Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
w-9 -Ethics advisory inc .pdf

Overview

General Information

Sample name:w-9 -Ethics advisory inc .pdf
Analysis ID:1528526
MD5:3d132b55a4a3c656b94590577df13040
SHA1:f9f8c74da30040ac6526b510c8fa5e5d3560e62f
SHA256:207e104694eb76445b445005ed069ff7b378391ca5a3c7a5e2206e2d7a5a099b
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

IP address seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 5828 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\w-9 -Ethics advisory inc .pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6308 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 2304 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1624,i,13021702806693179787,17668582507284460898,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.6:49810 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.6:49810 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.6:49810 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.6:49810 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.6:49810 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.6:49810 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.6:49810 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.6:49810 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.6:49810 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.6:49810 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.6:49810 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.6:49810 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.6:49810
Source: global trafficTCP traffic: 192.168.2.6:49810 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.6:49810 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.6:49810
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.6:49810
Source: global trafficTCP traffic: 192.168.2.6:49810 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.6:49810
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.6:49810
Source: global trafficTCP traffic: 192.168.2.6:49810 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.6:49810 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.6:49810 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.6:49810
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.6:49810
Source: global trafficTCP traffic: 192.168.2.6:49810 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.6:49810
Source: global trafficTCP traffic: 192.168.2.6:49810 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.6:49810
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.6:49810
Source: global trafficTCP traffic: 192.168.2.6:49810 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.6:49810 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.6:49810
Source: Joe Sandbox ViewIP Address: 23.56.162.185 23.56.162.185
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.drString found in binary or memory: http://x1.i.lencr.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
Source: classification engineClassification label: clean2.winPDF@14/45@1/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6112Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-07 18-27-51-358.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\w-9 -Ethics advisory inc .pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1624,i,13021702806693179787,17668582507284460898,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1624,i,13021702806693179787,17668582507284460898,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: w-9 -Ethics advisory inc .pdfInitial sample: PDF keyword /JS count = 0
Source: w-9 -Ethics advisory inc .pdfInitial sample: PDF keyword /JavaScript count = 0
Source: w-9 -Ethics advisory inc .pdfInitial sample: PDF keyword startxref count = 7
Source: w-9 -Ethics advisory inc .pdfInitial sample: PDF keyword stream count = 161
Source: w-9 -Ethics advisory inc .pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: w-9 -Ethics advisory inc .pdfInitial sample: PDF keyword /ObjStm count = 17
Source: w-9 -Ethics advisory inc .pdfInitial sample: PDF keyword endobj count = 413
Source: w-9 -Ethics advisory inc .pdfInitial sample: PDF keyword endstream count = 161
Source: w-9 -Ethics advisory inc .pdfInitial sample: PDF eof value = 7
Source: w-9 -Ethics advisory inc .pdfInitial sample: PDF keyword obj count = 413
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1528526 Sample: w-9 -Ethics advisory inc .pdf Startdate: 08/10/2024 Architecture: WINDOWS Score: 2 14 x1.i.lencr.org 2->14 7 Acrobat.exe 18 70 2->7         started        process3 process4 9 AcroCEF.exe 107 7->9         started        process5 11 AcroCEF.exe 2 9->11         started        dnsIp6 16 23.56.162.185, 443, 49810 AKAMAI-ASUS United States 11->16

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
w-9 -Ethics advisory inc .pdf0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://x1.i.lencr.org/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
x1.i.lencr.org
unknown
unknownfalse
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.2.drfalse
    • URL Reputation: safe
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    23.56.162.185
    		unknownUnited States
    		16625AKAMAI-ASUSfalse

    General Information

    Joe Sandbox version:41.0.0 Charoite
    Analysis ID:1528526
    Start date and time:2024-10-08 00:26:48 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 4m 16s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:defaultwindowspdfcookbook.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:11
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:w-9 -Ethics advisory inc .pdf
    Detection:CLEAN
    Classification:clean2.winPDF@14/45@1/1
    Cookbook Comments:
    • Found application associated with file extension: .pdf
    • Found PDF document
    • Close Viewer

    Warnings

    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
    • Excluded IPs from analysis (whitelisted): 184.28.88.176, 23.22.254.206, 54.227.187.23, 52.202.204.11, 52.5.13.197, 162.159.61.3, 172.64.41.3, 2.19.126.143, 2.19.126.149, 2.23.197.184
    • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, client.wns.windows.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, otelrules.azureedge.net, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, crl.root-x1.letsencrypt.org.edgekey.net
    • VT rate limit hit for: w-9 -Ethics advisory inc .pdf

    Simulations

    Behavior and APIs

    TimeTypeDescription
    18:28:01API Interceptor1x Sleep call for process: AcroCEF.exe modified

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    23.56.162.185https://app.collabow.io/d/GNgkdZO5gKluqEP3mMdbEwzWbgEyOeRe8sIh64SLMvsNGet hashmaliciousUnknownBrowse
      Refrence-Order#63729.pdfGet hashmaliciousAzorultBrowse
        DV2mrnfX2d.exeGet hashmaliciousRhysidaBrowse
          Xkci1BfrmX.lnkGet hashmaliciousLonePageBrowse
            Snc2ZNvAZP.pdfGet hashmaliciousUnknownBrowse
              Purchase Order IBT LPO-2320.emlGet hashmaliciousUnknownBrowse
                Final_Contract_Copy-532392974.pdfGet hashmaliciousUnknownBrowse
                  Cbequipment-Voice Audio Interface.pdfGet hashmaliciousHTMLPhisherBrowse
                    Runbook - Carolinas Animal Hospital - 2022-05-25 11.28 UTC -04.00.pdfGet hashmaliciousUnknownBrowse
                      Hajj_Advisory pdf lnk.lnkGet hashmaliciousUnknownBrowse

                        Domains

                        No context

                        ASNs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        AKAMAI-ASUS9Y6R8fs0wd.exeGet hashmaliciousLummaCBrowse
                        • 104.102.49.254
                        file.exeGet hashmaliciousLummaCBrowse
                        • 104.102.49.254
                        PFW1cgN8EK.exeGet hashmaliciousLummaCBrowse
                        • 104.102.49.254
                        file.exeGet hashmaliciousLummaCBrowse
                        • 104.102.49.254
                        SecuriteInfo.com.Win32.PWSX-gen.27846.23954.exeGet hashmaliciousLummaCBrowse
                        • 104.102.49.254
                        utmggBCMML.exeGet hashmaliciousLummaCBrowse
                        • 104.102.49.254
                        lihZ6gUU7V.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                        • 104.102.49.254
                        Bn7LPdQA1s.exeGet hashmaliciousLummaC, VidarBrowse
                        • 104.102.49.254
                        https://www.dropbox.com/scl/fi/qo6796ed7hlrt0v8k9nr6/Patagonia-Health-Barcode-Scanner-Setup-2024.exe?rlkey=5bmndvx8124ztopqewiogbnlt&st=yvxpokhf&dl=0Get hashmaliciousUnknownBrowse
                        • 184.28.90.27
                        file.exeGet hashmaliciousLummaCBrowse
                        • 104.102.49.254

                        JA3 Fingerprints

                        No context

                        Dropped Files

                        No context

                        Created / dropped Files

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):298
                        Entropy (8bit):5.2191717996878495
                        Encrypted:false
                        SSDEEP:6:Pq2PN72nKuAl9OmbnIFUt8YkZmw+ikwON72nKuAl9OmbjLJ:PvVaHAahFUt8P/+i5OaHAaSJ
                        MD5:2A2E26B258FF2E4E4139E1716C55AF49
                        SHA1:160F7740A4D4F9649312A5F025085C2B30CF0486
                        SHA-256:378AEF31BFD74184BEA84C10202715BE75048AA4905549400AE8E4A73478D720
                        SHA-512:A0CDE6C845C2DCE1A81D9F5F29340FE9017682C668D13F90F3C6897FDA2E59C6385EBE58FCF657B1DC468FA584A2F0780727F5E8495F06E0C1617CFC8B1EA728
                        Malicious:false
                        Reputation:low
                        Preview:2024/10/07-18:27:49.531 1414 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/07-18:27:49.533 1414 Recovering log #3.2024/10/07-18:27:49.534 1414 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):298
                        Entropy (8bit):5.2191717996878495
                        Encrypted:false
                        SSDEEP:6:Pq2PN72nKuAl9OmbnIFUt8YkZmw+ikwON72nKuAl9OmbjLJ:PvVaHAahFUt8P/+i5OaHAaSJ
                        MD5:2A2E26B258FF2E4E4139E1716C55AF49
                        SHA1:160F7740A4D4F9649312A5F025085C2B30CF0486
                        SHA-256:378AEF31BFD74184BEA84C10202715BE75048AA4905549400AE8E4A73478D720
                        SHA-512:A0CDE6C845C2DCE1A81D9F5F29340FE9017682C668D13F90F3C6897FDA2E59C6385EBE58FCF657B1DC468FA584A2F0780727F5E8495F06E0C1617CFC8B1EA728
                        Malicious:false
                        Reputation:low
                        Preview:2024/10/07-18:27:49.531 1414 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/07-18:27:49.533 1414 Recovering log #3.2024/10/07-18:27:49.534 1414 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):342
                        Entropy (8bit):5.1961850611871006
                        Encrypted:false
                        SSDEEP:6:pKMVSVq2PN72nKuAl9Ombzo2jMGIFUt8gOYgZmw+gVUSIkwON72nKuAl9Ombzo23:pKMYVvVaHAa8uFUt8gOYg/+gySI5OaHA
                        MD5:0F64112961E2988DE5A282E5DE7A3BD3
                        SHA1:15F046F1D8983DBC9BB4F8B7A8E88B93BAFE6090
                        SHA-256:A7B4649E080CA28E5918EB2630A57E20B99B5B4F050EA71A2FC5098CA3022882
                        SHA-512:C681C3DC54F439FB776B8D1F33FD22BFA52DAED2163C57DA8BDFEF6F79FB2377D6220FA4F13902EFD157B254077366A8C27D3FAB7C840C0ED8BE6D4B3E3D6E7E
                        Malicious:false
                        Reputation:low
                        Preview:2024/10/07-18:27:49.678 1620 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/07-18:27:49.679 1620 Recovering log #3.2024/10/07-18:27:49.680 1620 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):342
                        Entropy (8bit):5.1961850611871006
                        Encrypted:false
                        SSDEEP:6:pKMVSVq2PN72nKuAl9Ombzo2jMGIFUt8gOYgZmw+gVUSIkwON72nKuAl9Ombzo23:pKMYVvVaHAa8uFUt8gOYg/+gySI5OaHA
                        MD5:0F64112961E2988DE5A282E5DE7A3BD3
                        SHA1:15F046F1D8983DBC9BB4F8B7A8E88B93BAFE6090
                        SHA-256:A7B4649E080CA28E5918EB2630A57E20B99B5B4F050EA71A2FC5098CA3022882
                        SHA-512:C681C3DC54F439FB776B8D1F33FD22BFA52DAED2163C57DA8BDFEF6F79FB2377D6220FA4F13902EFD157B254077366A8C27D3FAB7C840C0ED8BE6D4B3E3D6E7E
                        Malicious:false
                        Reputation:low
                        Preview:2024/10/07-18:27:49.678 1620 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/07-18:27:49.679 1620 Recovering log #3.2024/10/07-18:27:49.680 1620 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\356b4f30-173f-477c-8122-0b441867edfa.tmp

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:JSON data
                        Category:modified
                        Size (bytes):475
                        Entropy (8bit):4.971316048517525
                        Encrypted:false
                        SSDEEP:12:YH/um3RA8sqJYhsBdOg2HgJAcaq3QYiubcP7E4T3y:Y2sRdsVydMHgJr3QYhbA7nby
                        MD5:FE536224AB612C4CA953A01D86FF9CAC
                        SHA1:2226831C73F28EE052B13879B4B80C14EB3618BF
                        SHA-256:FC28E2F7154E8441B224159F5510892080364A212FD250BDEE797F648B398578
                        SHA-512:13BAC911130489F766E6295211A5A24D36D4185258C14EE95C7D5C150DEC64719911CE3F4AA5B6A6DE4118CFFA03715CF0C6168DF9ADA059F89B3997F15BD238
                        Malicious:false
                        Reputation:low
                        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372900081399876","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":113192},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):475
                        Entropy (8bit):4.971316048517525
                        Encrypted:false
                        SSDEEP:12:YH/um3RA8sqJYhsBdOg2HgJAcaq3QYiubcP7E4T3y:Y2sRdsVydMHgJr3QYhbA7nby
                        MD5:FE536224AB612C4CA953A01D86FF9CAC
                        SHA1:2226831C73F28EE052B13879B4B80C14EB3618BF
                        SHA-256:FC28E2F7154E8441B224159F5510892080364A212FD250BDEE797F648B398578
                        SHA-512:13BAC911130489F766E6295211A5A24D36D4185258C14EE95C7D5C150DEC64719911CE3F4AA5B6A6DE4118CFFA03715CF0C6168DF9ADA059F89B3997F15BD238
                        Malicious:false
                        Reputation:low
                        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372900081399876","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":113192},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):5859
                        Entropy (8bit):5.248749522266857
                        Encrypted:false
                        SSDEEP:96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE7UFaqZ:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzh2
                        MD5:68A4F5491C635E27D428965A23DD1448
                        SHA1:0AB5AA6ABBCEF76556585BA1F9C1369F229C20E3
                        SHA-256:9AF5C59112E76AB584DB42532FFA2B325D13882822D9593C68F68D5975E94FD6
                        SHA-512:C29729FC99DCA43ABCF9A019ACE4AED4029D91EE3927D720DA9254D3AC55CEF5F4B4B6D807EB422CE8A84B4F4E75448BCED1EC1877DCF38DFB85884FC5C15DC4
                        Malicious:false
                        Reputation:low
                        Preview:*...#................version.1..namespace-.X.Bo................next-map-id.1.Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/.0.>j.r................next-map-id.2.Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/.1.J.4r................next-map-id.3.Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/.2..J.o................next-map-id.4.Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.3..M.^...............Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/..d.^...............Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.u..a...............Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/..`aa...............Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/`v.Yo................next-map-id.5.Pnamespace-30587558_ed88_4bd8_adc0_

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):330
                        Entropy (8bit):5.1724394670645415
                        Encrypted:false
                        SSDEEP:6:RrcIVq2PN72nKuAl9OmbzNMxIFUt8+3IgZmw++tSIkwON72nKuAl9OmbzNMFLJ:nVvVaHAa8jFUt8Pg/+4SI5OaHAa84J
                        MD5:2BCEE6C6B99CFC6338AF236F382DDB77
                        SHA1:845D671B83F03BE6F3A89E737CAE3AA16D609D92
                        SHA-256:6586BF75598AE17785DA2F137264255E58668C0D49FB85A45C534EC9E4CF0970
                        SHA-512:43AE7F40AC14827D4D382065B5DF2B83A7660B163E1B8E781E91BEE49C8253CB67CF4BEC8F04C04AE8F95F6E3ADD2AE941143FC050A6AB59FDBBE82DA56B5B2D
                        Malicious:false
                        Reputation:low
                        Preview:2024/10/07-18:27:50.088 1620 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/07-18:27:50.135 1620 Recovering log #3.2024/10/07-18:27:50.144 1620 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):330
                        Entropy (8bit):5.1724394670645415
                        Encrypted:false
                        SSDEEP:6:RrcIVq2PN72nKuAl9OmbzNMxIFUt8+3IgZmw++tSIkwON72nKuAl9OmbzNMFLJ:nVvVaHAa8jFUt8Pg/+4SI5OaHAa84J
                        MD5:2BCEE6C6B99CFC6338AF236F382DDB77
                        SHA1:845D671B83F03BE6F3A89E737CAE3AA16D609D92
                        SHA-256:6586BF75598AE17785DA2F137264255E58668C0D49FB85A45C534EC9E4CF0970
                        SHA-512:43AE7F40AC14827D4D382065B5DF2B83A7660B163E1B8E781E91BEE49C8253CB67CF4BEC8F04C04AE8F95F6E3ADD2AE941143FC050A6AB59FDBBE82DA56B5B2D
                        Malicious:false
                        Preview:2024/10/07-18:27:50.088 1620 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/07-18:27:50.135 1620 Recovering log #3.2024/10/07-18:27:50.144 1620 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241007222753Z-182.bmp

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
                        Category:dropped
                        Size (bytes):71190
                        Entropy (8bit):1.701606908453727
                        Encrypted:false
                        SSDEEP:96:w1oZMqX8efH1MyTDMT3M4M3qAM4Mt3+hMM47zFiM6MMrMMx6XgMMMMM4Y/I4MM1Q:32KnoAxeKNfb9PR8pcIgT
                        MD5:948E5A288EE8226E031832DF1DC94F86
                        SHA1:4A447B13CD015479D6A7E17763DC843C6EADEAC3
                        SHA-256:3DE9A0337E6DD20927A9497CD25776E5077B01A9F86556A555A4DD429A19C32D
                        SHA-512:5CC02D17AE652C6122B631BDF7AECEF93694FB8C08B9429B9B7AB47BC81E1A9E65E9110A1FB680C2A106BFFBE5E80CD4ADFA35EC944E9061C5E17DFCCC189EEE
                        Malicious:false
                        Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
                        Category:dropped
                        Size (bytes):86016
                        Entropy (8bit):4.44461752959185
                        Encrypted:false
                        SSDEEP:384:ye6ci5tViBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:m+s3OazzU89UTTgUL
                        MD5:820A2C0636ACFF736A25637B81924874
                        SHA1:7F0447D7865AF122C710F567326487D5A3FBC83C
                        SHA-256:10202F4D1B005716E17629483E6C1ACD4BD378999895247C0A0897E95B053AAF
                        SHA-512:E27DA415B6AFB651816829C99031FD12885CFBA96255A5E73B3A99558C7BBE32AAE73559539A1FA035795561F0E5AF369BD2431A49752F37601A8858A4A911BB
                        Malicious:false
                        Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:SQLite Rollback Journal
                        Category:dropped
                        Size (bytes):8720
                        Entropy (8bit):3.765750045768888
                        Encrypted:false
                        SSDEEP:48:7M5JioyVhioypoy1C7oy16oy1bKOioy1noy1AYoy1Wioy1oioykioyBoy1noy1Of:7GJuh/CXjBieb9IVXEBodRBkH
                        MD5:3A77DB48BD6FC7B0F97E29D5635F4B95
                        SHA1:025038595A20F3D1EF5B3E9D73230C2715046819
                        SHA-256:C2909CA1546A06761C697D52A30ED11730D58F2F281216F57F4F48E703739733
                        SHA-512:8F9E3658D4B98C6D68FC2E5375EA6B3FA4B6BA1E3562ACC54A76B787B2A4CEA62A4AB04C1DE54EAABDFCDD3C800F5EB6DF0167F10314BB00E80E65B22EEDC1F6
                        Malicious:false
                        Preview:.... .c.....!..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:Certificate, Version=3
                        Category:dropped
                        Size (bytes):1391
                        Entropy (8bit):7.705940075877404
                        Encrypted:false
                        SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                        MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                        SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                        SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                        SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                        Malicious:false
                        Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):192
                        Entropy (8bit):2.7321365340992054
                        Encrypted:false
                        SSDEEP:3:kkFkla6/+kfllXlE/HT8kgN1NNX8RolJuRdxLlGB9lQRYwpDdt:kKD6/+9T8D7NMa8RdWBwRd
                        MD5:F962106F189CCC661BB953259453DF72
                        SHA1:4A9940C3D73A226F0061633B2CC9BF4263FEFC39
                        SHA-256:FBB0A43AC7EBE3AA9681A0CEE7A285A07610C5432F7504CBEAEFBB5F69ADB86F
                        SHA-512:767B98C3C0A99ADE1A1482423931F341152AA421C7A77512F4A48C5340D228FEF4A01107C8B588C5B789D92923263494A5CECB1DD555B52357DA957247B3F7B3
                        Malicious:false
                        Preview:p...... ........i e+....(....................................................... ..........W.....F..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6112

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:PostScript document text
                        Category:dropped
                        Size (bytes):185099
                        Entropy (8bit):5.182478651346149
                        Encrypted:false
                        SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                        MD5:94185C5850C26B3C6FC24ABC385CDA58
                        SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                        SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                        SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                        Malicious:false
                        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:PostScript document text
                        Category:dropped
                        Size (bytes):185099
                        Entropy (8bit):5.182478651346149
                        Encrypted:false
                        SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                        MD5:94185C5850C26B3C6FC24ABC385CDA58
                        SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                        SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                        SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                        Malicious:false
                        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):227002
                        Entropy (8bit):3.392780893644728
                        Encrypted:false
                        SSDEEP:1536:qKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:XPCaJ/3AYvYwglFoL+sn
                        MD5:265E3E1166312A864FB63291EA661C6A
                        SHA1:80DFF3187FF929596EB22E1DB9021BAD6F97178C
                        SHA-256:C13E08B1887A4E44DC39609D7234E8D732A6BC11313B55D6F4ECFB060CD87728
                        SHA-512:48776A2BFE8F25E5601DCC0137F7AB103D5684517334B806E3ACF61683DD9B283828475FC85CE0CBE4E8AF88E6F8B25EED0A77640E2CFFF2CC73708726519AFA
                        Malicious:false
                        Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):295
                        Entropy (8bit):5.366097835941412
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXFWcFDImEBVAGnZiQ0YGBi5KoAvJM3g98kUwPeUkwRe9:YvXKXF4XVNcMXGMbLUkee9
                        MD5:C038BEF348FA626E0933C58CDA77996B
                        SHA1:519457507E55E18D7EA71F6DC69977E08B1B276B
                        SHA-256:805D0509D67E82D0286678F18F9814A23134B3090081557F867BEADAED12B3A5
                        SHA-512:0E203C7D84C580C9A3E12DCC7F69C2F8AE5E6291847336D55591D0C1A23BA3CDCA6EA5D96906E16556599CF80A9E4C31B8C5B53AB5A883B300617A972E13851F
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"23652c8c-9e5f-4366-8f0d-e96c79171dc5","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728517676232,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):294
                        Entropy (8bit):5.3176589159782015
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXFWcFDImEBVAGnZiQ0YGBi5KoAvJfBoTfXpnrPeUkwRe9:YvXKXF4XVNcMXGWTfXcUkee9
                        MD5:4B98CB8A9FFFABFE4962E4DBE0035695
                        SHA1:8C9887013AB7D50411D5B4BF9DAE60F3B5AEECCF
                        SHA-256:7C254819D035898EFF42E19480397744054F68A72438B85DC224ECF21E202B32
                        SHA-512:8F8DAB0EE9F602DEB181CBB8B63A7A7D0662F19CB15D2F8BF171925B7941DF476FF977C5CC9BA230BEC637C50472C9BD3C080602D3075586B3CDCFCB3C8B619E
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"23652c8c-9e5f-4366-8f0d-e96c79171dc5","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728517676232,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):294
                        Entropy (8bit):5.295419986350027
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXFWcFDImEBVAGnZiQ0YGBi5KoAvJfBD2G6UpnrPeUkwRe9:YvXKXF4XVNcMXGR22cUkee9
                        MD5:F73851E715D09DE8F849A19F75AF8447
                        SHA1:D193E8628369C1B4622468D5D03DD3143413DADF
                        SHA-256:1F675AD58E3B998CDFB9A1C9E9A34BF2D1F894A91A495937924C3A27C3DE4A02
                        SHA-512:BD9C2EAC24E536546DBD197917B2676B3EEDBF95D8F53382DC3C7402367E25F2F9684AC71ADC28164387D3AE025F586078A688A794D3BA9648303A420F7A3DDB
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"23652c8c-9e5f-4366-8f0d-e96c79171dc5","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728517676232,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):285
                        Entropy (8bit):5.346216357206199
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXFWcFDImEBVAGnZiQ0YGBi5KoAvJfPmwrPeUkwRe9:YvXKXF4XVNcMXGH56Ukee9
                        MD5:6E768F5C8C9BD3FA6511053E523C0D69
                        SHA1:7B137E9A89A9FE5DADF47F1571796E8475CD20A8
                        SHA-256:6D321DB0D6162B7C431CC70263FB3218E7D67F4E67B59815781D079D325761FF
                        SHA-512:41093E865B7B4AD0573650996429829EB575C0E42D4C9FAFCE1B3F47C63FB2C44E7573BE9B4E6E438A849650D127E0C4631C555C346CCFE9C09831862F9482A9
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"23652c8c-9e5f-4366-8f0d-e96c79171dc5","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728517676232,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1091
                        Entropy (8bit):5.689024556848638
                        Encrypted:false
                        SSDEEP:24:Yv6XaAM8pLgE7cgD6SOGtnnl0RCmK8czOCYvSG:YvX8hgs6SraAh8cvYKG
                        MD5:5F81B45914ED50414055E100CB4CEADE
                        SHA1:D71F36B8D77127C1CB49B16615DE6B347897180B
                        SHA-256:74EEC1847662C3C3CB4EBEA0CCE7B45834C33BCE8279AEBF044C86A0F9246AF9
                        SHA-512:7C65AC82D4A8037856AEC60FA66E220B8E366F435ED29EB9B0D9014F40D44CE7525C9C6CF9DD079DE779AC30753C1A113B1C2824A9A73335F4255DDE46ADABFD
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"23652c8c-9e5f-4366-8f0d-e96c79171dc5","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728517676232,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_281075ActionBlock_2","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"67a3a874-888f-4d96-9f3d-26e70c3e0be1","variationId":"281075"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgUERGIGZpbGVzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNhdElkIjoiUkdTMDM1MS1FTlUtQ2hhbGxlbmdlcjIifQ==","dataType":"ap

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1050
                        Entropy (8bit):5.654542057489996
                        Encrypted:false
                        SSDEEP:24:Yv6XaAM2VLgEF0c7sbnl0RCmK8czOCYHflEpwiV2r:YvX2Fg6sGAh8cvYHWpwzr
                        MD5:FA4ADB0070ACC5A802D6FAE2CBE79676
                        SHA1:30EACC1E48B9134A68BDB8D8FD54DD0713C1AAAE
                        SHA-256:CC547A8E5A06E18D38D8A10927A1CC84074CD84DEFC7A7A2CF6FFC4CDF788C73
                        SHA-512:1A08FACAF5C31EEE04EE42AB856EF73364ADA5DB1E39E044D24DA7439132537F078101E3275467378A0A54F5B88AFB09B033BDEF21550CE563FC748C1F433ACD
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"23652c8c-9e5f-4366-8f0d-e96c79171dc5","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728517676232,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):292
                        Entropy (8bit):5.297697054185694
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXFWcFDImEBVAGnZiQ0YGBi5KoAvJfQ1rPeUkwRe9:YvXKXF4XVNcMXGY16Ukee9
                        MD5:2E0E34FB43000102752F49E548C0E2DC
                        SHA1:3A30C180663F76A4CD9E135074E47889372F64DF
                        SHA-256:53DCF8F1EE0DF58B8928E2C5A0E31A56A471A658664C58C4566373D8D450BC3A
                        SHA-512:3364A0E25F2C19C3D10C5D33BF1F2983F7E8ACE0DF2827ED1E1F46B908013659C100D0942BDD7A46B57A7C63AC7AA027803116841280C0191A1AF5FD82FF17A6
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"23652c8c-9e5f-4366-8f0d-e96c79171dc5","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728517676232,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1098
                        Entropy (8bit):5.688607118152486
                        Encrypted:false
                        SSDEEP:24:Yv6XaAMj2LgEFcs2SOGt0nl0RCmK8czOCUaBtCrfSG:YvXjogq2SrhAh8cvUgEmG
                        MD5:1FE1E2B169E98B5D6D2C599523553EAC
                        SHA1:DB7C913220A162810B3F33957675268490DA9B52
                        SHA-256:61E5FF3EDBDBD2A2F222EF5F0694B9BC9441C00337FF3B5ECE18585B3DBCFC9E
                        SHA-512:C17BCC0306B0E8E20114BB4DD07C57C3EA475DD83762708297DA4C73350B970C2E0B744C9F972118D6DBB917D993212EEF8F04D28D956BD0AB3DB431A411ED88
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"23652c8c-9e5f-4366-8f0d-e96c79171dc5","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728517676232,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_281075ActionBlock_0","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"abdf1d9d-2114-4953-95a6-4eed783b9872","variationId":"281075"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlR1cm4gc2Nhbm5lZCBwYXBlciBkb2N1bWVudHNcbmludG8gaW5zdGFudGx5IGVkaXRhYmxlIFBERnMuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNoYWxsZW5nZXIyIn0=","dataTy

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1164
                        Entropy (8bit):5.70140770965254
                        Encrypted:false
                        SSDEEP:24:Yv6XaAMvKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK52r:YvXvEgqprtrS5OZjSlwTmAfSK0r
                        MD5:EB99BE8224F7C432E3D55AB667633F2F
                        SHA1:C3F922879F27451CBF314BAF168E7617B2C605CE
                        SHA-256:11C94E848BFF8564184AF7957BBC0E08D7375402530B0F63D9BF8B2B1E523CBE
                        SHA-512:21CCC93BA38E082FF8CEB3DF52744F22EF02977751FBEBF3BCDB5121F2167D808CA29398B703F5FEDD03ECF2C3D4177BA824692864BC5FB99844EACEC51D4A0F
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"23652c8c-9e5f-4366-8f0d-e96c79171dc5","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728517676232,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):289
                        Entropy (8bit):5.303981685489063
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXFWcFDImEBVAGnZiQ0YGBi5KoAvJfYdPeUkwRe9:YvXKXF4XVNcMXGg8Ukee9
                        MD5:958027D7AA97B92B9797749453DD873B
                        SHA1:54263649092706804D391E6DB3F6EAE2C6D3FF4B
                        SHA-256:3D660C87761335BDE9E91D78AC1C21BEA838ACB7D2ED30623AB830DCFC3A337E
                        SHA-512:33E79F432BC770DCBB4B3200488BAA734DA075BD7D87A4020ED61E1BA3ADF46A36BE7A8F43773CB156A4281DC3179202D65281D4D9316D4043863B7F74C3BA7B
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"23652c8c-9e5f-4366-8f0d-e96c79171dc5","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728517676232,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1395
                        Entropy (8bit):5.777423892028027
                        Encrypted:false
                        SSDEEP:24:Yv6XaAMyrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNz:YvXyHgDv3W2aYQfgB5OUupHrQ9FJZ
                        MD5:8331AA0DE4F60D57DB4E25D0D68C5EF4
                        SHA1:BFEAC0A1E74D83BEA4E3FEAE32DB201FA07E0FBE
                        SHA-256:E6F6419CB6D6502807EE6E319E839F9AAC02E41710BE5D3FBDCC6CA9E21A1AB7
                        SHA-512:76DF8C0779E7D6E48ECA97049D97D9D5C71DDC0271B9906680EF99D5690726867EF9AD65C77764D377F0E85B4C647CCF56F6F3FA45561642F8FD988135504049
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"23652c8c-9e5f-4366-8f0d-e96c79171dc5","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728517676232,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):291
                        Entropy (8bit):5.287501417626919
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXFWcFDImEBVAGnZiQ0YGBi5KoAvJfbPtdPeUkwRe9:YvXKXF4XVNcMXGDV8Ukee9
                        MD5:4C5C4BE5090EA6013A22430E99CD65C1
                        SHA1:AC2D759D2C56806631145BF295580CED77204E2B
                        SHA-256:A9D9EA1DEE177FE8D9C77B6842A26B99FBCB4A60DB9284145000451502950EA0
                        SHA-512:2E0A12367285C3D5EC7DBE5377694C6822BF8893A0D784101308A9307E757E19503182235F90CEEBD53DF2BCA6D4F427BB78497541723A9524DB2D372CBBACA6
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"23652c8c-9e5f-4366-8f0d-e96c79171dc5","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728517676232,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):287
                        Entropy (8bit):5.290288100323345
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXFWcFDImEBVAGnZiQ0YGBi5KoAvJf21rPeUkwRe9:YvXKXF4XVNcMXG+16Ukee9
                        MD5:E5A123B6CEB2E93DC788816FB8C7B4E4
                        SHA1:966B7A08B072D1B1FBA31FD40EDB1D76E5AC0216
                        SHA-256:7154C387BCB13C8E40435A634A735F0537507483E5904706930D4907D103080C
                        SHA-512:4AA037DB315782868210FD9FF7910456265B09665BD5D6C380F67521F7CA9ED819744525BE93AE2409F3C4A8E09D2026E95E5775EF3650D427A3971FDA9F4DAB
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"23652c8c-9e5f-4366-8f0d-e96c79171dc5","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728517676232,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1054
                        Entropy (8bit):5.665552328159831
                        Encrypted:false
                        SSDEEP:24:Yv6XaAMIamXayLgE6cTg4QSOGtNaqnl0RCmK8czOC/CrfSG:YvXOBgSXQSrOAh8cv6mG
                        MD5:A33760685B2681CCF76E6D73798BA4F2
                        SHA1:546B0CD526480CDDE2AAF0D7F40907D61F09AF37
                        SHA-256:AEE337C94C63E6ECD822358CB467DA8E491D0861D30417AA7D9D436CA39EE9F2
                        SHA-512:4B78380541A12F90A21F61EAA24F12882EBE955D65D99F0BB02623B4B393875A5A3195693C46C0A5AB94B57777CFFF2306CF4D31CEF8CA559358A91B13251E95
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"23652c8c-9e5f-4366-8f0d-e96c79171dc5","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728517676232,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_281075ActionBlock_1","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"7fe39695-394c-4706-9b50-651e7499d428","variationId":"281075"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNoYWxsZW5nZXIyIn0=","dataType":"application\/json","encodingScheme":tru

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):286
                        Entropy (8bit):5.267863347711381
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXFWcFDImEBVAGnZiQ0YGBi5KoAvJfshHHrPeUkwRe9:YvXKXF4XVNcMXGUUUkee9
                        MD5:3023AA7E27B5FEBEFA222F9F80FC86A2
                        SHA1:B4E8D943FF4266CFD75542BE599548E5208E4165
                        SHA-256:43BFFC600FA0151291BA53802DBC2AFBD692BAB7F23F6A4F2642278BAAB9CBC7
                        SHA-512:12CBFF66668B30655AD005B378222D907539C57D90099A796286C1007E5D424E1875233180635223B37A1A7AF5A42BC67FE557A81A6177738FA2878CA99ADDD4
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"23652c8c-9e5f-4366-8f0d-e96c79171dc5","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728517676232,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):782
                        Entropy (8bit):5.3576121141830395
                        Encrypted:false
                        SSDEEP:12:YvXKXF4XVNcMXGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWogX:Yv6XaAMX168CgEXX5kcIfANhG
                        MD5:64F98830631E73B36DD95F1EB2748E28
                        SHA1:96106C5641BFEC99C414847CFC310DAC9E32CE57
                        SHA-256:8EC1FF218B6EEB8136BCC728723C8B3ED7CC0C9F425CA6F93EE745CA3D43BFA4
                        SHA-512:07F91B0F30A081A8136E61C954E2B0F6A29E602C01BD4FD38C4D81C6E270353C4839E5044FB6798563D28778D0C18D74E616D339EF0117077E371A481F84A682
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"23652c8c-9e5f-4366-8f0d-e96c79171dc5","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728517676232,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1728340076266}}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):4
                        Entropy (8bit):0.8112781244591328
                        Encrypted:false
                        SSDEEP:3:e:e
                        MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                        SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                        SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                        SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                        Malicious:false
                        Preview:....

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):2818
                        Entropy (8bit):5.135536605105204
                        Encrypted:false
                        SSDEEP:24:Ybgk8EPVagVYayKmVA+KCXm3a4j1NMA4ejiRCe8j0SKLwgG2UdL12LSURVihB5s/:YbgkTUOoV4RNRDi1OqwLTfi3YBK09wx
                        MD5:E2FA3F4D1CB9D5D6CFACB050A5A822CE
                        SHA1:67DE6E0396331F2F0678D797B59AD9877FFB31E8
                        SHA-256:BA00DF36DA28C0C743ED7244A12C8379989389633A98A0D06A7253CBA6F68A97
                        SHA-512:0C69CF7766F0DAD8D8909DE00E720FFFAA69A9FF9FD2618ED38F4B5CFDD0D3D977F1CC188691808289A1EAF11FEB2D4D2544A555A4AD0AD2AFAD83B185481E58
                        Malicious:false
                        Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"d6e1031b924d1dcb99c26020c4c78446","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1728340075000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"2c5766967fb74fb074bb81925c67c2dd","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1728340075000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"1fdd08868a3a2c583f190b10c5720b4a","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1054,"ts":1728340075000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"de6340cdf2784896d86cfad1646e531c","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1091,"ts":1728340075000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"544474b85a273bb6649552b850727910","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1098,"ts":1728340075000},{"id":"Edit_InApp_Aug2020","info":{"dg":"1c7b48b6738ff268d046ac8a879f2e0a","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 24, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 24
                        Category:dropped
                        Size (bytes):12288
                        Entropy (8bit):1.145502838573018
                        Encrypted:false
                        SSDEEP:24:TLhx/XYKQvGJF7ursNoRZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcZ:TFl2GL7msoXc+XcGNFlRYIX2v3k5
                        MD5:8194E31992399E5348C2426DF4123DEC
                        SHA1:78A728CFFCD2E0AF4A3D2B2A8A20CAF3D2694624
                        SHA-256:9116F26E4F685AD10AEAA859188062FA4721B6E542BC7317DF7A3457FE27676D
                        SHA-512:02C610F68A9D7660BF600617AE2FE138D7A56AAE971BFA6CFE32AA3E0AE0C42B77AE7AED244ED707A5719AC4814FBDF3C9B7B8A1B233B217CCDBAA80A2E5DC8C
                        Malicious:false
                        Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:SQLite Rollback Journal
                        Category:dropped
                        Size (bytes):8720
                        Entropy (8bit):1.5510003656562683
                        Encrypted:false
                        SSDEEP:24:7+tRwtoUXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHRuLuxb1qLxx/y:7MRMXc+XcGNFlRYIX2vG1qVl2GL7mse1
                        MD5:23A3600491C3BBAC5CD5028FBDEB13F0
                        SHA1:BB6140B0089794D8FF893272197C18A60DC929C2
                        SHA-256:A4F4856433611918A809CA2F59861BC2BED96BFD99A8C8C79CC43D425AC7F310
                        SHA-512:A89B865A97C07086ED72D429D7FA00E611C7B9EE69AF7388ABAFB12F078B4CF7A76B03B643AB1AAD0D7CF29CB7251CF14DE8E91A84E6E271517D5CCBBE25024D
                        Malicious:false
                        Preview:.... .c.......$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................b..b.b.b.b.b.b.b.b.b.b.b.b.b..................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\MSI9bb11.LOG

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):246
                        Entropy (8bit):3.5146815864506182
                        Encrypted:false
                        SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8yQRqF6fH:Qw946cPbiOxDlbYnuRKTMfH
                        MD5:1171C328F4D8E31B9C33B1C5F224CA97
                        SHA1:D50914D1EC340A83AF483B30B0D7F7FD2D7A31D3
                        SHA-256:4352432EB79D8588F667E89C295238938A64FB39B3C4B01868C2DC6EDB7CF5C0
                        SHA-512:F67F7729590B9F213683DAC50A8F9624DBB5D9127AEB90085B29D62D26AA6B2F707169A79754C3C578238541CC23DBFB47B39A51518F9F7024618CB1688C5940
                        Malicious:false
                        Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.7./.1.0./.2.0.2.4. . .1.8.:.2.7.:.5.7. .=.=.=.....

                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-07 18-27-51-358.log

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:ASCII text, with very long lines (393)
                        Category:dropped
                        Size (bytes):16525
                        Entropy (8bit):5.338264912747007
                        Encrypted:false
                        SSDEEP:384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb
                        MD5:128A51060103D95314048C2F32A15C66
                        SHA1:EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB
                        SHA-256:601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713
                        SHA-512:55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677
                        Malicious:false
                        Preview:SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig:

                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:ASCII text, with very long lines (393), with CRLF line terminators
                        Category:dropped
                        Size (bytes):15114
                        Entropy (8bit):5.325189212767858
                        Encrypted:false
                        SSDEEP:384:cyB/X/m/P/R/44pz4w4H4p4qK4n4A4X464xlelCm4m0TbTfT+T1TF9n1nZazafgb:oN1
                        MD5:162D87492E35E4F5BB7AD0BDACC9B008
                        SHA1:C42C6FA5ACC867F46621FCE45131A1B8B5E73E31
                        SHA-256:62E3A8668585BA04AC71EBCD1FCBC5861C6D15D55BA5FDAA1C8A9548FACC9200
                        SHA-512:0CC03E404382DEF6786892BC57C021A86289305BAFAB54AC1F94FA7F72C6C2D13E984FECDAA25BF44027CCE7277B601F0BABC92140114D74CE4A850711908E79
                        Malicious:false
                        Preview:SessionID=0ee13e5b-b49b-4528-9a7d-ebaa7a654110.1728340071384 Timestamp=2024-10-07T18:27:51:384-0400 ThreadID=2992 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=0ee13e5b-b49b-4528-9a7d-ebaa7a654110.1728340071384 Timestamp=2024-10-07T18:27:51:385-0400 ThreadID=2992 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=0ee13e5b-b49b-4528-9a7d-ebaa7a654110.1728340071384 Timestamp=2024-10-07T18:27:51:385-0400 ThreadID=2992 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=0ee13e5b-b49b-4528-9a7d-ebaa7a654110.1728340071384 Timestamp=2024-10-07T18:27:51:385-0400 ThreadID=2992 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=0ee13e5b-b49b-4528-9a7d-ebaa7a654110.1728340071384 Timestamp=2024-10-07T18:27:51:385-0400 ThreadID=2992 Component=ngl-lib_NglAppLib Description="SetConf

                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):29752
                        Entropy (8bit):5.3992982027146645
                        Encrypted:false
                        SSDEEP:192:acb4I3dcbPcbaIO4cbYcbqnIdjcb6acbaIewcb5ucbluIEocb1H:V3fOCIdJDehET
                        MD5:D479EAAB812B2DE592F6E21F1D15B38A
                        SHA1:AA90537AB9D28BFC538BFB462DD1E31A06BC92C4
                        SHA-256:8075BBF4D536C51FA3006E8F6AAAEE5342517FB7DB101BED0143D037AC62BC11
                        SHA-512:CD205FFFE285BE43F206B38B2B7C71D6775CA983DD6C92CA97086FFE901E7B75B07F274D77582A3D8359FC6CB9A72773DE10793BF11BEACBE46E4F01F473288C
                        Malicious:false
                        Preview:05-10-2023 08:20:22:.---2---..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 08:20:22:.Closing File..05-10-

                        C:\Users\user\AppData\Local\Temp\acrocef_low\3af49868-49a4-4886-a87f-31bc759279cf.tmp

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                        Category:dropped
                        Size (bytes):1407294
                        Entropy (8bit):7.97605879016224
                        Encrypted:false
                        SSDEEP:24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZjZwYIGNPJe:RB3mlind9i4ufFXpAXkrfUs03WLaGZje
                        MD5:716C2C392DCD15C95BBD760EEBABFCD0
                        SHA1:4B4CE9C6AED6A7F809236B2DAFA9987CA886E603
                        SHA-256:DD3E6CFC38DA1B30D5250B132388EF73536D00628267E7F9C7E21603388724D8
                        SHA-512:E164702386F24FF72111A53DA48DC57866D10DAE50A21D4737B5687E149FF9D673729C5D2F2B8DA9EB76A2E5727A2AFCFA5DE6CC0EEEF7D6EBADE784385460AF
                        Malicious:false
                        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                        C:\Users\user\AppData\Local\Temp\acrocef_low\a71067d3-d4f9-4fed-8971-998621a24bac.tmp

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                        Category:dropped
                        Size (bytes):1419751
                        Entropy (8bit):7.976496077007677
                        Encrypted:false
                        SSDEEP:24576:/rreYIGNPpOWL07oXGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:TreZGOWLxXGZN3mlind9i4ufFXpAXkru
                        MD5:CCB47CBEB630D68664E7662B95711432
                        SHA1:D01521A0DEBE32C821CA1FC021F6C4ABACB1849C
                        SHA-256:E6640071685E82B40A40E86A3246419FCC5162981EC5C9528BAABD1926927D2E
                        SHA-512:B917B21DD123C5741E83A16E0160014D325E9844AE3A8ACAC2753818960EA01081E66F83F1C4FC72C8207E6BA5A219AF05A3A99F91B45C91C1456BCE93BA2C7F
                        Malicious:false
                        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                        C:\Users\user\AppData\Local\Temp\acrocef_low\d0309be3-56c1-460e-92a4-86c3bcdeae9c.tmp

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                        Category:dropped
                        Size (bytes):758601
                        Entropy (8bit):7.98639316555857
                        Encrypted:false
                        SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                        MD5:3A49135134665364308390AC398006F1
                        SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                        SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                        SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                        Malicious:false
                        Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                        C:\Users\user\AppData\Local\Temp\acrocef_low\e6abb3d4-a7d3-4e63-bdaa-56f2b599b418.tmp

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                        Category:dropped
                        Size (bytes):386528
                        Entropy (8bit):7.9736851559892425
                        Encrypted:false
                        SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                        MD5:5C48B0AD2FEF800949466AE872E1F1E2
                        SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                        SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                        SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                        Malicious:false
                        Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                        Static File Info

                        General

                        File type:PDF document, version 1.7, 6 pages
                        Entropy (8bit):7.81086337613467
                        TrID:
                        • Adobe Portable Document Format (5005/1) 100.00%
                        File name:w-9 -Ethics advisory inc .pdf
                        File size:402'749 bytes
                        MD5:3d132b55a4a3c656b94590577df13040
                        SHA1:f9f8c74da30040ac6526b510c8fa5e5d3560e62f
                        SHA256:207e104694eb76445b445005ed069ff7b378391ca5a3c7a5e2206e2d7a5a099b
                        SHA512:6ec0bbb15bf6efb9bd4079e5ccec3e7a4d44ea48ffa87eb646e6f6709c50d18debc6d709bd3089d95c9b481b2f17715e05af6bba0d92cb2f6cd2602f12fb4fdb
                        SSDEEP:6144:ZqNINm9GIGV464F4ANIFNaCLBu3XWhnk+9TG8OniSEoKOOTuu:ZboGIGMe4nWhk+NWiSaOO/
                        TLSH:E184B03CAA99AC0DF852C2B1E238A6A34FCDA277612434513C2C4E1B1597C51F5EB7DE
                        File Content Preview:%PDF-1.7.%......1 0 obj.<</AcroForm 2 0 R /Lang (...E.N.-.U.S) /MarkInfo <</Marked false >> /Metadata 3 0 R /Outlines 4 0 R /PageLayout /OneColumn /Pages 5 0 R /StructTreeRoot 6 0 R /Type /Catalog >>.endobj..382 0 obj.<</Annots 470 0 R /ArtBox [0 0 611.97

                        File Icon

                        Icon Hash:62cc8caeb29e8ae0

                        Static PDF Info

                        General

                        Header:%PDF-1.7
                        Total Entropy:7.810863
                        Total Bytes:402749
                        Stream Entropy:7.962056
                        Stream Bytes:328430
                        Entropy outside Streams:5.235924
                        Bytes outside Streams:74319
                        Number of EOF found:7
                        Bytes after EOF:

                        Keywords Statistics

                        NameCount
                        obj413
                        endobj413
                        stream161
                        endstream161
                        xref0
                        trailer0
                        startxref7
                        /Page7
                        /Encrypt0
                        /ObjStm17
                        /URI0
                        /JS0
                        /JavaScript0
                        /AA0
                        /OpenAction0
                        /AcroForm1
                        /JBIG2Decode0
                        /RichMedia0
                        /Launch0
                        /EmbeddedFile0

                        Network Behavior

                        Network Port Distribution

                        TCP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Oct 8, 2024 00:28:02.548727989 CEST49810443192.168.2.623.56.162.185
                        Oct 8, 2024 00:28:02.548767090 CEST4434981023.56.162.185192.168.2.6
                        Oct 8, 2024 00:28:02.548832893 CEST49810443192.168.2.623.56.162.185
                        Oct 8, 2024 00:28:02.549069881 CEST49810443192.168.2.623.56.162.185
                        Oct 8, 2024 00:28:02.549082994 CEST4434981023.56.162.185192.168.2.6
                        Oct 8, 2024 00:28:03.155284882 CEST4434981023.56.162.185192.168.2.6
                        Oct 8, 2024 00:28:03.155663967 CEST49810443192.168.2.623.56.162.185
                        Oct 8, 2024 00:28:03.155684948 CEST4434981023.56.162.185192.168.2.6
                        Oct 8, 2024 00:28:03.156749010 CEST4434981023.56.162.185192.168.2.6
                        Oct 8, 2024 00:28:03.156908989 CEST49810443192.168.2.623.56.162.185
                        Oct 8, 2024 00:28:03.181731939 CEST49810443192.168.2.623.56.162.185
                        Oct 8, 2024 00:28:03.181731939 CEST49810443192.168.2.623.56.162.185
                        Oct 8, 2024 00:28:03.181756020 CEST4434981023.56.162.185192.168.2.6
                        Oct 8, 2024 00:28:03.181873083 CEST4434981023.56.162.185192.168.2.6
                        Oct 8, 2024 00:28:03.230794907 CEST49810443192.168.2.623.56.162.185
                        Oct 8, 2024 00:28:03.230808020 CEST4434981023.56.162.185192.168.2.6
                        Oct 8, 2024 00:28:03.277657032 CEST49810443192.168.2.623.56.162.185
                        Oct 8, 2024 00:28:03.697350979 CEST4434981023.56.162.185192.168.2.6
                        Oct 8, 2024 00:28:03.697427034 CEST4434981023.56.162.185192.168.2.6
                        Oct 8, 2024 00:28:03.697560072 CEST49810443192.168.2.623.56.162.185
                        Oct 8, 2024 00:28:03.699300051 CEST49810443192.168.2.623.56.162.185
                        Oct 8, 2024 00:28:03.699317932 CEST4434981023.56.162.185192.168.2.6

                        UDP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Oct 8, 2024 00:28:02.135787964 CEST6206853192.168.2.61.1.1.1

                        DNS Queries

                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Oct 8, 2024 00:28:02.135787964 CEST192.168.2.61.1.1.10xe8e0Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

                        DNS Answers

                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Oct 8, 2024 00:28:02.144751072 CEST1.1.1.1192.168.2.60xe8e0No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false

                        HTTP Request Dependency Graph

                        • armmf.adobe.com

                        HTTPS Proxied Packets

                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        0192.168.2.64981023.56.162.1854432304C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        TimestampBytes transferredDirectionData
                        2024-10-07 22:28:03 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                        Host: armmf.adobe.com
                        Connection: keep-alive
                        Accept-Language: en-US,en;q=0.9
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                        Sec-Fetch-Site: same-origin
                        Sec-Fetch-Mode: no-cors
                        Sec-Fetch-Dest: empty
                        Accept-Encoding: gzip, deflate, br
                        If-None-Match: "78-5faa31cce96da"
                        If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                        2024-10-07 22:28:03 UTC198INHTTP/1.1 304 Not Modified
                        Content-Type: text/plain; charset=UTF-8
                        Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                        ETag: "78-5faa31cce96da"
                        Date: Mon, 07 Oct 2024 22:28:03 GMT
                        Connection: close


                        Statistics

                        CPU Usage

                        Click to jump to process

                        Memory Usage

                        Click to jump to process

                        High Level Behavior Distribution

                        Click to dive into process behavior distribution

                        Behavior

                        Click to jump to process

                        System Behavior

                        General

                        Target ID:0
                        Start time:18:27:47
                        Start date:07/10/2024
                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\w-9 -Ethics advisory inc .pdf"
                        Imagebase:0x7ff651090000
                        File size:5'641'176 bytes
                        MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:2
                        Start time:18:27:48
                        Start date:07/10/2024
                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                        Imagebase:0x7ff70df30000
                        File size:3'581'912 bytes
                        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:4
                        Start time:18:27:49
                        Start date:07/10/2024
                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1624,i,13021702806693179787,17668582507284460898,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                        Imagebase:0x7ff70df30000
                        File size:3'581'912 bytes
                        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        Disassembly

                        No disassembly