-d920624ad4bd","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728156082123,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):294
                          Entropy (8bit):5.295822900583356
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXMIEgyEBl0nZiQ0YGJZd2DoAvJfBoTfXpnrPeUkwRe9:YvXKXM4f0cbGWTfXcUkee9
                          MD5:FC3306A44D222A8283B6459187BACC29
                          SHA1:62C0A0EB5AB057EC982529F542DDB6F4CD1549DB
                          SHA-256:0E6D732E75B49310CED74E15654835EB6D6A867FA04116B939EA6DE808A407AD
                          SHA-512:BBF0CCC2BE1C29C2CD82F1AF57D906951DE46CCDA2135337256F2CB5C3062B694B541276CCAB44F9631D8A18B6C2F23F261F88D2FB610410CD4667D352B462AC
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"ad2ca66a-ce8c-4219-a67a-d920624ad4bd","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728156082123,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):294
                          Entropy (8bit):5.2736729941604255
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXMIEgyEBl0nZiQ0YGJZd2DoAvJfBD2G6UpnrPeUkwRe9:YvXKXM4f0cbGR22cUkee9
                          MD5:55D60E4C7E7E3735FA879D103D15711F
                          SHA1:FF1A51D479FA5013137B21D4A7996E6AA9F7F6FF
                          SHA-256:D18FFA3C66D1479D8CA7437260BA874EA9921C52B537442A5960A45183DE33A7
                          SHA-512:55C8429F83B18323D2A7F86C3ACCB074A5F787A1C98AF9793A5075B955AEF7E842A128904B6384A5CDFF8DD906572326A2342E00A5A5D5638C4C462865DCF487
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"ad2ca66a-ce8c-4219-a67a-d920624ad4bd","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728156082123,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):285
                          Entropy (8bit):5.321518051016508
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXMIEgyEBl0nZiQ0YGJZd2DoAvJfPmwrPeUkwRe9:YvXKXM4f0cbGH56Ukee9
                          MD5:BB63D5EFE0D96DC4094E774EFC832C42
                          SHA1:40FBCC3FE7A2621704280B2B3604D9F6621ADC45
                          SHA-256:37C67F06D755D436C63DB1795E4F6E216998F7E90A337FABAD0BDA20F908B5C0
                          SHA-512:69E4E72B76109DCEFB1C01846D612E6DEDD8E806016660497A21CA6818344460F910D2FF8A2B8F8B6345DA313E8D5E43F5AEA50FFBD311650AF33D03DF599C47
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"ad2ca66a-ce8c-4219-a67a-d920624ad4bd","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728156082123,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1091
                          Entropy (8bit):5.680980276151775
                          Encrypted:false
                          SSDEEP:24:Yv6XxxwpLgE7cgD6SOGtnnl0RCmK8czOCYvSHr:Yvthgs6SraAh8cvYKHr
                          MD5:CB2D9F69958420DCCF93B46882AE96F9
                          SHA1:F12BC8AB8996B83A7802331BB3A556A7648A08AD
                          SHA-256:53CC29E09190B01BE9288E37D6950F7BE114182F39CA3350E1DC6AFDF47F4E1D
                          SHA-512:A7C638757D43AC3CD296DF7B7660BA511709AAEBCADCEC7A4F6B8E72C53E1B61029A25934948912BB93CD62A44096740D1CBCC19BE6D1D9D411CB7CA24A84D0A
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"ad2ca66a-ce8c-4219-a67a-d920624ad4bd","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728156082123,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_281075ActionBlock_2","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"67a3a874-888f-4d96-9f3d-26e70c3e0be1","variationId":"281075"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgUERGIGZpbGVzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNhdElkIjoiUkdTMDM1MS1FTlUtQ2hhbGxlbmdlcjIifQ==","dataType":"ap

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1050
                          Entropy (8bit):5.647071212560808
                          Encrypted:false
                          SSDEEP:24:Yv6XxxiVLgEF0c7sbnl0RCmK8czOCYHflEpwiVqr:YvxFg6sGAh8cvYHWpwHr
                          MD5:C9AD8AE72D23BE8A3F4EDE4782FC6C00
                          SHA1:BCF951452F5800CAF138B67981D2CE94557B7489
                          SHA-256:E360F7A50EFE60B0244C57E5EB3547C2A4DC27D4D293CFB1AB8388F66529DD35
                          SHA-512:090148CBFB892CDE2C14D2F7A8F9A53EB7F71C86B3A25309C57AEB15D022282D5262743A5A322B8E47FE4B670833418423C5F7767AAD61B3F8A491C48BFCC5C0
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"ad2ca66a-ce8c-4219-a67a-d920624ad4bd","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728156082123,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):292
                          Entropy (8bit):5.271646096878236
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXMIEgyEBl0nZiQ0YGJZd2DoAvJfQ1rPeUkwRe9:YvXKXM4f0cbGY16Ukee9
                          MD5:4B2A775813BEEB58236F2141CF5A2EFE
                          SHA1:E92E52A15EBBF4FB7A88FF5445D465048EE846F6
                          SHA-256:7DE92A24A89E3D21D81F500F8DBB2999A23C993395EAAEFAB81D4D9AC12EF3F5
                          SHA-512:858B4B86CB798D4863B7C6C7A56284A819FC92F80D2C9B1855F3EEDBBF038FF263F0A54FE1BC1DF91B1C701945C18F35CB748AFFDFCA42D4BC0ACC61F4F43424
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"ad2ca66a-ce8c-4219-a67a-d920624ad4bd","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728156082123,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1098
                          Entropy (8bit):5.679448892769297
                          Encrypted:false
                          SSDEEP:24:Yv6XxxP2LgEFcs2SOGt0nl0RCmK8czOCUaBtCrfSHr:Yvgogq2SrhAh8cvUgEmHr
                          MD5:409ED9BD8CAC8FD2D94682A1A2E7BAAB
                          SHA1:489DCE24A0D07BA7D833E126108E4A35C4BC93AF
                          SHA-256:B29F8C82204407DDFE54DFFCD810CC3C33750ED59763ACD5060669FB3BD96D19
                          SHA-512:A73298D2CFACAB8F322C92A23527D1391CA063AA7F440A361645D7A29BEBF4546BA1B09080A80A47887DAFCA686BF292C9B4162EEBF613585D0613F3827CE238
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"ad2ca66a-ce8c-4219-a67a-d920624ad4bd","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728156082123,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_281075ActionBlock_0","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"abdf1d9d-2114-4953-95a6-4eed783b9872","variationId":"281075"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlR1cm4gc2Nhbm5lZCBwYXBlciBkb2N1bWVudHNcbmludG8gaW5zdGFudGx5IGVkaXRhYmxlIFBERnMuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNoYWxsZW5nZXIyIn0=","dataTy

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1164
                          Entropy (8bit):5.692287334691577
                          Encrypted:false
                          SSDEEP:24:Yv6XxxjKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5qr:YvoEgqprtrS5OZjSlwTmAfSKwr
                          MD5:24AB42B85317EE1D9AF3626C9DA2C6A9
                          SHA1:DF1E71F4499F4D2C303CA395324D2FBCF4EDCDAA
                          SHA-256:E478697FBFE78F3ACD33850E21C9CCB8FD83438E416A552F68DB73A6F75FA57C
                          SHA-512:E581E7650B2A85622F6EC027D899112B1D11D7CE28C9C7141062C5D13858131AF2105847175665D37E2736A6926BA3FE332F51B674911AA9949D2543941556F4
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"ad2ca66a-ce8c-4219-a67a-d920624ad4bd","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728156082123,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):289
                          Entropy (8bit):5.275514704130586
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXMIEgyEBl0nZiQ0YGJZd2DoAvJfYdPeUkwRe9:YvXKXM4f0cbGg8Ukee9
                          MD5:CFC9A6F5156317E62BC046BA6971FB07
                          SHA1:8618D1515650324286EAE3176F5CB53FDC2881DB
                          SHA-256:65453B7B58DEF884816B3A8AA478CF6759B1FF97116446439889920D0A4C3B1B
                          SHA-512:B923FF9ACB06C57133E023283DE394053A163DF491AA33EC02E8FD1A11D5C063712530FBE1AF5DA18381C3F191E7262D85130E3E5905622F099708BACC275359
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"ad2ca66a-ce8c-4219-a67a-d920624ad4bd","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728156082123,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1395
                          Entropy (8bit):5.771242136880214
                          Encrypted:false
                          SSDEEP:24:Yv6Xxx+rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNx:YvHHgDv3W2aYQfgB5OUupHrQ9FJD
                          MD5:A39F82030F835233D0AFE9989CC57600
                          SHA1:2B2F1181EC86426A4F2AAC31CF738AB2CAF4E1F0
                          SHA-256:80D6195C16EE6854AAF08241EEF802BF83949E81D2DEC0BB9DAFC5C4DA6B7C98
                          SHA-512:22818E66DA47A5D7C58121C39D2306595D450FB3218EE94BBD07494D66EC134E9955A060C78EF3DE3AD35C0291CDC451B0B997B98684CBC2618BF7E180D2E3B3
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"ad2ca66a-ce8c-4219-a67a-d920624ad4bd","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728156082123,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):291
                          Entropy (8bit):5.259230085624858
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXMIEgyEBl0nZiQ0YGJZd2DoAvJfbPtdPeUkwRe9:YvXKXM4f0cbGDV8Ukee9
                          MD5:8FB0E667A2303A0E88EE9F2B378E8268
                          SHA1:73425126C0AC275C737CEDD956877FE1D41D6929
                          SHA-256:C40AA2399A6D59B82A676409367494F9F199C569272A5CE0A6DA227589FD4CD0
                          SHA-512:5B2BB76731818D6E1CC2DCCFDC2F6005B9E44567FA592935AB9986779B6E5B5FC4B1D50AF640139AC8638B791C6DD98B0D7F7DA733EFF02A654F19DC720F0F60
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"ad2ca66a-ce8c-4219-a67a-d920624ad4bd","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728156082123,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):287
                          Entropy (8bit):5.263363906395421
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXMIEgyEBl0nZiQ0YGJZd2DoAvJf21rPeUkwRe9:YvXKXM4f0cbG+16Ukee9
                          MD5:F79D2C86668302B4D6AC437CD763D77D
                          SHA1:FCC21A91A7C74DFC8F533A8CA6EBA28F3A744958
                          SHA-256:12E9E49F5C4EC7F7E3510EF7D9DF23DAA49D90A039ADC0CF60ECBB1486FE04DB
                          SHA-512:E214B09AC36621E1BAB4894F34C2BBCA75ACA9CAEC1A8046E248A0D73F32187710817EF1CA523AE82A744366A94374BB871DC5855E8784114357E76126C2DF09
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"ad2ca66a-ce8c-4219-a67a-d920624ad4bd","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728156082123,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1054
                          Entropy (8bit):5.658607763709798
                          Encrypted:false
                          SSDEEP:24:Yv6Xxx0amXayLgE6cTg4QSOGtNaqnl0RCmK8czOC/CrfSHr:YvJBgSXQSrOAh8cv6mHr
                          MD5:771C9B1822FC865988AF1A2361AFC6FF
                          SHA1:06B868AF9422CB7AD6F9A1D30E811828570A16E9
                          SHA-256:7F8274DD9A9668460EEFE3813C9EF4ACF6976827296DC5EA51880A1880F12377
                          SHA-512:F23402BA09EEFE35ABDD5D499FA9AAE8F4D86FB0C625F1156CD864B1EF18EECEC9ECD9F1553A9FDA47339A7225076ABE900CB7C8344B65BE6B2169EAEC8AA541
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"ad2ca66a-ce8c-4219-a67a-d920624ad4bd","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728156082123,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_281075ActionBlock_1","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"7fe39695-394c-4706-9b50-651e7499d428","variationId":"281075"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNoYWxsZW5nZXIyIn0=","dataType":"application\/json","encodingScheme":tru

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):286
                          Entropy (8bit):5.237233095782162
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXMIEgyEBl0nZiQ0YGJZd2DoAvJfshHHrPeUkwRe9:YvXKXM4f0cbGUUUkee9
                          MD5:E372765EAAF21C240C1F7FF51503E3D6
                          SHA1:EB4C5ED5CCD63B8975D536935792EEAF8E6BDDDB
                          SHA-256:4BA01901F122D28BBFF292A76842983433AC94FC34DB66B8549052D7E4DE9B93
                          SHA-512:637FE883C709AED21BE13B9719DFCB815ECB0E3648C407CD375B916975BC66EFBD6A613E4236F3477298C82BFB8D6650BC9A432882AE79BF8FA670B66549513F
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"ad2ca66a-ce8c-4219-a67a-d920624ad4bd","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728156082123,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):782
                          Entropy (8bit):5.348354009920406
                          Encrypted:false
                          SSDEEP:12:YvXKXM4f0cbGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWt:Yv6Xxx7168CgEXX5kcIfANh8
                          MD5:1E9950327F2DCAF46F048848CE6A1FFC
                          SHA1:221AADC4A35986ED8A094DB447AD035A00123B9B
                          SHA-256:977AD2BD6F920EC27CBB576646605A2318F47BB3ABD9711C29EA5379270E8991
                          SHA-512:F8013D3373C25BF539934D8264287D241AE975C1BBA57E15ACD1F51B48F6413BB41804551D77D3EA94EA47D819867B05338D7A124A73821F01AC564ADD36B367
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"ad2ca66a-ce8c-4219-a67a-d920624ad4bd","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728156082123,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1727981047147}}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):4
                          Entropy (8bit):0.8112781244591328
                          Encrypted:false
                          SSDEEP:3:e:e
                          MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                          SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                          SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                          SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                          Malicious:false
                          Preview:....

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):2818
                          Entropy (8bit):5.136401547558455
                          Encrypted:false
                          SSDEEP:24:YjcTgzZfM1aZcayOtjqUjKChqFanlzw+ujhHBj0S6jK+26Y2LSkiOB5HNt79/5ul:YjtxPTOydnlKLQlZYyiOB5f9/8
                          MD5:666D2D0269515DB60F4ED999D5D54935
                          SHA1:84DF2FDA56B9A24FFC58058D74DA5CC1E8290FFD
                          SHA-256:36EB36C51DA1405FE429D82BEE3F99F76D694C4A15840AABC1C49376997CB52F
                          SHA-512:ECDFD8B57ACF936232CB9AFA5D4F00BD0F5DE2264E222980449505F23085AABFC94854DAA4D4BF27A821D2FAA0C19284DECD150F3344AFFD3537D62F9F4E3DEB
                          Malicious:false
                          Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"b37f33a4ad5ef7918c89d0021f6b65bb","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1727981046000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"c93154cf3426aa919122eb2b2cbbe244","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1727981046000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"75eff232501a5184fc404e8ad672f084","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1054,"ts":1727981046000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"b8a7a4d2a6e2b5ea0b7aafe0ca97fb22","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1091,"ts":1727981046000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"ac8b5512ab8582f91681e5f0258ff8ab","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1098,"ts":1727981046000},{"id":"Edit_InApp_Aug2020","info":{"dg":"e74d45b156791569bae6ff920448468c","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 24, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 24
                          Category:dropped
                          Size (bytes):12288
                          Entropy (8bit):1.146800281742649
                          Encrypted:false
                          SSDEEP:24:TLhx/XYKQvGJF7ursgRZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHr:TFl2GL7msKXc+XcGNFlRYIX2v3kr
                          MD5:13C64C17561002C9E1737BA774883920
                          SHA1:B5F11504FAF821FADA1C02E8E557465355C6EB45
                          SHA-256:BC215D01D211054D535E52B838D6A1536EF66B97F480F7D88ACC5D183B4ED671
                          SHA-512:38DB5C0CF14A42D66DCAF6B765F6FE55DFBAA84BDD2C6F2D24A33D111C2CCF1C21AC0FED41211B8896BAD695C31FD74CF8F8FB8AB03E567F72429ED9A213D513
                          Malicious:false
                          Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite Rollback Journal
                          Category:dropped
                          Size (bytes):8720
                          Entropy (8bit):1.549998121095125
                          Encrypted:false
                          SSDEEP:24:7+t8DUXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHRuLuxr6vqLxx/X9:7M8gXc+XcGNFlRYIX2v26vqVl2GL7msj
                          MD5:001587ED14C7518016EDAA199CA8B789
                          SHA1:5F4D32E28FEE0937398A3636F50C9FA00685B53A
                          SHA-256:6A844A3B6519E6C6D49EDC74BC2E7BC8495E4229BAADDEAFBB051B94287CB598
                          SHA-512:01F0EC713CB1ED060304C96DB62450B4E140C2618D8C99504123F9AF6A34E0E2BBE87DD42315F1353C9D12FB67C90AFEB9B9D331A5369593A00CCD2F260EC5B7
                          Malicious:false
                          Preview:.... .c......c............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................b..b.b.b.b.b.b.b.b.b.b.b.b.b..................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Local\Temp\MSI3cbf7.LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):246
                          Entropy (8bit):3.5065515051498046
                          Encrypted:false
                          SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K82hlQqRel:Qw946cPbiOxDlbYnuRKXhlEl
                          MD5:80D025FBD889C32AE41AB4E1EA1A11FF
                          SHA1:2E5163E9D3A0749D073A7613648AEE4584F6E303
                          SHA-256:C0EF13AA7CB5F7BDC319890245E57B2B950B2484E6D6FEC58E98BFDC8F970AE5
                          SHA-512:3D0DE280B82BC8B91F4D3E5B31769C244FD05CA931042F82FA49A30CE2C914961258DAAB6DBF0B0537F5C02E222A01707973093A94B4423F1C4950BED2D18D58
                          Malicious:false
                          Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.3./.1.0./.2.0.2.4. . .1.4.:.4.4.:.0.7. .=.=.=.....

                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\A919hrw6g_14yuoh7_22o.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:PDF document, version 1.6, 0 pages
                          Category:dropped
                          Size (bytes):358
                          Entropy (8bit):5.031252052024994
                          Encrypted:false
                          SSDEEP:6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOTMmmjZwmmjZbmCSyAAO:IngVMre9T0HQIDmy9g06JXajQjZalX
                          MD5:989565DE40604F8931EA662AEE06C626
                          SHA1:F951533527CE4DC73EEC55DEBAF5AA942C5E74FE
                          SHA-256:FC1E84522B5BB62448B81685336C73970EF88D53DC587AC6E330555D9145F45F
                          SHA-512:CC20E1F4C4A0FF479293674952214E226167ECFD0A77F8793153C4925D974186AE3A74A907FC8D70DEBC0900628F5455D6776FD742B2A6922ED943F7FC231BBD
                          Malicious:false
                          Preview:%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<C0392E1AB5970C489FD1E97055BF6E09><C0392E1AB5970C489FD1E97055BF6E09>]>>..startxref..127..%%EOF..

                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-03 14-44-01-611.log

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:ASCII text, with very long lines (393)
                          Category:dropped
                          Size (bytes):16525
                          Entropy (8bit):5.338264912747007
                          Encrypted:false
                          SSDEEP:384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb
                          MD5:128A51060103D95314048C2F32A15C66
                          SHA1:EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB
                          SHA-256:601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713
                          SHA-512:55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677
                          Malicious:false
                          Preview:SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig:

                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:ASCII text, with very long lines (393), with CRLF line terminators
                          Category:dropped
                          Size (bytes):15114
                          Entropy (8bit):5.318783736685956
                          Encrypted:false
                          SSDEEP:384:URFQYYxUjNG2TNOH84bYFv4JxGxE/nDwUrOXRV3Xyc+vn9xbDM1Kpups94accnX+:Y8g
                          MD5:53C2CBD6155BBCCCDAA991802B490181
                          SHA1:DC132ED2E1025CC2DA8D6B1E7AEC0720233DE683
                          SHA-256:ACB23290BDD17B95666CA0B86B2A9B22696998828051A63BC86CA166BA1BC22F
                          SHA-512:98535A3E1AA7F4D63CF42BE9D7011AFC60154A7434740F823016ED74797CBB3DF8519502AB547B33A4CE54A43789D8867399A6A138495D78AC8A8C7E95709217
                          Malicious:false
                          Preview:SessionID=e872dcb8-9660-43ad-9e8e-8b8e3a7e0c7e.1727981041644 Timestamp=2024-10-03T14:44:01:644-0400 ThreadID=3576 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=e872dcb8-9660-43ad-9e8e-8b8e3a7e0c7e.1727981041644 Timestamp=2024-10-03T14:44:01:658-0400 ThreadID=3576 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=e872dcb8-9660-43ad-9e8e-8b8e3a7e0c7e.1727981041644 Timestamp=2024-10-03T14:44:01:658-0400 ThreadID=3576 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=e872dcb8-9660-43ad-9e8e-8b8e3a7e0c7e.1727981041644 Timestamp=2024-10-03T14:44:01:658-0400 ThreadID=3576 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=e872dcb8-9660-43ad-9e8e-8b8e3a7e0c7e.1727981041644 Timestamp=2024-10-03T14:44:01:659-0400 ThreadID=3576 Component=ngl-lib_NglAppLib Description="SetConf

                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):29752
                          Entropy (8bit):5.388999335069104
                          Encrypted:false
                          SSDEEP:192:acb4I3dcbPcbaIO4cbYcbqnIdjcb6acbaIewcbRDGcb4IEhkjcbAc:V3fOCIdJDevDxEhk7c
                          MD5:8FD4AE976A770A79FC82132A9587F35D
                          SHA1:653DC594ACADEC8CB7114DE7AED2013A096CA58A
                          SHA-256:8184D726E84A38BFA661114948256A6B27CD3C1C2C6AD22AE0A29CA53872C584
                          SHA-512:2D671225BCFA9557983CA43784630566228783DCAB36F66C31F719E18B9C6C0D820755230EA45FF8A143E8C7601C75C40683489CFB22555A57364223DAFA9917
                          Malicious:false
                          Preview:05-10-2023 08:20:22:.---2---..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 08:20:22:.Closing File..05-10-

                          C:\Users\user\AppData\Local\Temp\acrocef_low\214117c8-e7b6-43d6-904f-9f1afc2f78aa.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                          Category:dropped
                          Size (bytes):1419751
                          Entropy (8bit):7.976496077007677
                          Encrypted:false
                          SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
                          MD5:18E3D04537AF72FDBEB3760B2D10C80E
                          SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
                          SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
                          SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
                          Malicious:false
                          Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                          C:\Users\user\AppData\Local\Temp\acrocef_low\6215ddd6-a2bc-4dea-8cd2-5d1347211bed.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                          Category:dropped
                          Size (bytes):386528
                          Entropy (8bit):7.9736851559892425
                          Encrypted:false
                          SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                          MD5:5C48B0AD2FEF800949466AE872E1F1E2
                          SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                          SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                          SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                          Malicious:false
                          Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                          C:\Users\user\AppData\Local\Temp\acrocef_low\90bf3d38-30cf-45d2-b07c-e7b6ea51d87a.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                          Category:dropped
                          Size (bytes):758601
                          Entropy (8bit):7.98639316555857
                          Encrypted:false
                          SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                          MD5:3A49135134665364308390AC398006F1
                          SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                          SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                          SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                          Malicious:false
                          Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                          C:\Users\user\AppData\Local\Temp\acrocef_low\f56d499a-5862-40c9-8876-bd0c66d4b213.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                          Category:dropped
                          Size (bytes):1407294
                          Entropy (8bit):7.97605879016224
                          Encrypted:false
                          SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                          MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                          SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                          SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                          SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                          Malicious:false
                          Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                          Static File Info

                          General

                          File type:PDF document, version 1.4, 2 pages
                          Entropy (8bit):7.890939599680852
                          TrID:
                          • Adobe Portable Document Format (5005/1) 100.00%
                          File name:CRANSTONJONATHAN.pdf
                          File size:65'407 bytes
                          MD5:acfd79294b7a2b428b071bb757328866
                          SHA1:08e80fdedbd891ab484c05e65e77f69bf8b36684
                          SHA256:61353ab9c07351dd768f95a2c39d71d109c75f2e9227b2eef6bd26283cd8ed87
                          SHA512:0a6b6f346aebe8f6330abb235045277a9daec6b805a60c3ea95c799a164a60d3e3889bbfb926c7b29d305ab38d51d492e88e5cd9c143e1c2427b089efe6e1ba5
                          SSDEEP:1536:+tUqISFIrOB0JslI6IKKMecbC+Y4gmFq+bT:+3F2+sslTISPC+hgAq+bT
                          TLSH:B053F172A1152C1ED9E2C3CAAC2DBC9EA47CB1729FF8354271784935B4108E57291BCF
                          File Content Preview:%PDF-1.4.1 0 obj.<<./Title (..)./Creator (..)./Producer (...Q.t. .5...5...1)./CreationDate (D:20241002012655).>>.endobj.2 0 obj.<<./Type /Catalog./Pages 3 0 R.>>.endobj.4 0 obj.<<./Type /ExtGState./SA true./SM 0.02./ca 1.0./CA 1.0./AIS false./SMask /None>

                          File Icon

                          Icon Hash:62cc8caeb29e8ae0

                          Static PDF Info

                          General

                          Header:%PDF-1.4
                          Total Entropy:7.890940
                          Total Bytes:65407
                          Stream Entropy:7.914082
                          Stream Bytes:61842
                          Entropy outside Streams:5.079341
                          Bytes outside Streams:3565
                          Number of EOF found:1
                          Bytes after EOF:

                          Keywords Statistics

                          NameCount
                          obj29
                          endobj29
                          stream7
                          endstream6
                          xref1
                          trailer1
                          startxref1
                          /Page2
                          /Encrypt0
                          /ObjStm0
                          /URI0
                          /JS0
                          /JavaScript0
                          /AA0
                          /OpenAction0
                          /AcroForm0
                          /JBIG2Decode0
                          /RichMedia0
                          /Launch0
                          /EmbeddedFile0

                          Image Streams

                          IDDHASHMD5Preview
                          144eab981e39234959a6b308221482528888a2cb115fee0e4e

                          Network Behavior

                          Network Port Distribution

                          TCP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Oct 3, 2024 20:44:13.224486113 CEST49729443192.168.2.623.41.168.139
                          Oct 3, 2024 20:44:13.224528074 CEST4434972923.41.168.139192.168.2.6
                          Oct 3, 2024 20:44:13.224602938 CEST49729443192.168.2.623.41.168.139
                          Oct 3, 2024 20:44:13.224778891 CEST49729443192.168.2.623.41.168.139
                          Oct 3, 2024 20:44:13.224795103 CEST4434972923.41.168.139192.168.2.6
                          Oct 3, 2024 20:44:13.835463047 CEST4434972923.41.168.139192.168.2.6
                          Oct 3, 2024 20:44:13.836045027 CEST49729443192.168.2.623.41.168.139
                          Oct 3, 2024 20:44:13.836065054 CEST4434972923.41.168.139192.168.2.6
                          Oct 3, 2024 20:44:13.837315083 CEST4434972923.41.168.139192.168.2.6
                          Oct 3, 2024 20:44:13.838025093 CEST49729443192.168.2.623.41.168.139
                          Oct 3, 2024 20:44:13.839689970 CEST49729443192.168.2.623.41.168.139
                          Oct 3, 2024 20:44:13.839777946 CEST4434972923.41.168.139192.168.2.6
                          Oct 3, 2024 20:44:13.839973927 CEST49729443192.168.2.623.41.168.139
                          Oct 3, 2024 20:44:13.839994907 CEST4434972923.41.168.139192.168.2.6
                          Oct 3, 2024 20:44:13.880443096 CEST49729443192.168.2.623.41.168.139
                          Oct 3, 2024 20:44:13.938461065 CEST4434972923.41.168.139192.168.2.6
                          Oct 3, 2024 20:44:13.938545942 CEST4434972923.41.168.139192.168.2.6
                          Oct 3, 2024 20:44:13.938693047 CEST49729443192.168.2.623.41.168.139
                          Oct 3, 2024 20:44:13.939953089 CEST49729443192.168.2.623.41.168.139
                          Oct 3, 2024 20:44:13.939970016 CEST4434972923.41.168.139192.168.2.6

                          UDP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Oct 3, 2024 20:44:12.802746058 CEST5452053192.168.2.61.1.1.1

                          DNS Queries

                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                          Oct 3, 2024 20:44:12.802746058 CEST192.168.2.61.1.1.10x9f1Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

                          DNS Answers

                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                          Oct 3, 2024 20:44:12.815412045 CEST1.1.1.1192.168.2.60x9f1No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                          Oct 3, 2024 20:44:13.569611073 CEST1.1.1.1192.168.2.60xc8e6No error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comdefault.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comCNAME (Canonical name)IN (0x0001)false
                          Oct 3, 2024 20:44:13.569611073 CEST1.1.1.1192.168.2.60xc8e6No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.210.34A (IP address)IN (0x0001)false
                          Oct 3, 2024 20:44:13.569611073 CEST1.1.1.1192.168.2.60xc8e6No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.210.38A (IP address)IN (0x0001)false
                          Oct 3, 2024 20:44:13.569611073 CEST1.1.1.1192.168.2.60xc8e6No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.27A (IP address)IN (0x0001)false
                          Oct 3, 2024 20:44:13.569611073 CEST1.1.1.1192.168.2.60xc8e6No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.22A (IP address)IN (0x0001)false
                          Oct 3, 2024 20:44:13.569611073 CEST1.1.1.1192.168.2.60xc8e6No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.38A (IP address)IN (0x0001)false
                          Oct 3, 2024 20:44:13.569611073 CEST1.1.1.1192.168.2.60xc8e6No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.42A (IP address)IN (0x0001)false
                          Oct 3, 2024 20:44:13.569611073 CEST1.1.1.1192.168.2.60xc8e6No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.21A (IP address)IN (0x0001)false
                          Oct 3, 2024 20:44:13.569611073 CEST1.1.1.1192.168.2.60xc8e6No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.40A (IP address)IN (0x0001)false

                          HTTP Request Dependency Graph

                          • armmf.adobe.com

                          HTTPS Proxied Packets

                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          0192.168.2.64972923.41.168.1394434368C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          TimestampBytes transferredDirectionData
                          2024-10-03 18:44:13 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                          Host: armmf.adobe.com
                          Connection: keep-alive
                          Accept-Language: en-US,en;q=0.9
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                          Sec-Fetch-Site: same-origin
                          Sec-Fetch-Mode: no-cors
                          Sec-Fetch-Dest: empty
                          Accept-Encoding: gzip, deflate, br
                          If-None-Match: "78-5faa31cce96da"
                          If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                          2024-10-03 18:44:13 UTC198INHTTP/1.1 304 Not Modified
                          Content-Type: text/plain; charset=UTF-8
                          Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                          ETag: "78-5faa31cce96da"
                          Date: Thu, 03 Oct 2024 18:44:13 GMT
                          Connection: close


                          Statistics

                          CPU Usage

                          Click to jump to process

                          Memory Usage

                          Click to jump to process

                          High Level Behavior Distribution

                          Click to dive into process behavior distribution

                          Behavior

                          Click to jump to process

                          System Behavior

                          General

                          Target ID:0
                          Start time:14:43:58
                          Start date:03/10/2024
                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\CRANSTONJONATHAN.pdf"
                          Imagebase:0x7ff651090000
                          File size:5'641'176 bytes
                          MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high
                          Has exited:true

                          General

                          Target ID:2
                          Start time:14:43:59
                          Start date:03/10/2024
                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                          Imagebase:0x7ff70df30000
                          File size:3'581'912 bytes
                          MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high
                          Has exited:true

                          General

                          Target ID:4
                          Start time:14:43:59
                          Start date:03/10/2024
                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2204 --field-trial-handle=1588,i,12537562669909444829,16526735775559190256,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                          Imagebase:0x7ff70df30000
                          File size:3'581'912 bytes
                          MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high
                          Has exited:true

                          Disassembly

                          No disassembly