Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
AE08476Q0222832AEDXB.pdf

Overview

General Information

Sample name:AE08476Q0222832AEDXB.pdf
Analysis ID:1541999
MD5:c576ff4f8796a88cce41337e1e927287
SHA1:6cf592e186ad07b646866daec6dc82f429260802
SHA256:4b927a41d9e17746aedc4cbf0cb045595d5d4bc22111a1f779e6d023ee364d90
Infos:

Detection

Score:20
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

AI detected landing page (webpage, office document or email)
Potential document exploit detected (performs DNS queries)

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 1216 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\AE08476Q0222832AEDXB.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6636 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7296 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1692,i,16501027314633309046,16174421510889995249,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: x1.i.lencr.org
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 2D85F72862B55C4EADD9E66E06947F3D0.1.drString found in binary or memory: http://x1.i.lencr.org/
Source: classification engineClassification label: sus20.winPDF@14/43@2/0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-25 06-26-38-418.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\AE08476Q0222832AEDXB.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1692,i,16501027314633309046,16174421510889995249,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1692,i,16501027314633309046,16174421510889995249,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: AE08476Q0222832AEDXB.pdfInitial sample: PDF keyword /JS count = 0
Source: AE08476Q0222832AEDXB.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: AE08476Q0222832AEDXB.pdfInitial sample: PDF keyword /EmbeddedFile count = 0

Persistence and Installation Behavior

barindex
AI detected landing page (webpage, office document or email)
Source: PDF documentLLM: Page contains button: 'VIEW SHARED FILE' Source: 'PDF document'
Source: PDF documentLLM: PDF document contains prominent button: 'view shared file'
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Exploitation for Client Execution		1
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Non-Application Layer Protocol		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1541999 Sample: AE08476Q0222832AEDXB.pdf Startdate: 25/10/2024 Architecture: WINDOWS Score: 20 14 x1.i.lencr.org 2->14 16 AI detected landing page (webpage, office document or email) 2->16 8 Acrobat.exe 17 70 2->8         started        signatures3 process4 process5 10 AcroCEF.exe 106 8->10         started        process6 12 AcroCEF.exe 2 10->12         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://x1.i.lencr.org/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
x1.i.lencr.org
unknown
unknownfalse
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.1.drfalse
    • URL Reputation: safe
    		unknown

    World Map of Contacted IPs

    No contacted IP infos

    General Information

    Joe Sandbox version:41.0.0 Charoite
    Analysis ID:1541999
    Start date and time:2024-10-25 12:25:37 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 4m 2s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:defaultwindowspdfcookbook.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:11
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:AE08476Q0222832AEDXB.pdf
    Detection:SUS
    Classification:sus20.winPDF@14/43@2/0
    Cookbook Comments:
    • Found application associated with file extension: .pdf
    • Found PDF document
    • Close Viewer

    Warnings

    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
    • Excluded IPs from analysis (whitelisted): 184.28.88.176, 2.19.126.149, 2.19.126.143, 107.22.247.231, 54.144.73.197, 18.207.85.246, 34.193.227.236, 172.64.41.3, 162.159.61.3, 2.23.197.184, 88.221.168.141
    • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, e4578.dscb.akamaiedge.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, crl.root-x1.letsencrypt.org.edgekey.net
    • Not all processes where analyzed, report is missing behavior information
    • VT rate limit hit for: AE08476Q0222832AEDXB.pdf

    Simulations

    Behavior and APIs

    TimeTypeDescription
    06:26:49API Interceptor1x Sleep call for process: AcroCEF.exe modified

    LLM Input / Output

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    No context

    ASNs

    No context

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):292
    Entropy (8bit):5.1658858702379655
    Encrypted:false
    SSDEEP:6:ZUKq2Pwkn2nKuAl9OmbnIFUt8QtXZmw+QtFkwOwkn2nKuAl9OmbjLJ:ZUKvYfHAahFUt8Qp/+Qj5JfHAaSJ
    MD5:30F43D36E18308DB0358C5D75D417EFF
    SHA1:BFCEEB4A1F60AD4662AF021C17522D53E9737BBE
    SHA-256:162B500F2B687880EC304D3FA4F9476E98CEC354DA3241D363879FD812B6C951
    SHA-512:45AA6A1B82C587EF19FE7F88F601DA722EE85BF9A638A1B8CAFB8661CA64B57EFDA0C4E583EDDD4283C63ACB1910397C4DF2FD6AB2A0B76F018C545158830F7E
    Malicious:false
    Reputation:low
    Preview:2024/10/25-06:26:36.206 1c30 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/25-06:26:36.207 1c30 Recovering log #3.2024/10/25-06:26:36.207 1c30 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):292
    Entropy (8bit):5.1658858702379655
    Encrypted:false
    SSDEEP:6:ZUKq2Pwkn2nKuAl9OmbnIFUt8QtXZmw+QtFkwOwkn2nKuAl9OmbjLJ:ZUKvYfHAahFUt8Qp/+Qj5JfHAaSJ
    MD5:30F43D36E18308DB0358C5D75D417EFF
    SHA1:BFCEEB4A1F60AD4662AF021C17522D53E9737BBE
    SHA-256:162B500F2B687880EC304D3FA4F9476E98CEC354DA3241D363879FD812B6C951
    SHA-512:45AA6A1B82C587EF19FE7F88F601DA722EE85BF9A638A1B8CAFB8661CA64B57EFDA0C4E583EDDD4283C63ACB1910397C4DF2FD6AB2A0B76F018C545158830F7E
    Malicious:false
    Reputation:low
    Preview:2024/10/25-06:26:36.206 1c30 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/25-06:26:36.207 1c30 Recovering log #3.2024/10/25-06:26:36.207 1c30 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):336
    Entropy (8bit):5.190782315829967
    Encrypted:false
    SSDEEP:6:ZbF4q2Pwkn2nKuAl9Ombzo2jMGIFUt8Q6NJZmw+QZJrDkwOwkn2nKuAl9Ombzo23:ZZ4vYfHAa8uFUt8Q4J/+QZJrD5JfHAaU
    MD5:04914B7365186137765905641D678D1D
    SHA1:D57370B55CDD8706AEFFAE484FEF59C0A8DEADC7
    SHA-256:3F0FB20A7DA38E82F78B48C7FFAFFAF072681702007FE700A2FB2F6CEBACCDD8
    SHA-512:7E1144BB63A0AF3F9CE3B9E98B6874A065D558D846CB3354E0F3B12F5EC5FA27B8C6F4E97D8A2276DC3908E9D67F9AFCAE0E1B82F8E14514EA66BAFD25DCD5C9
    Malicious:false
    Reputation:low
    Preview:2024/10/25-06:26:36.271 1cb4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/25-06:26:36.272 1cb4 Recovering log #3.2024/10/25-06:26:36.273 1cb4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):336
    Entropy (8bit):5.190782315829967
    Encrypted:false
    SSDEEP:6:ZbF4q2Pwkn2nKuAl9Ombzo2jMGIFUt8Q6NJZmw+QZJrDkwOwkn2nKuAl9Ombzo23:ZZ4vYfHAa8uFUt8Q4J/+QZJrD5JfHAaU
    MD5:04914B7365186137765905641D678D1D
    SHA1:D57370B55CDD8706AEFFAE484FEF59C0A8DEADC7
    SHA-256:3F0FB20A7DA38E82F78B48C7FFAFFAF072681702007FE700A2FB2F6CEBACCDD8
    SHA-512:7E1144BB63A0AF3F9CE3B9E98B6874A065D558D846CB3354E0F3B12F5EC5FA27B8C6F4E97D8A2276DC3908E9D67F9AFCAE0E1B82F8E14514EA66BAFD25DCD5C9
    Malicious:false
    Reputation:low
    Preview:2024/10/25-06:26:36.271 1cb4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/25-06:26:36.272 1cb4 Recovering log #3.2024/10/25-06:26:36.273 1cb4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):475
    Entropy (8bit):4.964782568416978
    Encrypted:false
    SSDEEP:12:YH/um3RA8sqwJsBdOg2Hpvcaq3QYiubInP7E4T3y:Y2sRdsDadMHpe3QYhbG7nby
    MD5:E25AA2EDFE4332490FEAE5CB08117542
    SHA1:E56B28F9D1C20BA911F5C754D97CC97DE121E9CD
    SHA-256:CD306A8C758F80123B2C70E0FCC4F0A17F862E91CA0281AF91BEF7E3EA099933
    SHA-512:DFC642CFEF518507E40F33580565FE9749783983CD12DA175D271539D93F68E0CE275BD3B573C77248588D97AF8DBABEF77B460008DFDBD975A1C4D61B270024
    Malicious:false
    Reputation:low
    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374412002196447","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":237913},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\a4378186-323b-4f92-bb1d-1538386d9160.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:modified
    Size (bytes):475
    Entropy (8bit):4.964782568416978
    Encrypted:false
    SSDEEP:12:YH/um3RA8sqwJsBdOg2Hpvcaq3QYiubInP7E4T3y:Y2sRdsDadMHpe3QYhbG7nby
    MD5:E25AA2EDFE4332490FEAE5CB08117542
    SHA1:E56B28F9D1C20BA911F5C754D97CC97DE121E9CD
    SHA-256:CD306A8C758F80123B2C70E0FCC4F0A17F862E91CA0281AF91BEF7E3EA099933
    SHA-512:DFC642CFEF518507E40F33580565FE9749783983CD12DA175D271539D93F68E0CE275BD3B573C77248588D97AF8DBABEF77B460008DFDBD975A1C4D61B270024
    Malicious:false
    Reputation:low
    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374412002196447","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":237913},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:dropped
    Size (bytes):4730
    Entropy (8bit):5.253056940723711
    Encrypted:false
    SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7iiTIpAiZ:etJCV4FiN/jTN/2r8Mta02fEhgO73go2
    MD5:2D4534AD738C77B37E5E43CFDF3DF592
    SHA1:8646ABC6D2662F389D2B04A17E2D0CF984D8A646
    SHA-256:CC5ADFE0C44948703BC98EBDC6B5D5208B1FD318E86FEDA931F1B243605A0459
    SHA-512:0D358DA25FFAAE0FCA11ED7456A6E7FAA24BDCDF3DB9836592A96E29E3D7412493787184C75CC48459C89B365B506FCB8C1FB97985254809D8DE21703AC2EE41
    Malicious:false
    Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):324
    Entropy (8bit):5.22037790594056
    Encrypted:false
    SSDEEP:6:ZpD34q2Pwkn2nKuAl9OmbzNMxIFUt8QbJZmw+QmUDkwOwkn2nKuAl9OmbzNMFLJ:Zpr4vYfHAa8jFUt8QbJ/+QRD5JfHAa8E
    MD5:41F7C429BE3189C54B713E0CC8DD4DE4
    SHA1:032194D3647D1E5B3434104DB7484361E79A37CA
    SHA-256:8009182DE986A03578484919C58A5A36B51F7C2D453DC11BC0129A95E3641146
    SHA-512:8AB420D7ED263DEA07A11D4EE63A77B3A7F96FF64B5B5BC3930A6DD3D143F3B9CBACEFC5AE8DBB5FE4379C1E7096178DC1F06DE7DB4BC0D8B63CB87B8EC8FB4D
    Malicious:false
    Preview:2024/10/25-06:26:36.459 1cb4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/25-06:26:36.673 1cb4 Recovering log #3.2024/10/25-06:26:36.741 1cb4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):324
    Entropy (8bit):5.22037790594056
    Encrypted:false
    SSDEEP:6:ZpD34q2Pwkn2nKuAl9OmbzNMxIFUt8QbJZmw+QmUDkwOwkn2nKuAl9OmbzNMFLJ:Zpr4vYfHAa8jFUt8QbJ/+QRD5JfHAa8E
    MD5:41F7C429BE3189C54B713E0CC8DD4DE4
    SHA1:032194D3647D1E5B3434104DB7484361E79A37CA
    SHA-256:8009182DE986A03578484919C58A5A36B51F7C2D453DC11BC0129A95E3641146
    SHA-512:8AB420D7ED263DEA07A11D4EE63A77B3A7F96FF64B5B5BC3930A6DD3D143F3B9CBACEFC5AE8DBB5FE4379C1E7096178DC1F06DE7DB4BC0D8B63CB87B8EC8FB4D
    Malicious:false
    Preview:2024/10/25-06:26:36.459 1cb4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/25-06:26:36.673 1cb4 Recovering log #3.2024/10/25-06:26:36.741 1cb4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241025102640Z-171.bmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
    Category:dropped
    Size (bytes):71190
    Entropy (8bit):0.9961449598998728
    Encrypted:false
    SSDEEP:96:MMMoOYckQlzMMMMHZnMMM09MPMWDBUqEMHNMMvi9/uF1MH5+Zhnr0MY2f+X7VvN/:M39IN6yD+JvAY
    MD5:19C681DCB319BF1E2EC73078F41B682F
    SHA1:897BF2741773E1ADB443CD9A2110581A282BD5A8
    SHA-256:BD6B9CA3588D0FA2C1F815D20708E16D41AF643AD2BACE511EE9F7B73EE3B42C
    SHA-512:9C9C39830424888E21D8FA57E78539ACB689A2E179963DEBDD27BB429180CE8B92BD9009423579864EC63A9759E74245EF65A0BDC12C645308E4D79420C0EFC6
    Malicious:false
    Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
    Category:dropped
    Size (bytes):86016
    Entropy (8bit):4.445309811021985
    Encrypted:false
    SSDEEP:384:yezci5twiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rHs3OazzU89UTTgUL
    MD5:3164DB472E47ED3BF5578CC1DB51269D
    SHA1:AE32F1485BBCE3C2D388037A5138431D01D21E3F
    SHA-256:875E5A557B11CD122AC5E833F800C28715A2F9BB1E66C101CB7D07FE5E7211E3
    SHA-512:F36DB8FE2615A269765033F11E927E0FAAFB4AA5008A34D715ADDA795A478D58C206C6D87C4E360D241A2F65C52904C728B31D166F4D24D565F97DE48DD93AAC
    Malicious:false
    Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite Rollback Journal
    Category:dropped
    Size (bytes):8720
    Entropy (8bit):3.7736598603040346
    Encrypted:false
    SSDEEP:48:7M2p/E2ioyVoioy9oWoy1Cwoy1YKOioy1noy1AYoy1Wioy1hioybioy+oy1noy1S:7hpjuoFfXKQDwb9IVXEBodRBkz
    MD5:70BEC5625407E65A766DCAED06B97D7D
    SHA1:4F417E13CCD7B8C2D76B3C1FD8D3DF3580EEC4E6
    SHA-256:ECB03DC71AFE83B09ECE6334CD37B3A4937C58A793004B679E9F324F2CAD7E4C
    SHA-512:ABFBE87A8BBB0C437E52E13A33DEBE1E47456028D91F2D669D90B8E14D2EF3F8663C2DBBAA8A87762080948A578C519F6D5B2CE92B0EF023640F2E3A88CA18A2
    Malicious:false
    Preview:.... .c......e.o...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:Certificate, Version=3
    Category:dropped
    Size (bytes):1391
    Entropy (8bit):7.705940075877404
    Encrypted:false
    SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
    MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
    SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
    SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
    SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
    Malicious:false
    Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:dropped
    Size (bytes):192
    Entropy (8bit):2.7425532007658724
    Encrypted:false
    SSDEEP:3:kkFklJlGD+kPtfllXlE/HT8kr/lXNNX8RolJuRdxLlGB9lQRYwpDdt:kKD+kPeT8iDNMa8RdWBwRd
    MD5:5E2CEE73691089676D9D2054EF76E97F
    SHA1:3A7A16A9A19DC9592C8A11C89EE0CEC4CA861C2D
    SHA-256:AE615FB8D6227DA9A2787F78F5D79A0ED8044C4B4E6A9940C96EBB4BFC85959E
    SHA-512:C5718C66EDBAC64CE08224CAC208976ECCFCDE1C4C446E8AC74A6E4699F2844334F9AEB0B9A136B0DF2D0EED85630D93894E5990E2E6C35EB64D8DC876F88DD0
    Malicious:false
    Preview:p...... ........z..f.&..(....................................................... ..........W....Nt..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:data
    Category:dropped
    Size (bytes):243196
    Entropy (8bit):3.3450692389394283
    Encrypted:false
    SSDEEP:1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
    MD5:F5567C4FF4AB049B696D3BE0DD72A793
    SHA1:EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
    SHA-256:D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
    SHA-512:E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
    Malicious:false
    Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):295
    Entropy (8bit):5.365102088332581
    Encrypted:false
    SSDEEP:6:YEQXJ2HXsiCrFXHVoZcg1vRcR0YpvieoAvJM3g98kUwPeUkwRe9:YvXKXsx5mZc0vkOGMbLUkee9
    MD5:25BBE0C1F78131EAD32520F19A7B9952
    SHA1:2CECFDBFF8AAF205F214B9E4388227872E7AC249
    SHA-256:BED5E54B28D8F98887A9DF4E1944E942340D0C1E961D3F674991A2329709CB7B
    SHA-512:80632ECDE367B281AFEFA89DD38F2AA9AE51C92BFE894309F9CD082AD50229785C6279B4AB34503EC4FA1AC5A5DE617558422AFE9D7D0B6590938197ACC8F791
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"af196edc-20b5-4d94-8a21-de4d9c90d192","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730027803216,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):294
    Entropy (8bit):5.314776135490963
    Encrypted:false
    SSDEEP:6:YEQXJ2HXsiCrFXHVoZcg1vRcR0YpvieoAvJfBoTfXpnrPeUkwRe9:YvXKXsx5mZc0vkOGWTfXcUkee9
    MD5:DCA3E003E0E814A1FAEE9A80CB3CD0B8
    SHA1:362DBE2ADB17461D5F4266712C8EE9FC189600C2
    SHA-256:B24A14AB02530E82FF8FF2EF18F657EACF4FA212CAFDE819A446A64B23AAF975
    SHA-512:1EAA53F56BE8A083D8B3D3733D576E498201438449DF7B58D3810A1D73EA1E7E6A355BF5EF501E1975F9C9BEEEC0790B78C69D0B0731C87EE202EC3C1B6329C9
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"af196edc-20b5-4d94-8a21-de4d9c90d192","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730027803216,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):294
    Entropy (8bit):5.293324452016968
    Encrypted:false
    SSDEEP:6:YEQXJ2HXsiCrFXHVoZcg1vRcR0YpvieoAvJfBD2G6UpnrPeUkwRe9:YvXKXsx5mZc0vkOGR22cUkee9
    MD5:9E0EE35E6C9A407716BB4BD140E1CE12
    SHA1:57CA3F0183FACF02FAA8A821AD03ED7C9D80BE74
    SHA-256:AD09FA8CBC44749E179FD541EE50A98011071ADBD3958E725FA0E1C6E5CF2D91
    SHA-512:3DFA9443A35BBC3352BB9FFD4A94718DF472DE085EEE163FCFE943D3FC340E8B8504ABAABABD9A392B75CB50AFE279938450359AC10500AACFF9D64A98F47889
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"af196edc-20b5-4d94-8a21-de4d9c90d192","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730027803216,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):285
    Entropy (8bit):5.352173601615999
    Encrypted:false
    SSDEEP:6:YEQXJ2HXsiCrFXHVoZcg1vRcR0YpvieoAvJfPmwrPeUkwRe9:YvXKXsx5mZc0vkOGH56Ukee9
    MD5:5945AA5FC74531CD63A7CF59347C0F41
    SHA1:A23F2EDB1FA8DB697AB4AA1E9C62303AC5544F12
    SHA-256:247A0C9E9DB70C9EEFD262DEB54D70329CA401290CD6FAA74CBBAF831C951724
    SHA-512:CDED2560A09DC1FBC91E332C8938BD4FA05546C948DAF984AEECD0DE516BDD2ADE7F50E5E30580C8486FF393D18AA6053FBEA53C1ADBBA8736205096BD1F8847
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"af196edc-20b5-4d94-8a21-de4d9c90d192","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730027803216,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1055
    Entropy (8bit):5.6548235486648695
    Encrypted:false
    SSDEEP:24:Yv6Xsx5mzvk7pLgEscLf7nnl0RCmK8czOCCSD:YvJec7hgGzaAh8cv/D
    MD5:E34D60B1EC945440B9B0B6EEE8C78B46
    SHA1:1BB984B717DF2D7C2A3F51AAF612E68C0F7AAE32
    SHA-256:FB98FCD53F8EA4AB9E57486F758E71E627665D2A38A20E10A022906397798F1B
    SHA-512:4E4331057B942CAF6F70ABD0B23ABA33C1570ADF25FA1C484652CEB5E8206BF9D6562D62E47DC9F81BC5179019201D9C4B40F30DD5ECAB166E5B3B85F5153F53
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"af196edc-20b5-4d94-8a21-de4d9c90d192","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730027803216,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_1","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"eb1a4bce-8215-46f1-b44c-154b21a85d60","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingScheme":tr

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1050
    Entropy (8bit):5.650090228970253
    Encrypted:false
    SSDEEP:24:Yv6Xsx5mzvk3VLgEF0c7sbnl0RCmK8czOCYHflEpwiV+:YvJec3Fg6sGAh8cvYHWpwD
    MD5:B25AC74A67547014613DDF1EF3648AB6
    SHA1:E4732AA6E10B5A565FA0971AD959973F9ED212BB
    SHA-256:63645519D46875D29337B69CF6429AEBFC3B889B967AAAB286B8EE9E3911F379
    SHA-512:AB462DE86C9FAAA167FE585A14261ACC520BE94A25685D72ADB39FE59540309FCC0843B6F96EEA5136B7EC8EA8E8724355667C7275E6A21F3D51E057E9A1077D
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"af196edc-20b5-4d94-8a21-de4d9c90d192","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730027803216,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):292
    Entropy (8bit):5.299287923365265
    Encrypted:false
    SSDEEP:6:YEQXJ2HXsiCrFXHVoZcg1vRcR0YpvieoAvJfQ1rPeUkwRe9:YvXKXsx5mZc0vkOGY16Ukee9
    MD5:F3FE72DAD627EF598D31C06B0CAE24EC
    SHA1:96168BF773F2D65F03CB1D5206F906FC68DA51B2
    SHA-256:0AAD767B0E2DA344EC6458D22650FA80503BC34E237FCDC6DF8AD386A9C659FD
    SHA-512:F18DCD8F6C93411D4355E0B7B8A82F65FD20D4FD714CC927B624B060B9ABFD2E5754B417F87F32481B6401F1572FE06C460184E7A2702A66FC001DC7DD4F3DE0
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"af196edc-20b5-4d94-8a21-de4d9c90d192","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730027803216,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1038
    Entropy (8bit):5.641727531830857
    Encrypted:false
    SSDEEP:24:Yv6Xsx5mzvkm2LgEF7cciAXs0nl0RCmK8czOCAPtciB+:YvJecmogc8hAh8cvAk
    MD5:B1FAF3C89BD3D5C5B8280CB5007918A4
    SHA1:858F3963FB3D5ED7F206E0DA0AB8F2018255B6A6
    SHA-256:0550D448C8BEBC094774EA25E21833EE0F49210DFBCAE9BD61DFC83D19020F53
    SHA-512:5AA0F9DF99C387EC840BA1BDF5A31C7F4B2FEBEF6F695B38BA612D354D027540C077344E6C81AAEF5181031E9A18317A1BAD87EA84C2F589A82EA4DDC929354F
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"af196edc-20b5-4d94-8a21-de4d9c90d192","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730027803216,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1164
    Entropy (8bit):5.696245225551012
    Encrypted:false
    SSDEEP:24:Yv6Xsx5mzvkKKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5+:YvJecKEgqprtrS5OZjSlwTmAfSKA
    MD5:6CD38A5D2F63FC8617F580E1AD35321B
    SHA1:52C036CC005E05BF18A733D36F494FEBB3C242D9
    SHA-256:1679B20510FE5FEDB59BDA259DECD0E6E7BCBA0B2DD98C4DD13626D00E471EA1
    SHA-512:DB3243500A016460F8AB98FCC36BE99D09040446757D831A70604652E52F0F7CE12C50A3935D346147C168881AE2161115BECB3AC57410870DE69AA3710A4B9E
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"af196edc-20b5-4d94-8a21-de4d9c90d192","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730027803216,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):289
    Entropy (8bit):5.30163008578858
    Encrypted:false
    SSDEEP:6:YEQXJ2HXsiCrFXHVoZcg1vRcR0YpvieoAvJfYdPeUkwRe9:YvXKXsx5mZc0vkOGg8Ukee9
    MD5:1F40601E0F8077B5B8920EF842899521
    SHA1:8A4F368B5256298B52FEB89B266F83949D73D826
    SHA-256:DBC9728103804072878795C319413DA2D68BCFC7D6497580FFC201D780CB2EEF
    SHA-512:81F7C99D8756C4C4CA8A47448EE2C4DF59CDB8BCAF4AC256771134647F7307F8EA23DE938742BBF26B65C79C69CA775458A70CDFA3821AE54302318381A2624C
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"af196edc-20b5-4d94-8a21-de4d9c90d192","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730027803216,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1395
    Entropy (8bit):5.770750449240567
    Encrypted:false
    SSDEEP:24:Yv6Xsx5mzvk5rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNW:YvJec5HgDv3W2aYQfgB5OUupHrQ9FJA
    MD5:B68FC5F0FCC709D78EE3BC18EE2E8839
    SHA1:33CD555095B263ECD712BB570A6FBA47D073FE6D
    SHA-256:993CCE03BA5E0DC65093A30D8C6FC7A4E155ED07EDE4C29985D253144B885F5D
    SHA-512:323A0CB8ACF2DDC3F13C87B2BDD057491FDCA82199C96AE09628A87CE490E236E2871244AB7B81C0FE0A6EA7E4B874C344DAC8A2ADA30810E7CB42583E5C4740
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"af196edc-20b5-4d94-8a21-de4d9c90d192","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730027803216,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):291
    Entropy (8bit):5.28516598012369
    Encrypted:false
    SSDEEP:6:YEQXJ2HXsiCrFXHVoZcg1vRcR0YpvieoAvJfbPtdPeUkwRe9:YvXKXsx5mZc0vkOGDV8Ukee9
    MD5:66A4C5FF6D2D577378BFD2E5E58AE744
    SHA1:CC6DEBE952C535B929EB9991A51F3A468BE37591
    SHA-256:3785CB8082C03F863AC2333C1B9DEBD91825A905F120C7B2B1A580311E35B4D8
    SHA-512:CF9CF319D2FEFDA417ABDB7ABF9257D870447D9E57072FE241EC374932502FAD2CE81FDD4C6C20A1CC30D3B5703609D21C9E27702D7D824E4ABAD56C0EEAE943
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"af196edc-20b5-4d94-8a21-de4d9c90d192","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730027803216,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):287
    Entropy (8bit):5.289839995581516
    Encrypted:false
    SSDEEP:6:YEQXJ2HXsiCrFXHVoZcg1vRcR0YpvieoAvJf21rPeUkwRe9:YvXKXsx5mZc0vkOG+16Ukee9
    MD5:10B3D632A57F1874F3B1A498429A28D6
    SHA1:30BF2A29872DCC1A3546F8B9F4E2B8F7C8D4005B
    SHA-256:3724CACAAD6096BE71E67391E77C3F38687906A13BC005489BC916A80E526EC9
    SHA-512:1FEFDC2D43AD2B847BCB17E61DA47FE5E759DF9AEFD89877238DC5653320F5B4366305CEE37B51147FC1772DFAA4C685241D58FB593F205B9759232D31511DC8
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"af196edc-20b5-4d94-8a21-de4d9c90d192","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730027803216,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1026
    Entropy (8bit):5.62539624736982
    Encrypted:false
    SSDEEP:24:Yv6Xsx5mzvk7amXayLgE7cMCBNaqnl0RCmK8czOC/BSD:YvJecLBgACBOAh8cvMD
    MD5:6053850BC64508C033E94AB40F28FC11
    SHA1:E4E32DA0AB5065AB135CD94DF795617FCF73DB6F
    SHA-256:615F6677956ABF3363C07B96E5413BCEACFF717219F650CD6473D1DF5D9D4DAD
    SHA-512:3D309CABC4CBFBF3BB6B5A5AE27349FFFC2DF490892EE984E99E15451D4D5BB6A20EC0A5EB1D6217CC9D3BFFA735F30280014B8D19BCF4E9FD3F3D82A5FFCA5F
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"af196edc-20b5-4d94-8a21-de4d9c90d192","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730027803216,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_0","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"6291f52b-6cb0-4d31-bc46-37ce85e9eb25","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1751323379000,"s

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):286
    Entropy (8bit):5.2632871141570785
    Encrypted:false
    SSDEEP:6:YEQXJ2HXsiCrFXHVoZcg1vRcR0YpvieoAvJfshHHrPeUkwRe9:YvXKXsx5mZc0vkOGUUUkee9
    MD5:0C26CA143981181A8022F438229F0364
    SHA1:9CB3FAC4BB072DBA52F6682F7E2CE477153084D7
    SHA-256:2F812D5CEA324170BF010044A8B75A030F4C1B25FA1CF3795645FF757B0E37FC
    SHA-512:A002F69582CB6CCA9D659CE70DDFDC12E11FD90DFF32FD702BB86DCA9D07418040BF4DA56CAB5DC3008B944D70480419A253CDE52A4DD175DB65238A62CFB765
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"af196edc-20b5-4d94-8a21-de4d9c90d192","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730027803216,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):782
    Entropy (8bit):5.35984301261411
    Encrypted:false
    SSDEEP:12:YvXKXsx5mZc0vkOGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWa:Yv6Xsx5mzvkY168CgEXX5kcIfANhD
    MD5:C72866020D2704D2D644454D1B16CEAE
    SHA1:92B8F73374467364F3AE816078C1ED4386B1C816
    SHA-256:54BD10CBEC14EC90AE9CA640DC3E7C596AE849913002EDB31CA3954468DABDE4
    SHA-512:2A745CCD792DAE28C9D8CB6C5455A55C46C2AFC9609151059262151149B8B3CCC759EDAB76F9B33022D6387BC45E822F766E03E8F2071710A625A5A60A4A6E12
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"af196edc-20b5-4d94-8a21-de4d9c90d192","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730027803216,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1729852003248}}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:data
    Category:dropped
    Size (bytes):4
    Entropy (8bit):0.8112781244591328
    Encrypted:false
    SSDEEP:3:e:e
    MD5:DC84B0D741E5BEAE8070013ADDCC8C28
    SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
    SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
    SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
    Malicious:false
    Preview:....

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):2818
    Entropy (8bit):5.127718593122153
    Encrypted:false
    SSDEEP:24:Y2Jyv1YPEabLnayDnJNHJCJcb5aezXi64drpjMSvj0SHmCf2uqw2LSBPg06k589k:Y2Jyah0cldE3P7iovqwvakC9wX
    MD5:D1DBA3D1316DB8A7B2CED9EC32FCDDE2
    SHA1:C98FCB3608254134A753A5E6A022C755DE89F5B8
    SHA-256:979A937C18F8A899BF8D21A15A5DE89E5B5FD0C5B6B00EBBFA9948FC4DFF03C4
    SHA-512:64D13922F730111AB85A150E75FFEE15D5FFE8D46676E9C61069C95F9A66C449AFE95F74C02F4EC3B1FD3EF848D78C3CA562025F5EC2A7424EA0862AE030ED93
    Malicious:false
    Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"38aba527566cc2ce86b0e8a65523aab0","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1729852002000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"64db3282e1e69127e8d6b33abc40c929","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1729852002000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"a36cc4672cf4837d03ec4c649ffcff8f","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1026,"ts":1729852002000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"4e99754fb6d96251831a444379b7bbc5","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1055,"ts":1729852002000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"36bdd4de8e02199dffa93bee23db4724","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1729852002000},{"id":"Edit_InApp_Aug2020","info":{"dg":"e378c7255aa3610a76b5353d2fecd765","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
    Category:dropped
    Size (bytes):12288
    Entropy (8bit):1.18905270805949
    Encrypted:false
    SSDEEP:48:TGufl2GL7msEHUUUUUUUU0KSvR9H9vxFGiDIAEkGVvp4s:lNVmswUUUUUUUU0K+FGSIt0s
    MD5:AE7334644E3135837E4F7EDFBCB0B249
    SHA1:D37E04F8EE54AA8B98A3962EEF697378F2C74764
    SHA-256:3FF74D5611BBFCD281BB53A142B61EEA80913132139ADB2D7D1B15CD8C0E1C1C
    SHA-512:D0C96B7E03E90152F9DF129B674AC6BC1652B277D923E2B43255AEE8BA56386B3473752A4F75F0CD641D87C1152D6097AC892E041BE934FC32E8631D61D07ADA
    Malicious:false
    Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite Rollback Journal
    Category:dropped
    Size (bytes):8720
    Entropy (8bit):1.607282713449554
    Encrypted:false
    SSDEEP:48:7M9KUUUUUUUUUU0ovR9H9vxFGiDIAEkGVvpqFl2GL7msU:73UUUUUUUUUU0AFGSIt7KVmsU
    MD5:652349A6361FA7871FAC7BE0DE763776
    SHA1:8786C4C8EC23A246CC9DE47DA9B5B7B39669B47A
    SHA-256:82A29B26D6D446C2141A94FC564E5CE22ACBD8F315EF881E86BA7F5AB904FE3D
    SHA-512:07418A15F9C23FA899DF4E300D643BDB51C98F41820C88835C80D8847431E52C327F5239144942D69C7FAD368FE0240EF935A38F8A3CBFDDF1FF23857D84018E
    Malicious:false
    Preview:.... .c.......].......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\MSId6374.LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
    Category:dropped
    Size (bytes):246
    Entropy (8bit):3.518261198325562
    Encrypted:false
    SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8jx:Qw946cPbiOxDlbYnuRKy
    MD5:3E93FF841752B9EC93B98FA7B15CA411
    SHA1:6036DE52635104C42E37FFA93977E0A01A8C3CA1
    SHA-256:267B90281ED3E15EF8EEA27F76F87C1CC5F5619BC3DFFC660D3F3CFF49B7C017
    SHA-512:12027EFB90473BE45D4490F26E2B20192FCB4FE853ADF2D50EA39E1BB230A51DF7A0BF59782D6F24385DDC4996672FC98C0D550E4D49B3C0B1FAF89E6F09403A
    Malicious:false
    Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.5./.1.0./.2.0.2.4. . .0.6.:.2.6.:.4.4. .=.=.=.....

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-25 06-26-38-418.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with very long lines (393)
    Category:dropped
    Size (bytes):16525
    Entropy (8bit):5.345946398610936
    Encrypted:false
    SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
    MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
    SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
    SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
    SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
    Malicious:false
    Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with very long lines (393), with CRLF line terminators
    Category:dropped
    Size (bytes):15114
    Entropy (8bit):5.347513919339829
    Encrypted:false
    SSDEEP:384:/RwWaD/DSDUDFD3QDNDhRDXDqAtAQ6VHTH8R3RTTlTBm6m+mTmcmDWa3afapxbxZ:/ylT+gBTQJNRjuaVUzcdxZtVdE9nmKId
    MD5:573F5FC6A8B8ABE7618E763101BEE3EB
    SHA1:D29BD000697C0E51E0D79F805A82B1A245AFE1BD
    SHA-256:2D67B083BFCFE5803E89B8890E0E5B9C82FCB1A13F316B93E57580DE495E7FF3
    SHA-512:AEAD6FDAD84294AAA11E78566A8B73D4124568D5D9B00A9A80FB4625DA6DF9860A153F2A100BE557C716F4BB0DAE3F341835E28550A48381E0EBE73DD54E1E5B
    Malicious:false
    Preview:SessionID=b12994e3-29b1-49cd-971a-a26634b46c9e.1729851998430 Timestamp=2024-10-25T06:26:38:430-0400 ThreadID=4048 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=b12994e3-29b1-49cd-971a-a26634b46c9e.1729851998430 Timestamp=2024-10-25T06:26:38:442-0400 ThreadID=4048 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=b12994e3-29b1-49cd-971a-a26634b46c9e.1729851998430 Timestamp=2024-10-25T06:26:38:443-0400 ThreadID=4048 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=b12994e3-29b1-49cd-971a-a26634b46c9e.1729851998430 Timestamp=2024-10-25T06:26:38:443-0400 ThreadID=4048 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=b12994e3-29b1-49cd-971a-a26634b46c9e.1729851998430 Timestamp=2024-10-25T06:26:38:443-0400 ThreadID=4048 Component=ngl-lib_NglAppLib Description="SetConf

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):29752
    Entropy (8bit):5.398927043824638
    Encrypted:false
    SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rC:2
    MD5:17792DA46F56C2824FD2B2FC0B11E466
    SHA1:6004815A7DCB5E3957BAD62D8D0F662E3489CF07
    SHA-256:520296E0B569B95C8BD2AD66EBD37677FCC7BA7DAB1539C23FE617847400FB02
    SHA-512:347126BF4BC9BD0C59142C6B8A67AB8257F8FCEB6DAB19E9AE1FF1B378235FB8972553BAF6A4FAA8D9549700878151F6E916C5F07EEEF78E4EAD507E24575F00
    Malicious:false
    Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

    C:\Users\user\AppData\Local\Temp\acrocef_low\2f9916f0-c282-45ba-a6e3-f3a8fa968e15.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
    Category:dropped
    Size (bytes):386528
    Entropy (8bit):7.9736851559892425
    Encrypted:false
    SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
    MD5:5C48B0AD2FEF800949466AE872E1F1E2
    SHA1:337D617AE142815EDDACB48484628C1F16692A2F
    SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
    SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
    Malicious:false
    Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

    C:\Users\user\AppData\Local\Temp\acrocef_low\51d48a58-ed63-414d-a965-c7848034e795.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
    Category:dropped
    Size (bytes):1419751
    Entropy (8bit):7.976496077007677
    Encrypted:false
    SSDEEP:24576:/M7oMOWLaGZ4ZwYIGNP8dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RVWLaGZ4ZwZGm3mlind9i4ufFXpAXkru
    MD5:E787F9888A1628BE8234F19E8EE26D68
    SHA1:44D5180C06ADBBDAADDBCE350CE4DEC997CD83E5
    SHA-256:3A09F3799148DA49F039A35AEDD22F368FB35B8D6022C4691C10606F704DAF80
    SHA-512:EE9B602898706CC0F33AA570E29A79A58ED748E1B738D74DF0C8C8DF193E23421B47AC8C862623ED774289D94FA90662A4CC436B80479D6420433D81752E9CA9
    Malicious:false
    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

    C:\Users\user\AppData\Local\Temp\acrocef_low\906623ce-6e83-474a-8aa7-dee816bd6ac6.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
    Category:dropped
    Size (bytes):1407294
    Entropy (8bit):7.97605879016224
    Encrypted:false
    SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw
    MD5:8B9FA2EC5118087D19CFDB20DA7C4C26
    SHA1:E32D6A1829B18717EF1455B73E88D36E0410EF93
    SHA-256:4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
    SHA-512:662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
    Malicious:false
    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

    C:\Users\user\AppData\Local\Temp\acrocef_low\aa8da7da-0e8e-46cc-bcf9-4e6bf3cd36a1.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
    Category:dropped
    Size (bytes):758601
    Entropy (8bit):7.98639316555857
    Encrypted:false
    SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
    MD5:3A49135134665364308390AC398006F1
    SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
    SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
    SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
    Malicious:false
    Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

    Static File Info

    General

    File type:PDF document, version 1.4, 2 pages
    Entropy (8bit):7.928199797328108
    TrID:
    • Adobe Portable Document Format (5005/1) 100.00%
    File name:AE08476Q0222832AEDXB.pdf
    File size:66'908 bytes
    MD5:c576ff4f8796a88cce41337e1e927287
    SHA1:6cf592e186ad07b646866daec6dc82f429260802
    SHA256:4b927a41d9e17746aedc4cbf0cb045595d5d4bc22111a1f779e6d023ee364d90
    SHA512:1c7da7a0a63d440dbc8cbc2cdb97b21b1fc816e746fd1f67fa328d942b800adda6e18a74f93d275febeae62ecbf40480e25d83cd19a1cbec34ef3692dac9efb7
    SSDEEP:1536:eV7nNl1s12ag58ZNqsbR5XXbzB7gGq2PtFNrZAoAaMg:eXsLhLnZgB2VFN6w
    TLSH:FD63E12C8F99A85DF5D1DA324C17704A872DB322B6C879D17C6C094C51D0E62DEB7EB2
    File Content Preview:%PDF-1.4.%.....3 0 obj <</ColorSpace[/Indexed/DeviceRGB 255(......s.................x..b......f..p.!z.0..@..R..Z..j..r.............................T.V}..............!.!0.0@.@c.c..............................................................................

    File Icon

    Icon Hash:62cc8caeb29e8ae0

    Static PDF Info

    General

    Header:%PDF-1.4
    Total Entropy:7.928200
    Total Bytes:66908
    Stream Entropy:7.994634
    Stream Bytes:59608
    Entropy outside Streams:5.196788
    Bytes outside Streams:7300
    Number of EOF found:1
    Bytes after EOF:

    Keywords Statistics

    NameCount
    obj33
    endobj33
    stream9
    endstream9
    xref1
    trailer1
    startxref1
    /Page2
    /Encrypt0
    /ObjStm0
    /URI0
    /JS0
    /JavaScript0
    /AA0
    /OpenAction0
    /AcroForm0
    /JBIG2Decode0
    /RichMedia0
    /Launch0
    /EmbeddedFile0

    Network Behavior

    Network Port Distribution

    UDP Packets

    TimestampSource PortDest PortSource IPDest IP
    Oct 25, 2024 12:26:49.203242064 CEST6084653192.168.2.41.1.1.1
    Oct 25, 2024 12:27:03.729912043 CEST5871653192.168.2.41.1.1.1

    DNS Queries

    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
    Oct 25, 2024 12:26:49.203242064 CEST192.168.2.41.1.1.10x71c5Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
    Oct 25, 2024 12:27:03.729912043 CEST192.168.2.41.1.1.10xa30aStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

    DNS Answers

    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
    Oct 25, 2024 12:26:49.211388111 CEST1.1.1.1192.168.2.40x71c5No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
    Oct 25, 2024 12:27:03.738429070 CEST1.1.1.1192.168.2.40xa30aNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false

    Statistics

    CPU Usage

    Click to jump to process

    Memory Usage

    Click to jump to process

    High Level Behavior Distribution

    Click to dive into process behavior distribution

    Behavior

    Click to jump to process

    System Behavior

    General

    Target ID:0
    Start time:06:26:35
    Start date:25/10/2024
    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\AE08476Q0222832AEDXB.pdf"
    Imagebase:0x7ff6bc1b0000
    File size:5'641'176 bytes
    MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:true

    General

    Target ID:1
    Start time:06:26:35
    Start date:25/10/2024
    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
    Imagebase:0x7ff74bb60000
    File size:3'581'912 bytes
    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:true

    General

    Target ID:3
    Start time:06:26:36
    Start date:25/10/2024
    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1692,i,16501027314633309046,16174421510889995249,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
    Imagebase:0x7ff74bb60000
    File size:3'581'912 bytes
    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:true

    Disassembly

    No disassembly